Commit db7fe71e authored by Antoine Beaupré's avatar Antoine Beaupré
Browse files

experimental feature: a harsh mass-redirection script that can be used to

temporarly turn off (by redirecting them) a user's subdomains (all of them)

temporarly, because a SQL dump is showed to allow the admin to restore the
previous state. 

experimental, because the SQL dump should probably be hidden from the admin and
that this whole thing should probably be called something else than
"deactivate" and might be better somewhere else than in adm_list.php.

harsh, because there could be other ways to deal with evil users. this is the
best solution I have found for accounts that are victims of spambots.
parent 204117ff
......@@ -12,6 +12,7 @@ aide/sommaire.sgml -text
aide/stats.sgml -text
aide/test.sgml -text
bureau/admin/adm_add.php -text
bureau/admin/adm_deactivate.php -text
bureau/admin/adm_defquotas.php -text
bureau/admin/adm_del.php -text
bureau/admin/adm_doadd.php -text
......
<?php
require_once('../class/config.php');
$uid = $_GET['uid'];
if (!$uid) {
__("Missing uid");
exit();
}
if (!$admin->enabled || !$admin->checkcreator($uid)) {
__("This page is restricted to authorized staff");
exit();
}
if (!$r=$admin->get($uid)) {
__("User does not exist");
exit();
}
if (! ($confirmed = ($_GET['submit'] == _("Confirm")) ) ) {
print '<h2>' . _('WARNING: experimental feature, use at your own risk') . '</h2>';
__("The following domains will be deactivated and redirected to the URL entered in the following box. A backup of the domain configuration will be displayed as a serie of SQL request that you can run to restore the current configuration if you want. Click confirm if you are sure you want to deactivate all this user's domains.");
?>
<form action="<?=$PHP_SELF?>" method="GET">
<input type="hidden" name="uid" value="<?=$uid?>" />
<? __("Redirection URL:") ?> <input type="text" name="redirect" value="http://example.com/" />
<input type="submit" name="submit" value="<?=_("Confirm")?>" />
</form><?php
print "<h3>" . _("Domains of user: ") . $r["login"] . "</h3>";
} else {
if (!$_GET['redirect']) {
__("Missing redirect url.");
exit();
} else {
$redirect = $_GET['redirect'];
}
}
# this string will contain an SQL request that will be printed at the end of the process and that can be used to reload the old domain configuration
$backup = "";
# 1. list the domains of the user
# 1.1 list the domains
global $cuid;
$old_cuid = $cuid;
$cuid = $uid;
$domains = $dom->enum_domains();
if ($confirmed) {
print "<pre>";
printf(_("-- Redirecting all domains and subdomains of the user %s to %s\n"), $r['login'], $redirect);
}
reset($domains);
# 1.2 foreach domain, list the subdomains
foreach ($domains as $key => $domain) {
if (!$confirmed) print '<h4>' . $domain . '</h4><ul>';
$dom->lock();
if (!$r=$dom->get_domain_all($domain)) {
$error=$err->errstr();
}
$dom->unlock();
# 2. for each subdomain
foreach ($r['sub'] as $k => $sub) {
# shortcuts
$type = $sub['type'];
$dest = $sub['dest'];
$sub = $sub['name'];
# if it's a real website
if ($type == $dom->type_local) {
if (!$confirmed) {
print "<li>";
if ($sub) {
print $sub . '.';
}
print "$domain -> $dest</li>";
} else {
# 2.1 keep a copy of where it was, in an SQL request
$backup .= "UPDATE `sub_domaines` SET `type`='$type', valeur='$dest' WHERE `domaine`='$domain' AND sub='$sub';\n";
$backup .= "DELETE FROM `sub_domaines_standby` WHERE domaine='$domain' and sub='$sub';\n";
$backup .= "INSERT INTO sub_domaines_standby (compte,domaine,sub,valeur,type,action) values ('$cuid','$domain','$sub','$dest','$type',1);\n"; // UPDATE
# 2.2 change the subdomain to redirect to http://spam.koumbit.org/
$dom->lock();
if (!$dom->set_sub_domain($domain, $sub, $dom->type_url, "edit", $redirect)) {
print "-- error in $sub.$domain: " . $err->errstr() . "\n";
}
$dom->unlock();
}
}
}
if (!$confirmed) print '</ul>';
}
# 3. wrap up (?)
if ($confirmed) {
print "-- The following is a serie of SQL request you can run, as root, to revert the user's domains to their previous state.\n";
print $backup;
print "</pre>";
}
$cuid = $old_cuid;
......@@ -73,7 +73,7 @@ if (!is_array($r)) {
if ($mem->user["admlist"]==0) { // Normal (large) mode
?>
<table cellspacing="0" cellpadding="4">
<tr><th colspan="4">&nbsp;</th><th><?php __("Username"); ?></th><th><?php echo _("Surname")." "._("First Name")."<br />("._("Email address").")"; ?></th><th><?php __("Account type") ?></th><th><?php __("Last login"); ?></th><th><?php __("Last fail"); ?></th><th><?php __("Last ip"); ?><th><?php __('Expiry') ?></th></tr>
<tr><th colspan="5">&nbsp;</th><th><?php __("Username"); ?></th><th><?php echo _("Surname")." "._("First Name")."<br />("._("Email address").")"; ?></th><th><?php __("Account type") ?></th><th><?php __("Last login"); ?></th><th><?php __("Last fail"); ?></th><th><?php __("Last ip"); ?><th><?php __('Expiry') ?></th></tr>
<?php
reset($r);
......@@ -94,6 +94,7 @@ while (list($key,$val)=each($r))
?>
<td align="center"><a href="adm_edit.php?uid=<?php echo $val["uid"] ?>"><?php __("Edit"); ?></a></td>
<td align="center"><a href="adm_quotaedit.php?uid=<?php echo $val["uid"] ?>"><?php __("Quotas"); ?></a></td>
<td align="center"><a href="adm_deactivate.php?uid=<?php echo $val["uid"] ?>"><?php __("Deactivate"); ?></a></td>
<td align="center"><?php
if (!$val["enabled"])
echo "<img src=\"icon/encrypted.png\" width=\"16\" height=\"16\" alt=\""._("Locked Account")."\" />";
......@@ -104,7 +105,7 @@ while (list($key,$val)=each($r))
</td>
<?php
} else {
echo "<td colspan=\"4\"></td>";
echo "<td colspan=\"5\"></td>";
}
?>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment