User: Allow admins to update user account properties

Such as number of invites left, access level, and ban reason.

Author: binarymaster

index.html

@@ -415,7 +415,7 @@
 %broadcast%
 <div class="content %page%">%content%</div>
 
-<div class=footer>&copy; 2015-2021 akokarev, binarymaster, Felis-Sapiens, Fusix</div>
+<div class=footer>&copy; 2015-2022 akokarev, binarymaster, Felis-Sapiens, Fusix</div>
 
 <div class=modal>
 	<div class=modal_bkg onclick="hideModal()"></div>

l10n/en-US.php

@@ -612,8 +612,10 @@
 'Remove from map if not found';
 $l10n['msg_user_mgmt'] =
 'User account management';
+$l10n['msg_user_set_success'] =
+'User account has been updated';
 $l10n['msg_user_reset_success'] =
-'Password was reset';
+'Password has been reset';
 $l10n['btn_get'] =
 'Obtain';
 $l10n['btn_reset'] =

l10n/ru-RU.php

@@ -612,6 +612,8 @@
 'Удалить с карты, если не найдена';
 $l10n['msg_user_mgmt'] =
 'Управление пользователями';
+$l10n['msg_user_set_success'] =
+'Учётная запись пользователя обновлена';
 $l10n['msg_user_reset_success'] =
 'Пароль был сброшен';
 $l10n['btn_get'] =

user.class.php

@@ -445,13 +445,45 @@ public function changePass($NewPass)
 		return true;
 	}
 
-	public function resetPass($login)
+	public function admResetPass($login)
 	{
 		$salt = $this->GenerateRandomString(32);
 		$pass = $this->GenerateRandomString(10, false);
 		$hash = md5($pass.$salt);
 
-		return (self::$mysqli->query("UPDATE users SET pass_hash='$hash',salt='{$this->quote($salt)}' WHERE login='{$this->quote($login)}'") ? $pass : false);
+		return (self::$mysqli->query("UPDATE users SET pass_hash='$hash',salt='{$this->quote($salt)}',lastupdate=lastupdate WHERE login='{$this->quote($login)}'") ? $pass : false);
+	}
+
+	public function admSetLevel($uid, $level)
+	{
+		self::$mysqli->query("UPDATE users SET level=$level,lastupdate=lastupdate WHERE uid=$uid");
+		if (self::$mysqli->errno != 0)
+		{
+			$this->LastError = 'database';
+			return false;
+		}
+		return true;
+	}
+
+	public function admSetInvites($uid, $invites)
+	{
+		self::$mysqli->query("UPDATE users SET invites=$invites,lastupdate=lastupdate WHERE uid=$uid");
+		if (self::$mysqli->errno != 0)
+		{
+			$this->LastError = 'database';
+			return false;
+		}
+		return true;
+	}
+
+	public function admBanReason($uid, $ban_reason)
+	{
+		if (is_null($ban_reason))
+			$ban_reason = 'NULL';
+		else
+			$ban_reason = "'{$this->quote($ban_reason)}'";
+
+		return self::$mysqli->query("UPDATE users SET ban_reason=$ban_reason,lastupdate=lastupdate WHERE uid=$uid");
 	}
 
 	public function Registration($Login, $Nick, $Password, $Invite)
@@ -716,12 +748,8 @@ public function updateInvite($invite, $level)
 		}
 		if ($uid != null && $this->Level == self::USER_ADMIN)
 		{
-			self::$mysqli->query("UPDATE users SET level=$level WHERE uid=$uid");
-			if (self::$mysqli->errno != 0)
-			{
-				$this->LastError = 'database';
+			if (!$this->admSetLevel($uid, $level))
 				return false;
-			}
 		}
 		return true;
 	}

user.html

@@ -1055,10 +1055,52 @@
 	return getUserById(mgmt_puid, e);
 }
 
+function setUserAccount(e, opt)
+{
+	var btn = $(e);
+	btnShowLoad(btn, true);
+	$.get('user.php?a=token', function(json)
+	{
+		if (!json.result)
+		{
+			alert(errorStr(json.error));
+			return false;
+		} else {
+			var ban_reason = $('select#ban_reason').val();
+			var postdata = '';
+			postdata += 'token=' + encodeURIComponent(json.token);
+			postdata += '&uid=' + mgmt_uid;
+			if (opt == 'a')
+			{
+				postdata += '&level=' + $('select#user_level').val();
+				if (ban_reason != '')
+					postdata += '&ban_reason=' + ban_reason;
+			}
+			else
+			{
+				postdata += '&invites=' + $('input[name=invites]').val();
+			}
+			$.post('user.php?a=setuser', postdata, function(json)
+			{
+				btnShowLoad(btn, false);
+				if (!json.result)
+				{
+					alert(errorStr(json.error));
+				}
+				else
+				{
+					alert("%l10n_msg_user_set_success%");
+				}
+				return false;
+			}).fail(simpleFail);
+		}
+	}).fail(simpleFail);
+	return false;
+}
+
 function resetUser(e)
 {
 	var login = $('input[name=login]', e).val();
-	var form = e;
 	var btn = $('input[type=submit]', e);
 	btnShowLoad(btn, true);
 	$.get('user.php?a=token', function(json)
@@ -1174,15 +1216,15 @@ <h2 align=center><span class=header_cap>%l10n_msg_user% %nick%</span></h2>
 			<tr><td>%l10n_str_reg_date%</td>
 			<td><input type="text" name="reg_date" id="reg_date" readonly /></td></tr>
 			<tr><td>%l10n_str_level%</td>
-			<td><select id="user_level"></select>&nbsp;<select id="ban_reason"></select></td><td><input type="button" value="%l10n_btn_save%"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
+			<td><select id="user_level"></select>&nbsp;<select id="ban_reason"></select></td><td><input type="button" value="%l10n_btn_save%" onclick="return setUserAccount(this, 'a')"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			<tr><td><label for="pass">%l10n_str_pass%</label></td>
 			<td><input type="text" name="pass" id="pass" readonly /></td><td><input type="submit" value="%l10n_btn_reset%"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			<tr><td>%l10n_str_visited%</td>
 			<td><input type="text" name="visited" id="visited" readonly /></td></tr>
 			<tr><td>%l10n_str_inv_invited_created%</td>
 			<td><a href="#" id="inv_created">0/0</a></td></tr>
 			<tr><td><label for="invites">%l10n_str_inv_left%</label></td>
-			<td colspan=2><input type="number" name="invites" id="invites" min="0" max="100" step="1"/>&nbsp;<input type="button" value="%l10n_btn_save%"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
+			<td colspan=2><input type="number" name="invites" id="invites" min="0" max="100" step="1"/>&nbsp;<input type="button" value="%l10n_btn_save%" onclick="return setUserAccount(this, 'b')"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			<tr><td><label for="refuser">%l10n_str_inviter%</label></td>
 			<td><input type="text" name="refuser" id="refuser" readonly /></td><td><input type="button" value="%l10n_btn_get%" onclick="return getUserParent(this)"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			</table>

user.php

@@ -940,6 +940,56 @@ function getFloatCoord($coord)
 	}
 	break;
 
+	// Изменение информации о пользователе
+	case 'setuser':
+	if (!$UserManager->isLogged())
+	{
+		$json['error'] = 'unauthorized';
+		break;
+	}
+	if ($UserManager->Level != 3)
+	{
+		$json['error'] = 'lowlevel';
+		break;
+	}
+	if (!$UserManager->checkToken($_POST['token']))
+	{
+		$json['error'] = 'token';
+		break;
+	}
+	if (!isset($_POST['uid']))
+	{
+		$json['error'] = 'form';
+		break;
+	}
+
+	$uid = (int)$_POST['uid'];
+	$level = isset($_POST['level']) ? (int)$_POST['level'] : null;
+	$ban_reason = isset($_POST['ban_reason']) ? $_POST['ban_reason'] : null;
+
+	if (!is_null($level))
+	{
+		$json['result'] = $UserManager->admSetLevel($uid, $level);
+		if ($json['result'])
+			$json['result'] = $UserManager->admBanReason($uid, $ban_reason);
+		if (!$json['result'])
+			$json['error'] = 'database';
+		break;
+	}
+
+	$invites = isset($_POST['invites']) ? (int)$_POST['invites'] : null;
+
+	if (!is_null($invites) && $invites >= 0)
+	{
+		$json['result'] = $UserManager->admSetInvites($uid, $invites);
+		if (!$json['result'])
+			$json['error'] = 'database';
+		break;
+	}
+
+	$json['error'] = 'form';
+	break;
+
 	// Сброс пароля пользователя
 	case 'resetpass':
 	if (!$UserManager->isLogged())
@@ -962,7 +1012,7 @@ function getFloatCoord($coord)
 		$json['error'] = 'notfound';
 		break;
 	}
-	$json['pass'] = $UserManager->resetPass($_GET['login']);
+	$json['pass'] = $UserManager->admResetPass($_GET['login']);
 	if ($json['pass'] === false)
 	{
 		$json['error'] = 'database';