Move admin pages to Controller system

2076b209 · Scott · 0924669a · 2076b209 · 2076b209 · 2076b209
Commit 2076b209 authored Jul 31, 2020 by Scott
11 changed files
--- a/qa-include/app/routing.php
+++ b/qa-include/app/routing.php
@@ -46,9 +46,31 @@ function qa_controller_routing(Router $router)
 	$router->addRoute('GET', 'ip/{str}', "$ns\User\Ip", 'address', ['template' => 'ip']);
 	$router->addRoute('POST', 'ip/{str}', "$ns\User\Ip", 'address', ['template' => 'ip']);

-	$router->addRoute('GET', 'admin/stats', "$ns\Admin\Stats", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/userfields', "$ns\Admin\UserFields", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/userfields', "$ns\Admin\UserFields", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/usertitles', "$ns\Admin\UserTitles", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/usertitles', "$ns\Admin\UserTitles", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/layoutwidgets', "$ns\Admin\Widgets", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/layoutwidgets', "$ns\Admin\Widgets", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/categories', "$ns\Admin\Categories", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/categories', "$ns\Admin\Categories", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/pages', "$ns\Admin\Pages", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/pages', "$ns\Admin\Pages", 'index', ['template' => 'admin']);
+
 	$router->addRoute('GET', 'admin/points', "$ns\Admin\Points", 'index', ['template' => 'admin']);
 	$router->addRoute('POST', 'admin/points', "$ns\Admin\Points", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/stats', "$ns\Admin\Stats", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/plugins', "$ns\Admin\Plugins", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/plugins', "$ns\Admin\Plugins", 'index', ['template' => 'admin']);
+
+	$router->addRoute('GET', 'admin/moderate', "$ns\Admin\Moderate", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/moderate', "$ns\Admin\Moderate", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/flagged', "$ns\Admin\Flagged", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/flagged', "$ns\Admin\Flagged", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/hidden', "$ns\Admin\Hidden", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/hidden', "$ns\Admin\Hidden", 'index', ['template' => 'admin']);
+	$router->addRoute('GET', 'admin/approve', "$ns\Admin\Approve", 'index', ['template' => 'admin']);
+	$router->addRoute('POST', 'admin/approve', "$ns\Admin\Approve", 'index', ['template' => 'admin']);
 }

 /**
@@ -63,17 +85,7 @@ function qa_page_routing()
 		'account' => 'pages/account.php',
 		'activity/' => 'pages/activity.php',
 		'admin/' => 'pages/admin/admin-default.php',
-		'admin/approve' => 'pages/admin/admin-approve.php',
-		'admin/categories' => 'pages/admin/admin-categories.php',
-		'admin/flagged' => 'pages/admin/admin-flagged.php',
-		'admin/hidden' => 'pages/admin/admin-hidden.php',
-		'admin/layoutwidgets' => 'pages/admin/admin-widgets.php',
-		'admin/moderate' => 'pages/admin/admin-moderate.php',
-		'admin/pages' => 'pages/admin/admin-pages.php',
-		'admin/plugins' => 'pages/admin/admin-plugins.php',
 		'admin/recalc' => 'pages/admin/admin-recalc.php',
-		'admin/userfields' => 'pages/admin/admin-userfields.php',
-		'admin/usertitles' => 'pages/admin/admin-usertitles.php',
 		'answers/' => 'pages/answers.php',
 		'ask' => 'pages/ask.php',
 		'categories/' => 'pages/categories.php',

--- a/qa-include/pages/admin/admin-approve.php
+++ b/qa-include/pages/admin/admin-approve.php
@@ -3,9 +3,6 @@
 	Question2Answer by Gideon Greenspan and contributors
 	http://www.question2answer.org/

-	Description: Controller for admin page showing new users waiting for approval
-
-
 	This program is free software; you can redistribute it and/or
 	modify it under the terms of the GNU General Public License
 	as published by the Free Software Foundation; either version 2
@@ -19,118 +16,132 @@
 	More about this license: http://www.question2answer.org/license.php
 */

-if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
-	header('Location: ../../../');
-	exit;
-}
+namespace Q2A\Controllers\Admin;

-require_once QA_INCLUDE_DIR . 'app/admin.php';
-require_once QA_INCLUDE_DIR . 'db/admin.php';
+use Q2A\Controllers\BaseController;
+use Q2A\Database\DbConnection;
+use Q2A\Middleware\Auth\MinimumUserLevel;

+/**
+ * Controller for admin page showing new users waiting for approval.
+ */
+class Approve extends BaseController
+{
+	public function __construct(DbConnection $db)
+	{
+		require_once QA_INCLUDE_DIR . 'app/admin.php';
+		require_once QA_INCLUDE_DIR . 'db/admin.php';

-// Check we're not using single-sign on integration
+		parent::__construct($db);

-if (QA_FINAL_EXTERNAL_USERS)
-	qa_fatal_error('User accounts are handled by external code');
+		// Check we're not using single-sign on integration

+		if (QA_FINAL_EXTERNAL_USERS) {
+			qa_fatal_error('User accounts are handled by external code');
+		}
+	}

-// Find most flagged questions, answers, comments
+	public function index()
+	{
+		// Find most flagged questions, answers, comments

-$userid = qa_get_logged_in_userid();
+		$userid = qa_get_logged_in_userid();

-$users = qa_db_get_unapproved_users(qa_opt('page_size_users'));
-$userfields = qa_db_select_with_pending(qa_db_userfields_selectspec());
+		$users = qa_db_get_unapproved_users(qa_opt('page_size_users'));
+		$userfields = qa_db_select_with_pending(qa_db_userfields_selectspec());


-// Check admin privileges (do late to allow one DB query)
+		// Check admin privileges (do late to allow one DB query)

-if (qa_get_logged_in_level() < QA_USER_LEVEL_MODERATOR) {
-	$qa_content = qa_content_prepare();
-	$qa_content['error'] = qa_lang_html('users/no_permission');
-	return $qa_content;
-}
+		if (qa_get_logged_in_level() < QA_USER_LEVEL_MODERATOR) {
+			$qa_content = qa_content_prepare();
+			$qa_content['error'] = qa_lang_html('users/no_permission');
+			return $qa_content;
+		}


-// Check to see if any were approved or blocked here
+		// Check to see if any were approved or blocked here

-$pageerror = qa_admin_check_clicks();
+		$pageerror = qa_admin_check_clicks();


-// Prepare content for theme
+		// Prepare content for theme

-$qa_content = qa_content_prepare();
+		$qa_content = qa_content_prepare();

-$qa_content['title'] = qa_lang_html('admin/recent_users_title');
-$qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error();
+		$qa_content['title'] = qa_lang_html('admin/recent_users_title');
+		$qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error();

-$qa_content['message_list'] = array(
-	'form' => array(
-		'tags' => 'method="post" action="' . qa_self_html() . '"',
+		$qa_content['message_list'] = array(
+			'form' => array(
+				'tags' => 'method="post" action="' . qa_self_html() . '"',

-		'hidden' => array(
-			'code' => qa_get_form_security_code('admin/click'),
-		),
-	),
+				'hidden' => array(
+					'code' => qa_get_form_security_code('admin/click'),
+				),
+			),

-	'messages' => array(),
-);
+			'messages' => array(),
+		);


-if (count($users)) {
-	foreach ($users as $user) {
-		$message = array();
+		if (count($users)) {
+			foreach ($users as $user) {
+				$message = array();

-		$message['tags'] = 'id="p' . qa_html($user['userid']) . '"'; // use p prefix for qa_admin_click() in qa-admin.js
+				$message['tags'] = 'id="p' . qa_html($user['userid']) . '"'; // use p prefix for qa_admin_click() in qa-admin.js

-		$message['content'] = qa_lang_html('users/registered_label') . ' ' .
-			strtr(qa_lang_html('users/x_ago_from_y'), array(
-				'^1' => qa_time_to_string(qa_opt('db_time') - $user['created']),
-				'^2' => qa_ip_anchor_html(@inet_ntop($user['createip'])),
-			)) . '<br/>';
+				$message['content'] = qa_lang_html('users/registered_label') . ' ' .
+					strtr(qa_lang_html('users/x_ago_from_y'), array(
+						'^1' => qa_time_to_string(qa_opt('db_time') - $user['created']),
+						'^2' => qa_ip_anchor_html(@inet_ntop($user['createip'])),
+					)) . '<br/>';

-		$htmlemail = qa_html($user['email']);
+				$htmlemail = qa_html($user['email']);

-		$message['content'] .= qa_lang_html('users/email_label') . ' <a href="mailto:' . $htmlemail . '">' . $htmlemail . '</a>';
+				$message['content'] .= qa_lang_html('users/email_label') . ' <a href="mailto:' . $htmlemail . '">' . $htmlemail . '</a>';

-		if (qa_opt('confirm_user_emails')) {
-			$message['content'] .= '<small> - ' . qa_lang_html(($user['flags'] & QA_USER_FLAGS_EMAIL_CONFIRMED) ? 'users/email_confirmed' : 'users/email_not_confirmed') . '</small>';
-		}
+				if (qa_opt('confirm_user_emails')) {
+					$message['content'] .= '<small> - ' . qa_lang_html(($user['flags'] & QA_USER_FLAGS_EMAIL_CONFIRMED) ? 'users/email_confirmed' : 'users/email_not_confirmed') . '</small>';
+				}

-		foreach ($userfields as $userfield) {
-			if (strlen(@$user['profile'][$userfield['title']]))
-				$message['content'] .= '<br/>' . qa_html($userfield['content'] . ': ' . $user['profile'][$userfield['title']]);
-		}
+				foreach ($userfields as $userfield) {
+					if (strlen(@$user['profile'][$userfield['title']]))
+						$message['content'] .= '<br/>' . qa_html($userfield['content'] . ': ' . $user['profile'][$userfield['title']]);
+				}

-		$message['meta_order'] = qa_lang_html('main/meta_order');
-		$message['who']['data'] = qa_get_one_user_html($user['handle']);
+				$message['meta_order'] = qa_lang_html('main/meta_order');
+				$message['who']['data'] = qa_get_one_user_html($user['handle']);

-		$message['form'] = array(
-			'style' => 'light',
+				$message['form'] = array(
+					'style' => 'light',

-			'buttons' => array(
-				'approve' => array(
-					'tags' => 'name="admin_' . $user['userid'] . '_userapprove" onclick="return qa_admin_click(this);"',
-					'label' => qa_lang_html('question/approve_button'),
-					'popup' => qa_lang_html('admin/approve_user_popup'),
-				),
+					'buttons' => array(
+						'approve' => array(
+							'tags' => 'name="admin_' . $user['userid'] . '_userapprove" onclick="return qa_admin_click(this);"',
+							'label' => qa_lang_html('question/approve_button'),
+							'popup' => qa_lang_html('admin/approve_user_popup'),
+						),

-				'block' => array(
-					'tags' => 'name="admin_' . $user['userid'] . '_userblock" onclick="return qa_admin_click(this);"',
-					'label' => qa_lang_html('admin/block_button'),
-					'popup' => qa_lang_html('admin/block_user_popup'),
-				),
-			),
-		);
+						'block' => array(
+							'tags' => 'name="admin_' . $user['userid'] . '_userblock" onclick="return qa_admin_click(this);"',
+							'label' => qa_lang_html('admin/block_button'),
+							'popup' => qa_lang_html('admin/block_user_popup'),
+						),
+					),
+				);

-		$qa_content['message_list']['messages'][] = $message;
-	}
+				$qa_content['message_list']['messages'][] = $message;
+			}

-} else
-	$qa_content['title'] = qa_lang_html('admin/no_unapproved_found');
+		} else
+			$qa_content['title'] = qa_lang_html('admin/no_unapproved_found');


-$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
-$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;
+		$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
+		$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;


-return $qa_content;
+		return $qa_content;
+	}
+}
--- a/qa-include/pages/admin/admin-categories.php
+++ b/qa-include/pages/admin/admin-categories.php
--- a/qa-include/pages/admin/admin-flagged.php
+++ b/qa-include/pages/admin/admin-flagged.php
@@ -3,9 +3,6 @@
 	Question2Answer by Gideon Greenspan and contributors
 	http://www.question2answer.org/

-	Description: Controller for admin page showing posts with the most flags
-
-
 	This program is free software; you can redistribute it and/or
 	modify it under the terms of the GNU General Public License
 	as published by the Free Software Foundation; either version 2
@@ -19,119 +16,133 @@
 	More about this license: http://www.question2answer.org/license.php
 */

-if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
-	header('Location: ../../../');
-	exit;
-}
+namespace Q2A\Controllers\Admin;

-require_once QA_INCLUDE_DIR . 'app/admin.php';
-require_once QA_INCLUDE_DIR . 'db/selects.php';
-require_once QA_INCLUDE_DIR . 'app/format.php';
+use Q2A\Controllers\BaseController;
+use Q2A\Database\DbConnection;
+use Q2A\Middleware\Auth\MinimumUserLevel;

+/**
+ * Controller for admin page showing posts with the most flags.
+ */
+class Flagged extends BaseController
+{
+	public function __construct(DbConnection $db)
+	{
+		require_once QA_INCLUDE_DIR . 'app/admin.php';
+		require_once QA_INCLUDE_DIR . 'db/selects.php';
+		require_once QA_INCLUDE_DIR . 'app/format.php';
+
+		parent::__construct($db);
+	}

-// Find most flagged questions, answers, comments
+	public function index()
+	{
+		// Find most flagged questions, answers, comments

-$userid = qa_get_logged_in_userid();
+		$userid = qa_get_logged_in_userid();

-$questions = qa_db_select_with_pending(
-	qa_db_flagged_post_qs_selectspec($userid, 0, true)
-);
+		$questions = qa_db_select_with_pending(
+			qa_db_flagged_post_qs_selectspec($userid, 0, true)
+		);


-// Check admin privileges (do late to allow one DB query)
+		// Check admin privileges (do late to allow one DB query)

-if (qa_user_maximum_permit_error('permit_hide_show')) {
-	$qa_content = qa_content_prepare();
-	$qa_content['error'] = qa_lang_html('users/no_permission');
-	return $qa_content;
-}
+		if (qa_user_maximum_permit_error('permit_hide_show')) {
+			$qa_content = qa_content_prepare();
+			$qa_content['error'] = qa_lang_html('users/no_permission');
+			return $qa_content;
+		}


-// Check to see if any were cleared or hidden here
+		// Check to see if any were cleared or hidden here

-$pageerror = qa_admin_check_clicks();
+		$pageerror = qa_admin_check_clicks();


-// Remove questions the user has no permission to hide/show
+		// Remove questions the user has no permission to hide/show

-if (qa_user_permit_error('permit_hide_show')) { // if user not allowed to show/hide all posts
-	foreach ($questions as $index => $question) {
-		if (qa_user_post_permit_error('permit_hide_show', $question)) {
-			unset($questions[$index]);
+		if (qa_user_permit_error('permit_hide_show')) { // if user not allowed to show/hide all posts
+			foreach ($questions as $index => $question) {
+				if (qa_user_post_permit_error('permit_hide_show', $question)) {
+					unset($questions[$index]);
+				}
+			}
 		}
-	}
-}


-// Get information for users
+		// Get information for users

-$usershtml = qa_userids_handles_html(qa_any_get_userids_handles($questions));
+		$usershtml = qa_userids_handles_html(qa_any_get_userids_handles($questions));


-// Prepare content for theme
+		// Prepare content for theme

-$qa_content = qa_content_prepare();
+		$qa_content = qa_content_prepare();

-$qa_content['title'] = qa_lang_html('admin/most_flagged_title');
-$qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error();
+		$qa_content['title'] = qa_lang_html('admin/most_flagged_title');
+		$qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error();

-$qa_content['q_list'] = array(
-	'form' => array(
-		'tags' => 'method="post" action="' . qa_self_html() . '"',
+		$qa_content['q_list'] = array(
+			'form' => array(
+				'tags' => 'method="post" action="' . qa_self_html() . '"',

-		'hidden' => array(
-			'code' => qa_get_form_security_code('admin/click'),
-		),
-	),
+				'hidden' => array(
+					'code' => qa_get_form_security_code('admin/click'),
+				),
+			),

-	'qs' => array(),
-);
+			'qs' => array(),
+		);


-if (count($questions)) {
-	foreach ($questions as $question) {
-		$postid = qa_html(isset($question['opostid']) ? $question['opostid'] : $question['postid']);
-		$elementid = 'p' . $postid;
+		if (count($questions)) {
+			foreach ($questions as $question) {
+				$postid = qa_html(isset($question['opostid']) ? $question['opostid'] : $question['postid']);
+				$elementid = 'p' . $postid;

-		$htmloptions = qa_post_html_options($question);
-		$htmloptions['voteview'] = false;
-		$htmloptions['tagsview'] = ($question['obasetype'] == 'Q');
-		$htmloptions['answersview'] = false;
-		$htmloptions['viewsview'] = false;
-		$htmloptions['contentview'] = true;
-		$htmloptions['flagsview'] = true;
-		$htmloptions['elementid'] = $elementid;
+				$htmloptions = qa_post_html_options($question);
+				$htmloptions['voteview'] = false;
+				$htmloptions['tagsview'] = ($question['obasetype'] == 'Q');
+				$htmloptions['answersview'] = false;
+				$htmloptions['viewsview'] = false;
+				$htmloptions['contentview'] = true;
+				$htmloptions['flagsview'] = true;
+				$htmloptions['elementid'] = $elementid;

-		$htmlfields = qa_any_to_q_html_fields($question, $userid, qa_cookie_get(), $usershtml, null, $htmloptions);
+				$htmlfields = qa_any_to_q_html_fields($question, $userid, qa_cookie_get(), $usershtml, null, $htmloptions);

-		if (isset($htmlfields['what_url'])) // link directly to relevant content
-			$htmlfields['url'] = $htmlfields['what_url'];
+				if (isset($htmlfields['what_url'])) // link directly to relevant content
+					$htmlfields['url'] = $htmlfields['what_url'];

-		$htmlfields['form'] = array(
-			'style' => 'light',
+				$htmlfields['form'] = array(
+					'style' => 'light',

-			'buttons' => array(
-				'clearflags' => array(
-					'tags' => 'name="admin_' . $postid . '_clearflags" onclick="return qa_admin_click(this);"',
-					'label' => qa_lang_html('question/clear_flags_button'),
-				),
+					'buttons' => array(
+						'clearflags' => array(
+							'tags' => 'name="admin_' . $postid . '_clearflags" onclick="return qa_admin_click(this);"',
+							'label' => qa_lang_html('question/clear_flags_button'),
+						),

-				'hide' => array(
-					'tags' => 'name="admin_' . $postid . '_hide" onclick="return qa_admin_click(this);"',
-					'label' => qa_lang_html('question/hide_button'),
-				),
-			),
-		);
+						'hide' => array(
+							'tags' => 'name="admin_' . $postid . '_hide" onclick="return qa_admin_click(this);"',
+							'label' => qa_lang_html('question/hide_button'),
+						),
+					),
+				);

-		$qa_content['q_list']['qs'][] = $htmlfields;
-	}
+				$qa_content['q_list']['qs'][] = $htmlfields;
+			}

-} else
-	$qa_content['title'] = qa_lang_html('admin/no_flagged_found');
+		} else
+			$qa_content['title'] = qa_lang_html('admin/no_flagged_found');


-$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
-$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;
+		$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
+		$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;


-return $qa_content;
+		return $qa_content;
+	}
+}
--- a/qa-include/pages/admin/admin-hidden.php
+++ b/qa-include/pages/admin/admin-hidden.php
--- a/qa-include/pages/admin/admin-moderate.php
+++ b/qa-include/pages/admin/admin-moderate.php
@@ -3,9 +3,6 @@
 	Question2Answer by Gideon Greenspan and contributors
 	http://www.question2answer.org/

-	Description: Controller for admin page showing questions, answers and comments waiting for approval
-
-
 	This program is free software; you can redistribute it and/or
 	modify it under the terms of the GNU General Public License
 	as published by the Free Software Foundation; either version 2
@@ -19,141 +16,155 @@
 	More about this license: http://www.question2answer.org/license.php
 */

-if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
-	header('Location: ../../../');
-	exit;
-}
-
-require_once QA_INCLUDE_DIR . 'app/admin.php';
-require_once QA_INCLUDE_DIR . 'db/selects.php';
-require_once QA_INCLUDE_DIR . 'app/format.php';
-
-
-// Find queued questions, answers, comments
-
-$userid = qa_get_logged_in_userid();
+namespace Q2A\Controllers\Admin;

-list($queuedquestions, $queuedanswers, $queuedcomments) = qa_db_select_with_pending(
-	qa_db_qs_selectspec($userid, 'created', 0, null, null, 'Q_QUEUED', true),
-	qa_db_recent_a_qs_selectspec($userid, 0, null, null, 'A_QUEUED', true),
-	qa_db_recent_c_qs_selectspec($userid, 0, null, null, 'C_QUEUED', true)
-);
+use Q2A\Controllers\BaseController;
+use Q2A\Database\DbConnection;
+use Q2A\Middleware\Auth\MinimumUserLevel;

+/**
+ * Controller for admin page showing questions, answers and comments waiting for approval.
+ */
+class Moderate extends BaseController
+{
+	public function __construct(DbConnection $db)
+	{
+		require_once QA_INCLUDE_DIR . 'app/admin.php';
+		require_once QA_INCLUDE_DIR . 'db/selects.php';
+		require_once QA_INCLUDE_DIR . 'app/format.php';

-// Check admin privileges (do late to allow one DB query)
-
-if (qa_user_maximum_permit_error('permit_moderate')) {
-	$qa_content = qa_content_prepare();
-	$qa_content['error'] = qa_lang_html('users/no_permission');
-	return $qa_content;
-}
-
+		parent::__construct($db);
+	}

-// Check to see if any were approved/rejected here
+	public function index()
+	{
+		// Find queued questions, answers, comments

-$pageerror = qa_admin_check_clicks();
+		$userid = qa_get_logged_in_userid();

+		list($queuedquestions, $queuedanswers, $queuedcomments) = qa_db_select_with_pending(
+			qa_db_qs_selectspec($userid, 'created', 0, null, null, 'Q_QUEUED', true),
+			qa_db_recent_a_qs_selectspec($userid, 0, null, null, 'A_QUEUED', true),
+			qa_db_recent_c_qs_selectspec($userid, 0, null, null, 'C_QUEUED', true)
+		);

-// Combine sets of questions and remove those this user has no permission to moderate

-$questions = qa_any_sort_by_date(array_merge($queuedquestions, $queuedanswers, $queuedcomments));
-
-if (qa_user_permit_error('permit_moderate')) { // if user not allowed to moderate all posts
-	foreach ($questions as $index => $question) {
-		if (qa_user_post_permit_error('permit_moderate', $question))
-			unset($questions[$index]);
-	}
-}
+		// Check admin privileges (do late to allow one DB query)

+		if (qa_user_maximum_permit_error('permit_moderate')) {
+			$qa_content = qa_content_prepare();
+			$qa_content['error'] = qa_lang_html('users/no_permission');
+			return $qa_content;
+		}

-// Get information for users

-$usershtml = qa_userids_handles_html(qa_any_get_userids_handles($questions));
+		// Check to see if any were approved/rejected here

+		$pageerror = qa_admin_check_clicks();

-// Prepare content for theme

-$qa_content = qa_content_prepare();
+		// Combine sets of questions and remove those this user has no permission to moderate

-$qa_content['title'] = qa_lang_html('admin/recent_approve_title');
-$qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error();
+		$questions = qa_any_sort_by_date(array_merge($queuedquestions, $queuedanswers, $queuedcomments));

-$qa_content['q_list'] = array(
-	'form' => array(
-		'tags' => 'method="post" action="' . qa_self_html() . '"',
+		if (qa_user_permit_error('permit_moderate')) { // if user not allowed to moderate all posts
+			foreach ($questions as $index => $question) {
+				if (qa_user_post_permit_error('permit_moderate', $question))
+					unset($questions[$index]);
+			}
+		}

-		'hidden' => array(
-			'code' => qa_get_form_security_code('admin/click'),
-		),
-	),

-	'qs' => array(),
-);
+		// Get information for users

-if (count($questions)) {
-	foreach ($questions as $question) {
-		$postid = qa_html(isset($question['opostid']) ? $question['opostid'] : $question['postid']);
-		$elementid = 'p' . $postid;
+		$usershtml = qa_userids_handles_html(qa_any_get_userids_handles($questions));

-		$htmloptions = qa_post_html_options($question);
-		$htmloptions['voteview'] = false;
-		$htmloptions['tagsview'] = !isset($question['opostid']);
-		$htmloptions['answersview'] = false;
-		$htmloptions['viewsview'] = false;
-		$htmloptions['contentview'] = true;
-		$htmloptions['elementid'] = $elementid;

-		$htmlfields = qa_any_to_q_html_fields($question, $userid, qa_cookie_get(), $usershtml, null, $htmloptions);
+		// Prepare content for theme

-		if (isset($htmlfields['what_url'])) // link directly to relevant content
-			$htmlfields['url'] = $htmlfields['what_url'];
+		$qa_content = qa_content_prepare();

-		$posttype = qa_strtolower(isset($question['obasetype']) ? $question['obasetype'] : $question['basetype']);
-		switch ($posttype) {
-			case 'q':
-			default:
-				$approveKey = 'question/approve_q_popup';
-				$rejectKey = 'question/reject_q_popup';
-				break;
-			case 'a':
-				$approveKey = 'question/approve_a_popup';
-				$rejectKey = 'question/reject_a_popup';
-				break;
-			case 'c':
-				$approveKey = 'question/approve_c_popup';
-				$rejectKey = 'question/reject_c_popup';
-				break;
-		}
+		$qa_content['title'] = qa_lang_html('admin/recent_approve_title');
+		$qa_content['error'] = isset($pageerror) ? $pageerror : qa_admin_page_error();

-		$htmlfields['form'] = array(
-			'style' => 'light',
+		$qa_content['q_list'] = array(
+			'form' => array(
+				'tags' => 'method="post" action="' . qa_self_html() . '"',

-			'buttons' => array(
-				// Possible values for popup: approve_q_popup, approve_a_popup, approve_c_popup
-				'approve' => array(
-					'tags' => 'name="admin_' . $postid . '_approve" onclick="return qa_admin_click(this);"',
-					'label' => qa_lang_html('question/approve_button'),
-					'popup' => qa_lang_html($approveKey),
-				),
-
-				// Possible values for popup: reject_q_popup, reject_a_popup, reject_c_popup
-				'reject' => array(
-					'tags' => 'name="admin_' . $postid . '_reject" onclick="return qa_admin_click(this);"',
-					'label' => qa_lang_html('question/reject_button'),
-					'popup' => qa_lang_html($rejectKey),
+				'hidden' => array(
+					'code' => qa_get_form_security_code('admin/click'),
 				),
 			),
+
+			'qs' => array(),
 		);

-		$qa_content['q_list']['qs'][] = $htmlfields;
+		if (count($questions)) {
+			foreach ($questions as $question) {
+				$postid = qa_html(isset($question['opostid']) ? $question['opostid'] : $question['postid']);
+				$elementid = 'p' . $postid;
+
+				$htmloptions = qa_post_html_options($question);
+				$htmloptions['voteview'] = false;
+				$htmloptions['tagsview'] = !isset($question['opostid']);
+				$htmloptions['answersview'] = false;
+				$htmloptions['viewsview'] = false;
+				$htmloptions['contentview'] = true;
+				$htmloptions['elementid'] = $elementid;
+
+				$htmlfields = qa_any_to_q_html_fields($question, $userid, qa_cookie_get(), $usershtml, null, $htmloptions);
+
+				if (isset($htmlfields['what_url'])) // link directly to relevant content
+					$htmlfields['url'] = $htmlfields['what_url'];
+
+				$posttype = qa_strtolower(isset($question['obasetype']) ? $question['obasetype'] : $question['basetype']);
+				switch ($posttype) {
+					case 'q':
+					default:
+						$approveKey = 'question/approve_q_popup';
+						$rejectKey = 'question/reject_q_popup';
+						break;
+					case 'a':
+						$approveKey = 'question/approve_a_popup';
+						$rejectKey = 'question/reject_a_popup';
+						break;
+					case 'c':
+						$approveKey = 'question/approve_c_popup';
+						$rejectKey = 'question/reject_c_popup';
+						break;
+				}
+
+				$htmlfields['form'] = array(
+					'style' => 'light',
+
+					'buttons' => array(
+						// Possible values for popup: approve_q_popup, approve_a_popup, approve_c_popup
+						'approve' => array(
+							'tags' => 'name="admin_' . $postid . '_approve" onclick="return qa_admin_click(this);"',
+							'label' => qa_lang_html('question/approve_button'),
+							'popup' => qa_lang_html($approveKey),
+						),
+
+						// Possible values for popup: reject_q_popup, reject_a_popup, reject_c_popup
+						'reject' => array(
+							'tags' => 'name="admin_' . $postid . '_reject" onclick="return qa_admin_click(this);"',
+							'label' => qa_lang_html('question/reject_button'),
+							'popup' => qa_lang_html($rejectKey),
+						),
+					),
+				);
+
+				$qa_content['q_list']['qs'][] = $htmlfields;
+			}
+
+		} else
+			$qa_content['title'] = qa_lang_html('admin/no_approve_found');
+
+
+		$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
+		$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;
+
+
+		return $qa_content;
 	}
-
-} else
-	$qa_content['title'] = qa_lang_html('admin/no_approve_found');
-
-
-$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
-$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;
-
-
-return $qa_content;
+}
--- a/qa-include/pages/admin/admin-pages.php
+++ b/qa-include/pages/admin/admin-pages.php
--- a/qa-include/pages/admin/admin-plugins.php
+++ b/qa-include/pages/admin/admin-plugins.php
--- a/qa-include/pages/admin/admin-userfields.php
+++ b/qa-include/pages/admin/admin-userfields.php
--- a/qa-include/pages/admin/admin-usertitles.php
+++ b/qa-include/pages/admin/admin-usertitles.php
@@ -3,9 +3,6 @@
 	Question2Answer by Gideon Greenspan and contributors
 	http://www.question2answer.org/

-	Description: Controller for admin page for editing custom user titles
-
-
 	This program is free software; you can redistribute it and/or
 	modify it under the terms of the GNU General Public License
 	as published by the Free Software Foundation; either version 2
@@ -19,162 +16,178 @@
 	More about this license: http://www.question2answer.org/license.php
 */

-if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser
-	header('Location: ../../../');
-	exit;
-}
+namespace Q2A\Controllers\Admin;

-require_once QA_INCLUDE_DIR . 'app/admin.php';
-require_once QA_INCLUDE_DIR . 'db/selects.php';
+use Q2A\Controllers\BaseController;
+use Q2A\Database\DbConnection;
+use Q2A\Middleware\Auth\MinimumUserLevel;

+/**
+ * Controller for admin page for editing custom user titles.
+ */
+class UserTitles extends BaseController
+{
+	public function __construct(DbConnection $db)
+	{
+		require_once QA_INCLUDE_DIR . 'app/admin.php';
+		require_once QA_INCLUDE_DIR . 'db/selects.php';

-// Get current list of user titles and determine the state of this admin page
+		parent::__construct($db);

-$oldpoints = qa_post_text('edit');
-if (!isset($oldpoints))
-	$oldpoints = qa_get('edit');
+		$this->addMiddleware(new MinimumUserLevel(QA_USER_LEVEL_ADMIN));
+	}

-$pointstitle = qa_get_points_to_titles();
+	public function index()
+	{
+		// Get current list of user titles and determine the state of this admin page

+		$oldpoints = qa_post_text('edit');
+		if (!isset($oldpoints))
+			$oldpoints = qa_get('edit');

-// Check admin privileges (do late to allow one DB query)
+		$pointstitle = qa_get_points_to_titles();

-if (!qa_admin_check_privileges($qa_content))
-	return $qa_content;

+		// Check admin privileges (do late to allow one DB query)

-// Process saving an old or new user title
+		if (!qa_admin_check_privileges($qa_content))
+			return $qa_content;

-$securityexpired = false;

-if (qa_clicked('docancel'))
-	qa_redirect('admin/users');
+		// Process saving an old or new user title

-elseif (qa_clicked('dosavetitle')) {
-	require_once QA_INCLUDE_DIR . 'util/string.php';
+		$securityexpired = false;

-	if (!qa_check_form_security_code('admin/usertitles', qa_post_text('code')))
-		$securityexpired = true;
+		if (qa_clicked('docancel'))
+			qa_redirect('admin/users');

-	else {
-		if (qa_post_text('dodelete')) {
-			unset($pointstitle[$oldpoints]);
+		elseif (qa_clicked('dosavetitle')) {
+			require_once QA_INCLUDE_DIR . 'util/string.php';

-		} else {
-			$intitle = qa_post_text('title');
-			$inpoints = qa_post_text('points');
+			if (!qa_check_form_security_code('admin/usertitles', qa_post_text('code')))
+				$securityexpired = true;

-			$errors = array();
+			else {
+				if (qa_post_text('dodelete')) {
+					unset($pointstitle[$oldpoints]);

-			// Verify the title and points are legitimate
+				} else {
+					$intitle = qa_post_text('title');
+					$inpoints = qa_post_text('points');

-			if (!strlen($intitle))
-				$errors['title'] = qa_lang('main/field_required');
+					$errors = array();

-			if (!is_numeric($inpoints))
-				$errors['points'] = qa_lang('main/field_required');
-			else {
-				$inpoints = (int)$inpoints;
+					// Verify the title and points are legitimate

-				if (isset($pointstitle[$inpoints]) && ((!strlen(@$oldpoints)) || ($inpoints != $oldpoints)))
-					$errors['points'] = qa_lang('admin/title_already_used');
-			}
+					if (!strlen($intitle))
+						$errors['title'] = qa_lang('main/field_required');

-			// Perform appropriate action
+					if (!is_numeric($inpoints))
+						$errors['points'] = qa_lang('main/field_required');
+					else {
+						$inpoints = (int)$inpoints;

-			if (isset($pointstitle[$oldpoints])) { // changing existing user title
-				$newpoints = isset($errors['points']) ? $oldpoints : $inpoints;
-				$newtitle = isset($errors['title']) ? $pointstitle[$oldpoints] : $intitle;
+						if (isset($pointstitle[$inpoints]) && ((!strlen(@$oldpoints)) || ($inpoints != $oldpoints)))
+							$errors['points'] = qa_lang('admin/title_already_used');
+					}

-				unset($pointstitle[$oldpoints]);
-				$pointstitle[$newpoints] = $newtitle;
+					// Perform appropriate action

-			} elseif (empty($errors)) // creating a new user title
-				$pointstitle[$inpoints] = $intitle;
-		}
+					if (isset($pointstitle[$oldpoints])) { // changing existing user title
+						$newpoints = isset($errors['points']) ? $oldpoints : $inpoints;
+						$newtitle = isset($errors['title']) ? $pointstitle[$oldpoints] : $intitle;

-		// Save the new option value
+						unset($pointstitle[$oldpoints]);
+						$pointstitle[$newpoints] = $newtitle;

-		krsort($pointstitle, SORT_NUMERIC);
+					} elseif (empty($errors)) // creating a new user title
+						$pointstitle[$inpoints] = $intitle;
+				}

-		$option = '';
-		foreach ($pointstitle as $points => $title)
-			$option .= (strlen($option) ? ',' : '') . $points . ' ' . $title;
+				// Save the new option value

-		qa_set_option('points_to_titles', $option);
+				krsort($pointstitle, SORT_NUMERIC);

-		if (empty($errors))
-			qa_redirect('admin/users');
-	}
-}
+				$option = '';
+				foreach ($pointstitle as $points => $title)
+					$option .= (strlen($option) ? ',' : '') . $points . ' ' . $title;

+				qa_set_option('points_to_titles', $option);

-// Prepare content for theme
-
-$qa_content = qa_content_prepare();
-
-$qa_content['title'] = qa_lang_html('admin/admin_title') . ' - ' . qa_lang_html('admin/users_title');
-$qa_content['error'] = $securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error();
-
-$qa_content['form'] = array(
-	'tags' => 'method="post" action="' . qa_path_html(qa_request()) . '"',
-
-	'style' => 'tall',
-
-	'fields' => array(
-		'title' => array(
-			'tags' => 'name="title" id="title"',
-			'label' => qa_lang_html('admin/user_title'),
-			'value' => qa_html(isset($intitle) ? $intitle : @$pointstitle[$oldpoints]),
-			'error' => qa_html(@$errors['title']),
-		),
-
-		'delete' => array(
-			'tags' => 'name="dodelete" id="dodelete"',
-			'label' => qa_lang_html('admin/delete_title'),
-			'value' => 0,
-			'type' => 'checkbox',
-		),
-
-		'points' => array(
-			'id' => 'points_display',
-			'tags' => 'name="points"',
-			'label' => qa_lang_html('admin/points_required'),
-			'type' => 'number',
-			'value' => qa_html(isset($inpoints) ? $inpoints : @$oldpoints),
-			'error' => qa_html(@$errors['points']),
-		),
-	),
-
-	'buttons' => array(
-		'save' => array(
-			'label' => qa_lang_html(isset($pointstitle[$oldpoints]) ? 'main/save_button' : ('admin/add_title_button')),
-		),
-
-		'cancel' => array(
-			'tags' => 'name="docancel"',
-			'label' => qa_lang_html('main/cancel_button'),
-		),
-	),
-
-	'hidden' => array(
-		'dosavetitle' => '1', // for IE
-		'edit' => @$oldpoints,
-		'code' => qa_get_form_security_code('admin/usertitles'),
-	),
-);
-
-if (isset($pointstitle[$oldpoints])) {
-	qa_set_display_rules($qa_content, array(
-		'points_display' => '!dodelete',
-	));
-} else {
-	unset($qa_content['form']['fields']['delete']);
-}
+				if (empty($errors))
+					qa_redirect('admin/users');
+			}
+		}

-$qa_content['focusid'] = 'title';

-$qa_content['navigation']['sub'] = qa_admin_sub_navigation();
+		// Prepare content for theme
+
+		$qa_content = qa_content_prepare();
+
+		$qa_content['title'] = qa_lang_html('admin/admin_title') . ' - ' . qa_lang_html('admin/users_title');
+		$qa_content['error'] = $securityexpired ? qa_lang_html('admin/form_security_expired') : qa_admin_page_error();
+
+		$qa_content['form'] = array(
+			'tags' => 'method="post" action="' . qa_path_html(qa_request()) . '"',
+
+			'style' => 'tall',
+
+			'fields' => array(
+				'title' => array(
+					'tags' => 'name="title" id="title"',
+					'label' => qa_lang_html('admin/user_title'),
+					'value' => qa_html(isset($intitle) ? $intitle : @$pointstitle[$oldpoints]),
+					'error' => qa_html(@$errors['title']),
+				),
+
+				'delete' => array(
+					'tags' => 'name="dodelete" id="dodelete"',
+					'label' => qa_lang_html('admin/delete_title'),
+					'value' => 0,
+					'type' => 'checkbox',
+				),
+
+				'points' => array(
+					'id' => 'points_display',
+					'tags' => 'name="points"',
+					'label' => qa_lang_html('admin/points_required'),
+					'type' => 'number',
+					'value' => qa_html(isset($inpoints) ? $inpoints : @$oldpoints),
+					'error' => qa_html(@$errors['points']),
+				),
+			),
+
+			'buttons' => array(
+				'save' => array(
+					'label' => qa_lang_html(isset($pointstitle[$oldpoints]) ? 'main/save_button' : ('admin/add_title_button')),
+				),
+
+				'cancel' => array(
+					'tags' => 'name="docancel"',
+					'label' => qa_lang_html('main/cancel_button'),
+				),
+			),
+
+			'hidden' => array(
+				'dosavetitle' => '1', // for IE
+				'edit' => @$oldpoints,
+				'code' => qa_get_form_security_code('admin/usertitles'),
+			),
+		);
+
+		if (isset($pointstitle[$oldpoints])) {
+			qa_set_display_rules($qa_content, array(
+				'points_display' => '!dodelete',
+			));
+		} else {
+			unset($qa_content['form']['fields']['delete']);
+		}
+
+		$qa_content['focusid'] = 'title';
+
+		$qa_content['navigation']['sub'] = qa_admin_sub_navigation();


-return $qa_content;
+		return $qa_content;
+	}
+}
--- a/qa-include/pages/admin/admin-widgets.php
+++ b/qa-include/pages/admin/admin-widgets.php