79 lines
2 KiB
PHP
79 lines
2 KiB
PHP
|
<?php session_start();
|
||
|
|
||
|
include "config.php";
|
||
|
include "core.php";
|
||
|
|
||
|
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||
|
header('Location: login.php?redir=admin');
|
||
|
die();
|
||
|
} else if ($_SESSION['type'] != 2) { // not allowed
|
||
|
header('Location: /');
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
$AdminIsPrimary = 0;
|
||
|
$UserIsPrimary = 0;
|
||
|
$AuthorizedRemoval = 0;
|
||
|
$Removed = 0;
|
||
|
$Redirect = "";
|
||
|
$id = 0;
|
||
|
$type = 0;
|
||
|
|
||
|
if (isset($_REQUEST['id'])) {
|
||
|
$id = htmlspecialchars($_REQUEST['id']);
|
||
|
} else {
|
||
|
print "No ID specified.";
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
if (isset($_REQUEST['type'])) {
|
||
|
$type = htmlspecialchars($_REQUEST['type']);
|
||
|
} else {
|
||
|
print "No type specified, is not safe to delete.";
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
if (isset($_REQUEST['redir'])) {
|
||
|
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||
|
}
|
||
|
|
||
|
$Database = createTables($sqlDB);
|
||
|
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||
|
|
||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||
|
if ($line['usertype'] == 2 && $line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "") {
|
||
|
$AuthorizedRemoval = 1;
|
||
|
$AdminIsPrimary = $line['primaryadmin'];
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// not authorized
|
||
|
if ($AuthorizedRemoval != 1) {
|
||
|
header('Location: /');
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||
|
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) {
|
||
|
if ($AuthorizedRemoval == 1 && (($AdminIsPrimary == 1 && $line['id'] == 2) || $line['id'] != 2)) {
|
||
|
$Database->exec("DELETE FROM users WHERE id='$id'");
|
||
|
$Removed = 1;
|
||
|
} else {
|
||
|
print "You aren't authorized to perform this action.";
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($Redirect == "admin") {
|
||
|
header("Location: admin.php?action=users");
|
||
|
} else {
|
||
|
header("Location: /");
|
||
|
}
|
||
|
|
||
|
?>
|