From 77d5aef39cb59decc75963eae67a081ae1233d0d Mon Sep 17 00:00:00 2001
From: Stanislav Dmitriev <dmistas@mail.ru>
Date: Tue, 2 Feb 2021 15:18:44 +0500
Subject: [PATCH] added deleting user

---
 delete.php        | 39 ++++++++++++++++++++++++++++++
 functions.php     | 61 +++++++++++++++++++++++++++++++++++++++++++----
 logout.php        |  5 +---
 page_register.php | 12 ++++++----
 security.php      |  2 +-
 test.php          |  2 +-
 users.php         |  2 +-
 7 files changed, 107 insertions(+), 16 deletions(-)
 create mode 100644 delete.php

diff --git a/delete.php b/delete.php
new file mode 100644
index 0000000..38287f1
--- /dev/null
+++ b/delete.php
@@ -0,0 +1,39 @@
+<?php
+session_start();
+include_once 'functions.php';
+// если не авторизован, перенаправляем на login
+if (is_not_logged_in()) {
+    redirect_to('page_login.php');
+    exit();
+}
+
+$user_id = $_GET['id'];
+// Есть ли права на редактирование
+if (!is_admin() && $user_id !== $_SESSION['user']['id']) {
+    set_flash_message('danger', 'Недостаточно прав для редактирования');
+    redirect_to('users.php');
+    exit();
+}
+// Формируем путь для редиректа
+$redirect_path = ($user_id == $_SESSION['user']['id']) ? "page_register.php" : "users.php";
+
+// Удаляем изображение аватара
+$img_path = get_user_by_id($user_id)['img'];
+delete_img($img_path);
+
+$is_deleted_user = delete_user($user_id);
+if (!$is_deleted_user) {
+    set_flash_message('danger', 'Ошибка при удалении');
+    redirect_to('users.php');
+    exit();
+}
+
+// Усли не админ, закрываем сессию
+if (!is_admin()) {
+    logout();
+}
+
+set_flash_message('success', 'Пользователь был удален');
+redirect_to($redirect_path);
+
+
diff --git a/functions.php b/functions.php
index c164f9f..6b3e2b0 100644
--- a/functions.php
+++ b/functions.php
@@ -53,7 +53,8 @@ function create_upload_file_name(array $file)
  *
  * @return boolean
  */
-function has_image(string $image_path){
+function has_image(string $image_path)
+{
     return file_exists($image_path);
 }
 
@@ -80,6 +81,41 @@ function upload_avatar(int $user_id, array $img)
     return false;
 }
 
+/**
+ * Удаление изображения пользователя
+ *
+ * @param string $img_path
+ *
+ * @return boolean
+ */
+function delete_img(string $img_path): bool
+{
+    if (has_image($img_path)) {
+        return unlink($img_path);
+    }
+    return false;
+}
+
+/**
+ * Удалить пользователя по id
+ *
+ * @param int $user_id
+ *
+ * @return boolean
+ */
+function delete_user(int $user_id)
+{
+    global $pdo;
+    $query = "DELETE FROM users
+              WHERE  id = :id";
+    $params = [
+        'id' => intval($user_id),
+    ];
+    $statement = $pdo->prepare($query);
+    $statement->execute($params);
+    return boolval($statement);
+}
+
 /**
  * Записать в БД путь до изображения аватара
  *
@@ -94,7 +130,7 @@ function set_avatar_path(int $user_id, string $path)
     $query = "UPDATE users SET img=:img
               WHERE  id = :id";
     $params = [
-        'id' => $user_id,
+        'id' => intval($user_id),
         'img' => $path,
     ];
     $statement = $pdo->prepare($query);
@@ -139,8 +175,9 @@ function set_status(int $user_id, string $status)
  *
  * @return boolean
  */
-function is_valid_passwords(string $password, string $confirmed_password){
-    return ($password===$confirmed_password)&&!empty($password);
+function is_valid_passwords(string $password, string $confirmed_password)
+{
+    return ($password === $confirmed_password) && !empty($password);
 }
 
 /**
@@ -153,7 +190,8 @@ function is_valid_passwords(string $password, string $confirmed_password){
  *
  * @return boolean
  */
-function edit_credentials(int $user_id, string $email, string $password){
+function edit_credentials(int $user_id, string $email, string $password)
+{
     global $pdo;
 
     $query = "UPDATE users SET email=:email, password=:password
@@ -218,6 +256,19 @@ function is_not_logged_in()
     return (!isset($_SESSION['user']) && empty($_SESSION['user']));
 }
 
+/**
+ * Функция выхода из аккаунта
+ *
+ * @return void
+ */
+function logout()
+{
+    if (isset($_SESSION['user']))
+        unset($_SESSION['user']);
+    session_destroy();
+}
+
+
 /**
  * Функция авторизации пользователя
  *
diff --git a/logout.php b/logout.php
index 93287c7..a7910c7 100644
--- a/logout.php
+++ b/logout.php
@@ -1,9 +1,6 @@
 <?php
 session_start();
 include_once 'functions.php';
-if (isset($_SESSION['user'])) {
-    unset($_SESSION['user']);
-    session_destroy();
-}
+logout();
 redirect_to('page_login.php');
 
diff --git a/page_register.php b/page_register.php
index bdfbcdc..9486410 100644
--- a/page_register.php
+++ b/page_register.php
@@ -65,11 +65,15 @@
                             </h2>
                         </div>
                         <div class="col-xl-6 ml-auto mr-auto">
+                            <?php
+                            if (isset($_SESSION['success'])) {
+                                display_flash_message("success");
+                            }
+                            if (isset($_SESSION['danger'])) {
+                                display_flash_message("danger");
+                            }
+                            ?>
                             <div class="card p-4 rounded-plus bg-faded">
-                                <?php
-                                if (isset($_SESSION['danger'])) {
-                                    display_flash_message("danger");
-                                } ?>
                                 <form id="js-login" novalidate="" action="register.php" method="post">
                                     <div class="form-group">
                                         <label class="form-label" for="emailverify">Email</label>
diff --git a/security.php b/security.php
index b289578..a5640d0 100644
--- a/security.php
+++ b/security.php
@@ -7,7 +7,7 @@
     exit();
 }
 // Есть ли права на редактирование
-if (!is_admin() ?? $_POST['id'] !== $_SESSION['user']['id']) {
+if (!is_admin() && $_POST['id'] !== $_SESSION['user']['id']) {
     set_flash_message('danger', 'Недостаточно прав для редактирования');
     redirect_to('users.php');
     exit();
diff --git a/test.php b/test.php
index 7786d6a..671530c 100644
--- a/test.php
+++ b/test.php
@@ -2,4 +2,4 @@
 // этот файл не участвует в работе сайта
 session_start();
 include_once 'functions.php';
-echo is_valid_passwords("1","1");
\ No newline at end of file
+d(get_user_by_id(42));
\ No newline at end of file
diff --git a/users.php b/users.php
index e355a7c..824e7c2 100644
--- a/users.php
+++ b/users.php
@@ -107,7 +107,7 @@ class="fs-xl text-truncate text-truncate-lg text-info">
                                         <i class="fa fa-camera"></i>
                                         Загрузить аватар
                                     </a>
-                                    <a href="index.php?delete&id=<?= $user['id'] ?>" class="dropdown-item"
+                                    <a href="delete.php?delete&id=<?= $user['id'] ?>" class="dropdown-item"
                                        onclick="return confirm('are you sure?');">
                                         <i class="fa fa-window-close"></i>
                                         Удалить