-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathuser_removal.php
125 lines (95 loc) · 4.92 KB
/
user_removal.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
// Project: Web Reference Database (refbase) <http://www.refbase.net>
// Copyright: Matthias Steffens <mailto:refbase@extracts.de> and the file's
// original author(s).
//
// This code is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY. Please see the GNU General Public
// License for more details.
//
// File: ./user_removal.php
// Repository: $HeadURL$
// Author(s): Matthias Steffens <mailto:refbase@extracts.de>
//
// Created: 16-Apr-02, 10:54
// Modified: $Date$
// $Author$
// $Revision$
// This script deletes a user from the 'users' and 'auth' tables.
// The script can be only called by the admin. If the removal succeeds, it redirects to 'users.php'.
// Note that there's no further verification! If you clicked 'Delete User' on 'user_receipt.php' the user will be killed immediately.
// Incorporate some include files:
include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password
include 'includes/include.inc.php'; // include common functions
include 'initialize/ini.inc.php'; // include common variables
// --------------------------------------------------------------------
// START A SESSION:
// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
start_session(true);
// Extract the 'userID' parameter from the request:
if (isset($_REQUEST['userID']))
$userID = $_REQUEST['userID'];
else
$userID = "";
// Check if the admin is logged in
if (!(isset($_SESSION['loginEmail']) && ($loginEmail == $adminLoginEmail))) // ('$adminLoginEmail' is specified in 'ini.inc.php')
{
// save an error message:
$HeaderString = "<b><span class=\"warning\">You must be logged in as admin to remove any users!</span></b>";
// save the URL of the currently displayed page:
$referer = $_SERVER['HTTP_REFERER'];
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("referer", $referer);
header("Location: index.php");
exit;
}
// Check the correct parameters have been passed
if (empty($userID))
{
// save an error message:
$HeaderString = "<b><span class=\"warning\">Incorrect parameters to script 'user_removal.php'!</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php'
// Redirect the browser back to the calling page
header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
exit;
}
// --------------------------------------------------------------------
// CONSTRUCT SQL QUERY:
// If the admin is logged in:
if (isset($_SESSION['loginEmail']) && ($loginEmail == $adminLoginEmail)) // -> perform a delete action:
{
// DELETE - construct queries to delete the relevant record(s)
// ... from the users table:
$queryArray[] = "DELETE FROM $tableUsers WHERE user_id = " . quote_smart($userID);
// ... from the auth table:
$queryArray[] = "DELETE FROM $tableAuth WHERE user_id = " . quote_smart($userID);
// ... from the user_permissions table:
$queryArray[] = "DELETE FROM $tableUserPermissions WHERE user_id =" . quote_smart($userID);
// ... from the user_formats table:
$queryArray[] = "DELETE FROM $tableUserFormats WHERE user_id =" . quote_smart($userID);
// ... from the user_styles table:
$queryArray[] = "DELETE FROM $tableUserStyles WHERE user_id =" . quote_smart($userID);
// ... from the user_types table:
$queryArray[] = "DELETE FROM $tableUserTypes WHERE user_id =" . quote_smart($userID);
// ... from the user_options table:
$queryArray[] = "DELETE FROM $tableUserOptions WHERE user_id =" . quote_smart($userID);
}
// --------------------------------------------------------------------
// (1) OPEN CONNECTION, (2) SELECT DATABASE
connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php'
// (3) RUN the queries on the database through the connection:
foreach($queryArray as $query)
$result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// ----------------------------------------------
// (4) File a message and go back to the list of users:
// save an informative message:
$HeaderString = "User was deleted successfully!";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php'
header("Location: users.php"); // re-direct to the list of users
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
// --------------------------------------------------------------------
?>