Refbase
/
Refbase2X
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
1.9 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Refbase2X/user_removal.php

127 lines
5.1 KiB
Raw Permalink Blame History

<?php
// turn on warnings and notice during developement
include('initialize/PhpErrorSettings.inc.php');
// Project: Web Reference Database (refbase) <http://www.refbase.net>
// Copyright: Matthias Steffens <mailto:refbase@extracts.de> and the file's
// original author(s).
//
// This code is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY. Please see the GNU General Public
// License for more details.
//
// File: ./user_removal.php
// Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/user_removal.php $
// Author(s): Matthias Steffens <mailto:refbase@extracts.de>
//
// Created: 16-Apr-02, 10:54
// Modified: $Date: 2015-02-16 20:53:19 +0000 (Mon, 16 Feb 2015) $
// $Author: karnesky $
// $Revision: 1405 $
// This script deletes a user from the 'users' and 'auth' tables.
// The script can be only called by the admin. If the removal succeeds, it redirects to 'users.php'.
// Note that there's no further verification! If you clicked 'Delete User' on 'user_receipt.php' the user will be killed immediately.
// Incorporate some include files:
include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password
include 'includes/include.inc.php'; // include common functions
include 'initialize/ini.inc.php'; // include common variables
// --------------------------------------------------------------------
// START A SESSION:
// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
start_session(true);
// Extract the 'userID' parameter from the request:
if (isset($_REQUEST['userID']))
$userID = $_REQUEST['userID'];
else
$userID = "";
// Check if the admin is logged in
if (!(isset($_SESSION['loginEmail']) && ($loginEmail == $adminLoginEmail))) // ('$adminLoginEmail' is specified in 'ini.inc.php')
{
// save an error message:
$HeaderString = "You must be logged in as admin to remove any users!";
// save the URL of the currently displayed page:
$referer = $_SERVER['HTTP_REFERER'];
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("referer", $referer);
header("Location: index.php");
exit;
}
// Check the correct parameters have been passed
if (empty($userID))
{
// save an error message:
$HeaderString = "Incorrect parameters to script 'user_removal.php'!";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php'
// Redirect the browser back to the calling page
header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
exit;
}
// --------------------------------------------------------------------
// CONSTRUCT SQL QUERY:
// If the admin is logged in:
if (isset($_SESSION['loginEmail']) && ($loginEmail == $adminLoginEmail)) // -> perform a delete action:
{
// DELETE - construct queries to delete the relevant record(s)
// ... from the users table:
$queryArray[] = "DELETE FROM $tableUsers WHERE user_id = " . quote_smart($userID);
// ... from the auth table:
$queryArray[] = "DELETE FROM $tableAuth WHERE user_id = " . quote_smart($userID);
// ... from the user_permissions table:
$queryArray[] = "DELETE FROM $tableUserPermissions WHERE user_id =" . quote_smart($userID);
// ... from the user_formats table:
$queryArray[] = "DELETE FROM $tableUserFormats WHERE user_id =" . quote_smart($userID);
// ... from the user_styles table:
$queryArray[] = "DELETE FROM $tableUserStyles WHERE user_id =" . quote_smart($userID);
// ... from the user_types table:
$queryArray[] = "DELETE FROM $tableUserTypes WHERE user_id =" . quote_smart($userID);
// ... from the user_options table:
$queryArray[] = "DELETE FROM $tableUserOptions WHERE user_id =" . quote_smart($userID);
}
// --------------------------------------------------------------------
// (1) OPEN CONNECTION, (2) SELECT DATABASE
connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php'
// (3) RUN the queries on the database through the connection:
foreach($queryArray as $query)
$result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// ----------------------------------------------
// (4) File a message and go back to the list of users:
// save an informative message:
$HeaderString = "User was deleted successfully!";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php'
header("Location: users.php"); // re-direct to the list of users
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
// --------------------------------------------------------------------
?>