Prevents deleting the admin user
This commit is contained in:
Thomas Leister
parent
a338e23582
commit
0ae7b3fdf6
4 changed files with 52 additions and 45 deletions
|
|
@ -2,21 +2,25 @@
|
|||
|
||||
$id = $db->escape_string($_GET['id']);
|
||||
|
||||
//Load user data from DB
|
||||
$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
}
|
||||
|
||||
while($row = $result->fetch_assoc()){
|
||||
$domain = $row[DBC_DOMAINS_DOMAIN];
|
||||
}
|
||||
|
||||
// Delete domain
|
||||
if(isset($_POST['confirm'])){
|
||||
$confirm = $_POST['confirm'];
|
||||
|
||||
if($confirm === "yes"){
|
||||
$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
}
|
||||
|
||||
else{
|
||||
while($row = $result->fetch_assoc()){
|
||||
$domain = $row[DBC_DOMAINS_DOMAIN];
|
||||
}
|
||||
|
||||
// Check if admin domain is affected
|
||||
$admin_domain = explode("@", ADMIN_EMAIL)[1];
|
||||
if($admin_domain !== $domain){
|
||||
$sql = "DELETE FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id'";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
|
|
@ -34,25 +38,15 @@ if(isset($_POST['confirm'])){
|
|||
}
|
||||
}
|
||||
}
|
||||
else{
|
||||
header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/?adm_del=1");
|
||||
}
|
||||
}
|
||||
|
||||
else{
|
||||
header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/");
|
||||
}
|
||||
}
|
||||
|
||||
else{
|
||||
//Load user data from DB
|
||||
$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
}
|
||||
|
||||
while($row = $result->fetch_assoc()){
|
||||
$domain = $row[DBC_DOMAINS_DOMAIN];
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
<h1>Delete domain "<?php echo $domain ?>"?</h1>
|
||||
|
|
|
|||
|
|
@ -2,17 +2,39 @@
|
|||
|
||||
$id = $db->escape_string($_GET['id']);
|
||||
|
||||
//Load user data from DB
|
||||
$sql = "SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
}
|
||||
|
||||
while($row = $result->fetch_assoc()){
|
||||
$username = $row[DBC_USERS_USERNAME];
|
||||
$domain = $row[DBC_USERS_DOMAIN];
|
||||
}
|
||||
|
||||
$mailaddress = $username."@".$domain;
|
||||
|
||||
|
||||
// Delete user
|
||||
if(isset($_POST['confirm'])){
|
||||
$confirm = $_POST['confirm'];
|
||||
|
||||
if($confirm === "yes"){
|
||||
$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id'";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
if($mailaddress !== ADMIN_EMAIL){
|
||||
$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id'";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
}
|
||||
else{
|
||||
header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?deleted=1");
|
||||
}
|
||||
}
|
||||
else{
|
||||
header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?deleted=1");
|
||||
// Admin tries to delete himself. WTH.
|
||||
header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?adm_del=1");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -21,21 +43,6 @@ if(isset($_POST['confirm'])){
|
|||
}
|
||||
}
|
||||
|
||||
else{
|
||||
//Load user data from DB
|
||||
$sql = "SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
|
||||
|
||||
if(!$result = $db->query($sql)){
|
||||
die('There was an error running the query [' . $db->error . ']');
|
||||
}
|
||||
|
||||
while($row = $result->fetch_assoc()){
|
||||
$username = $row[DBC_USERS_USERNAME];
|
||||
$domain = $row[DBC_USERS_DOMAIN];
|
||||
}
|
||||
|
||||
$mailaddress = $username."@".$domain;
|
||||
}
|
||||
?>
|
||||
|
||||
<h1>Delete user "<?php echo $mailaddress ?>"?</h1>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@
|
|||
}
|
||||
else if($_GET['created'] == "1"){
|
||||
add_message("success", "Domain created successfully.");
|
||||
}
|
||||
}
|
||||
else if($_GET['adm_del'] == "1"){
|
||||
add_message("fail", "Domain could not be deleted because admin account would be affected.");
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,9 @@ else if($_GET['created'] == "1"){
|
|||
else if($_GET['edited'] == "1"){
|
||||
add_message("success", "User edited successfully.");
|
||||
}
|
||||
else if($_GET['adm_del'] == "1"){
|
||||
add_message("fail", "Admin user cannot be deleted.");
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue