We use cookies to ensure you get the best experience on our website
صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
0ct0pu5
/
webmum
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

Prevents deleting the admin user

Thomas Leister 10 سال پیش
والد
a338e23582
کامیت
0ae7b3fdf6
4فایلهای تغییر یافته به همراه52 افزوده شده و 45 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 18 24
      include/php/pages/admin/deletedomain.php
  2. 27 20
      include/php/pages/admin/deleteuser.php
  3. 4 1
      include/php/pages/admin/listdomains.php
  4. 3 0
      include/php/pages/admin/listusers.php

+ 18 - 24
include/php/pages/admin/deletedomain.php
مشاهده فایل 

@@ -2,21 +2,25 @@
 
 
 $id = $db->escape_string($_GET['id']);
 
 
+//Load user data from DB
 
+$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
 
+
 
+if(!$result = $db->query($sql)){
 
+	die('There was an error running the query [' . $db->error . ']');
 
+}
 
+
 
+while($row = $result->fetch_assoc()){
 
+	$domain = $row[DBC_DOMAINS_DOMAIN];
 
+}
 
+
 
+// Delete domain
 
 if(isset($_POST['confirm'])){
 
 	$confirm = $_POST['confirm'];
 
 	
 	if($confirm === "yes"){
 
-		$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
 
-			
-		if(!$result = $db->query($sql)){
 
-			die('There was an error running the query [' . $db->error . ']');
 
-		}
 
-		
-		else{	
-			while($row = $result->fetch_assoc()){
 
-				$domain = $row[DBC_DOMAINS_DOMAIN];
 
-			}
 
-			
+		// Check if admin domain is affected
 
+		$admin_domain = explode("@", ADMIN_EMAIL)[1];
 
+		if($admin_domain !== $domain){				
 			$sql = "DELETE FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id'";
 
 				
 			if(!$result = $db->query($sql)){
 
@@ -34,25 +38,15 @@ if(isset($_POST['confirm'])){
 
 				}
 
 			}
 
 		}
 
+		else{
 
+			header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/?adm_del=1");
 
+		}
 
 	}
 
 	
 	else{
 
 		header("Location: ".FRONTEND_BASE_PATH."admin/listdomains/");
 
 	}
 
 }
 
-
 
-else{
 
-	//Load user data from DB
 
-	$sql = "SELECT `".DBC_DOMAINS_DOMAIN."` FROM `".DBT_DOMAINS."` WHERE `".DBC_DOMAINS_ID."` = '$id' LIMIT 1;";
 
-	
-	if(!$result = $db->query($sql)){
 
-		die('There was an error running the query [' . $db->error . ']');
 
-	}
 
-	
-	while($row = $result->fetch_assoc()){
 
-		$domain = $row[DBC_DOMAINS_DOMAIN];
 
-	}
 
-}
 
 ?>
 
 
 <h1>Delete domain "<?php echo $domain ?>"?</h1>

+ 27 - 20
include/php/pages/admin/deleteuser.php
مشاهده فایل 

@@ -2,17 +2,39 @@
 
 
 $id = $db->escape_string($_GET['id']);
 
 
+//Load user data from DB
 
+$sql = "SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
 
+
 
+if(!$result = $db->query($sql)){
 
+	die('There was an error running the query [' . $db->error . ']');
 
+}
 
+
 
+while($row = $result->fetch_assoc()){
 
+	$username = $row[DBC_USERS_USERNAME];
 
+	$domain = $row[DBC_USERS_DOMAIN];
 
+}
 
+
 
+$mailaddress = $username."@".$domain;
 
+
 
+
 
+// Delete user
 
 if(isset($_POST['confirm'])){
 
 	$confirm = $_POST['confirm'];
 
 	
 	if($confirm === "yes"){
 
-		$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id'";
 
-			
-		if(!$result = $db->query($sql)){
 
-			die('There was an error running the query [' . $db->error . ']');
 
+		if($mailaddress !== ADMIN_EMAIL){
 
+			$sql = "DELETE FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id'";
 
+				
+			if(!$result = $db->query($sql)){
 
+				die('There was an error running the query [' . $db->error . ']');
 
+			}
 
+			else{
 
+				header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?deleted=1");
 
+			}
 
 		}
 
 		else{
 
-			header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?deleted=1");
 
+			// Admin tries to delete himself. WTH.
 
+			header("Location: ".FRONTEND_BASE_PATH."admin/listusers/?adm_del=1");
 
 		}
 
 	}
 
 	
@@ -21,21 +43,6 @@ if(isset($_POST['confirm'])){
 
 	}
 
 }
 
 
-else{
 
-	//Load user data from DB
 
-	$sql = "SELECT `".DBC_USERS_USERNAME."`, `".DBC_USERS_DOMAIN."` FROM `".DBT_USERS."` WHERE `".DBC_USERS_ID."` = '$id' LIMIT 1;";
 
-	
-	if(!$result = $db->query($sql)){
 
-		die('There was an error running the query [' . $db->error . ']');
 
-	}
 
-	
-	while($row = $result->fetch_assoc()){
 
-		$username = $row[DBC_USERS_USERNAME];
 
-		$domain = $row[DBC_USERS_DOMAIN];
 
-	}
 
-	
-	$mailaddress = $username."@".$domain;
 
-}
 
 ?>
 
 
 <h1>Delete user "<?php echo $mailaddress ?>"?</h1>

+ 4 - 1
include/php/pages/admin/listdomains.php
مشاهده فایل 

@@ -4,7 +4,10 @@
 
 	}
 
 	else if($_GET['created'] == "1"){
 
 		add_message("success", "Domain created successfully.");
 
-	}		
+	}	
+	else if($_GET['adm_del'] == "1"){
 
+		add_message("fail", "Domain could not be deleted because admin account would be affected.");
 
+	}	
 ?>

+ 3 - 0
include/php/pages/admin/listusers.php
مشاهده فایل 

@@ -9,6 +9,9 @@ else if($_GET['created'] == "1"){
 
 else if($_GET['edited'] == "1"){
 
 	add_message("success", "User edited successfully.");
 
 }
 
+else if($_GET['adm_del'] == "1"){
 
+	add_message("fail", "Admin user cannot be deleted.");
 
+}
 
 	
 ?>

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5