| |
| Copyright: See the COPYRIGHT.txt file. |
| License: GPLv2 or later, see the LICENSE.txt file. |
+---------------------------------------------------------------------------+
*/
// Require the initialisation file
require_once '../../init.php';
// Required files
require_once MAX_PATH . '/lib/OA/Dal.php';
require_once MAX_PATH . '/www/admin/config.php';
require_once MAX_PATH . '/lib/OA/Session.php';
require_once MAX_PATH . '/lib/OA/Admin/UI/UserAccess.php';
// Register input variables
phpAds_registerGlobal('userid', 'returnurl');
// Security check
OA_Permission::enforceAccount(OA_ACCOUNT_MANAGER, OA_ACCOUNT_ADVERTISER);
OA_Permission::enforceAccountPermission(OA_ACCOUNT_ADVERTISER, OA_PERM_SUPER_ACCOUNT);
OA_Permission::enforceAccessToObject('clients', $clientid);
$accountId = OA_Permission::getAccountIdForEntity('clients', $clientid);
// CVE-2013-5954 - see OA_Permission::checkSessionToken() method for details
OA_Permission::checkSessionToken();
/*-------------------------------------------------------*/
/* Main code */
/*-------------------------------------------------------*/
if (!empty($accountId) && !empty($userid)) {
OA_Admin_UI_UserAccess::unlinkUserFromAccount($accountId, $userid);
}
if (empty($returnurl)) {
$returnurl = 'advertiser-access.php?clientid=' . $clientid;
}
Header("Location: " . $returnurl);
