Ejemplo n.º 1
0
                $userAction = $defaultUserAction;
                $message .= '<p class="error">' . $errorMessages['delUser_protectedAccount'] . '</p>';
            } else {
                ?>

<h2><?php 
                print $text['header'];
                ?>
</h2>
<div id="user_confirmDelete">
    <fieldset>
        <legend><?php 
                print $text['delUser'];
                ?>
 <strong><?php 
                print $user->getLogin();
                ?>
</strong></legend>
        <p><?php 
                print $text['delUser_question'];
                ?>
</p>
        <form action ="?action=user&amp;user_action=delete" method="post">
            <input type="hidden" name="user_id" value="<?php 
                print $userId;
                ?>
" />
            <input type="hidden" name="csrf" value="<?php 
                print $user->getCsrfTokenFromSession();
                ?>
" />
Ejemplo n.º 2
0
 // delete user confirmation
 if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User_CurrentUser($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
     if ($userId == 0) {
         $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
         $userAction = $defaultUserAction;
     } else {
         $user->getUserById($userId);
         // account is protected
         if ($user->getStatus() == 'protected' || $userId == 1) {
             $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
             $userAction = $defaultUserAction;
         } else {
             $twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
         }
     }
 }
 // delete user
 if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
     $csrfOkay = true;
     $csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
     if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
         $csrfOkay = false;
     }
     $userAction = $defaultUserAction;
     if ($userId == 0 && !$csrfOkay) {
            $userAction = $defaultUserAction;
        } else {
            $user->getUserById($userId, true);
            // account is protected
            if ($user->getStatus() == 'protected' || $userId == 1) {
                $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
                $userAction = $defaultUserAction;
            } else {
                ?>
        <header>
            <h2>
                <i class="icon-user"></i> <?php 
                echo $PMF_LANG['ad_user_deleteUser'];
                ?>
 <?php 
                echo $user->getLogin();
                ?>
            </h2>
        </header>
        <p class="alert alert-danger"><?php 
                print $PMF_LANG["ad_user_del_3"] . ' ' . $PMF_LANG["ad_user_del_1"] . ' ' . $PMF_LANG["ad_user_del_2"];
                ?>
</p>
        <form action ="?action=user&amp;user_action=delete" method="post" accept-charset="utf-8">
            <input type="hidden" name="user_id" value="<?php 
                print $userId;
                ?>
" />
            <input type="hidden" name="csrf" value="<?php 
                print $user->getCsrfTokenFromSession();
                ?>