function user_created_by_user($user_to_edit, $user_admin, $db)
{
#user_created_by_user is a functionto check if a specific user that is admin, has permission to delete an account of another user. He should only delete accont that he created.
$user_id = $user_admin;
$s3ql = compact('user_id', 'db');
$s3ql['select'] = '*';
$s3ql['from'] = 'users';
$s3ql['where']['created_by'] = $user_id;
$my_users = S3QLaction($s3ql);
#taking the accountid as key indexes makes it easier to check if specified user can be edited/deleted
if ($user_to_edit == $user_id) {
#its me, I can nuke myself :-)
return True;
} elseif ($user_id == '1') {
return True;
} else {
#its not me and i am not admin...did i create users?
if (!is_array($my_users)) {
return False;
} else {
$my_users = account_id_as_key($my_users);
$user_ids = array_keys($my_users);
if (in_array($user_to_edit, $user_ids)) {
#did I create it?
return True;
} else {
return False;
}
}
}
}
$deleted = S3QLaction($s3ql);
#echo $deleted;
#exit;
}
Header('Location: ' . $action['listgroups']);
}
#end post
#redo the query because of changes
#group users
$s3ql = compact('user_id', 'db');
$s3ql['select'] = '*';
$s3ql['from'] = 'users';
$s3ql['where']['group_id'] = $group_id;
$group_users = S3QLaction($s3ql);
if (is_array($group_users)) {
$group_users = account_id_as_key($group_users);
$group_users_ids = array_keys($group_users);
}
if (is_array($users)) {
foreach ($users as $list_user_info) {
#check if the user was there
if (in_array($list_user_info['account_id'], $group_users_ids)) {
$selected = 'selected';
} else {
$selected = '';
}
$user_list .= '<option value=' . $list_user_info['account_id'] . ' ' . $selected . '>' . $list_user_info['account_uname'] . ' (' . $list_user_info['account_lid'] . ')</option>';
}
}
include '../S3DBjavascript.php';
include '../tabs.php';
