function user_created_by_user($user_to_edit, $user_admin, $db) { #user_created_by_user is a functionto check if a specific user that is admin, has permission to delete an account of another user. He should only delete accont that he created. $user_id = $user_admin; $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'users'; $s3ql['where']['created_by'] = $user_id; $my_users = S3QLaction($s3ql); #taking the accountid as key indexes makes it easier to check if specified user can be edited/deleted if ($user_to_edit == $user_id) { #its me, I can nuke myself :-) return True; } elseif ($user_id == '1') { return True; } else { #its not me and i am not admin...did i create users? if (!is_array($my_users)) { return False; } else { $my_users = account_id_as_key($my_users); $user_ids = array_keys($my_users); if (in_array($user_to_edit, $user_ids)) { #did I create it? return True; } else { return False; } } } }
$deleted = S3QLaction($s3ql); #echo $deleted; #exit; } Header('Location: ' . $action['listgroups']); } #end post #redo the query because of changes #group users $s3ql = compact('user_id', 'db'); $s3ql['select'] = '*'; $s3ql['from'] = 'users'; $s3ql['where']['group_id'] = $group_id; $group_users = S3QLaction($s3ql); if (is_array($group_users)) { $group_users = account_id_as_key($group_users); $group_users_ids = array_keys($group_users); } if (is_array($users)) { foreach ($users as $list_user_info) { #check if the user was there if (in_array($list_user_info['account_id'], $group_users_ids)) { $selected = 'selected'; } else { $selected = ''; } $user_list .= '<option value=' . $list_user_info['account_id'] . ' ' . $selected . '>' . $list_user_info['account_uname'] . ' (' . $list_user_info['account_lid'] . ')</option>'; } } include '../S3DBjavascript.php'; include '../tabs.php';