// delete user confirmation
if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
$message = '';
$user = new PMF_User_CurrentUser($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
$userAction = $defaultUserAction;
} else {
$twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
}
}
}
// delete user
if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
$message = '';
$user = new PMF_User($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
$csrfOkay = true;
$csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
$csrfOkay = false;
}
$userAction = $defaultUserAction;
if ($userId == 0 && !$csrfOkay) {
$groupAction = $defaultGroupAction;
$message = sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_group_suc']);
// display error messages and show form again
} else {
$groupAction = 'add';
$message = '<p class="alert alert-error">';
foreach ($messages as $err) {
$message .= $err . '<br />';
}
$message .= '</p>';
}
}
if (!isset($message)) {
$message = '';
}
// show new group form
if ($groupAction == 'add' && $user->perm->checkRight($user->getUserId(), 'addgroup')) {
$user = new PMF_User_CurrentUser($faqConfig);
$twig->loadTemplate('group/add.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'message' => $message));
}
// end if ($groupAction == 'add')
// show list of users
if ($groupAction == 'list') {
$rightsData = $user->perm->getAllRightsData();
foreach ($rightsData as $key => $right) {
if (isset($PMF_LANG['rightsLanguage'][$right['name']])) {
$rightsData[$key]['description'] = $PMF_LANG['rightsLanguage'][$right['name']];
}
}
$twig->loadTemplate('group/list.twig')->display(array('PMF_LANG' => $PMF_LANG, 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'groupSelectSize' => $groupSelectSize, 'memberSelectSize' => $memberSelectSize, 'message' => $message, 'rightsData' => $rightsData));
}
?>
<strong><?php
print $user->getLogin();
?>
</strong></legend>
<p><?php
print $text['delUser_question'];
?>
</p>
<form action ="?action=user&user_action=delete" method="post">
<input type="hidden" name="user_id" value="<?php
print $userId;
?>
" />
<input type="hidden" name="csrf" value="<?php
print $user->getCsrfTokenFromSession();
?>
" />
<div class="button_row">
<input class="reset" type="submit" name="cancel" value="<?php
print $text['delUser_cancel'];
?>
" />
<input class="submit" type="submit" value="<?php
print $text['delUser_confirm'];
?>
" />
</div>
</form>
</fieldset>
</div>
