loginAsUser = function() { if (confirm('<?=$loginAsUserConfirm?>')) { location.href = "<?=$this->url('/dashboard/users/search', 'sign_in_as_user', $uo->getUserID(), $valt->generate('sudo'))?>"; } } </script> <? } /*else { ?> <? print $ih->button_js(t('Sign In as User'), 'alert(\'' . t('You do not have permission to sign in as other users.') . '\')', 'left', 'ccm-button-inactive');?> <? }*/ ?> <? } ?> <? $cu = new User(); $tp = new TaskPermission(); if ($tp->canDeleteUser()) { $delConfirmJS = t('Are you sure you want to permanently remove this user?'); if ($uo->getUserID() == USER_SUPER_ID) { ?> <?=t('You may not remove the super user account.')?> <? } else if (!$tp->canDeleteUser()) { ?> <?=t('You do not have permission to perform this action.'); } else if ($uo->getUserID() == $cu->getUserID()) { echo t('You cannot delete your own user account.'); }else{ ?> <script type="text/javascript"> deleteUser = function() { if (confirm('<?=$delConfirmJS?>')) { location.href = "<?=$this->url('/dashboard/users/search', 'delete', $uo->getUserID(), $valt->generate('delete_account'))?>"; } }
public function delete($delUserId, $token = null){ $u=new User(); try { $delUI=UserInfo::getByID($delUserId); if(!($delUI instanceof UserInfo)) { throw new Exception(t('Invalid user ID.')); } if (!PermissionKey::getByHandle('access_user_search')->validate($delUI)) { throw new Exception(t('Access Denied.')); } $tp = new TaskPermission(); if (!$tp->canDeleteUser()) { throw new Exception(t('You do not have permission to perform this action.')); } if ($delUserId == USER_SUPER_ID) { throw new Exception(t('You may not remove the super user account.')); } if($delUserId==$u->getUserID()) { throw new Exception(t('You cannot delete your own user account.')); } $valt = Loader::helper('validation/token'); if (!$valt->validate('delete_account', $token)) { throw new Exception($valt->getErrorMessage()); } $delUI->delete(); $resultMsg=t('User deleted successfully.'); $_REQUEST=array(); $_GET=array(); $_POST=array(); $this->set('message', $resultMsg); } catch (Exception $e) { $this->set('error', $e); } $this->view(); }
<?php defined('C5_EXECUTE') or die("Access Denied."); $searchInstance = Loader::helper('text')->entities($_REQUEST['searchInstance']); if (!strlen($searchInstance)) { $searchInstance = 'user'; } $form = Loader::helper('form'); $ih = Loader::helper('concrete/interface'); $tp = new TaskPermission(); $u = new User(); $sk = PermissionKey::getByHandle('access_user_search'); $tp = new TaskPermission(); if (!$tp->canDeleteUser()) { die(t("Access Denied.")); } $users = array(); $excluded = false; $excluded_user_ids = array(); $excluded_user_ids[] = $u->getUserID(); // can't delete yourself $excluded_user_ids[] = USER_SUPER_ID; // can't delete the super user (admin) if (is_array($_REQUEST['uID'])) { foreach ($_REQUEST['uID'] as $uID) { $ui = UserInfo::getByID($uID); if (!$sk->validate($ui) || in_array($ui->getUserID(), $excluded_user_ids)) { $excluded = true; } else { $users[] = $ui; }