if(empty($viewUserId) && $loginStatus["status"]) {
$viewUserId = $loginStatus["detail"]["userdata"]["dblink"];
# echo "<!-- ".print_r($loginStatus, true)."\n\n Using $viewUserId -->";
}
$setUser = array("dblink" => $viewUserId);
# echo "<!-- Setting user \n ".print_r($setUser, true) . "\n -->";
$selfUser = new UserFunctions();
$selfUserId = $selfUser->getHardlink();
$viewUser = new UserFunctions($viewUserId, "dblink");
$validUser = true;
$userdata = array();
$realProfileImagePath = "users/profiles/default.png";
$realProfileImagePathXS = "users/profiles/default.png";
$realProfileImagePathSM = "users/profiles/default.png";
try {
$userdata = $viewUser->getUser($setUser);
if(!is_array($userdata)) $userdata = array();
if(empty($userdata["dblink"])) throw(new Exception("Bad User"));
$profileImagePath = "users/profiles/" . $viewUserId;
$extensions = array("bmp", "jpg", "jpeg", "png", "gif");
foreach($extensions as $ext) {
$testPath = realpath($profileImagePath . "." . $ext);
echo "\n\n<!-- Testing path '" . $testPath . "' --> ";
if(file_exists($testPath)) {
$realProfileImagePath = $profileImagePath . "." . $ext;
$realProfileImagePathXS = $profileImagePath . "-xs." . $ext;
$realProfileImagePathSM = $profileImagePath . "-sm." . $ext;
break;
}
}
# else echo "<!-- Got data \n ".print_r($userdata, true) . "\n -->";
function superuserEditUser($get)
{
/***
*
* $get is the $_REQUEST superglobal.
* Expects keys:
*
* @param string user -> The dblink/hardlink of the target user
* @param string change_type -> The type of change to
* enact. Available: delete | reset
*
***/
global $login_status, $default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols;
$udb = new DBHelper($default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols);
$uid = $login_status['detail']['uid'];
# is caller an SU or admin?
$suFlag = $login_status['detail']['userdata']['su_flag'];
$isSu = boolstr($suFlag);
$adminFlag = $login_status['detail']['userdata']['admin_flag'];
$isAdmin = boolstr($adminFlag);
if (!($isSu || $isAdmin)) {
return array("status" => false, "error" => "INVALID_USER_PERMISSIONS", "human_error" => "You do not have enough permission to perform this action");
}
# Check the target
$target = $get["user"];
if (empty($target)) {
return array("status" => false, "error" => "INVALID_TARGET_NO_USER_PROVIDED", "human_error" => "You must provide argument 'user'");
}
# Do they exist?
if (!$udb->isEntry($target, 'dblink')) {
return array("status" => false, "error" => "INVALID_TARGET_DOES_NOT_EXIST", "human_error" => "The requested user does not exist");
}
$uf = new UserFunctions($target, "dblink");
$userData = $uf->getUser($target);
try {
# Is the target an SU or admin?
$suFlag = $userData['userdata']['su_flag'];
$targetIsSu = boolstr($suFlag);
if ($targetIsSu) {
return array("status" => false, "error" => "INVALID_TARGET_IS_SU", "human_error" => "You can not edit Superusers through this interface. Please contact your system administrator");
}
$adminFlag = $userData['userdata']['admin_flag'];
$targetIsAdmin = boolstr($adminFlag);
if ($targetIsAdmin && !$isSu) {
return array("status" => false, "error" => "INVALID_TARGET_ADMIN_VS_ADMIN", "human_error" => "Sorry, only Superusers can edit adminstrators");
}
# Permission check complete.
$editAction = strtolower($get["change_type"]);
if (empty($editAction)) {
return array("status" => false, "error" => "INVALID_CHANGE_TYPE_EMPTY", "human_error" => "You must provide an argument 'change_type'");
}
switch ($editAction) {
case "delete":
$dryRun = $uf->forceDeleteCurrentUser();
$targetUid = $dryRun["target_user"];
if ($targetUid != $target) {
# Should never happen
return array("status" => false, "error" => "MISMATCHED_TARGETS", "human_error" => "The system encountered an error confirming target for deletion", "obj_target" => $targetUid, "post_target" => $target);
}
return $uf->forceDeleteCurrentUser(true);
break;
case "reset":
return array("status" => false, "error" => "Incomplete");
break;
default:
return array("status" => false, "error" => "INVALID_CHANGE_TYPE", "human_error" => "We didn't recognize this change type", "change_type_provided" => $editAction);
}
} catch (Exception $e) {
return array("status" => false, "error" => $e->getMessage(), "human_error" => "Application error", "args" => $get);
}
}
