Exemple #1
0
}
//==
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = trim(htmlsafechars($_POST["username"]));
    $password = trim(htmlsafechars($_POST["password"]));
    if (!$username || !$password) {
        stderr("{$lang['text_error']}", "{$lang['text_please']}");
    }
    $res = sql_query("SELECT id, secret, passhash FROM users WHERE username="******"") or sqlerr(__FILE__, __LINE__);
    if (mysqli_num_rows($res) != 1) {
        stderr("{$lang['text_error']}", "{$lang['text_bad']}");
    }
    $arr = mysqli_fetch_assoc($res);
    $wantpasshash = make_passhash($arr['secret'], md5($password));
    if ($arr['passhash'] != $wantpasshash) {
        stderr("{$lang['text_error']}", "{$lang['text_bad']}");
    }
    $userid = (int) $arr['id'];
    $res = sql_query(account_delete($userid)) or sqlerr(__FILE__, __LINE__);
    //$res = sql_query("DELETE FROM users WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__);
    if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) !== false) {
        $mc1->delete_value('MyUser_' . $userid);
        $mc1->delete_value('user' . $userid);
        write_log("User: {$username} Was deleted by {$CURUSER['username']}");
        stderr("{$lang['stderr_success']}", "{$lang['text_success']}");
    } else {
        stderr($lang['text_error'], $lang['text_unable']);
    }
}
$HTMLOUT = "<script type='text/javascript'>\nfunction deleteConfirm(){\n    var result = confirm('Are you sure to delete user?');\n    if(result){\n        return true;\n    }else{\n        return false;\n    }\n}\n</script><div class='row'><div class='col-md-12'>\n    <h1>{$lang['text_delete']}</h1>\n    <form method='post' action='staffpanel.php?tool=delacct&amp;action=delacct' onsubmit='return deleteConfirm();'>\n    <table class='table table-bordered'>\n      <tr>\n        <td class='rowhead'>{$lang['table_username']}</td>\n        <td><input size='40' name='username' /></td>\n      </tr>\n      <tr>\n        <td class='rowhead'>{$lang['table_password']}</td>\n        <td><input type='password' size='40' name='password' /></td>\n      </tr>\n      <tr>\n        <td colspan='2'><input type='submit' class='btn btn-default' value='{$lang['btn_delete']}' /></td>\n      </tr>\n    </table>\n    </form></div></div><br />";
echo stdhead("{$lang['stdhead_delete']}") . $HTMLOUT . stdfoot();
Exemple #2
0
                    redirect('/users/' . $email);
                    break;
                case 'username':
                    account_change_username($email, from($_REQUEST, 'username'));
                    redirect('/users/' . $email);
                    break;
                case 'group':
                    if (!is_admin()) {
                        render('err403', null, false);
                        die;
                    }
                    account_change_group($email, from($_REQUEST, 'group'));
                    redirect('/users/' . $email);
                    break;
                case 'delete':
                    account_delete($email);
                    redirect();
                    break;
            }
            render('err404', null, false);
        }
    }
    die;
}
// 404
// --------------------------------------------------------------------------------
get('.*', function () {
    render('err404', null, false);
    die;
});
dispatch();