public function login($user_id) { $this->unbanip(); $user = new User(); $user->loadFromId($user_id); Session::Add(self::SESSION_USER_ID, $user_id); Session::Add(self::SESSION_USER_EMAIL, $user->getEmail()); Session::Add(self::SESSION_LOGGED, TRUE); }
$this->getExtendedToken(); if (isset($_GET['updated'])) { $this->assign('message', 'The user password have been updated.'); } break; case 'delete': if (!$this->request(3) || !$this->request(4)) { break; } $this->acceptExtendedToken($this->request(4)); // can not delete current user if (Session::Get(Authentification::SESSION_USER_ID) == intval($this->request(3))) { $this->errorPage('Unable to delete your own account', 'You can not delete yourself. Please ask another administrator to do it!', FALSE); } $u = new User(); $u->loadFromId(intval($this->request(3))); if (!$u->exists()) { break; } if (!empty($_POST)) { $this->acceptToken(); try { if (empty($_POST['delete'])) { throw new \Exception('Nobody will be deleted until you check the box…'); } if (empty($_POST['user_id']) || $_POST['user_id'] != intval($this->request(3))) { $this->hackAttempt(); } if (!$u->hasStillUser()) { throw new \Exception('You can not delete the only remaining user.'); }