} $print_login_state = false; require_once 'DB_CONFIG.php'; require_once dirname(__FILE__).'/core/core.php'; require_once dirname(__FILE__).'/admin/async_login_handler.php'; $db = new DBHelper($default_database, $default_sql_user, $default_sql_password, $sql_url, $default_table, $db_cols); $as_include = true; # The next include includes core, and DB_CONFIG, and sets up $db # require_once(dirname(__FILE__)."/admin-api.php"); $pid = $db->sanitize($_GET['id']); $suffix = empty($pid) ? 'Browser' : '#'.$pid; $validProject = $db->isEntry($pid, 'project_id', true); $loginStatus = getLoginState(); ?> <title>Project <?php echo $suffix ?></title> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta charset="UTF-8"/> <meta name="theme-color" content="#5677fc"/> <meta name="viewport" content="width=device-width, minimum-scale=1, initial-scale=1, maximum-scale=1.0, user-scalable=0" /> <link rel="stylesheet" type="text/css" media="screen" href="css/main.css"/> <link rel="stylesheet" type="text/css" href="bower_components/json-human/css/json.human.css" /> <link rel="prerender" href="https://amphibiandisease.org/index.php" /> <link href="https://fonts.googleapis.com/css?family=Droid+Sans:400,700|Droid+Sans+Mono|Roboto:400,100,300,500,700,100italic,300italic,400italic,500italic,700italic" rel='stylesheet' type='text/css'/> <link rel="icon" type="image/png" sizes="16x16" href="assets/favicon16.png" />
function superuserEditUser($get) { /*** * * $get is the $_REQUEST superglobal. * Expects keys: * * @param string user -> The dblink/hardlink of the target user * @param string change_type -> The type of change to * enact. Available: delete | reset * ***/ global $login_status, $default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols; $udb = new DBHelper($default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols); $uid = $login_status['detail']['uid']; # is caller an SU or admin? $suFlag = $login_status['detail']['userdata']['su_flag']; $isSu = boolstr($suFlag); $adminFlag = $login_status['detail']['userdata']['admin_flag']; $isAdmin = boolstr($adminFlag); if (!($isSu || $isAdmin)) { return array("status" => false, "error" => "INVALID_USER_PERMISSIONS", "human_error" => "You do not have enough permission to perform this action"); } # Check the target $target = $get["user"]; if (empty($target)) { return array("status" => false, "error" => "INVALID_TARGET_NO_USER_PROVIDED", "human_error" => "You must provide argument 'user'"); } # Do they exist? if (!$udb->isEntry($target, 'dblink')) { return array("status" => false, "error" => "INVALID_TARGET_DOES_NOT_EXIST", "human_error" => "The requested user does not exist"); } $uf = new UserFunctions($target, "dblink"); $userData = $uf->getUser($target); try { # Is the target an SU or admin? $suFlag = $userData['userdata']['su_flag']; $targetIsSu = boolstr($suFlag); if ($targetIsSu) { return array("status" => false, "error" => "INVALID_TARGET_IS_SU", "human_error" => "You can not edit Superusers through this interface. Please contact your system administrator"); } $adminFlag = $userData['userdata']['admin_flag']; $targetIsAdmin = boolstr($adminFlag); if ($targetIsAdmin && !$isSu) { return array("status" => false, "error" => "INVALID_TARGET_ADMIN_VS_ADMIN", "human_error" => "Sorry, only Superusers can edit adminstrators"); } # Permission check complete. $editAction = strtolower($get["change_type"]); if (empty($editAction)) { return array("status" => false, "error" => "INVALID_CHANGE_TYPE_EMPTY", "human_error" => "You must provide an argument 'change_type'"); } switch ($editAction) { case "delete": $dryRun = $uf->forceDeleteCurrentUser(); $targetUid = $dryRun["target_user"]; if ($targetUid != $target) { # Should never happen return array("status" => false, "error" => "MISMATCHED_TARGETS", "human_error" => "The system encountered an error confirming target for deletion", "obj_target" => $targetUid, "post_target" => $target); } return $uf->forceDeleteCurrentUser(true); break; case "reset": return array("status" => false, "error" => "Incomplete"); break; default: return array("status" => false, "error" => "INVALID_CHANGE_TYPE", "human_error" => "We didn't recognize this change type", "change_type_provided" => $editAction); } } catch (Exception $e) { return array("status" => false, "error" => $e->getMessage(), "human_error" => "Application error", "args" => $get); } }