// delete user confirmation if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) { $message = ''; $user = new PMF_User_CurrentUser($faqConfig); $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0); if ($userId == 0) { $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']); $userAction = $defaultUserAction; } else { $user->getUserById($userId); // account is protected if ($user->getStatus() == 'protected' || $userId == 1) { $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']); $userAction = $defaultUserAction; } else { $twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin())); } } } // delete user if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) { $message = ''; $user = new PMF_User($faqConfig); $userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0); $csrfOkay = true; $csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING); if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { $csrfOkay = false; } $userAction = $defaultUserAction; if ($userId == 0 && !$csrfOkay) {
$groupAction = $defaultGroupAction; $message = sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_group_suc']); // display error messages and show form again } else { $groupAction = 'add'; $message = '<p class="alert alert-error">'; foreach ($messages as $err) { $message .= $err . '<br />'; } $message .= '</p>'; } } if (!isset($message)) { $message = ''; } // show new group form if ($groupAction == 'add' && $user->perm->checkRight($user->getUserId(), 'addgroup')) { $user = new PMF_User_CurrentUser($faqConfig); $twig->loadTemplate('group/add.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'message' => $message)); } // end if ($groupAction == 'add') // show list of users if ($groupAction == 'list') { $rightsData = $user->perm->getAllRightsData(); foreach ($rightsData as $key => $right) { if (isset($PMF_LANG['rightsLanguage'][$right['name']])) { $rightsData[$key]['description'] = $PMF_LANG['rightsLanguage'][$right['name']]; } } $twig->loadTemplate('group/list.twig')->display(array('PMF_LANG' => $PMF_LANG, 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'groupSelectSize' => $groupSelectSize, 'memberSelectSize' => $memberSelectSize, 'message' => $message, 'rightsData' => $rightsData)); }
?> <strong><?php print $user->getLogin(); ?> </strong></legend> <p><?php print $text['delUser_question']; ?> </p> <form action ="?action=user&user_action=delete" method="post"> <input type="hidden" name="user_id" value="<?php print $userId; ?> " /> <input type="hidden" name="csrf" value="<?php print $user->getCsrfTokenFromSession(); ?> " /> <div class="button_row"> <input class="reset" type="submit" name="cancel" value="<?php print $text['delUser_cancel']; ?> " /> <input class="submit" type="submit" value="<?php print $text['delUser_confirm']; ?> " /> </div> </form> </fieldset> </div>