public function delete($id)
{
if (!AuthUser::hasPermission('user_delete')) {
Flash::set('error', __('You do not have permission to access the requested page!'));
redirect(get_url());
}
// Sanity checks
use_helper('Validate');
if (!Validate::numeric($id)) {
Flash::set('error', __('Invalid input found!'));
redirect(get_url());
}
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/delete/' . $id)) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user'));
}
// security (dont delete the first admin)
if ($id > 1) {
// find the user to delete
if ($user = Record::findByIdFrom('User', $id)) {
if ($user->delete()) {
// delete user-roles relationship
UserRole::setRolesFor($user->id, array());
Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name)));
Observer::notify('user_after_delete', $user->name, $user->id);
} else {
Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name)));
}
} else {
Flash::set('error', __('User not found!'));
}
} else {
Flash::set('error', __('Action disabled!'));
}
redirect(get_url('user'));
}
