public function delete($id) { if (!AuthUser::hasPermission('user_delete')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } // Sanity checks use_helper('Validate'); if (!Validate::numeric($id)) { Flash::set('error', __('Invalid input found!')); redirect(get_url()); } // CSRF checks if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/delete/' . $id)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('user')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('user')); } // security (dont delete the first admin) if ($id > 1) { // find the user to delete if ($user = Record::findByIdFrom('User', $id)) { if ($user->delete()) { // delete user-roles relationship UserRole::setRolesFor($user->id, array()); Flash::set('success', __('User <strong>:name</strong> has been deleted!', array(':name' => $user->name))); Observer::notify('user_after_delete', $user->name, $user->id); } else { Flash::set('error', __('User <strong>:name</strong> has not been deleted!', array(':name' => $user->name))); } } else { Flash::set('error', __('User not found!')); } } else { Flash::set('error', __('Action disabled!')); } redirect(get_url('user')); }