}
$print_login_state = false;
require_once 'DB_CONFIG.php';
require_once dirname(__FILE__).'/core/core.php';
require_once dirname(__FILE__).'/admin/async_login_handler.php';
$db = new DBHelper($default_database, $default_sql_user, $default_sql_password, $sql_url, $default_table, $db_cols);
$as_include = true;
# The next include includes core, and DB_CONFIG, and sets up $db
# require_once(dirname(__FILE__)."/admin-api.php");
$pid = $db->sanitize($_GET['id']);
$suffix = empty($pid) ? 'Browser' : '#'.$pid;
$validProject = $db->isEntry($pid, 'project_id', true);
$loginStatus = getLoginState();
?>
<title>Project <?php echo $suffix ?></title>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta charset="UTF-8"/>
<meta name="theme-color" content="#5677fc"/>
<meta name="viewport" content="width=device-width, minimum-scale=1, initial-scale=1, maximum-scale=1.0, user-scalable=0" />
<link rel="stylesheet" type="text/css" media="screen" href="css/main.css"/>
<link rel="stylesheet" type="text/css" href="bower_components/json-human/css/json.human.css" />
<link rel="prerender" href="https://amphibiandisease.org/index.php" />
<link href="https://fonts.googleapis.com/css?family=Droid+Sans:400,700|Droid+Sans+Mono|Roboto:400,100,300,500,700,100italic,300italic,400italic,500italic,700italic" rel='stylesheet' type='text/css'/>
<link rel="icon" type="image/png" sizes="16x16" href="assets/favicon16.png" />
function superuserEditUser($get)
{
/***
*
* $get is the $_REQUEST superglobal.
* Expects keys:
*
* @param string user -> The dblink/hardlink of the target user
* @param string change_type -> The type of change to
* enact. Available: delete | reset
*
***/
global $login_status, $default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols;
$udb = new DBHelper($default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols);
$uid = $login_status['detail']['uid'];
# is caller an SU or admin?
$suFlag = $login_status['detail']['userdata']['su_flag'];
$isSu = boolstr($suFlag);
$adminFlag = $login_status['detail']['userdata']['admin_flag'];
$isAdmin = boolstr($adminFlag);
if (!($isSu || $isAdmin)) {
return array("status" => false, "error" => "INVALID_USER_PERMISSIONS", "human_error" => "You do not have enough permission to perform this action");
}
# Check the target
$target = $get["user"];
if (empty($target)) {
return array("status" => false, "error" => "INVALID_TARGET_NO_USER_PROVIDED", "human_error" => "You must provide argument 'user'");
}
# Do they exist?
if (!$udb->isEntry($target, 'dblink')) {
return array("status" => false, "error" => "INVALID_TARGET_DOES_NOT_EXIST", "human_error" => "The requested user does not exist");
}
$uf = new UserFunctions($target, "dblink");
$userData = $uf->getUser($target);
try {
# Is the target an SU or admin?
$suFlag = $userData['userdata']['su_flag'];
$targetIsSu = boolstr($suFlag);
if ($targetIsSu) {
return array("status" => false, "error" => "INVALID_TARGET_IS_SU", "human_error" => "You can not edit Superusers through this interface. Please contact your system administrator");
}
$adminFlag = $userData['userdata']['admin_flag'];
$targetIsAdmin = boolstr($adminFlag);
if ($targetIsAdmin && !$isSu) {
return array("status" => false, "error" => "INVALID_TARGET_ADMIN_VS_ADMIN", "human_error" => "Sorry, only Superusers can edit adminstrators");
}
# Permission check complete.
$editAction = strtolower($get["change_type"]);
if (empty($editAction)) {
return array("status" => false, "error" => "INVALID_CHANGE_TYPE_EMPTY", "human_error" => "You must provide an argument 'change_type'");
}
switch ($editAction) {
case "delete":
$dryRun = $uf->forceDeleteCurrentUser();
$targetUid = $dryRun["target_user"];
if ($targetUid != $target) {
# Should never happen
return array("status" => false, "error" => "MISMATCHED_TARGETS", "human_error" => "The system encountered an error confirming target for deletion", "obj_target" => $targetUid, "post_target" => $target);
}
return $uf->forceDeleteCurrentUser(true);
break;
case "reset":
return array("status" => false, "error" => "Incomplete");
break;
default:
return array("status" => false, "error" => "INVALID_CHANGE_TYPE", "human_error" => "We didn't recognize this change type", "change_type_provided" => $editAction);
}
} catch (Exception $e) {
return array("status" => false, "error" => $e->getMessage(), "human_error" => "Application error", "args" => $get);
}
}
