<?php require_once 'includes/common.php'; use libAllure\Session; use libAllure\User; use libAllure\Sanitizer; use libAllure\SimpleFatalError; if (!Session::isLoggedIn()) { $tpl->error('You must be logged in to view the page.'); } $users = User::getAllLocalUsers(); $sanitizer = new Sanitizer(); $action = $sanitizer->filterString('action'); switch ($action) { case 'delete': $id = Sanitizer::getInstance()->filterUint('id'); if ($id == Session::getUser()->getId()) { throw new SimpleFatalError('Err, you cannot delete yourself. Try jumping off a tall building instead.'); } if ($id == -1) { throw new SimpleFatalError('Woooah! Are you trying to make the world explode? You cannot delete the SYSTEM user account!'); } if (!Session::getUser()->hasPriv('USER_DELETE')) { throw new SimpleFatalError('Oh gnoes! You dont have permission to do that.'); } $sql = 'DELETE FROM users WHERE id = "' . $id . '" LIMIT 1 '; $result = $db->query($sql); logActivity('User deleted: ' . $id); redirect('users.php', 'Used deleted... I hope they dont mind..'); break; case 'edit':