diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index c560e79a..404b7f9b 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -27,10 +27,65 @@ function users_controller() { } } +/** + * Delete a user, requires to enter own password for reasons. + */ +function user_delete_controller() { + global $privileges, $user; + + if (isset($_REQUEST['user_id'])) { + $user_source = User($_REQUEST['user_id']); + } else + $user_source = $user; + + if (! in_array('admin_user', $privileges)) + redirect(page_link_to('')); + + // You cannot delete yourself + if ($user['UID'] == $user_source['UID']) { + error(_("You cannot delete yourself.")); + redirect(user_link($user)); + } + + if (isset($_REQUEST['submit'])) { + $ok = true; + + if (! (isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) { + $ok = false; + error(_("Your password is incorrect. Please try it again.")); + } + + if ($ok) { + $result = User_delete($user_source['UID']); + if ($result === false) + engelsystem_error('Unable to delete user.'); + + mail_user_delete($user_source); + success(_("User deleted.")); + engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source))); + + redirect(users_link()); + } + } + + return array( + sprintf(_("Delete %s"), $user_source['Nick']), + User_delete_view($user_source) + ); +} + function users_link() { return page_link_to('users'); } +function user_edit_link($user) { + return page_link_to('admin_user') . '&user_id=' . $user['UID']; +} + +function user_delete_link($user) { + return page_link_to('users') . '&action=delete&user_id=' . $user['UID']; +} + function user_link($user) { return page_link_to('users') . '&action=view&user_id=' . $user['UID']; } diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index 30bfae7d..fa5e86a4 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -48,6 +48,7 @@ require_once realpath(__DIR__ . '/../includes/helper/error_helper.php'); require_once realpath(__DIR__ . '/../includes/helper/email_helper.php'); require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php'); +require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php'); require_once realpath(__DIR__ . '/../config/config.default.php'); if (file_exists(realpath(__DIR__ . '/../config/config.php'))) diff --git a/includes/mailer/users_mailer.php b/includes/mailer/users_mailer.php new file mode 100644 index 00000000..b08af92b --- /dev/null +++ b/includes/mailer/users_mailer.php @@ -0,0 +1,9 @@ + \ No newline at end of file diff --git a/includes/model/User_model.php b/includes/model/User_model.php index d051b3e9..e1bb2733 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -4,6 +4,15 @@ * User model */ +/** + * Delete a user + * + * @param int $user_id + */ +function User_delete($user_id) { + return sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($user_id) . "'"); +} + /** * Update user. * diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 6d327d7f..516bd1e4 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -113,9 +113,9 @@ function admin_user() { $html .= "