Продолжение разработки 23.10.31
Добавлен .gitignore, скрыты несколько нинужных файлов, в целом продолжен запил основных частей функционала, начат микрорефакторинг (теперь концентрация индусского кода будет чуть меньше).
This commit is contained in:
@@ -1,48 +1,66 @@
|
||||
<?php // Deleting existing account
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("./index.php");
|
||||
|
||||
|
||||
|
||||
// Delete existing account
|
||||
function User_Delete ($id) {
|
||||
global $db;
|
||||
$s = $db->prepare("delete from users where id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
return $s->execute() !== false;
|
||||
}
|
||||
// Methods
|
||||
|
||||
/*
|
||||
* METHOD
|
||||
* Delete existing account
|
||||
*/
|
||||
function User_Delete_Method (array $req): ReturnT {
|
||||
global $db, $LOGGED_IN, $THIS_USER;
|
||||
|
||||
$id = null;
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
// Input sanity checks
|
||||
|
||||
// Dirty hack for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
if (isset($_POST["id"]) && $LOGGED_IN) {
|
||||
if (!ctype_digit($_POST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
||||
$UserID = intval($_POST["id"]);
|
||||
} elseif (!isset($_POST["id"]) && $LOGGED_IN) {
|
||||
$UserID = $_SESSION["userid"];
|
||||
if (isset($req["id"]) && $LOGGED_IN) {
|
||||
if (!ctype_digit($req["id"]))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
|
||||
$id = intval($req["id"]);
|
||||
} elseif (!isset($req["id"]) && $LOGGED_IN) {
|
||||
$id = $THIS_USER;
|
||||
} else {
|
||||
ReturnJSONError($Err_RDP_InvalidID, "valid session must be provided");
|
||||
return new ReturnT(err_code: E_AUT_NOTAUTHED, err_desc: "valid session must be provided");
|
||||
}
|
||||
|
||||
// If its attempt to delete other account
|
||||
if (!User_HasRole($_SESSION["userid"], "admin") && $_SESSION["userid"] !== $UserID)
|
||||
ReturnJSONError($Err_DP_NotEnoughRole, "you need to be admin to delete other accounts");
|
||||
if (!User_HasRole($THIS_USER, "admin") && $THIS_USER !== $id)
|
||||
return new ReturnT(err_code: E_ACS_INSUFROLE, err_desc: "you must be admin to delete other accounts");
|
||||
|
||||
$result = User_Delete($UserID);
|
||||
// Actions
|
||||
|
||||
// If it was self-deletion
|
||||
if ($UserID === $_SESSION["userid"])
|
||||
EndSession();
|
||||
$s = $db->prepare("delete from users where id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
|
||||
ReturnJSONData(["success" => $result]);
|
||||
return new ReturnT(data: ($s->execute() !== false));
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
// HACK: for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
$result = User_Delete_Method($_POST);
|
||||
|
||||
if ($result->IsError()) {
|
||||
$result->ThrowJSONError();
|
||||
} else {
|
||||
// If it was self-deletion
|
||||
if ($id === $THIS_USER)
|
||||
EndSession();
|
||||
JSON_ReturnData(["success" => $result->GetData()]);
|
||||
}
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user