<?php
require_once("../_auth.php");
require_once("../_utils.php");
require_once("./index.php");


// Delete existing account
function User_Delete ($id) {
	global $db;
	$s = $db->prepare("delete from users where id = $id");
	$s->bind_param("s", $id);
	return $s->execute() !== false;
}


if (ThisFileIsRequested(__FILE__)) {
	require_once("../_json.php");
	
	if (isset($_REQUEST["id"]) && $LOGGED_IN) {
		if (!ctype_digit($_REQUEST["id"]))
			ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
		$UserID = intval($_REQUEST["id"]);
	} elseif (!isset($_REQUEST["id"]) && $LOGGED_IN) {
		$UserID = $_SESSION["userid"];
	} else {
		ReturnJSONError($Err_RDP_InvalidID, "valid session must be provided");
	}

	if (!User_HasRole($_SESSION["userid"], "admin") && $_SESSION["userid"] !== $UserID)
		ReturnJSONError($Err_DP_NotEnoughRole, "you need to be admin to delete other accounts");

	$result = User_Delete($UserID);
	EndSession();
	ReturnJSONData(["success" => $result]);
}
?>