Cyclone-Team/e949
2
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dev
e949/api/user/delete.php

90 lines
1.8 KiB
PHP
Raw Permalink Blame History

<?php
// Deleting existing account
// Includes
if ($IS_FRONTEND) {
require_once("api/_auth.php");
require_once("api/_utils.php");
require_once("api/_errorslist.php");
require_once("api/user/index.php");
} else {
require_once("../_auth.php");
require_once("../_utils.php");
require_once("../_errorslist.php");
require_once("./index.php");
}
// Functions
/*
* FUNCTION
* Delete existing account
*/
function User_Delete (int $id): ReturnT {
global $db;
$s = $db->prepare("delete from users where id = ?");
$s->bind_param("s", $id);
return new ReturnT(data: ($s->execute() !== false));
}
// Methods
/*
* METHOD
* Delete existing account
*/
function User_Delete_Method (array $req): ReturnT {
global $LOGGED_IN, $THIS_USER;
$id = null;
// Input sanity checks
if (isset($req["id"]) && $LOGGED_IN) {
if (!ctype_digit($req["id"]))
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
$id = intval($req["id"]);
} elseif (!isset($req["id"]) && $LOGGED_IN) {
$id = $THIS_USER;
} else {
return new ReturnT(err_code: E_AUT_NOTAUTHED, err_desc: "valid session must be provided");
}
// If its attempt to delete other account
if (!User_HasRole($THIS_USER, "admin")->GetData() && $THIS_USER !== $id)
return new ReturnT(err_code: E_ACS_INSUFROLE, err_desc: "you must be admin to delete other accounts");
// Actions
return User_Delete($id);
}
if (Utils_ThisFileIsRequested(__FILE__)) {
require_once("../_json.php");
// HACK: for debugging purposes. Will be removed later
if ($Config["debug"])
$_POST = $_REQUEST;
$result = User_Delete_Method($_POST);
if ($result->IsError()) {
$result->ThrowJSONError();
} else {
// If it was self-deletion
if ($id === $THIS_USER)
AUTH_EndSession();
JSON_ReturnData(["success" => $result->GetData()]);
}
}
?>
Reference in New Issue View Git Blame Copy Permalink