38 lines
982 B
PHP
38 lines
982 B
PHP
<?php
|
|
require_once("../_auth.php");
|
|
require_once("../_utils.php");
|
|
require_once("./index.php");
|
|
|
|
|
|
|
|
// Delete existing account
|
|
function User_Delete ($id) {
|
|
global $db;
|
|
$s = $db->prepare("delete from users where id = $id");
|
|
$s->bind_param("s", $id);
|
|
return $s->execute() !== false;
|
|
}
|
|
|
|
|
|
|
|
if (ThisFileIsRequested(__FILE__)) {
|
|
require_once("../_json.php");
|
|
|
|
if (isset($_REQUEST["id"]) && $LOGGED_IN) {
|
|
if (!ctype_digit($_REQUEST["id"]))
|
|
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
|
$UserID = intval($_REQUEST["id"]);
|
|
} elseif (!isset($_REQUEST["id"]) && $LOGGED_IN) {
|
|
$UserID = $_SESSION["userid"];
|
|
} else {
|
|
ReturnJSONError($Err_RDP_InvalidID, "valid session must be provided");
|
|
}
|
|
|
|
if (!User_HasRole($_SESSION["userid"], "admin") && $_SESSION["userid"] !== $UserID)
|
|
ReturnJSONError($Err_DP_NotEnoughRole, "you need to be admin to delete other accounts");
|
|
|
|
$result = User_Delete($UserID);
|
|
EndSession();
|
|
ReturnJSONData(["success" => $result]);
|
|
}
|
|
?>
|