diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php
index a66fa2b1a..18391fd7e 100644
--- a/html/includes/authentication/http-auth.inc.php
+++ b/html/includes/authentication/http-auth.inc.php
@@ -65,4 +65,10 @@ function get_userid($username)
return $row['user_id'];
}
+function deluser($username)
+{
+ # Not supported
+ return 0;
+}
+
?>
\ No newline at end of file
diff --git a/html/includes/authentication/ldap.inc.php b/html/includes/authentication/ldap.inc.php
index 597c76ed8..7b3de0f5b 100644
--- a/html/includes/authentication/ldap.inc.php
+++ b/html/includes/authentication/ldap.inc.php
@@ -80,4 +80,10 @@ function get_userid($username)
return $row['user_id'];
}
+function deluser($username)
+{
+ # Not supported
+ return 0;
+}
+
?>
\ No newline at end of file
diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php
index bf8846be3..c4b6c85f8 100644
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@@ -95,4 +95,10 @@ function get_userid($username)
return $row['user_id'];
}
+function deluser($username)
+{
+ mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
+ return mysql_affected_rows();
+}
+
?>
diff --git a/html/pages/adduser.inc.php b/html/pages/adduser.inc.php
index 48c925345..67f605a64 100644
--- a/html/pages/adduser.inc.php
+++ b/html/pages/adduser.inc.php
@@ -2,7 +2,7 @@
echo("
");
-if ($_SESSION['userlevel'] != '10')
+if ($_SESSION['userlevel'] < '10')
{
include("includes/error-no-perm.inc.php");
}
diff --git a/html/pages/deluser.inc.php b/html/pages/deluser.inc.php
index bf8862d3d..077d855e6 100644
--- a/html/pages/deluser.inc.php
+++ b/html/pages/deluser.inc.php
@@ -1,14 +1,13 @@
");
+echo('
');
-if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else
+if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php"); } else
{
echo("
Delete User
");
if (auth_usermanagement())
{
-
if ($_GET['action'] == "del")
{
$delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . mres($_GET['user_id']) . "'"),0);
@@ -16,11 +15,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
if ($_GET['confirm'] == "yes")
{
mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
- # FIXME v sql query should be replaced by authmodule
- mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
-
- if (mysql_affected_rows()) { echo("User '$delete_username' deleted!"); }
-
+ if (deluser($_GET['user_id'])) { echo("User '$delete_username' deleted!"); }
}
else
{
@@ -30,7 +25,6 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
# FIXME v mysql query should be replaced by authmodule
$userlist = mysql_query("SELECT * FROM `users`");
-
while ($userentry = mysql_fetch_array($userlist))
{
$i++;
@@ -40,7 +34,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
}
else
{
- echo("Auth module does not allow user management!
");
+ print_error("Authentication module does not allow user management!");
}
}