diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php index a66fa2b1a..18391fd7e 100644 --- a/html/includes/authentication/http-auth.inc.php +++ b/html/includes/authentication/http-auth.inc.php @@ -65,4 +65,10 @@ function get_userid($username) return $row['user_id']; } +function deluser($username) +{ + # Not supported + return 0; +} + ?> \ No newline at end of file diff --git a/html/includes/authentication/ldap.inc.php b/html/includes/authentication/ldap.inc.php index 597c76ed8..7b3de0f5b 100644 --- a/html/includes/authentication/ldap.inc.php +++ b/html/includes/authentication/ldap.inc.php @@ -80,4 +80,10 @@ function get_userid($username) return $row['user_id']; } +function deluser($username) +{ + # Not supported + return 0; +} + ?> \ No newline at end of file diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php index bf8846be3..c4b6c85f8 100644 --- a/html/includes/authentication/mysql.inc.php +++ b/html/includes/authentication/mysql.inc.php @@ -95,4 +95,10 @@ function get_userid($username) return $row['user_id']; } +function deluser($username) +{ + mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'"); + return mysql_affected_rows(); +} + ?> diff --git a/html/pages/adduser.inc.php b/html/pages/adduser.inc.php index 48c925345..67f605a64 100644 --- a/html/pages/adduser.inc.php +++ b/html/pages/adduser.inc.php @@ -2,7 +2,7 @@ echo("
"); -if ($_SESSION['userlevel'] != '10') +if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php"); } diff --git a/html/pages/deluser.inc.php b/html/pages/deluser.inc.php index bf8862d3d..077d855e6 100644 --- a/html/pages/deluser.inc.php +++ b/html/pages/deluser.inc.php @@ -1,14 +1,13 @@ "); +echo('
'); -if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else +if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php"); } else { echo("

Delete User

"); if (auth_usermanagement()) { - if ($_GET['action'] == "del") { $delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . mres($_GET['user_id']) . "'"),0); @@ -16,11 +15,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); if ($_GET['confirm'] == "yes") { mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . mres($_GET['user_id']) . "'"); - # FIXME v sql query should be replaced by authmodule - mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'"); - - if (mysql_affected_rows()) { echo("User '$delete_username' deleted!"); } - + if (deluser($_GET['user_id'])) { echo("User '$delete_username' deleted!"); } } else { @@ -30,7 +25,6 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); # FIXME v mysql query should be replaced by authmodule $userlist = mysql_query("SELECT * FROM `users`"); - while ($userentry = mysql_fetch_array($userlist)) { $i++; @@ -40,7 +34,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else { - echo("Auth module does not allow user management!
"); + print_error("Authentication module does not allow user management!"); } }