summaryrefslogtreecommitdiff
path: root/includes/pages/admin_user.php
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2015-12-30 15:48:41 +0100
committerPhilip Häusler <msquare@notrademark.de>2015-12-30 15:48:41 +0100
commitef60b955555ea1d22da8494a34440c3fd2d8b190 (patch)
treefbe409ee1e4426fab4ea10a51fde324350a4f2fd /includes/pages/admin_user.php
parent1983db901b9b7ea9b87a66ed38f030369dc3a0a4 (diff)
add a more secure way to delete users containing a password request
Diffstat (limited to 'includes/pages/admin_user.php')
-rw-r--r--includes/pages/admin_user.php25
1 files changed, 3 insertions, 22 deletions
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 6d327d7f..516bd1e4 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -113,9 +113,9 @@ function admin_user() {
$html .= "<hr />";
}
- $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
- $html .= "<input type=\"submit\" value=\"Löschen\">\n";
- $html .= "</form>";
+ $html .= buttons([
+ button(user_delete_link($user_source), glyph('lock') . _("delete"), 'btn-danger')
+ ]);
$html .= "<hr />";
} else {
@@ -156,25 +156,6 @@ function admin_user() {
}
break;
- case 'delete':
- if ($user['UID'] != $id) {
- $user_source = User($id);
- if ($user_source === false)
- engelsystem_error("Unable to load user.");
- if ($user_source == null) {
- error(_('This user does not exist.'));
- redirect(users_link());
- }
-
- sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
- sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
- engelsystem_log("Deleted user " . User_Nick_render($user_source));
- $html .= success("Benutzer gelöscht!", true);
- } else {
- $html .= error("Du kannst Dich nicht selber löschen!", true);
- }
- break;
-
case 'save':
$force_active = $user['force_active'];
if (in_array('admin_active', $privileges))