prepare("delete from users where id = ?"); $s->bind_param("s", $id); return $s->execute() !== false; } if (ThisFileIsRequested(__FILE__)) { require_once("../_json.php"); // Dirty hack for debugging purposes. Will be removed later if ($Config["debug"]) $_POST = $_REQUEST; if (isset($_POST["id"]) && $LOGGED_IN) { if (!ctype_digit($_POST["id"])) ReturnJSONError($Err_RDP_InvalidID, "id must be numeric"); $UserID = intval($_POST["id"]); } elseif (!isset($_POST["id"]) && $LOGGED_IN) { $UserID = $_SESSION["userid"]; } else { ReturnJSONError($Err_RDP_InvalidID, "valid session must be provided"); } // If its attempt to delete other account if (!User_HasRole($_SESSION["userid"], "admin") && $_SESSION["userid"] !== $UserID) ReturnJSONError($Err_DP_NotEnoughRole, "you need to be admin to delete other accounts"); $result = User_Delete($UserID); // If it was self-deletion if ($UserID === $_SESSION["userid"]) EndSession(); ReturnJSONData(["success" => $result]); } ?>