e949/api/user/delete.php

42 lines
1.1 KiB
PHP

<?php // Deleting existing account
require_once("../_auth.php");
require_once("../_utils.php");
require_once("./index.php");
// Delete existing account
function User_Delete ($id) {
global $db;
$s = $db->prepare("delete from users where id = $id");
$s->bind_param("s", $id);
return $s->execute() !== false;
}
if (ThisFileIsRequested(__FILE__)) {
require_once("../_json.php");
// Dirty hack for debugging purposes. Will be removed later
if ($Config["debug"])
$_POST = $_REQUEST;
if (isset($_POST["id"]) && $LOGGED_IN) {
if (!ctype_digit($_POST["id"]))
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
$UserID = intval($_POST["id"]);
} elseif (!isset($_POST["id"]) && $LOGGED_IN) {
$UserID = $_SESSION["userid"];
} else {
ReturnJSONError($Err_RDP_InvalidID, "valid session must be provided");
}
if (!User_HasRole($_SESSION["userid"], "admin") && $_SESSION["userid"] !== $UserID)
ReturnJSONError($Err_DP_NotEnoughRole, "you need to be admin to delete other accounts");
$result = User_Delete($UserID);
EndSession();
ReturnJSONData(["success" => $result]);
}
?>