manage_user_delete.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * @package MantisBT
  19  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  20  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  21  * @link http://www.mantisbt.org
  22  *
  23  * @uses core.php
  24  * @uses access_api.php
  25  * @uses authentication_api.php
  26  * @uses config_api.php
  27  * @uses constant_inc.php
  28  * @uses form_api.php
  29  * @uses gpc_api.php
  30  * @uses helper_api.php
  31  * @uses html_api.php
  32  * @uses lang_api.php
  33  * @uses print_api.php
  34  * @uses user_api.php
  35  */
  36
  37 /**
  38  * MantisBT Core API's
  39  */
  40 require_once( 'core.php' );
  41 require_api( 'access_api.php' );
  42 require_api( 'authentication_api.php' );
  43 require_api( 'config_api.php' );
  44 require_api( 'constant_inc.php' );
  45 require_api( 'form_api.php' );
  46 require_api( 'gpc_api.php' );
  47 require_api( 'helper_api.php' );
  48 require_api( 'html_api.php' );
  49 require_api( 'lang_api.php' );
  50 require_api( 'print_api.php' );
  51 require_api( 'user_api.php' );
  52
  53 form_security_validate('manage_user_delete');
  54
  55 auth_reauthenticate();
  56 access_ensure_global_level( config_get( 'manage_user_threshold' ) );
  57
  58 $f_user_id      = gpc_get_int( 'user_id' );
  59
  60 $t_user = user_get_row( $f_user_id );
  61
  62 # Ensure that the account to be deleted is of equal or lower access to the
  63 # current user.
  64 access_ensure_global_level( $t_user['access_level'] );
  65
  66 # check that we are not deleting the last administrator account
  67 $t_admin_threshold = config_get_global( 'admin_site_threshold' );
  68 if ( user_is_administrator( $f_user_id ) &&
  69          user_count_level( $t_admin_threshold ) <= 1 ) {
  70         trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
  71 }
  72
  73 # If an administrator is trying to delete their own account, use
  74 # account_delete.php instead as it is handles logging out and redirection
  75 # of users who have just deleted their own accounts.
  76 if ( auth_get_current_user_id() == $f_user_id ) {
  77         form_security_purge( 'manage_user_delete' );
  78         print_header_redirect( 'account_delete.php?account_delete_token=' . form_security_token( 'account_delete' ), true, false );
  79 }
  80
  81 helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) .
  82         '<br/>' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
  83         lang_get( 'delete_account_button' ) );
  84
  85 user_delete( $f_user_id );
  86
  87 form_security_purge('manage_user_delete');
  88
  89 html_page_top( null, 'manage_user_page.php' );
  90 ?>
  91
  92 <br />
  93 <div>
  94 <?php
  95 echo lang_get( 'operation_successful' ) . '<br />';
  96 print_bracket_link( 'manage_user_page.php', lang_get( 'proceed' ) );
  97 ?>
  98 </div>
  99
 100 <?php
 101 html_page_bottom();