/
class.delUser.php
74 lines (47 loc) · 1.96 KB
/
class.delUser.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<?php
namespace leantime\domain\controllers {
use leantime\core;
use leantime\domain\repositories;
class delUser
{
/**
* run - display template and edit data
*
* @access public
*/
public function run()
{
$tpl = new core\template();
$userRepo = new repositories\users();
$language = new core\language();
//Only Admins
if(core\login::userIsAtLeast("clientManager")) {
if (isset($_GET['id']) === true) {
$id = (int)($_GET['id']);
$user = $userRepo->getUser($id);
//Delete User
if (isset($_POST['del']) === true) {
if(isset($_POST[$_SESSION['formTokenName']]) && $_POST[$_SESSION['formTokenName']] == $_SESSION['formTokenValue']) {
$userRepo->deleteUser($id);
$tpl->setNotification($language->__("notifications.user_deleted"), "success");
$tpl->redirect(BASE_URL."/users/showAll");
}else{
$tpl->setNotification($language->__("notification.form_token_incorrect"), 'error');
}
}
//Sensitive Form, generate form tokens
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyz';
$_SESSION['formTokenName'] = substr(str_shuffle($permitted_chars), 0, 32);
$_SESSION['formTokenValue'] = substr(str_shuffle($permitted_chars), 0, 32);
//Assign variables
$tpl->assign('user', $user);
$tpl->display('users.delUser');
} else {
$tpl->display('general.error');
}
} else {
$tpl->display('general.error');
}
}
}
}