added admin account delete

20 years ago · 2209ae9205
parent 7688bb33f1
commit 2209ae9205
7 changed files with 96 additions and 12 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -45,7 +45,7 @@
 		$emailid = mysql_insert_id();

 		$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
-		$body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
+		$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
 		$body .= _("Best regards")."\n"._("CAcert.org Support!");

 		mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support <support@cacert.org>");
@ -366,7 +366,7 @@
 		$domainid = mysql_insert_id();

 		$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
-		$body .= "http://$hostname/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
+		$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
 		$body .= _("Best regards")."\n"._("CAcert.org Support!");

 		mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support <support@cacert.org>");
@ -1653,7 +1653,9 @@
 		exit;
 	}

-	if(($id == 42 || $id == 43 || $id == 44 || $oldid == 42 || $oldid == 43 || $oldid == 44) && $_SESSION['profile']['admin'] != 1)
+	if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 ||
+		$oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) &&
+		$_SESSION['profile']['admin'] != 1)
 	{
 		showheader(_("My CAcert.org Account!"));
 		echo _("You don't have access to this area.");
@ -1781,6 +1783,48 @@
 		}
 	}

+	if($id == 50)
+	{
+		if($_GET['userid'] != "")
+			$_POST['userid'] = intval($_GET['userid']);
+		else
+			$_POST['userid'] = intval($_POST['userid']);
+
+		$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
+		if($row['email'] == "")
+			$id = 42;
+		else
+			$_POST['email'] = $row['email'];
+	}
+
+	if($oldid == 50)
+	{
+		$id = 43;
+		$_GET['userid'] = intval($_POST['userid']);
+	}
+
+	if($oldid == 50 && $_POST['process'] != "")
+	{
+		$_POST['userid'] = intval($_POST['userid']);
+		$res = mysql_query("select * from `users` where `id`='".$_POST['userid']."'");
+		if(mysql_num_rows($res) > 0)
+		{
+			$query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`=NOW()
+					WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".$_POST['userid']."'";
+			mysql_query($query);
+			$query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".$_POST['userid']."'";
+			mysql_query($query);
+			$query = "update `emailcerts` SET `revoked`=NOW() WHERE `memid`='".$_POST['userid']."'";
+			mysql_query($query);
+			$query = "update `email` SET `deleted`=NOW() WHERE `memid`='".$_POST['userid']."'";
+			mysql_query($query);
+			$query = "delete from `org` WHERE `memid`='".$_POST['userid']."'";
+			mysql_query($query);
+			$query = "update `users` SET `deleted`=NOW() WHERE `id`='".$_POST['userid']."'";
+			mysql_query($query);
+		}
+	}
+
 	if(intval($cert) > 0)
 		$_SESSION['_config']['cert'] = intval($cert);
 	if(intval($orgid) > 0)
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@ -15,7 +15,7 @@

 	function showheader($title = "CAcert.org", $title2 = "")
 	{
-		global $hostname, $id, $PHP_SELF;
+		global $id, $PHP_SELF;

 		$locrest = "";
 		if($_SESSION['profile']['ccid'] > 0)
@ -81,7 +81,8 @@
 		case 46:
 		case 47:
 		case 48:
-		case 49: $expand = " explode('sysadmin');"; break;
+		case 49:
+		case 50: $expand = " explode('sysadmin');"; break;
 		case 500:
 		case 501:
 		case 502:
@ -202,7 +203,6 @@ function hideall() {

 	function showfooter()
 	{
-		global $hostname;
 ?>
      </div>
    </div>
--- a/includes/general_stuff.php
+++ b/includes/general_stuff.php
@ -17,7 +17,7 @@ if(!function_exists("showheader"))
 {
 	function showheader($title = "CAcert.org", $title2 = "")
 	{
-		global $hostname, $id;
+		global $id;

 ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <html>
@ -49,7 +49,7 @@ google_color_border = "FFFFFF";
  <div id="pageNav">
    <div class="relatedLinks">
      <h3><?=_("Join CAcert.org")?></h3>
-      <a href="https://<?=$hostname?>/index.php?id=1"><?=_("Join")?></a> 
+      <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a> 
    </div>
    <div class="relatedLinks">
      <h3><?=_("My Account")?></h3>
@ -92,7 +92,6 @@ if(!function_exists("showfooter"))
 {
 	function showfooter()
 	{
-		global $hostname;
 ?>
      </div>
    </div>
--- a/pages/account/43.php
+++ b/pages/account/43.php
@ -18,6 +18,8 @@
 		$email = mysql_escape_string(stripslashes($_POST['email']));
 		$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
 				where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%'
+				`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and
+				`users`.`verified`=1
 				group by `users`.`id` limit 100";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 1) { ?>
@ -53,7 +55,7 @@
 	if(intval($_GET['userid']) > 0)
 	{
 		$id = intval($_GET['userid']);
-		$query = "select * from `users` where `id`='$id'";
+		$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0 and `users`.`verified`=1";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) <= 0)
 		{
@ -96,6 +98,10 @@
    <td class="DataTD"><?=_("Change Password")?>:</td>
    <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
  </tr>
+  <tr>
+    <td class="DataTD"><?=_("Delete Account")?>:</td>
+    <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
+  </tr>
  <tr>
    <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
    <td class="DataTD"><?=$row['Q1']?></td>
--- a/pages/account/49.php
+++ b/pages/account/49.php
@ -18,7 +18,8 @@
 		$domain = mysql_escape_string(stripslashes($_POST['domain']));
 		$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain` from `users`,`domains`
 				where `users`.`id`=`domains`.`memid` and `domains`.`domain` like '%$domain%' and
-				`domains`.`hash`='' and `domains`.`deleted`=0
+				`domains`.`hash`='' and `domains`.`deleted`=0 and `users`.`deleted`=0 and
+				`users`.`verified`=1
 				group by `users`.`id` limit 100";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 1) { ?>
--- a/pages/account/50.php
+++ b/pages/account/50.php
@ -0,0 +1,34 @@
+<? /*
+    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
+
+    This file is part of CAcert.
+
+    CAcert has been released under the CAcert Source License
+    which can be found included with these source files or can
+    be downloaded from the internet from the following address:
+    http://www.cacert.org/src-lic.php
+
+    CAcert is distributed WITHOUT ANY WARRANTY; without even
+    the implied warranty of MERCHANTABILITY or FITNESS FOR A
+    PARTICULAR PURPOSE.  See the License for more details.
+*/ ?>
+<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<form method="post" action="account.php">
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+  <tr>
+    <td colspan="2" class="title"><?=_("Change Password")?></td>
+  </tr>
+  <tr>
+    <td class="DataTD"><?=_("Email")?>:</td>
+    <td class="DataTD"><b><?=$_POST['email']?></b></td>
+  </tr>
+  <tr>
+    <td class="DataTD" colspan="2">Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.</td>
+  </tr>
+  <tr>
+    <td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("No")?>"> <input type="submit" name="process" value="<?=_("Yes")?>"></td>
+  </tr>
+</table>
+<input type="hidden" name="userid" value="<?=$_POST['userid']?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
--- a/www/index.php
+++ b/www/index.php
@ -303,7 +303,7 @@
 			$emailid = mysql_insert_id();

 			$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
-			$body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
+			$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
 			$body .= _("Best regards")."\n"._("CAcert.org Support!");

 			mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support <support@cacert.org>");