fusionpbx/core/users/user_delete.php

<?php
/*
	FusionPBX
	Version: MPL 1.1

	The contents of this file are subject to the Mozilla Public License Version
	1.1 (the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at
	http://www.mozilla.org/MPL/

	Software distributed under the License is distributed on an "AS IS" basis,
	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
	for the specific language governing rights and limitations under the
	License.

	The Original Code is FusionPBX

	The Initial Developer of the Original Code is
	Mark J Crane <markjcrane@fusionpbx.com>
	Portions created by the Initial Developer are Copyright (C) 2008-2015
	the Initial Developer. All Rights Reserved.

	Contributor(s):
	Mark J Crane <markjcrane@fusionpbx.com>
*/

//includes
	include "root.php";
	require_once "resources/require.php";
	require_once "resources/check_auth.php";

//check permissions
	if (permission_exists('user_delete')) {
		//access allowed
	}
	else {
		echo "access denied";
		return;
	}

//add multi-lingual support
	$language = new text;
	$text = $language->get();

//get the id
	$user_uuid = check_str($_GET["id"]);

//validate the uuid
	if (is_uuid($user_uuid)) {
		//get the user's domain from v_users
			if (permission_exists('user_domain')) {
				$sql = "select domain_uuid from v_users ";
				$sql .= "where user_uuid = '".$user_uuid."' ";
				$prep_statement = $db->prepare(check_sql($sql));
				$prep_statement->execute();
				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
				foreach ($result as &$row) {
					$domain_uuid = $row["domain_uuid"];
				}
				unset ($prep_statement);
			}
			else {
				$domain_uuid = $_SESSION['domain_uuid'];
			}

		//required to be a superadmin to delete a member of the superadmin group
			$superadmin_list = superadmin_list($db);
			if (if_superadmin($superadmin_list, $user_uuid)) {
				if (!if_group("superadmin")) {
					//access denied - do not delete the user
					header("Location: index.php");
					return;
				}
			}

		//delete the user settings
			$sql = "delete from v_user_settings ";
			$sql .= "where user_uuid = '".$user_uuid."' ";
			$sql .= "and domain_uuid = '".$domain_uuid."' ";
			if (!$db->exec($sql)) {
				$info = $db->errorInfo();
				print_r($info);
			}

		//delete the groups the user is assigned to
			$sql = "delete from v_group_users ";
			$sql .= "where user_uuid = '".$user_uuid."' ";
			$sql .= "and domain_uuid = '".$domain_uuid."' ";
			if (!$db->exec($sql)) {
				$info = $db->errorInfo();
				print_r($info);
			}

		//delete the user
			$sql = "delete from v_users ";
			$sql .= "where user_uuid = '".$user_uuid."' ";
			$sql .= "and domain_uuid = '".$domain_uuid."' ";
			if (!$db->exec($sql)) {
				$info = $db->errorInfo();
				print_r($info);
			}
	}

//redirect the user
	$_SESSION["message"] = $text['message-delete'];
	header("Location: users.php");

?>
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00			`<?php`
			`/*`
			`FusionPBX`
			`Version: MPL 1.1`

			`The contents of this file are subject to the Mozilla Public License Version`
			`1.1 (the "License"); you may not use this file except in compliance with`
			`the License. You may obtain a copy of the License at`
			`http://www.mozilla.org/MPL/`

			`Software distributed under the License is distributed on an "AS IS" basis,`
			`WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License`
			`for the specific language governing rights and limitations under the`
			`License.`

			`The Original Code is FusionPBX`

			`The Initial Developer of the Original Code is`
			`Mark J Crane <markjcrane@fusionpbx.com>`
When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`Portions created by the Initial Developer are Copyright (C) 2008-2015`
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00			`the Initial Developer. All Rights Reserved.`

			`Contributor(s):`
			`Mark J Crane <markjcrane@fusionpbx.com>`
			`*/`
Update indentation for includes and check permissions. 2016-10-02 22:30:38 +02:00
			`//includes`
			`include "root.php";`
			`require_once "resources/require.php";`
			`require_once "resources/check_auth.php";`

			`//check permissions`
			`if (permission_exists('user_delete')) {`
			`//access allowed`
			`}`
			`else {`
			`echo "access denied";`
			`return;`
			`}`
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00
Contacts: Private or Shared. User can create a private contact only visible to them, or can choose to share a contact with others by assigning it to group(s). Users can view only contacts assigned to their group(s) and contacts NOT assigned to any group. 2014-10-18 08:49:34 +02:00			`//add multi-lingual support`
Use the new multi-lingual code on fusionpbx/core sub directories. 2015-01-18 10:22:07 +01:00			`$language = new text;`
			`$text = $language->get();`
Contacts: Private or Shared. User can create a private contact only visible to them, or can choose to share a contact with others by assigning it to group(s). Users can view only contacts assigned to their group(s) and contacts NOT assigned to any group. 2014-10-18 08:49:34 +02:00
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00			`//get the id`
			`$user_uuid = check_str($_GET["id"]);`

When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`//validate the uuid`
			`if (is_uuid($user_uuid)) {`
Users: Added ability to move User to different domain. Also remove User Settings upon delete. 2015-03-31 02:54:24 +02:00			`//get the user's domain from v_users`
			`if (permission_exists('user_domain')) {`
			`$sql = "select domain_uuid from v_users ";`
			`$sql .= "where user_uuid = '".$user_uuid."' ";`
			`$prep_statement = $db->prepare(check_sql($sql));`
			`$prep_statement->execute();`
			`$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);`
			`foreach ($result as &$row) {`
			`$domain_uuid = $row["domain_uuid"];`
			`}`
			`unset ($prep_statement);`
			`}`
			`else {`
			`$domain_uuid = $_SESSION['domain_uuid'];`
When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`}`
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00
When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`//required to be a superadmin to delete a member of the superadmin group`
			`$superadmin_list = superadmin_list($db);`
			`if (if_superadmin($superadmin_list, $user_uuid)) {`
			`if (!if_group("superadmin")) {`
			`//access denied - do not delete the user`
			`header("Location: index.php");`
			`return;`
			`}`
			`}`
Fix the code so that deleting and superadmin is not possible unless the user account used to do it is in the superadmin group. 2012-11-23 03:57:34 +01:00
Users: Added ability to move User to different domain. Also remove User Settings upon delete. 2015-03-31 02:54:24 +02:00			`//delete the user settings`
			`$sql = "delete from v_user_settings ";`
			`$sql .= "where user_uuid = '".$user_uuid."' ";`
			`$sql .= "and domain_uuid = '".$domain_uuid."' ";`
			`if (!$db->exec($sql)) {`
			`$info = $db->errorInfo();`
			`print_r($info);`
			`}`

When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`//delete the groups the user is assigned to`
			`$sql = "delete from v_group_users ";`
Users: Added ability to move User to different domain. Also remove User Settings upon delete. 2015-03-31 02:54:24 +02:00			`$sql .= "where user_uuid = '".$user_uuid."' ";`
			`$sql .= "and domain_uuid = '".$domain_uuid."' ";`
When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`if (!$db->exec($sql)) {`
			`$info = $db->errorInfo();`
			`print_r($info);`
			`}`
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00
When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`//delete the user`
			`$sql = "delete from v_users ";`
Users: Added ability to move User to different domain. Also remove User Settings upon delete. 2015-03-31 02:54:24 +02:00			`$sql .= "where user_uuid = '".$user_uuid."' ";`
			`$sql .= "and domain_uuid = '".$domain_uuid."' ";`
When deleting the group delete the group user and group permissions. Increase the security by validating the uuid. 2015-03-05 10:37:37 +01:00			`if (!$db->exec($sql)) {`
			`$info = $db->errorInfo();`
			`print_r($info);`
			`}`
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00			`}`

			`//redirect the user`
Contacts: Private or Shared. User can create a private contact only visible to them, or can choose to share a contact with others by assigning it to group(s). Users can view only contacts assigned to their group(s) and contacts NOT assigned to any group. 2014-10-18 08:49:34 +02:00			`$_SESSION["message"] = $text['message-delete'];`
Users: Revamp and consolidate code, integrate ORM. 2016-10-05 18:29:30 +02:00			`header("Location: users.php");`
Add a missing file sip_profile_copy.php to the dev branch. 2012-06-04 16:58:40 +02:00
			`?>`