add a more secure way to delete users containing a password request

9 years ago · ef60b95555
parent 1983db901b
commit ef60b95555
6 changed files with 94 additions and 22 deletions
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@ -27,10 +27,65 @@ function users_controller() {
  }
 }

+/**
+ * Delete a user, requires to enter own password for reasons.
+ */
+function user_delete_controller() {
+  global $privileges, $user;
+  
+  if (isset($_REQUEST['user_id'])) {
+    $user_source = User($_REQUEST['user_id']);
+  } else
+    $user_source = $user;
+  
+  if (! in_array('admin_user', $privileges))
+    redirect(page_link_to(''));
+    
+    // You cannot delete yourself
+  if ($user['UID'] == $user_source['UID']) {
+    error(_("You cannot delete yourself."));
+    redirect(user_link($user));
+  }
+  
+  if (isset($_REQUEST['submit'])) {
+    $ok = true;
+    
+    if (! (isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) {
+      $ok = false;
+      error(_("Your password is incorrect.  Please try it again."));
+    }
+    
+    if ($ok) {
+      $result = User_delete($user_source['UID']);
+      if ($result === false)
+        engelsystem_error('Unable to delete user.');
+      
+      mail_user_delete($user_source);
+      success(_("User deleted."));
+      engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source)));
+      
+      redirect(users_link());
+    }
+  }
+  
+  return array(
+      sprintf(_("Delete %s"), $user_source['Nick']),
+      User_delete_view($user_source) 
+  );
+}
+
 function users_link() {
  return page_link_to('users');
 }

+function user_edit_link($user) {
+  return page_link_to('admin_user') . '&user_id=' . $user['UID'];
+}
+
+function user_delete_link($user) {
+  return page_link_to('users') . '&action=delete&user_id=' . $user['UID'];
+}
+
 function user_link($user) {
  return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
 }
--- a/includes/engelsystem_provider.php
+++ b/includes/engelsystem_provider.php
@ -48,6 +48,7 @@ require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
 require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');

 require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php');
+require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php');

 require_once realpath(__DIR__ . '/../config/config.default.php');
 if (file_exists(realpath(__DIR__ . '/../config/config.php')))
--- a/includes/mailer/users_mailer.php
+++ b/includes/mailer/users_mailer.php
@ -0,0 +1,9 @@
+<?php
+
+/**
+ * @param User $user_source
+ */
+function mail_user_delete($user) {
+  engelsystem_email_to_user($user, '[engelsystem] ' . _("Your account has been deleted"), _("Your angelsystem account has been deleted. If you have any questions regarding your account deletion, please contact heaven."));
+}
+?>
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@ -4,6 +4,15 @@
 * User model
 */

+/**
+ * Delete a user
+ * 
+ * @param int $user_id          
+ */
+function User_delete($user_id) {
+  return sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($user_id) . "'");
+}
+
 /**
 * Update user.
 *
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@ -113,9 +113,9 @@ function admin_user() {
      $html .= "<hr />";
    }
    
-    $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
-    $html .= "<input type=\"submit\" value=\"Löschen\">\n";
-    $html .= "</form>";
+    $html .= buttons([
+        button(user_delete_link($user_source), glyph('lock') . _("delete"), 'btn-danger') 
+    ]);
    
    $html .= "<hr />";
  } else {
@ -156,25 +156,6 @@ function admin_user() {
        }
        break;
      
-      case 'delete':
-        if ($user['UID'] != $id) {
-          $user_source = User($id);
-          if ($user_source === false)
-            engelsystem_error("Unable to load user.");
-          if ($user_source == null) {
-            error(_('This user does not exist.'));
-            redirect(users_link());
-          }
-          
-          sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
-          sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
-          engelsystem_log("Deleted user " . User_Nick_render($user_source));
-          $html .= success("Benutzer gelöscht!", true);
-        } else {
-          $html .= error("Du kannst Dich nicht selber löschen!", true);
-        }
-        break;
-      
      case 'save':
        $force_active = $user['force_active'];
        if (in_array('admin_active', $privileges))
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@ -19,6 +19,23 @@ $tshirt_sizes = array(
    'XL-G' => "XL Girl" 
 );

+/**
+ * Gui for deleting user with password field.
+ */
+function User_delete_view($user) {
+  return page_with_title(sprintf(_("Delete %s"), User_Nick_render($user)), [
+      msg(),
+      buttons([
+          button(user_edit_link($user), glyph('chevron-left') . _("back")) 
+      ]),
+      error(_("Do you really want to delete the user including all his shifts and every other piece of his data?"), true),
+      form([
+          form_password('password', _("Your password")),
+          form_submit('submit', _("Delete")) 
+      ]) 
+  ]);
+}
+
 /**
 * View for editing the number of given vouchers
 */