-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeleteuser.php
More file actions
101 lines (69 loc) · 3.03 KB
/
deleteuser.php
File metadata and controls
101 lines (69 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?php
//backend for deleting users
require "realconfig.php";
session_start();
$dbh = new PDO(DB_DSN, DB_USER, DB_PASSWORD);
//If the get request is deleting the own user's account, backend validation and delete his account
if (isset($_SESSION['user']) && isset($_GET["id"]) && $_GET["id"] == "self") {
try {
$postTable = $dbh->prepare("SELECT * FROM `bi_posts` WHERE `author_id` = :userid;");
$postTable->bindValue(':userid', $_SESSION['user']);
$postTable->execute();
$posts = $postTable->fetchAll();
foreach ($posts as $post) {
$interactionTable = $dbh->prepare("DELETE FROM `bi_interactions` WHERE `post_id` = :postId;");
$interactionTable->bindValue(':postId', $post['id']);
$interactionTable->execute();
}
$postTable = $dbh->prepare("DELETE FROM `bi_posts` WHERE `author_id` = :userid;");
$postTable->bindValue(':userid', $_SESSION['user']);
$postTable->execute();
$interactionTable = $dbh->prepare("DELETE FROM `bi_interactions` WHERE `user_id` = :userId;");
$interactionTable->bindValue(':userId', $_SESSION['user']);
$interactionTable->execute();
$userTable = $dbh->prepare("DELETE FROM `bi_users` WHERE `id` = :userid;");
$userTable->bindValue(':userid', $_SESSION['user']);
$userTable->execute();
header("Location: logout.php");
die();
} catch (PDOException $e) {
$errormessage = $e->getMessage();
$errorcode = $e->getCode();
echo $errormessage;
echo $errorcode;
}
}
//backend validation for admin
if (!isset($_SESSION['user']) || !isset($_GET["id"]) || !isset($_SESSION['admin']) || $_SESSION['admin'] != 1) {
header("location: index.php");
}
try {
$postTable = $dbh->prepare("SELECT * FROM `bi_posts` WHERE `author_id` = :userid;");
$postTable->bindValue(':userid', intval($_GET['id']));
$postTable->execute();
$posts = $postTable->fetchAll();
foreach ($posts as $post) {
//delete interactions on his posts
$interactionTable = $dbh->prepare("DELETE FROM `bi_interactions` WHERE `post_id` = :postId;");
$interactionTable->bindValue(':postId', $post['id']);
$interactionTable->execute();
}
//delete all posts
$postTable = $dbh->prepare("DELETE FROM `bi_posts` WHERE `author_id` = :userid;");
$postTable->bindValue(':userid', intval($_GET['id']));
$postTable->execute();
//delete all interactions
$interactionTable = $dbh->prepare("DELETE FROM `bi_interactions` WHERE `user_id` = :userId;");
$interactionTable->bindValue(':userId', intval($_GET['id']));
$interactionTable->execute();
//delete the user
$userTable = $dbh->prepare("DELETE FROM `bi_users` WHERE `id` = :userid;");
$userTable->bindValue(':userid', intval($_GET['id']));
$userTable->execute();
header("Location: admin.php");
} catch (PDOException $e) {
$errormessage = $e->getMessage();
$errorcode = $e->getCode();
echo $errormessage;
echo $errorcode;
}