includes/html/pages/deluser.inc.php

<?php

use LibreNMS\Authentication\LegacyAuth;

echo '<div style="margin: 10px;">';

if (! Auth::user()->isAdmin()) {
    include 'includes/html/error-no-perm.inc.php';
} else {
    echo '<h3>Delete User</h3>';

    $pagetitle[] = 'Delete user';

    if (LegacyAuth::get()->canManageUsers()) {
        if ($vars['action'] == 'del') {
            $id = (int) $vars['id'];
            $user = LegacyAuth::get()->getUser($id);

            if ($vars['confirm'] == 'yes') {
                if (LegacyAuth::get()->deleteUser($id) >= 0) {
                    print_message('<div class="infobox">User "' . $user['username'] . '" deleted!');
                } else {
                    print_error('Error deleting user "' . $user['username'] . '"!');
                }
            } else {
                print_error('You have requested deletion of the user "' . $user['username'] . '". This action can not be reversed.<br /><a class="btn btn-danger" href="deluser/action=del/id=' . $id . '/confirm=yes">Click to confirm</a>');
            }
        }

        // FIXME v mysql query should be replaced by authmodule
        $userlist = LegacyAuth::get()->getUserlist();

        echo '
            <form role="form" class="form-horizontal" method="GET" action="">
            ' . csrf_field() . '
            <input type="hidden" name="action" value="del">
            <div class="form-group">
            <label for="user_id" class="col-sm-2 control-label">Select User: </label>
            <div class="col-sm-6">
            <select id="user_id" name="id" class="form-control input-sm">
            ';

        foreach ($userlist as $userentry) {
            $i++;
            echo '<option value="' . $userentry['user_id'] . '">' . $userentry['username'] . '</option>';
        }

        echo '
            </select>
            </div>
            </div>
            <div class="form-group">
            <div class="col-sm-2">
            </div>
            <div class="col-sm-6">
            <button class="btn btn-danger btn-sm">Delete User</button>
            </div>
            </div>
            </form>
            ';
    } else {
        print_error('Authentication module does not allow user management!');
    }//end if
}//end if

echo '</div>';
Updates. 2008-03-09 22:49:53 +00:00			`<?php`

Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`use LibreNMS\Authentication\LegacyAuth;`
refactor: Refactored authorizers to classes (#7497 ) 2017-11-18 11:33:03 +01:00
r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module 2011-03-28 10:48:43 +00:00			`echo '<div style="margin: 10px;">';`
Updates. 2008-03-09 22:49:53 +00:00
Remove legacy auth usage of $_SESSION (#10491 ) 2019-08-05 14:16:05 -05:00			`if (! Auth::user()->isAdmin()) {`
Security fix: unauthorized access (#10091 ) 2019-04-11 23:26:42 -05:00			`include 'includes/html/error-no-perm.inc.php';`
PSR2 Cleanup: /html edition 2016-08-18 20:28:22 -05:00			`} else {`
Updates. 2008-03-09 22:49:53 +00:00			`echo '<h3>Delete User</h3>';`

more title sets 2011-10-18 14:41:19 +00:00			`$pagetitle[] = 'Delete user';`

Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`if (LegacyAuth::get()->canManageUsers()) {`
more new url system fixes for user management -- completely untested as I use LDAP ... 2011-09-21 14:54:21 +00:00			`if ($vars['action'] == 'del') {`
Fixed xss in deluser (#9079 ) 2018-08-25 06:10:00 -05:00			`$id = (int) $vars['id'];`
Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`$user = LegacyAuth::get()->getUser($id);`
Updates. 2008-03-09 22:49:53 +00:00
more new url system fixes for user management -- completely untested as I use LDAP ... 2011-09-21 14:54:21 +00:00			`if ($vars['confirm'] == 'yes') {`
Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`if (LegacyAuth::get()->deleteUser($id) >= 0) {`
			`print_message('<div class="infobox">User "' . $user['username'] . '" deleted!');`
PSR2 Cleanup: /html edition 2016-08-18 20:28:22 -05:00			`} else {`
Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`print_error('Error deleting user "' . $user['username'] . '"!');`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
PSR2 Cleanup: /html edition 2016-08-18 20:28:22 -05:00			`} else {`
Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`print_error('You have requested deletion of the user "' . $user['username'] . '". This action can not be reversed.<br /><a class="btn btn-danger" href="deluser/action=del/id=' . $id . '/confirm=yes">Click to confirm</a>');`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
more new url system fixes for user management -- completely untested as I use LDAP ... 2011-09-21 14:54:21 +00:00			`}`
Updates. 2008-03-09 22:49:53 +00:00
/// -> // 2012-05-25 12:24:34 +00:00			`// FIXME v mysql query should be replaced by authmodule`
Use Laravel authentication (#8702 ) 2018-09-11 07:51:35 -05:00			`$userlist = LegacyAuth::get()->getUserlist();`
Tidied up the delete user page 2014-06-17 22:11:44 +01:00
			`echo '`
			`<form role="form" class="form-horizontal" method="GET" action="">`
Enable CSRF protection (#10447 ) 2019-07-17 07:20:26 -05:00			`' . csrf_field() . '`
Tidied up the delete user page 2014-06-17 22:11:44 +01:00			`<input type="hidden" name="action" value="del">`
			`<div class="form-group">`
			`<label for="user_id" class="col-sm-2 control-label">Select User: </label>`
			`<div class="col-sm-6">`
			`<select id="user_id" name="id" class="form-control input-sm">`
			`';`

			`foreach ($userlist as $userentry) {`
			`$i++;`
r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module 2011-03-28 10:48:43 +00:00			`echo '<option value="' . $userentry['user_id'] . '">' . $userentry['username'] . '</option>';`
Updates. 2008-03-09 22:49:53 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '`
Updates. 2008-03-09 22:49:53 +00:00			`</select>`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`</div>`
			`</div>`
Tidied up the delete user page 2014-06-17 22:11:44 +01:00			`<div class="form-group">`
			`<div class="col-sm-2">`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`</div>`
Tidied up the delete user page 2014-06-17 22:11:44 +01:00			`<div class="col-sm-6">`
			`<button class="btn btn-danger btn-sm">Delete User</button>`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`</div>`
			`</div>`
			`</form>`
			`';`
PSR2 Cleanup: /html edition 2016-08-18 20:28:22 -05:00			`} else {`
r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module 2011-03-28 10:48:43 +00:00			`print_error('Authentication module does not allow user management!');`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}//end if`
			`}//end if`
Updates. 2008-03-09 22:49:53 +00:00
			`echo '</div>';`