includes/html/pages/deluser.inc.php

<?php

use LibreNMS\Authentication\LegacyAuth;

echo '<div style="margin: 10px;">';

if (!Auth::user()->isAdmin()) {
    include 'includes/html/error-no-perm.inc.php';
} else {
    echo '<h3>Delete User</h3>';

    $pagetitle[] = 'Delete user';

    if (LegacyAuth::get()->canManageUsers()) {
        if ($vars['action'] == 'del') {
            $id = (int)$vars['id'];
            $user = LegacyAuth::get()->getUser($id);

            if ($vars['confirm'] == 'yes') {
                if (LegacyAuth::get()->deleteUser($id) >= 0) {
                    print_message('<div class="infobox">User "'.$user['username'].'" deleted!');
                } else {
                    print_error('Error deleting user "'.$user['username'].'"!');
                }
            } else {
                print_error('You have requested deletion of the user "'.$user['username'].'". This action can not be reversed.<br /><a class="btn btn-danger" href="deluser/action=del/id='.$id.'/confirm=yes">Click to confirm</a>');
            }
        }

        // FIXME v mysql query should be replaced by authmodule
        $userlist = LegacyAuth::get()->getUserlist();

        echo '
            <form role="form" class="form-horizontal" method="GET" action="">
            ' . csrf_field() . '
            <input type="hidden" name="action" value="del">
            <div class="form-group">
            <label for="user_id" class="col-sm-2 control-label">Select User: </label>
            <div class="col-sm-6">
            <select id="user_id" name="id" class="form-control input-sm">
            ';

        foreach ($userlist as $userentry) {
            $i++;
            echo '<option value="'.$userentry['user_id'].'">'.$userentry['username'].'</option>';
        }

        echo '
            </select>
            </div>
            </div>
            <div class="form-group">
            <div class="col-sm-2">
            </div>
            <div class="col-sm-6">
            <button class="btn btn-danger btn-sm">Delete User</button>
            </div>
            </div>
            </form>
            ';
    } else {
        print_error('Authentication module does not allow user management!');
    }//end if
}//end if

echo '</div>';
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00			`<?php`

Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`use LibreNMS\Authentication\LegacyAuth;`
refactor: Refactored authorizers to classes (#7497) * Refactored authorizers to classes * Merge changes for #7335 * ! fix php 5.3 incompatibility * Update ADAuthorizationAuthorizer.php * Fix get_user -> getUser * Rename AuthorizerFactory to Auth, fix interface missing functions * Add phpdocs to all interface methods and normalize the names a bit. * Re-work auth_test.php AD bind tests to work properly with the new class. Reflection is not the nicest tool, but I think it is appropriate here. Handle exceptions more nicely in auth_test.php * Restore AD getUseList fix Not sure how it got removed * fix auth_test.php style 2017-11-18 11:33:03 +01:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '<div style="margin: 10px;">';`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Remove legacy auth usage of $_SESSION (#10491) * Remove auth use of $_SESSION Will break plugins that depend on $_SESSION, Weathermap was already fixed. Port them to use Auth::check()/Auth::user()/Auth:id() * revert accidental replacement 2019-08-05 14:16:05 -05:00			`if (!Auth::user()->isAdmin()) {`
Security fix: unauthorized access (#10091) * Security fix: unauthorized access Affects nginx users: Moved php files outside of public html directory (Apache was protected by .htaccess) Affects all users: Some files did not check for authentication and could disclose some info. Better checks before including files from user input * git mv html/includes/ includes/html git mv html/pages/ includes/html/ 2019-04-11 23:26:42 -05:00			`include 'includes/html/error-no-perm.inc.php';`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '<h3>Delete User</h3>';`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$pagetitle[] = 'Delete user';`
more title sets git-svn-id: http://www.observium.org/svn/observer/trunk@2691 61d68cd4-352d-0410-923a-c4978735b2b8 2011-10-18 14:41:19 +00:00
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`if (LegacyAuth::get()->canManageUsers()) {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($vars['action'] == 'del') {`
Fixed xss in deluser (#9079) DO NOT DELETE THIS TEXT #### Please note > Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting. - [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/) #### Testers If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926` 2018-08-25 06:10:00 -05:00			`$id = (int)$vars['id'];`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`$user = LegacyAuth::get()->getUser($id);`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($vars['confirm'] == 'yes') {`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`if (LegacyAuth::get()->deleteUser($id) >= 0) {`
			`print_message('<div class="infobox">User "'.$user['username'].'" deleted!');`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`print_error('Error deleting user "'.$user['username'].'"!');`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`print_error('You have requested deletion of the user "'.$user['username'].'". This action can not be reversed.<br /><a class="btn btn-danger" href="deluser/action=del/id='.$id.'/confirm=yes">Click to confirm</a>');`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
more new url system fixes for user management -- completely untested as I use LDAP ... git-svn-id: http://www.observium.org/svn/observer/trunk@2538 61d68cd4-352d-0410-923a-c4978735b2b8 2011-09-21 14:54:21 +00:00			`}`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`// FIXME v mysql query should be replaced by authmodule`
Use Laravel authentication (#8702) * Use Laravel for authentication Support legacy auth methods Always create DB entry for users (segregate by auth method) Port api auth to Laravel restrict poller errors to devices the user has access to Run checks on every page load. But set a 5 minute (configurable) timer. Only run some checks if the user is an admin Move toastr down a few pixels so it isn't as annoying. Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user. Add two missing menu entries in the laravel menu Rewrite 2FA code Simplify some and verify code before applying Get http-auth working Handle legacy $_SESSION differently. Allows Auth::once(), etc to work. * Fix tests and mysqli extension check * remove duplicate Toastr messages * Fix new items * Rename 266.sql to 267.sql 2018-09-11 07:51:35 -05:00			`$userlist = LegacyAuth::get()->getUserlist();`
Tidied up the delete user page 2014-06-17 22:11:44 +01:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '`
			`<form role="form" class="form-horizontal" method="GET" action="">`
Enable CSRF protection (#10447) * Enable CSRF protection * fix style issues 2019-07-17 07:20:26 -05:00			`' . csrf_field() . '`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`<input type="hidden" name="action" value="del">`
			`<div class="form-group">`
			`<label for="user_id" class="col-sm-2 control-label">Select User: </label>`
			`<div class="col-sm-6">`
			`<select id="user_id" name="id" class="form-control input-sm">`
			`';`
Tidied up the delete user page 2014-06-17 22:11:44 +01:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`foreach ($userlist as $userentry) {`
			`$i++;`
			`echo '<option value="'.$userentry['user_id'].'">'.$userentry['username'].'</option>';`
			`}`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '`
			`</select>`
			`</div>`
			`</div>`
			`<div class="form-group">`
			`<div class="col-sm-2">`
			`</div>`
			`<div class="col-sm-6">`
			`<button class="btn btn-danger btn-sm">Delete User</button>`
			`</div>`
			`</div>`
			`</form>`
			`';`
PSR2 Cleanup: /html edition Travis tests for code conformance. Ignore warnings for now. Fixed all errors, left most warnings. 2016-08-18 20:28:22 -05:00			`} else {`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`print_error('Authentication module does not allow user management!');`
			`}//end if`
			`}//end if`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '</div>';`