aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorvincent-peugnet <v.peugnet@free.fr>2018-12-24 12:04:27 +0100
committervincent-peugnet <v.peugnet@free.fr>2018-12-24 12:04:27 +0100
commit055bbcbd61a56e39408e7d2b9d83c47fc76daa20 (patch)
tree3d3ced3c3147346e382a9ca53a499fd35f21749a /app
parent8d8f625ea20e10cf6fb053fab73c2ef7a559dc87 (diff)
downloadwcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.tar.gz
wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.zip
user admin protection
Diffstat (limited to 'app')
-rw-r--r--app/class/application.php2
-rw-r--r--app/class/controlleruser.php11
-rw-r--r--app/class/modeluser.php8
-rw-r--r--app/view/templates/userconfirmdelete.php39
4 files changed, 45 insertions, 15 deletions
diff --git a/app/class/application.php b/app/class/application.php
index 39cdd8a..f4b2a84 100644
--- a/app/class/application.php
+++ b/app/class/application.php
@@ -49,7 +49,7 @@ class Application
$this->configform();
exit;
} else {
- if(!$this->usermanager->adminexist()) {
+ if($this->usermanager->admincount() === 0) {
echo 'missing admin user';
$this->adminform();
exit;
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php
index 00b7246..9daf1fb 100644
--- a/app/class/controlleruser.php
+++ b/app/class/controlleruser.php
@@ -36,7 +36,16 @@ class Controlleruser extends Controller
{
if($_POST['action'] === 'delete') {
$user = new User($_POST);
- $this->showtemplate('userconfirmdelete', ['userdelete' => $user]);
+ $user = $this->usermanager->get($user);
+ if($user !== false) {
+ if($user->isadmin() && $this->usermanager->admincount() === 1) {
+ $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => false]);
+ } else {
+ $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => true]);
+ }
+ } else {
+ $this->routedirect('user');
+ }
} elseif ($_POST['action'] == 'confirmdelete') {
$user = new User($_POST);
$this->usermanager->delete($user);
diff --git a/app/class/modeluser.php b/app/class/modeluser.php
index e4b7eee..613d13b 100644
--- a/app/class/modeluser.php
+++ b/app/class/modeluser.php
@@ -97,17 +97,13 @@ class Modeluser extends Modeldb
return $userlist;
}
- public function adminexist()
+ public function admincount()
{
$userdatalist = $this->repo->query()
->where('level', '==', 10)
->execute();
- if($userdatalist->total() === 0) {
- return false;
- } else {
- return true;
- }
+ return $userdatalist->total();
}
public function passwordexist(string $pass)
diff --git a/app/view/templates/userconfirmdelete.php b/app/view/templates/userconfirmdelete.php
index 342775f..069f5de 100644
--- a/app/view/templates/userconfirmdelete.php
+++ b/app/view/templates/userconfirmdelete.php
@@ -1,17 +1,42 @@
+<?php
+if($candelete) {
+ ?>
-<h1>Delete User</h1>
-<h2>Id : <?= $userdelete->id() ?></h2>
-<h2>Level : <?= $userdelete->level() ?></h2>
+ <h1>Delete User</h1>
+ <h2>Id : <?= $userdelete->id() ?></h2>
+ <h2>Level : <?= $userdelete->level() ?></h2>
-<form action="<?= $this->url('userupdate') ?>" method="post">
-<input type="hidden" name="id" value="<?= $userdelete->id() ?>">
+ <form action="<?= $this->url('userupdate') ?>" method="post">
-<input type="submit" name="action" value="confirmdelete">
+ <input type="hidden" name="id" value="<?= $userdelete->id() ?>">
+ <input type="submit" name="action" value="confirmdelete">
-</form> \ No newline at end of file
+
+ </form>
+
+
+
+
+
+ <?php
+} else {
+ ?>
+
+ <h1>You can't delete this user</h1>
+
+ <h2>You need at least one admin user to run the system.</h2>
+
+ <p>To delete this user, create at least another admin user, then retry to delete this one.</p>
+
+ <a href="<?= $this->url('user') ?>">Go back to users</a>
+
+
+ <?php
+}
+?> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-22 23:25:08 +0000