Flag users as disabled/deleted if they can't actually be deleted

7 years ago · 207be7114a
parent e607c120c4
commit 207be7114a
6 changed files with 108 additions and 50 deletions
--- a/action.php
+++ b/action.php
@ -52,7 +52,8 @@ switch ($VARS['action']) {
            'realname' => $VARS['name'],
            'username' => $VARS['username'],
            'email' => $VARS['email'],
-            'acctstatus' => $VARS['status']
+            'acctstatus' => $VARS['status'],
+            'deleted' => 0
        ];

        if (!is_empty($VARS['pass'])) {
@ -78,6 +79,11 @@ switch ($VARS['action']) {
        }
        $olddata = $database->select('accounts', '*', ['uid' => $VARS['id']])[0];
        $database->delete('accounts', ['uid' => $VARS['id']]);
+        if (!is_null($database->error()[1])) {
+            // If we can't delete the account (because it's referenced elsewhere),
+            // we will flag it as deleted and set the status to LOCKED_OR_DISABLED.
+            $database->update('accounts', ['acctstatus' => 2, 'deleted' => 1], ['uid' => $VARS['id']]);
+        }
        insertAuthLog(16, $_SESSION['uid'], $olddata['username'] . ", " . $olddata['realname'] . ", " . $olddata['email'] . ", " . $olddata['acctstatus']);
        returnToSender("user_deleted");
    case "rmtotp":
--- a/lang/en_us.php
+++ b/lang/en_us.php
@ -85,5 +85,7 @@ define("STRINGS", [
    "remove 2fa" => "Reset 2FA",
    "action performed by" => "Action performed by {user}",
    "2fa removed" => "2-factor authentication removed.",
-    "2fa" => "2FA"
+    "2fa" => "2FA",
+    "show deleted" => "Show deleted",
+    "editing deleted account" => "You are editing an account marked as deleted.  The account will be undeleted if you press Save."
 ]);
--- a/lib/getusertable.php
+++ b/lib/getusertable.php
@ -6,11 +6,20 @@ dieifnotloggedin();

 header("Content-Type: application/json");

+$show_deleted = false;
+if ($VARS['show_deleted'] == 1) {
+    $show_deleted = true;
+}
+
 $out = [];

 $out['draw'] = intval($VARS['draw']);

-$out['recordsTotal'] = $database->count('accounts');
+if ($show_deleted) {
+    $out['recordsTotal'] = $database->count('accounts');
+} else {
+    $out['recordsTotal'] = $database->count('accounts', ['deleted' => 0]);
+}
 $filter = false;

 // sort
@ -43,19 +52,37 @@ switch ($VARS['order'][0]['column']) {
 // search
 if (!is_empty($VARS['search']['value'])) {
    $filter = true;
-    $wherenolimit = [
-        "OR" => [
-            "username[~]" => $VARS['search']['value'],
-            "realname[~]" => $VARS['search']['value'],
-            "email[~]" => $VARS['search']['value'],
-            "statuscode[~]" => $VARS['search']['value'],
-            "typecode[~]" => $VARS['search']['value']
-        ]
-    ];
+    if ($show_deleted) {
+        $wherenolimit = [
+            "OR" => [
+                "username[~]" => $VARS['search']['value'],
+                "realname[~]" => $VARS['search']['value'],
+                "email[~]" => $VARS['search']['value'],
+                "statuscode[~]" => $VARS['search']['value'],
+                "typecode[~]" => $VARS['search']['value']
+            ]
+        ];
+    } else {
+        $wherenolimit = [
+            "AND" => [
+                "OR" => [
+                    "username[~]" => $VARS['search']['value'],
+                    "realname[~]" => $VARS['search']['value'],
+                    "email[~]" => $VARS['search']['value'],
+                    "statuscode[~]" => $VARS['search']['value'],
+                    "typecode[~]" => $VARS['search']['value']
+                ],
+                "deleted" => 0
+            ]
+        ];
+    }
    $where = $wherenolimit;
    $where["LIMIT"] = [$VARS['start'], $VARS['length']];
 } else {
    $where = ["LIMIT" => [$VARS['start'], $VARS['length']]];
+    if (!$show_deleted) {
+        $where["deleted"] = 0;
+    }
 }
 if (!is_null($order)) {
    $where["ORDER"] = $order;
@ -74,7 +101,8 @@ $users = $database->select('accounts', [
    'acctstatus',
    'statuscode',
    'accttype',
-    'typecode'
+    'typecode',
+    'deleted'
        ], $where);


--- a/pages/edituser.php
+++ b/pages/edituser.php
@ -12,7 +12,8 @@ $userdata = [
    'email' => '',
    'authsecret' => '',
    'acctstatus' => '',
-    'typecode' => 'LOCAL'
+    'typecode' => 'LOCAL',
+    'deleted' => 0
 ];

 $editing = false;
@ -27,7 +28,8 @@ if (!is_empty($VARS['id'])) {
                    'email',
                    'authsecret',
                    'acctstatus',
-                    'typecode'
+                    'typecode',
+                    'deleted'
                        ], [
                    'uid' => $VARS['id']
                ])[0];
@ -70,6 +72,13 @@ if ($userdata['typecode'] != "LOCAL") {
                </div>
                <?php
            }
+            if ($userdata['deleted'] == 1) {
+                ?>
+                <div class="alert alert-info">
+                    <?php lang("editing deleted account"); ?>
+                </div>
+                <?php
+            }
            ?>
            <div class="form-group">
                <label for="name"><i class="fa fa-user"></i> <?php lang("name"); ?></label>
@ -80,7 +89,7 @@ if ($userdata['typecode'] != "LOCAL") {
                <div class="col-xs-12 col-md-6">
                    <div class="form-group">
                        <label for="username"><i class="fa fa-id-badge"></i> <?php lang("username"); ?></label>
-                        <input type="text" <?php if (!$localacct) echo "disabled"; ?> class="form-control" name="username" id="username" placeholder="<?php lang("placeholder username"); ?>" required="required" value="<?php echo htmlspecialchars($userdata['username']); ?>" />
+                        <input type="text" <?php if (!$localacct) echo "readonly=\"readonly\""; ?> class="form-control" name="username" id="username" placeholder="<?php lang("placeholder username"); ?>" required="required" value="<?php echo htmlspecialchars($userdata['username']); ?>" />
                    </div>
                </div>
                <div class="col-xs-12 col-md-6">
@ -95,7 +104,7 @@ if ($userdata['typecode'] != "LOCAL") {
                <div class="col-xs-12 col-md-6">
                    <div class="form-group">
                        <label for="pass"><i class="fa fa-lock"></i> <?php lang("new password"); ?></label>
-                        <input type="text" <?php if (!$localacct) echo "disabled"; ?> autocomplete="new-password" class="form-control" name="pass" id="pass" placeholder="<?php lang("placeholder password"); ?>" />
+                        <input type="text" <?php if (!$localacct) echo "readonly=\"readonly\""; ?> autocomplete="new-password" class="form-control" name="pass" id="pass" placeholder="<?php lang("placeholder password"); ?>" />
                    </div>
                </div>

--- a/pages/users.php
+++ b/pages/users.php
@ -21,34 +21,34 @@ redirectifnotloggedin();
    </thead>
    <tbody>
        <?php
-        /*$users = $database->select('accounts', [
-            "[>]acctstatus" => ['acctstatus' => 'statusid'],
-            "[>]accttypes" => ['accttype' => 'typeid']
-        ], [
-            'uid',
-            'username',
-            'realname',
-            'email',
-            'acctstatus',
-            'statuscode',
-            'accttype',
-            'typecode'
-        ]);
-        foreach ($users as $u) {
-            ?>
-            <tr>
-                <td></td>
-                <td>
-                    <a class="btn btn-blue btn-xs" href="app.php?page=edituser&id=<?php echo $u['uid']; ?>"><i class="fa fa-pencil-square-o"></i> <?php lang("edit"); ?></a>
-                </td>
-                <td><?php echo $u['realname']; ?></td>
-                <td><?php echo $u['username']; ?></td>
-                <td><?php echo ($u['email'] == "NOEMAIL@EXAMPLE.COM" ? "" : $u['email']); ?></td>
-                <td><?php echo $u['statuscode']; ?></td>
-                <td><?php echo $u['typecode']; ?></td>
-            </tr>
-            <?php
-        }*/
+        /* $users = $database->select('accounts', [
+          "[>]acctstatus" => ['acctstatus' => 'statusid'],
+          "[>]accttypes" => ['accttype' => 'typeid']
+          ], [
+          'uid',
+          'username',
+          'realname',
+          'email',
+          'acctstatus',
+          'statuscode',
+          'accttype',
+          'typecode'
+          ]);
+          foreach ($users as $u) {
+          ?>
+          <tr>
+          <td></td>
+          <td>
+          <a class="btn btn-blue btn-xs" href="app.php?page=edituser&id=<?php echo $u['uid']; ?>"><i class="fa fa-pencil-square-o"></i> <?php lang("edit"); ?></a>
+          </td>
+          <td><?php echo $u['realname']; ?></td>
+          <td><?php echo $u['username']; ?></td>
+          <td><?php echo ($u['email'] == "NOEMAIL@EXAMPLE.COM" ? "" : $u['email']); ?></td>
+          <td><?php echo $u['statuscode']; ?></td>
+          <td><?php echo $u['typecode']; ?></td>
+          </tr>
+          <?php
+          } */
        ?>
    </tbody>
    <tfoot>
@ -62,4 +62,10 @@ redirectifnotloggedin();
            <th data-priority="3"><i class="fa fa-fw fa-check-circle"></i> <?php lang('status'); ?></th>
            <th data-priority="4"><i class="fa fa-fw fa-server"></i> <?php lang('type'); ?></th>
    </tfoot>
-</table>
+</table>
+<script>
+    /* Give JavaScript access to the lang string
+     * it needs to inject the show deleted checkbox
+     */
+    var lang_show_deleted = "<?php lang("show deleted") ?>";
+</script>
--- a/static/js/users.js
+++ b/static/js/users.js
@ -1,4 +1,4 @@
-$('#usertable').DataTable({
+var usertable = $('#usertable').DataTable({
    responsive: {
        details: {
            display: $.fn.dataTable.Responsive.display.modal({
@ -30,6 +30,11 @@ $('#usertable').DataTable({
    serverSide: true,
    ajax: {
        url: "lib/getusertable.php",
+        data: function (d) {
+            if ($('#show_deleted_checkbox').is(':checked')) {
+                d.show_deleted = 1;
+            }
+        },
        dataFilter: function (data) {
            var json = jQuery.parseJSON(data);
            json.data = [];
@ -37,8 +42,8 @@ $('#usertable').DataTable({
                json.data.push([
                    "",
                    row.editbtn,
-                    row.realname,
-                    row.username,
+                    (row.deleted == 1 ? "<del style=\"color: red;\">" : "") + row.realname + (row.deleted == 1 ? "</del>" : ""),
+                    (row.deleted == 1 ? "<span style=\"color: red;\">" : "") + row.username + (row.deleted == 1 ? "</span>" : ""),
                    row.email,
                    (row['2fa'] == true ? "<i class='fa fa-check'></i>" : "<i class='fa fa-times'></i>"),
                    row.statuscode,
@ -48,4 +53,6 @@ $('#usertable').DataTable({
            return JSON.stringify(json);
        }
    }
-});
+});
+
+$('#usertable_filter').append("<div class=\"checkbox\" style=\"display: inline-block\"><label><input type=\"checkbox\" id=\"show_deleted_checkbox\" onclick=\"usertable.ajax.reload()\"> " + lang_show_deleted + "</label></div>");