projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security line in all includes changed
[mailer.git] / inc / modules / admin / what-del_user.php
diff --git a/inc/modules/admin/what-del_user.php b/inc/modules/admin/what-del_user.php
index 9799da4fb5763c3e5549bc33c0bc5418ca812e05..0ffb8df50b306376cb7af69392889b28983fd7eb 100644 (file)
--- a/inc/modules/admin/what-del_user.php
+++ b/inc/modules/admin/what-del_user.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -41,46 +40,33 @@ if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
 // Display only title when no form was submitted
 ADD_DESCR("admin", basename(__FILE__));
 
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
-
 // User exists..
-if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']))))
-{
+if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason'])))) {
        // Delete users account
-       $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result_user = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result_user) == 1)
-       {
+       if (SQL_NUMROWS($result_user) == 1) {
                // Free memory
                SQL_FREERESULT($result);
 
                // Delete user account
                DELETE_USER_ACCOUNT(bigintval($_GET['u_id']), $_POST['reason']);
                OUTPUT_HTML("<STRONG class=\"admin_green\">".ADMIN_DEL_COMPLETED."</STRONG>");
-       }
-        else
-       {
+       } else {
                // Account does not exists!
                OUTPUT_HTML("<STRONG class=\"admin_failed\">".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2."</STRONG>");
        }
-}
- elseif (!empty($_POST['no']))
-{
+} elseif (!empty($_POST['no'])) {
        // Do not delete him...
-       LOAD_URL(URL."/modules.php?module=admin&amp;what=list_user&amp;u_id=".$_GET['u_id']);
-}
- elseif (empty($_GET['u_id']))
-{
+       LOAD_URL("modules.php?module=admin&amp;what=list_user&amp;u_id=".$_GET['u_id']);
+} elseif (empty($_GET['u_id'])) {
        // Output selection form with all confirmed user accounts listed
        ADD_MEMBER_SELECTION_BOX();
-}
- else
-{
+} else {
        // Realy want to delete?
-       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
         array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
+       if (SQL_NUMROWS($result) == 1) {
                // Load data
                list ($email, $sname, $fname) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
@@ -93,13 +79,11 @@ if ((isset($_POST['ok'])) || ((isset($_POST['del'])) && (!empty($_POST['reason']
 
                // Display form
                LOAD_TEMPLATE("admin_del_user");
-       }
-        else
-       {
+       } else {
                // Account does not exists!
                OUTPUT_HTML("<STRONG class=\"admin_failed\">".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2."</STRONG>");
        }
 }
-CLOSE_TABLE();
+
 //
 ?>
Mailer-Project repository