<?

/*************************************************************************************

    COPYRIGHT NOTICE

    This copyright notice must appear at the top of all scripts which are part of
    the Web Application Gateway package.

    Copyright (C) 2001-2008 Gregory Engel
    
    All rights reserved
    
    8547 E Arapahoe Rd, #J-504
    Greenwood Village, CO  80112 USA
    hide@address.com

    This program is free software; you can redistribute it and/or modify it under
    the terms of the GNU General Public License as published by the Free Software
    Foundation; either version 2 of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful, but WITHOUT
    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

    The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html
    A copy is included with the WAG package and is found in the text file gpl.txt

    You should have received a copy of the GNU General Public License (gpl.txt, gpl.html)
    along with the WAG distribution package; if not, the GNU General Public License can
    be found at http://www.gnu.org/copyleft/gpl.html, or by writing to:
    
    Free Software Foundation, Inc.
    59 Temple Place - Suite 330
    Boston, MA  02111-1307, USA.

    This script is part of the Web Application Gateway (WAG) Project. The WAG software
    is free, subject to the terms of the GNU General Public License as published by the
    Free Software Foundation, either version 2 of the License, or (at your option) any
    later version.
    
    $Revision: 41 $
    $LastChangedDate: 2008-01-14 14:07:02 -0700 (Mon, 14 Jan 2008) $
    $LastChangedBy: gpeangel $
 
*************************************************************************************/

require("../common/access.php");

// Cross-site request forgery check

if (!isset($_POST["csrf_token"]) || (strip_tags(trim($_POST["csrf_token"])) != $_SESSION["WAGATEWAY"]["CSRF_TOKEN"]))
    {
    echo "ERROR1Invalid access to script file.\n\nCross-site request forgery check failed.";
    exit();
    }

require("../common/dbconnect.php");

$result_message = "ERROR";

$usr_id = (int)strip_tags($_REQUEST["usr_id"]);

// Prevent installation System Administrator user from being deleted

// FIXME Inactivate/remove email account if necessary

if ($usr_id != 1)
    {

    mysql_query("START TRANSACTION;", $db_conn);

    $query = "DELETE FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."UserApps WHERE ua_usr_id = ".$usr_id;
    $result = mysql_query($query, $db_conn);
    
    if (!$result)
        {
        $result_message .= "1Error removing associated application records.\n\n".$_SERVER["PHP_SELF"]."\n\n".$query."\n\n".mysql_errno().": ".mysql_error();
        }

    $query = "DELETE FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."UserGroups WHERE ug_usr_id = ".$usr_id;
    $result = mysql_query($query, $db_conn);
    
    if (!$result)
        {
        $result_message .= "1Error removing associated group records.\n\n".$_SERVER["PHP_SELF"]."\n\n".$query."\n\n".mysql_errno().": ".mysql_error();
        }
 
    $query = "DELETE FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."Users WHERE usr_id = ".$usr_id;
    $result = mysql_query($query, $db_conn);
    
    if (!$result)
        {
        $result_message .= "1Error removing user record.\n\n".$_SERVER["PHP_SELF"]."\n\n".$query."\n\n".mysql_errno().": ".mysql_error();
        }
   
    if (strlen($result_message) == 5)
        {
        $result = mysql_query("COMMIT;", $db_conn);
        $result_message = "";
        }
    else
        {
        $result = mysql_query("ROLLBACK;", $db_conn);
        }

    }
else
    {
    $result_message .= "2System Administrator user cannot be deleted.";
    }

?>