From 95b54d5bcf3ea8f3e014e85b766c06f1499c75d1 Mon Sep 17 00:00:00 2001
From: "johnny@pittpc.com" <admin@app.pittpc.com>
Date: Mon, 30 Mar 2020 20:41:18 -0400
Subject: [PATCH] Fixed update password under user profile, added delete user
 functionality

---
 post.php          | 22 +++++++++++++++++++++-
 settings-user.php | 14 +++++++++++---
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/post.php b/post.php
index a604a65a..1fec39ea 100644
--- a/post.php
+++ b/post.php
@@ -81,10 +81,30 @@ if(isset($_POST['edit_user'])){
 
     $_SESSION['alert_message'] = "User <strong>$name</strong> updated";
     
-    header("Location: users.php");
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
 
 }
 
+if(isset($_GET['delete_user'])){
+    $user_id = intval($_GET['delete_user']);
+
+    mysqli_query($mysqli,"DELETE FROM users WHERE user_id = $user_id");
+    mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id");
+    mysqli_query($mysqli,"DELETE FROM logs WHERE user_id = $user_id");
+    mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_created_by = $user_id");
+    mysqli_query($mysqli,"DELETE FROM tickets WHERE ticket_closed_by = $user_id");
+    mysqli_query($mysqli,"DELETE FROM ticket_update WHERE user_id = $user_id");
+
+    //logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User', log_action = 'Deleted', log_description = '$user_id', log_created_at = NOW()");
+
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "User deleted!";
+    
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+  
+}
+
 if(isset($_POST['add_company'])){
 
     $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
diff --git a/settings-user.php b/settings-user.php
index 08ec6898..39bec69a 100644
--- a/settings-user.php
+++ b/settings-user.php
@@ -1,6 +1,7 @@
 <?php include("header.php"); ?>
 
 <?php
+
 $sql_recent_logins = mysqli_query($mysqli,"SELECT * FROM logs 
     WHERE log_type = 'Login' AND log_action = 'Success' AND user_id = $session_user_id
     ORDER BY log_id DESC LIMIT 5");
@@ -8,10 +9,14 @@ $sql_recent_logins = mysqli_query($mysqli,"SELECT * FROM logs
 $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs 
     WHERE user_id = $session_user_id AND log_type NOT LIKE 'Login'
     ORDER BY log_id DESC LIMIT 10");
+
+$sql_user = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $session_user_id");
+  
+$row = mysqli_fetch_array($sql_user);
+$password = $row['password'];
+
 ?>
 
-
-
 <div class="row">
   <div class="col-md-4">
     <div class="card">
@@ -21,7 +26,10 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
       <div class="card-body">
 
         <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
-          <input type="hidden" name="current_avatar_path" value="<?php echo $session_avatar; ?>"> 
+          <input type="hidden" name="user_id" value="<?php echo $session_user_id; ?>">
+          <input type="hidden" name="current_avatar_path" value="<?php echo $session_avatar; ?>">
+          <input type="hidden" name="current_password_hash" value="<?php echo $password; ?>">
+
           <center class="mb-3 p-4">
             <img src="<?php echo "$session_avatar"; ?>" class="img-circle img-fluid elevation-2">
           </center>