denied account delete operation of admin

2024-12-21 06:19:38 +08:00 · 2016-03-26 22:05:18 +08:00 · 2016-03-26 22:05:18 +08:00 · 84a032cdac
commit 84a032cdac
parent 34b73d8c59
2 changed files with 18 additions and 8 deletions
--- a/ajax.php
+++ b/ajax.php
@ -3,7 +3,7 @@
 * @Author: printempw
 * @Date:   2016-01-16 23:01:33
 * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-26 18:47:47
+ * @Last Modified time: 2016-03-26 22:01:59
 *
 * - login, register, logout
 * - upload, change, delete
@ -223,14 +223,19 @@ if ($action == "change") {
 } else if ($action == "delete") {
    if (isset($_SESSION['token']) && $_SESSION['token'] == $user->getToken()) {
        if (checkPost()) {
-            if ($user->checkPasswd($_POST['passwd'])) {
-                session_destroy();
-                $user->unRegister();
-                $json['errno'] = 0;
-                $json['msg'] = "账号已经成功删除，再见~";
+            if (!$user->is_admin) {
+                if ($user->checkPasswd($_POST['passwd'])) {
+                    session_destroy();
+                    $user->unRegister();
+                    $json['errno'] = 0;
+                    $json['msg'] = "账号已经成功删除，再见~";
+                } else {
+                    $json['errno'] = 1;
+                    $json['msg'] = "错误的密码。";
+                }
            } else {
                $json['errno'] = 1;
-                $json['msg'] = "错误的密码。";
+                $json['msg'] = "管理员账号不能被删除哟~";
            }
        }
    } else {
--- a/user/profile.php
+++ b/user/profile.php
@ -3,7 +3,7 @@
 * @Author: printempw
 * @Date:   2016-02-03 16:12:45
 * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-26 18:47:50
+ * @Last Modified time: 2016-03-26 21:59:57
 */
 require "../libraries/session.inc.php";
 $data['style'] = <<< 'EOT'
@ -68,10 +68,15 @@ View::show('header', $data);
                        <h3 class="box-title">删除账号</h3>
                        </div><!-- /.box-header -->
                        <div class="box-body">
+                        <?php if (!$user->is_admin): ?>
                        <p>确定要删除你在 <?php echo Config::get('site_name'); ?> 上的账号吗？</p>
                        <p>此操作不可恢复！我们不提供任何备份，或者神奇的撤销按钮。</p>
                        <p>我们警告过你了，确定要这样做吗？</p>
                        <button id="delete" class="btn btn-danger">删除我的账户</button>
+                        <?php else: ?>
+                        <p>管理员账号不能被删除。</p>
+                        <button class="btn btn-danger" disabled="disabled">删除我的账户</button>
+                        <?php endif; ?>
                    </div><!-- /.box-body -->
                </div>
            </div>