zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1165b245cec59201fe8fed2d65d6db3ecff60a24
minisrv/zefie_wtvp_minisrv/ServiceVault/wtv-admin/deleteuser.js
zefie 1165b245ce v0.9.33 
- numerous bug fixes
 - wtv-mail system
 - user account updates
 - viewergen alpha (experimental webtv viewer patcher on pc_service)
 - implement wtv-favorites with huge help from @JarHead4
 - add wtv-ticket store api
 - Bump vm2 from 3.9.5 to 3.9.7 in /zefie_wtvp_minisrv
 - fix bf0app default rom
 - Add wtv-1800 service to wtv-1800:/noflash
 - handle webtvism:
   - allow get/post variables to be the same name multiple times
   - rather than overwrite, the server will now change the variable from a string to an array.
 - Rewrite script processing a bit
   - Instead of using eval() we now use a proper VM Context
   - As a result, any scripting errors will now give a more useful filename and line number.
   - However, some things may break, if they are dependant on variables we are not allowing in the context.
 - BREAKING CHANGES:
   - `ssid_sessions[socket.ssid]` is now `session_data`
   - `require` is no longer allowed in user scripts
 - add star service
 - change how we handle modules for services in the VM
 - fixed wtv-disk:/sync always failed the first time
 - implement production-like wtv-star handling (when a service port becomes unavailable, it requests the url over the wtv-star port to show an error page)
 - renamed WTVDownloadList.js to WTVDisk.js
 - a bit more work on WTVNews (created class)
 - probably more stuff I can't remember
2022-11-29 08:29:25 -05:00

118 lines
5.0 KiB
JavaScript
Raw Blame History

var minisrv_service_file = true;
var WTVAdmin = require(classPath + "/WTVAdmin.js");
var wtva = new WTVAdmin(minisrv_config, session_data, service_name);
var auth = wtva.isAuthorized();
if (auth === true) {
var password = null;
if (request_headers.Authorization) {
var authheader = request_headers.Authorization.split(' ');
if (authheader[0] == "Basic") {
password = Buffer.from(authheader[1], 'base64').toString();
if (password) password = password.split(':')[1];
}
}
if (wtva.checkPassword(password)) {
if (request_headers.query.username) {
var show_cannot_modify_self = false;
var show_cannot_remove_primary = false;
var show_box_was_unregistered = false;
var user_info = wtva.getAccountInfo(request_headers.query.username.toLowerCase()); // username search
if (user_info) {
if (user_info.ssid == socket.ssid) {
show_cannot_modify_self = true;
}
if (request_headers.query.confirm_delete) {
if (!show_cannot_modify_self) {
// delete
var userAccount = wtva.getAccountBySSID(user_info.ssid);
userAccount.switchUserID(0, false, false);
var userCount = Object.keys(user_info.account_users).length;
if (user_info.user_id === 0) {
show_cannot_remove_primary = true;
} else {
var result = userAccount.removeUser(user_info.user_id);
}
}
}
}
}
headers = `200 OK
Content-Type: text/html
wtv-expire-all: wtv-admin:/deleteuser
wtv-noback-all: wtv-admin:/deleteuser`;
data = `<html>
<body>
<display nosave nosend>
<title>${minisrv_config.config.service_name} Admin Tricks</title>
<sidebar width=20%>
<img src="wtv-admin:/images/nuke.gif">
</sidebar>
<body bgcolor="#0a0a0a" text="#CC1111" link="#ff55ff" vlink="#ff55ff" vspace=0>
<br>
<br>
<h1>${minisrv_config.config.service_name} Admin Tricks</h1>
<br>
<table>
<tr>
<td colspan=3 height=6>
<h3>Delete a user from an account</h3>
<form action="wtv-admin:/deleteuser" method="POST">
<input type="text" name="username" value="${(request_headers.query.username) ? request_headers.query.username : ""}"> &nbsp; <input type="submit" value="Look Up User">
</form><br><br>`
if (request_headers.query.username) {
if (user_info && !request_headers.query.confirm_delete) {
data += `
<strong>User Information:</strong>
<table border=1 cellpadding=3 width=400>
<tr><td>Username:</td><td>${user_info.username} (User ID: ${user_info.user_id})</td></tr>
<tr><td>SSID:</td><td>${user_info.ssid}</td></tr>`;
if (user_info.account_users) {
data += `<tr><td>Primary User:</td><td>${user_info.account_users['subscriber'].subscriber_username}</td></tr>`;
}
data += `
<tr>
<td border=0 colspan=2 align=right>
<form action="wtv-admin:/deleteuser" method="POST">
<input type="hidden" name="username" value="${user_info.username}">
<input type="hidden" name="confirm_delete" value="true">
<input type="submit" value="Confirm Delete">
</form>
</td>
</tr>
`
data += `</table>`;
} else if (request_headers.query.confirm_delete && show_cannot_modify_self) {
data += `<strong>Cannot modify your account in this manner.<br>Try <a href="wtv-setup:/remove-users">wtv-setup</a>.</strong><br><br>`;
} else if (request_headers.query.confirm_delete && show_cannot_remove_primary) {
data += `<strong>Cannot delete a primary user in this manner.<br>Try <a href="wtv-admin:/deleteaccount?ssid=${user_info.ssid}">deleting the account</a>.<br><br>`;
} else if (request_headers.query.confirm_delete && show_box_was_unregistered) {
data += `<strong>Account for "${user_info.username}" was deleted, and SSID ${user_info.ssid} unregistered, as it was the only user.<br><br>`;
} else if (request_headers.query.confirm_delete) {
if (result) data += `<strong>User "${user_info.username}" has been deleted from account belonging to SSID ${user_info.ssid}.</strong><br><br>`;
else data += `<strong>Could not delete "${user_info.username}" from SSID ${user_info.ssid}.</strong><br><br>`;
} else {
data += "<strong>Could not find an account for user \"" + request_headers.query.username + "\"</strong><br><br>";
}
}
data += `
<br>
<br>
<tr>
</table>
<p align="right">
<a href="client:goback">Go Back</a>
</p>
</body>
</html>
`;
} else {
var errpage = wtvshared.doErrorPage(401, "Please enter the administration password, you can leave the username blank.");
headers = errpage[0];
data = errpage[1];
}
} else {
var errpage = wtvshared.doErrorPage(403, auth);
headers = errpage[0];
data = errpage[1];
}
Reference in New Issue View Git Blame Copy Permalink