<?php
/*************************************************************************************************

    ddnsdeleteuser.php

    Delete DDNS user record

        2013.07.27 Ver.1.0 Masashi.org
        2019.10.04 Ver.1.1 Masashi.org (mysqli etc)

***************************************************************************************************/
include "ddnscommon.php";

//
include "del_nday_file.php";
if(del_nday_file(1)){die();}
//
/**** Initialize POST data into array ****/
$array = array("username","password","confirm");
$sizeofarray = sizeof($array);
for($i=0;$i<$sizeofarray;$i++){
    $$array[$i] = $_POST["{$array[$i]}"];
}

/******************************  Output HTML headers  **********************************************/
include "ddnsheader.php";
echo<<<EOH
<TITLE>Delete User ID for DDNS -{$org_name}-</TITLE>
</HEAD>
EOH;

echo<<<EOH
<BODY>
<h1>Delete User ID for DDNS</h1>
<br />
EOH;

/*************************************************************************************************

    If there is no POST data, display Input Form.

        -If any of them is missing, go to input form.
        -If any one of them is sent, warn items missing.
        -If IP address is not provided by POST method, get ip address from the remote host address.

***************************************************************************************************/
if(!($username && $password && $confirm)){
    if($username || $password || $confirm){
        if(!$username){
            $msg .= "User ID is missing.<br />";
        }
        if(!$password){
            $msg .= "Password is missing.<br />";
        }
        if(!$confirm){
            $msg .= "Deleting User name is not confirmed.<br />";
        }
    }
echo <<<EOF
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                <input type="text" name="username" size=20 maxlength=20 value="$username">
                <input type="checkbox" name="confirm" value="99">(Confirm deleting this User ID.)
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <font color="red">{$msg}</font><br />
    <input type="submit" value="Delete User ID">
</form>

EOF;

/*************************************************************************************************

    If POST data is ready, process them
       compare with data in the database.

***************************************************************************************************/
}else{
    if($username && $confirm){

        $link = mysqli_connect($db_host , $db_user , $db_pass , $db_name);
        if (mysqli_connect_errno() > 0) {
          die("DB Connection error: " . mysqli_connect_error());
        }

        $sql = sprintf("SELECT username FROM hostdata WHERE username='%s'",
            mysqli_real_escape_string($link,$username));
        $rs = mysqli_query($link,$sql);
        $item = mysqli_fetch_array($rs);

                if($item){
            echo $usename," has Hostname data.";
        }else{

            $sql = sprintf("SELECT username FROM domain WHERE username='%s'",
                mysqli_real_escape_string($link,$username));
            $rs = mysqli_query($link,$sql);
            $item = mysqli_fetch_array($rs);

                    if($item){
                echo $usename," has Domain Name data.";
            }else{

                $sql = sprintf("SELECT username,password FROM userdata WHERE username='%s'",
                    mysqli_real_escape_string($link,$username));
                $rs = mysqli_query($link,$sql);
                $item = mysqli_fetch_array($rs);

                if($item){

                    if(md5($password) != $item['password']){
                        die("Invalid Password.<br /><a href=\"".$_SERVER['SCRIPT_NAME']."\">Delete DDNS user record</a><hr /><a href=\"./\">Return to homepage</a>");
                    }else{
                        $htpasswd = "./nic/.htpasswd";
                        $status = shell_exec("/usr/local/bin/htpasswd -bD $htpasswd $username $password");

                        $sql = sprintf("DELETE FROM userdata WHERE username='%s'",
                            mysqli_real_escape_string($link,$username));
                        $rs = mysqli_query($link,$sql);
                        echo "User \"",$username,"\" has been deleted.";

                    }
                }else{
                    echo "Invalid login";
                }
            }
        }
        mysqli_close($link);
    }
}
?>
<hr />
<a href="./">Return to homepage</a> -<?php echo $org_name; ?>-
</body>
</html>