<?php
/*************************************************************************************************

    ddnsdeleteuser.php

    Delete DDNS user record

        2013.07.27 Ver.1.0 Masashi.org
        2019.10.04 Ver.1.1 Masashi.org (mysqli etc)

***************************************************************************************************/
include "ddnscommon.php";

//
include "del_nday_file.php";
if(
del_nday_file(1)){die();}
//
/**** Initialize POST data into array ****/
$array = array("username","password","confirm");
$sizeofarray sizeof($array);
for(
$i=0;$i<$sizeofarray;$i++){
    $
$array[$i] = $_POST["{$array[$i]}"];
}

/******************************  Output HTML headers  **********************************************/
include "ddnsheader.php";
echo<<<EOH
<TITLE>Delete User ID for DDNS -{$org_name}-</TITLE>
</HEAD>
EOH;

echo<<<EOH
<BODY>
<h1>Delete User ID for DDNS</h1>
<br />
EOH;

/*************************************************************************************************

    If there is no POST data, display Input Form.

        -If any of them is missing, go to input form.
        -If any one of them is sent, warn items missing.
        -If IP address is not provided by POST method, get ip address from the remote host address.

***************************************************************************************************/
if(!($username && $password && $confirm)){
    if(
$username || $password || $confirm){
        if(!
$username){
            
$msg .= "User ID is missing.<br />";
        }
        if(!
$password){
            
$msg .= "Password is missing.<br />";
        }
        if(!
$confirm){
            
$msg .= "Deleting User name is not confirmed.<br />";
        }
    }
echo <<<EOF
<form action="{$_SERVER['SCRIPT_NAME']}" method="post">
    <table border=0>
        <tr>
            <td>User ID</td><td>:</td>
            <td>
                <input type="text" name="username" size=20 maxlength=20 value="
$username">
                <input type="checkbox" name="confirm" value="99">(Confirm deleting this User ID.)
            </td>
        </tr>
        <tr>
            <td>Password</td><td>:</td>
            <td>
                <input type="password" name="password" size=20 maxlength=20>
            </td>
        </tr>
    </table>
    <br />
    <font color="red">
{$msg}</font><br />
    <input type="submit" value="Delete User ID">
</form>

EOF;

/*************************************************************************************************

    If POST data is ready, process them
       compare with data in the database.

***************************************************************************************************/
}else{
    if(
$username && $confirm){

        
$link mysqli_connect($db_host $db_user $db_pass $db_name);
        if (
mysqli_connect_errno() > 0) {
          die(
"DB Connection error: " mysqli_connect_error());
        }

        
$sql sprintf("SELECT username FROM hostdata WHERE username='%s'",
            
mysqli_real_escape_string($link,$username));
        
$rs mysqli_query($link,$sql);
        
$item mysqli_fetch_array($rs);

                if(
$item){
            echo 
$usename," has Hostname data.";
        }else{

            
$sql sprintf("SELECT username FROM domain WHERE username='%s'",
                
mysqli_real_escape_string($link,$username));
            
$rs mysqli_query($link,$sql);
            
$item mysqli_fetch_array($rs);

                    if(
$item){
                echo 
$usename," has Domain Name data.";
            }else{

                
$sql sprintf("SELECT username,password FROM userdata WHERE username='%s'",
                    
mysqli_real_escape_string($link,$username));
                
$rs mysqli_query($link,$sql);
                
$item mysqli_fetch_array($rs);

                if(
$item){

                    if(
md5($password) != $item['password']){
                        die(
"Invalid Password.<br /><a href=\"".$_SERVER['SCRIPT_NAME']."\">Delete DDNS user record</a><hr /><a href=\"./\">Return to homepage</a>");
                    }else{
                        
$htpasswd "./nic/.htpasswd";
                        
$status shell_exec("/usr/local/bin/htpasswd -bD $htpasswd $username $password");

                        
$sql sprintf("DELETE FROM userdata WHERE username='%s'",
                            
mysqli_real_escape_string($link,$username));
                        
$rs mysqli_query($link,$sql);
                        echo 
"User \"",$username,"\" has been deleted.";

                    }
                }else{
                    echo 
"Invalid login";
                }
            }
        }
        
mysqli_close($link);
    }
}
?>
<hr />
<a href="./">Return to homepage</a> -<?php echo $org_name?>-
</body>
</html>