#include "Session.h" #include "Util.h" #include "jsonfail.h" #include "json.hpp" using namespace std; using json = nlohmann::json; #define postval(NAME) string NAME=req.post[#NAME] int main() { Request req; Session se(req); Response res; json j; auto jsonfail=[&](int errcode,const string& detail="") { j["success"]=0; j["errcode"]=errcode; j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail; }; do { if(!se.isReady()) { jsonfail(err_session); break; } if(se.isNew()||se.getUser().empty()) { jsonfail(err_need_login); break; } if(req.requestMethod!="POST") { jsonfail(err_method_not_supported); break; } if(req.post["account"].empty()) { jsonfail(err_missing_parameter); break; } postval(account); /// Connect to DB DBInfo db; MySQLConn conn; if(db.readConfig()<0) { jsonfail(err_config); break; } if(db.connectProxy(conn)<0) { jsonfail(err_connect); break; } /// Check Permission int permission_level; if(conn.exec(make_str("select permission_level from bs_user where username='", se.getUser(), "'"), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { permission_level=ParseInt(val[0]); }); })<0) { jsonfail(err_sql,"Step 1"); break; } if(permission_level>1) { /// Permission Denied. jsonfail(err_permission_denied); break; } /// Check if target user exists int count_val; if(conn.exec(make_str("select count(username) from bs_user where username='", account, "'"), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { count_val=ParseInt(val[0]); }); })<0) { jsonfail(err_sql,"Step 2"); break; } if(count_val!=1) { jsonfail(err_data,"Username Not Exist"); break; } /// Check Target User Permission Level int target_level; if(conn.exec(make_str("select permission_level from bs_user where username='", account, "'"), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { target_level=ParseInt(val[0]); }); })<0) { jsonfail(err_sql,"Step 3"); break; } if(permission_level==1) /// Normal Admin { if(target_level<=1) /// Target is also admin { jsonfail(err_permission_denied,"Need Super Admin"); break; } } else /// permission_level==0 , Super Admin { if(target_level==0) /// Target is also super admin { jsonfail(err_permission_denied,"Super Admin Conflict"); break; } } /// Now we have permission, and we ensure the user is there. /// Do Update if(conn.exec(make_str("update bs_user set account_status=3 where username='", account, "'"),nullptr)<0) { jsonfail(err_sql,"Step 4"); break; } if(conn.getAffectedRows()!=1) { jsonfail(err_sql_logic,"Update Affect Rows not equals to 1"); break; } j["success"]=1; }while(0); res.content.append(j.dump()); res.show(); return 0; }