fix: Remove existing user list code#36
Conversation
There was a problem hiding this comment.
Pull request overview
This PR removes the existing “user list” section from the admin users page, leaving only the “create user” form in adminpanel_users.php.
Changes:
- Deleted the SQL query + table markup that listed existing users and their “ponencias”.
- Removed the per-user “ponencias” lookup logic previously executed inside the list loop.
- Left the create-user form intact.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| include_once "./includes/settings.php"; | ||
| include_once "./includes/db.php"; | ||
| include_once "./includes/security.php"; | ||
| if( $isadmin != 1 ) header( "Location: ./login.php" ); |
There was a problem hiding this comment.
The redirect for non-admin users sends a Location header but does not stop execution. The rest of the page can still render/execute server-side after the redirect is issued. Add an immediate exit/die after the header (or use a shared guard that terminates) to prevent unauthorized output and side effects.
| if( $isadmin != 1 ) header( "Location: ./login.php" ); | |
| if( $isadmin != 1 ) { | |
| header( "Location: ./login.php" ); | |
| exit; | |
| } |
| include("includes/header.php");$_validator = new Validator(); | ||
| $fields = " ".base64_decode( $_GET[ "tk" ] ); |
There was a problem hiding this comment.
$_GET["tk"] is read unconditionally; when the parameter is absent this will raise a notice and base64_decode() will receive null. Use a default (e.g., $_GET['tk'] ?? '') and consider strict base64 decoding/validation before using it in strpos() checks.
| $sselected = 3; $subtitle = $_i18n[ "admin.users" ];$selected = 4; | ||
| $items = array( $_i18n["menu1"], $_i18n["admin.onhold"], $_i18n["admin.forsale"], $_i18n["categories.submenu"], $_i18n[ "admin.users" ], $_i18n[ "newproduct" ], $_i18n[ "newcategory" ] ); | ||
| $links = array( "./adminpanel.php", "./adminpanel_sales.php", "./adminpanel_products.php","./adminpanel_categories.php", "./adminpanel_users.php", "./adminpanel_newproduct.php", "./adminpanel_newcategory.php" ); | ||
| include("includes/header.php");$_validator = new Validator(); |
There was a problem hiding this comment.
$_validator is instantiated but never used in this file. This is dead code and can mislead future changes (and may have side effects if Validator does setup work). Remove the unused instantiation or use it for actual validation.
| <?php } ?> | ||
| <ul class="inlinelist"> | ||
| <li class="main1"><b><?=$_i18n["admin.createuser"]?></b></li> | ||
| </li> |
There was a problem hiding this comment.
There is an extra closing </li> which results in invalid HTML structure for the inline list. Remove the stray closing tag so the <ul> contains only properly paired <li> elements.
| </li> |
| <?php | ||
|
|
||
| ?> | ||
| <form id="list" name="deleteItems" | ||
| action="adminpanel_process.php?sale=<?=base64_decode($values["cid"])?>" | ||
| method="post"> | ||
|
|
||
|
|
||
|
|
||
| </form> |
There was a problem hiding this comment.
The user list UI was removed, but an empty <form id="list" ...> remains and its action references $values["cid"], which is not defined anywhere in this file (and only used here). This will trigger notices and the form no longer serves a purpose—either remove the form entirely or define/populate the required values and include the fields the handler expects.
| <?php | |
| ?> | |
| <form id="list" name="deleteItems" | |
| action="adminpanel_process.php?sale=<?=base64_decode($values["cid"])?>" | |
| method="post"> | |
| </form> |
| <?php | ||
|
|
||
| ?> |
There was a problem hiding this comment.
Empty PHP block left in place; it no longer does anything and adds noise around the removed list section. Remove the empty <?php ... ?> section to keep the template clean.
| <?php | |
| ?> |
Automated fix by CoderOps.
Swarm: swarm50
Task: Remove existing user list code