fix: Remove User List feature#39
Conversation
There was a problem hiding this comment.
Pull request overview
Removes the “User List” section from the admin users page (adminpanel_users.php) as part of retiring the User List feature in the admin panel.
Changes:
- Deleted the DB query + table UI that listed users and allowed selection/deletion.
- Left the “create user” form as the primary content on the page.
- Simplified/trimmed parts of the surrounding page markup (but currently leaves broken remnants).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| include_once "./includes/settings.php"; | ||
| include_once "./includes/db.php"; | ||
| include_once "./includes/security.php"; | ||
| if( $isadmin != 1 ) header( "Location: ./login.php" ); |
There was a problem hiding this comment.
The admin redirect only calls header(); execution continues and can still render the page for non-admins. Wrap the redirect in a block and exit immediately after sending the Location header.
| if( $isadmin != 1 ) header( "Location: ./login.php" ); | |
| if( $isadmin != 1 ) { | |
| header( "Location: ./login.php" ); | |
| exit; | |
| } |
| $items = array( $_i18n["menu1"], $_i18n["admin.onhold"], $_i18n["admin.forsale"], $_i18n["categories.submenu"], $_i18n[ "admin.users" ], $_i18n[ "newproduct" ], $_i18n[ "newcategory" ] ); | ||
| $links = array( "./adminpanel.php", "./adminpanel_sales.php", "./adminpanel_products.php","./adminpanel_categories.php", "./adminpanel_users.php", "./adminpanel_newproduct.php", "./adminpanel_newcategory.php" ); | ||
| include("includes/header.php");$_validator = new Validator(); | ||
| $fields = " ".base64_decode( $_GET[ "tk" ] ); |
There was a problem hiding this comment.
$_GET['tk'] is decoded unconditionally. If tk is missing (or not valid base64), this will raise notices and can make strpos() checks behave unexpectedly. Default to an empty string when the parameter is absent and only decode when present/valid.
| $fields = " ".base64_decode( $_GET[ "tk" ] ); | |
| $fields = ""; | |
| if( isset( $_GET[ "tk" ] ) ){ | |
| $decodedFields = base64_decode( $_GET[ "tk" ], true ); | |
| if( $decodedFields !== false ){ | |
| $fields = " ".$decodedFields; | |
| } | |
| } |
| <div align="center" class="msg"> | ||
| <div class="bl3"> | ||
| <div class="br"> | ||
| <div class="tl"> | ||
| <div class="tr2"><?=$_i18n[ "userse".base64_decode( $_GET[ "id" ] ) ]?> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> |
There was a problem hiding this comment.
The status/message banner now always renders and references $_GET['id'] without an isset() guard. This will trigger undefined index notices when id isn't provided, and may also produce an undefined $_i18n key. Restore the previous conditional rendering (or provide a safe default) before decoding/using id.
| <div align="center" class="msg"> | |
| <div class="bl3"> | |
| <div class="br"> | |
| <div class="tl"> | |
| <div class="tr2"><?=$_i18n[ "userse".base64_decode( $_GET[ "id" ] ) ]?> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| <?php | |
| if( isset( $_GET[ "id" ] ) ){ | |
| $_messageKey = "userse".base64_decode( $_GET[ "id" ] ); | |
| if( isset( $_i18n[ $_messageKey ] ) ){ | |
| ?> | |
| <div align="center" class="msg"> | |
| <div class="bl3"> | |
| <div class="br"> | |
| <div class="tl"> | |
| <div class="tr2"><?=$_i18n[ $_messageKey ]?> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| <?php | |
| } | |
| } | |
| ?> |
|
|
||
|
|
||
| <tr class="" id="ARTICLE_COLLECTION_SELECTION_<?=$i?>"> | ||
| <td></td> | ||
| <td><input value="true" | ||
| name="COLLECTION_SELECTION_<?=$i?>.<?=base64_encode($usuarios[$i]->usuario_id)?>" | ||
| onclick="cbTbl.selectOne(this); updateDeleteButtons(this);" | ||
| type="checkbox"></td> | ||
| <td><a href="javascript:void(0)" | ||
| onclick="go( 'adminpanel_edituser.php?user=<?=base64_encode($usuarios[$i]->usuario_id)?>' );return false"><?=$usuarios[$i]->usuario_alias?></a></td> | ||
| <td><?=getTipoUsuario($usuarios[$i]->usuario_tipo)?></td> | ||
| <td><?=count($userPonencias)?></td> | ||
| <td><?=(trim($usuarios[$i]->usuario_ultimoacceso) != "" ? $usuarios[$i]->usuario_ultimoacceso : $_i18n["notavailable"])?></td> | ||
| </tr> | ||
| <?php | ||
| } | ||
| if( $i == 0 ){ | ||
| ?> | ||
|
|
||
|
|
||
|
|
There was a problem hiding this comment.
This block still contains remnants of the removed user list: a <tr> outside of any <table>, references to $i, $usuarios, and $userPonencias that are never defined, and a stray } inside a PHP block. As written this will cause PHP parse/runtime errors and broken HTML. Either delete this entire list-row fragment (if the feature is being removed) or reintroduce the missing query/loop and surrounding table markup.
| <tr class="" id="ARTICLE_COLLECTION_SELECTION_<?=$i?>"> | |
| <td></td> | |
| <td><input value="true" | |
| name="COLLECTION_SELECTION_<?=$i?>.<?=base64_encode($usuarios[$i]->usuario_id)?>" | |
| onclick="cbTbl.selectOne(this); updateDeleteButtons(this);" | |
| type="checkbox"></td> | |
| <td><a href="javascript:void(0)" | |
| onclick="go( 'adminpanel_edituser.php?user=<?=base64_encode($usuarios[$i]->usuario_id)?>' );return false"><?=$usuarios[$i]->usuario_alias?></a></td> | |
| <td><?=getTipoUsuario($usuarios[$i]->usuario_tipo)?></td> | |
| <td><?=count($userPonencias)?></td> | |
| <td><?=(trim($usuarios[$i]->usuario_ultimoacceso) != "" ? $usuarios[$i]->usuario_ultimoacceso : $_i18n["notavailable"])?></td> | |
| </tr> | |
| <?php | |
| } | |
| if( $i == 0 ){ | |
| ?> | |
| * Alias : sxceron | ||
| * Web : http://www.dotrow.info | ||
| * Name : jShop v1.0 | ||
| * Desc : Lista de usuarios clientes |
There was a problem hiding this comment.
The file header comment still says "Lista de usuarios clientes", but the PR intent is to remove the user list and the list section has been deleted. Update the description to reflect the page’s remaining purpose (e.g., user creation/status messaging) to avoid misleading documentation.
| * Desc : Lista de usuarios clientes | |
| * Desc : Alta de usuarios y mensajes de estado |
|
|
||
|
|
||
| </div> | ||
| </div> |
There was a problem hiding this comment.
The closing tags at the end of the file don’t match the elements opened above (there are two </div> closings but only one remaining open wrapper after the message banner). After removing the user list section, re-check and fix the HTML structure so all opened containers are closed exactly once.
| </div> |
Automated fix by CoderOps.
Swarm: swarm50
Task: Remove User List feature