new file mode 100644

@@ -0,0 +1,45 @@

+<?php

+/**

+ *  Copyright (C) 2021  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+

+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

+

+ define('ACCESSCONST', TRUE);

+

+ require('db-connect.php');

+

+    $username = $_POST['username'];

+    $extenForExternal = $_POST['exten_for_external'];

+

+    // Get the id of the superadmin for which we want to remove the extension for external access

+    $selectid = $mysqli->query("SELECT id, userrole, username, enabled FROM app_users WHERE userrole = 'superadmin' AND BINARY username = '$username' AND enabled = 1");

+    $queryres = $selectid->fetch_array();

+    $userID = $queryres[0];

+

+    // Remove the row corresponding to the specified superadmin and extension from the 'external_users' table

+    $removequery = $mysqli->prepare("DELETE FROM external_users WHERE userid=? AND exten_for_external=?");

+    $removequery->bind_param("is", $userID, $extenForExternal);

+

+    if ($removequery->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }

+    $removequery->close();

+

+    // Remove the password file for the extension whose data has been removed from the 'external_users' table

+    if (file_exists("restr/".$username."/externalext/".$extenForExternal)) {

+        $removefile = exec("rm restr/".$username."/externalext/".$extenForExternal);

+    }

+

+    $response = array('result' => $messagetosend);

+    echo json_encode($response);

+

+} else {

+    header("Location: roundpin-login.php");

+}

+

+?>