From 129f41b2aa9a4cd0ac607020876f6d4fae2bbfa4 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Fri, 2 May 2025 09:05:04 +0300
Subject: [PATCH] feat(admin_ranks): Added confirmation on rank deleting

---
 admin/admin_ranks.php | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/admin/admin_ranks.php b/admin/admin_ranks.php
index 366668301..541fdb07d 100644
--- a/admin/admin_ranks.php
+++ b/admin/admin_ranks.php
@@ -123,29 +123,40 @@ if ($mode != '') {
         // Ok, they want to delete their rank
         //
 
+        $confirmed = isset($_POST['confirm']);
         if (isset($_POST['id']) || isset($_GET['id'])) {
             $rank_id = isset($_POST['id']) ? (int)$_POST['id'] : (int)$_GET['id'];
         } else {
             $rank_id = 0;
         }
 
-        if ($rank_id) {
-            $sql = 'DELETE FROM ' . BB_RANKS . " WHERE rank_id = $rank_id";
+        if ($confirmed) {
+            if ($rank_id) {
+                $sql = 'DELETE FROM ' . BB_RANKS . " WHERE rank_id = $rank_id";
 
-            if (!$result = DB()->sql_query($sql)) {
-                bb_die('Could not delete rank data');
+                if (!$result = DB()->sql_query($sql)) {
+                    bb_die('Could not delete rank data');
+                }
+
+                $sql = 'UPDATE ' . BB_USERS . " SET user_rank = 0 WHERE user_rank = $rank_id";
+                if (!$result = DB()->sql_query($sql)) {
+                    bb_die($lang['NO_UPDATE_RANKS']);
+                }
+
+                $datastore->update('ranks');
+
+                bb_die($lang['RANK_REMOVED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_RANKADMIN'], '<a href="admin_ranks.php">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>'));
+            } else {
+                bb_die($lang['MUST_SELECT_RANK']);
             }
-
-            $sql = 'UPDATE ' . BB_USERS . " SET user_rank = 0 WHERE user_rank = $rank_id";
-            if (!$result = DB()->sql_query($sql)) {
-                bb_die($lang['NO_UPDATE_RANKS']);
-            }
-
-            $datastore->update('ranks');
-
-            bb_die($lang['RANK_REMOVED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_RANKADMIN'], '<a href="admin_ranks.php">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>'));
         } else {
-            bb_die($lang['MUST_SELECT_RANK']);
+            $hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
+            $hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />';
+
+            print_confirmation([
+                'FORM_ACTION' => 'admin_ranks.php',
+                'HIDDEN_FIELDS' => $hidden_fields,
+            ]);
         }
     } else {
         bb_die('Invalid mode');