From e510ebc3ba30be7bf99769b1e5540353bd53c333 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Fri, 2 May 2025 14:43:36 +0300
Subject: [PATCH] feat(admin_ranks): Added confirmation on rank deleting
 (#1888)

* feat(admin_ranks): Added confirmation on rank deleting

* Update functions.php

* Update admin_ranks.php
---
 admin/admin_ranks.php          | 43 +++++++++++++++++++++++-----------
 library/includes/functions.php |  2 +-
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/admin/admin_ranks.php b/admin/admin_ranks.php
index 366668301..03b63d5b2 100644
--- a/admin/admin_ranks.php
+++ b/admin/admin_ranks.php
@@ -29,6 +29,10 @@ if (isset($_GET['mode']) || isset($_POST['mode'])) {
     }
 }
 
+if ($mode == 'delete' && isset($_POST['cancel'])) {
+    $mode = '';
+}
+
 if ($mode != '') {
     if ($mode == 'edit' || $mode == 'add') {
         //
@@ -123,29 +127,40 @@ if ($mode != '') {
         // Ok, they want to delete their rank
         //
 
+        $confirmed = isset($_POST['confirm']);
         if (isset($_POST['id']) || isset($_GET['id'])) {
             $rank_id = isset($_POST['id']) ? (int)$_POST['id'] : (int)$_GET['id'];
         } else {
             $rank_id = 0;
         }
 
-        if ($rank_id) {
-            $sql = 'DELETE FROM ' . BB_RANKS . " WHERE rank_id = $rank_id";
+        if ($confirmed) {
+            if ($rank_id) {
+                $sql = 'DELETE FROM ' . BB_RANKS . " WHERE rank_id = $rank_id";
 
-            if (!$result = DB()->sql_query($sql)) {
-                bb_die('Could not delete rank data');
+                if (!$result = DB()->sql_query($sql)) {
+                    bb_die('Could not delete rank data');
+                }
+
+                $sql = 'UPDATE ' . BB_USERS . " SET user_rank = 0 WHERE user_rank = $rank_id";
+                if (!$result = DB()->sql_query($sql)) {
+                    bb_die($lang['NO_UPDATE_RANKS']);
+                }
+
+                $datastore->update('ranks');
+
+                bb_die($lang['RANK_REMOVED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_RANKADMIN'], '<a href="admin_ranks.php">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>'));
+            } else {
+                bb_die($lang['MUST_SELECT_RANK']);
             }
-
-            $sql = 'UPDATE ' . BB_USERS . " SET user_rank = 0 WHERE user_rank = $rank_id";
-            if (!$result = DB()->sql_query($sql)) {
-                bb_die($lang['NO_UPDATE_RANKS']);
-            }
-
-            $datastore->update('ranks');
-
-            bb_die($lang['RANK_REMOVED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_RANKADMIN'], '<a href="admin_ranks.php">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>'));
         } else {
-            bb_die($lang['MUST_SELECT_RANK']);
+            $hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
+            $hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />';
+
+            print_confirmation([
+                'FORM_ACTION' => 'admin_ranks.php',
+                'HIDDEN_FIELDS' => $hidden_fields,
+            ]);
         }
     } else {
         bb_die('Invalid mode');
diff --git a/library/includes/functions.php b/library/includes/functions.php
index ead1f5fb8..850a344ef 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -1592,7 +1592,7 @@ function build_topic_pagination($url, $replies, $per_page)
     return $pg;
 }
 
-function print_confirmation($tpl_vars)
+function print_confirmation($tpl_vars): void
 {
     global $template, $lang;