"Access not authorized"); } $userId = $_POST['user_id'] ?? $_GET['user_id'] ?? ""; $clientId = $_POST['client_id'] ?? $_GET['client_id'] ?? ""; //TODO: scrub inputs if(empty($userId) || empty($clientId)) { return array("error" => "One or more required fields missing: user_id, client_id"); } $db = SqliteDatabase::getSingleton(); $sql = "DELETE FROM user_accounts WHERE user_id = :user_id AND account_id = :client_id LIMIT 1;"; $preparedQuery = $db->prepare($sql); $preparedQuery->bindValue(':client_id', $clientId); $preparedQuery->bindValue(':user_id', $userId); try { $result = $preparedQuery->execute(); $loggerData = array(); $loggerData['admin_display_name'] = $_SESSION['display_name']; $loggerData['admin_user_id'] = $_SESSION['user_id']; $loggerData['user_removed'] = $userId; $loggerData['domain_removed'] = $clientId; SecurityLogger::action("remove-user-domain", $loggerData, time()); return array("status" => "success"); } catch(Exception $e) { return array("error" => "Error" , "exception" => $e->getMessage()); } } }