Users can now delete their own accounts by clicking a link in the account edit form and confirming the deletion on a follow-up page.
Signed-off-by: Lukas Fleischer <[email protected]> --- po/POTFILES | 1 + web/html/account.php | 16 ++++++++++++++++ web/html/index.php | 2 ++ web/template/account_delete.php | 22 ++++++++++++++++++++++ web/template/account_edit_form.php | 4 ++++ 5 files changed, 45 insertions(+) create mode 100644 web/template/account_delete.php diff --git a/po/POTFILES b/po/POTFILES index 1b4d6a6..2b9322b 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -34,6 +34,7 @@ lib/stats.inc.php lib/streams.php lib/translator.inc.php lib/version.inc.php +template/account_delete.php template/account_details.php template/account_edit_form.php template/account_search_results.php diff --git a/web/html/account.php b/web/html/account.php index f212eab..d289950 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) { } } + } elseif ($action == "DeleteAccount") { + /* Details for account being deleted. */ + $acctinfo = account_details(in_request('ID'), in_request('U')); + + if (can_edit_account($acctinfo)) { + $UID = $acctinfo['ID']; + if (in_request('confirm_Delete') && check_token()) { + user_delete($UID); + header('Location: /'); + } else { + $username = $acctinfo['Username']; + include("account_delete.php"); + } + } else { + print __("You do not have permission to edit this account."); + } } elseif ($action == "AccountInfo") { # no editing, just looking up user info # diff --git a/web/html/index.php b/web/html/index.php index 554e86c..e05b555 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { $_REQUEST['Action'] = "DisplayAccount"; } elseif ($tokens[3] == 'update') { $_REQUEST['Action'] = "UpdateAccount"; + } elseif ($tokens[3] == 'delete') { + $_REQUEST['Action'] = "DeleteAccount"; } else { header("HTTP/1.0 404 Not Found"); include "./404.php"; diff --git a/web/template/account_delete.php b/web/template/account_delete.php new file mode 100644 index 0000000..0d40e5a --- /dev/null +++ b/web/template/account_delete.php @@ -0,0 +1,22 @@ +<p> + <?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?> +</p> +<p> + <?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?> +</p> + +<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post"> + <fieldset> + <input type="hidden" name="Action" value="<?= $A ?>" /> + <input type="hidden" name="ID" value="<?= $UID ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + </fieldset> + <fieldset> + <p><input type="checkbox" name="confirm_Delete" value="1" /> + <?= __("Confirm deletion") ?></p> + + <p> + <input type="submit" class="button" value="<?= __("Delete") ?>" /> + </p> + </fieldset> +</form> diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index f5890fc..3733985 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -1,3 +1,7 @@ +<p> + <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?> +</p> + <?php if ($A == "UpdateAccount"): ?> <form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post"> <?php else: ?> -- 2.0.2
