diff --git a/mod/admin.php b/mod/admin.php index 3a361b7b4..dca1c3362 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -1783,7 +1783,11 @@ function admin_page_users_post(App $a) } if (x($_POST, 'page_users_delete')) { foreach ($users as $uid) { - User::remove($uid); + if (local_user() != $uid) { + User::remove($uid); + } else { + notice(L10n::t('You can\'t remove yourself')); + } } notice(L10n::tt("%s user deleted", "%s users deleted", count($users))); } @@ -1828,11 +1832,15 @@ function admin_page_users(App $a) } switch ($a->argv[2]) { case "delete": - BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); - // delete user - User::remove($uid); + if (local_user() != $uid) { + BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); + // delete user + User::remove($uid); - notice(L10n::t("User '%s' deleted", $user['username']) . EOL); + notice(L10n::t("User '%s' deleted", $user['username'])); + } else { + notice(L10n::t('You can\'t remove yourself')); + } break; case "block": BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); diff --git a/mod/removeme.php b/mod/removeme.php index 49b8f6d53..ee0b66db8 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -57,8 +57,12 @@ function removeme_post(App $a) ]); } - if (User::authenticate($a->user, trim($_POST['qxz_password']))) { + if (User::getIdFromPasswordAuthentication($a->user, trim($_POST['qxz_password']))) { User::remove($a->user['uid']); + + unset($_SESSION['authenticated']); + unset($_SESSION['uid']); + $a->internalRedirect(); // NOTREACHED } } diff --git a/src/Model/User.php b/src/Model/User.php index 0f397aadc..aef4bcbfc 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -9,6 +9,7 @@ use DivineOmega\PasswordExposed; use Exception; use Friendica\Core\Addon; use Friendica\Core\Config; +use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\PConfig; @@ -732,7 +733,7 @@ class User Dear %1$s, Thank you for registering at %2$s. Your account has been created. ', - $preamble, $user['username'], $sitename + $user['username'], $sitename )); $body = Strings::deindent(L10n::t(' The login details are as follows: @@ -782,7 +783,7 @@ class User public static function remove($uid) { if (!$uid) { - return; + return false; } $a = get_app(); @@ -791,28 +792,24 @@ class User $user = DBA::selectFirst('user', [], ['uid' => $uid]); - Addon::callHooks('remove_user', $user); + Hook::callAll('remove_user', $user); // save username (actually the nickname as it is guaranteed // unique), so it cannot be re-registered in the future. DBA::insert('userd', ['username' => $user['nickname']]); // The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php) - DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . " + 7 day")], ['uid' => $uid]); - Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid); + DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]); + Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid); // Send an update to the directory $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]); - Worker::add(PRIORITY_LOW, "Directory", $self['url']); + Worker::add(PRIORITY_LOW, 'Directory', $self['url']); // Remove the user relevant data - Worker::add(PRIORITY_LOW, "RemoveUser", $uid); + Worker::add(PRIORITY_LOW, 'RemoveUser', $uid); - if ($uid == local_user()) { - unset($_SESSION['authenticated']); - unset($_SESSION['uid']); - $a->internalRedirect(); - } + return true; } /**