From 9d2f474c0766d3df250e90038e5f995b9886e343 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sat, 24 Nov 2018 20:55:18 -0500
Subject: [PATCH 1/6] Fix open registration email

---
 src/Model/User.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/User.php b/src/Model/User.php
index 0f397aadc2..65c7d8c973 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -732,7 +732,7 @@ class User
 			Dear %1$s,
 				Thank you for registering at %2$s. Your account has been created.
 		',
-			$preamble, $user['username'], $sitename
+			$user['username'], $sitename
 		));
 		$body = Strings::deindent(L10n::t('
 			The login details are as follows:

From 0bae80a2d331e9a78a38840566c8035b7fe105d4 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sat, 24 Nov 2018 20:56:38 -0500
Subject: [PATCH 2/6] Update deprecated calls in Model\user and mod/removeme

---
 mod/removeme.php   | 2 +-
 src/Model/User.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mod/removeme.php b/mod/removeme.php
index 49b8f6d534..2f0eb2d37e 100644
--- a/mod/removeme.php
+++ b/mod/removeme.php
@@ -57,7 +57,7 @@ function removeme_post(App $a)
 		]);
 	}
 
-	if (User::authenticate($a->user, trim($_POST['qxz_password']))) {
+	if (User::getIdFromPasswordAuthentication($a->user, trim($_POST['qxz_password']))) {
 		User::remove($a->user['uid']);
 		// NOTREACHED
 	}
diff --git a/src/Model/User.php b/src/Model/User.php
index 65c7d8c973..aa05b492b0 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -9,6 +9,7 @@ use DivineOmega\PasswordExposed;
 use Exception;
 use Friendica\Core\Addon;
 use Friendica\Core\Config;
+use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\PConfig;
@@ -791,7 +792,7 @@ class User
 
 		$user = DBA::selectFirst('user', [], ['uid' => $uid]);
 
-		Addon::callHooks('remove_user', $user);
+		Hook::callAll('remove_user', $user);
 
 		// save username (actually the nickname as it is guaranteed
 		// unique), so it cannot be re-registered in the future.

From 0dd120bb0642ae5bea38a27f50fd914e51511a94 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sat, 24 Nov 2018 20:58:11 -0500
Subject: [PATCH 3/6] Normalize quotes in User::remove

---
 src/Model/User.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Model/User.php b/src/Model/User.php
index aa05b492b0..43227a86da 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -799,15 +799,15 @@ class User
 		DBA::insert('userd', ['username' => $user['nickname']]);
 
 		// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
-		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . " + 7 day")], ['uid' => $uid]);
-		Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid);
+		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . ' + 7 day')], ['uid' => $uid]);
+		Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid);
 
 		// Send an update to the directory
 		$self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
-		Worker::add(PRIORITY_LOW, "Directory", $self['url']);
+		Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
 
 		// Remove the user relevant data
-		Worker::add(PRIORITY_LOW, "RemoveUser", $uid);
+		Worker::add(PRIORITY_LOW, 'RemoveUser', $uid);
 
 		if ($uid == local_user()) {
 			unset($_SESSION['authenticated']);

From 54f4ac6ae05d256d5eab25a62dedf69407d83381 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sat, 24 Nov 2018 20:58:41 -0500
Subject: [PATCH 4/6] Remove redirection from User::remove

---
 mod/removeme.php   | 4 ++++
 src/Model/User.php | 8 ++------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/mod/removeme.php b/mod/removeme.php
index 2f0eb2d37e..ee0b66db8a 100644
--- a/mod/removeme.php
+++ b/mod/removeme.php
@@ -59,6 +59,10 @@ function removeme_post(App $a)
 
 	if (User::getIdFromPasswordAuthentication($a->user, trim($_POST['qxz_password']))) {
 		User::remove($a->user['uid']);
+
+		unset($_SESSION['authenticated']);
+		unset($_SESSION['uid']);
+		$a->internalRedirect();
 		// NOTREACHED
 	}
 }
diff --git a/src/Model/User.php b/src/Model/User.php
index 43227a86da..d162b27b6a 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -783,7 +783,7 @@ class User
 	public static function remove($uid)
 	{
 		if (!$uid) {
-			return;
+			return false;
 		}
 
 		$a = get_app();
@@ -809,11 +809,7 @@ class User
 		// Remove the user relevant data
 		Worker::add(PRIORITY_LOW, 'RemoveUser', $uid);
 
-		if ($uid == local_user()) {
-			unset($_SESSION['authenticated']);
-			unset($_SESSION['uid']);
-			$a->internalRedirect();
-		}
+		return true;
 	}
 
 	/**

From 92556e51619ed55e1fea58160b44ab69f29d4f79 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sat, 24 Nov 2018 20:59:18 -0500
Subject: [PATCH 5/6] Fix user account removal expiration delay

---
 src/Model/User.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/User.php b/src/Model/User.php
index d162b27b6a..aef4bcbfc2 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -799,7 +799,7 @@ class User
 		DBA::insert('userd', ['username' => $user['nickname']]);
 
 		// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
-		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . ' + 7 day')], ['uid' => $uid]);
+		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
 		Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid);
 
 		// Send an update to the directory

From 1501b998fadd2aee398440ab8b0835c417d2918f Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sat, 24 Nov 2018 20:59:38 -0500
Subject: [PATCH 6/6] Add self-removal prevention in mod/admin

---
 mod/admin.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/mod/admin.php b/mod/admin.php
index 5bf55423e5..2a703cb413 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -1780,7 +1780,11 @@ function admin_page_users_post(App $a)
 	}
 	if (x($_POST, 'page_users_delete')) {
 		foreach ($users as $uid) {
-			User::remove($uid);
+			if (local_user() != $uid) {
+				User::remove($uid);
+			} else {
+				notice(L10n::t('You can\'t remove yourself'));
+			}
 		}
 		notice(L10n::tt("%s user deleted", "%s users deleted", count($users)));
 	}
@@ -1825,11 +1829,15 @@ function admin_page_users(App $a)
 		}
 		switch ($a->argv[2]) {
 			case "delete":
-				BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
-				// delete user
-				User::remove($uid);
+				if (local_user() != $uid) {
+					BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
+					// delete user
+					User::remove($uid);
 
-				notice(L10n::t("User '%s' deleted", $user['username']) . EOL);
+					notice(L10n::t("User '%s' deleted", $user['username']));
+				} else {
+					notice(L10n::t('You can\'t remove yourself'));
+				}
 				break;
 			case "block":
 				BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');