remove self

12 years ago · a4cbdc2414
parent 01c83f0e93
commit a4cbdc2414
7 changed files with 79 additions and 5 deletions
--- a/include/Contact.php
+++ b/include/Contact.php
@ -6,6 +6,10 @@
 // authorisation to do this.

 function user_remove($uid) {
+	if(! $uid)
+		return;
+	$a = get_app();
+	logger('Removing user: ' . $uid);
 	q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid));
 	q("DELETE FROM `group` WHERE `uid` = %d", intval($uid));
 	q("DELETE FROM `group_member` WHERE `uid` = %d", intval($uid));
@ -19,7 +23,7 @@ function user_remove($uid) {
 	if($uid == local_user()) {
 		unset($_SESSION['authenticated']);
 		unset($_SESSION['uid']);
-		killme();
+		goaway($a->get_baseurl());
 	}
 }

--- a/mod/removeme.php
+++ b/mod/removeme.php
@ -0,0 +1,50 @@
+<?php
+
+function removeme_post(&$a) {
+
+	if(! local_user())
+		return;
+
+	if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
+		return;
+
+	if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify']))))
+		return;
+
+	if($_POST['verify'] !== $_SESSION['remove_account_verify'])
+		return;
+
+	$encrypted = hash('whirlpool',trim($_POST['qxz_password']));
+
+	if((strlen($a->user['password'])) && ($encrypted === $a->user['password'])) {
+		require_once('include/Contact.php');
+		user_remove($a->user['uid']);
+		// NOTREACHED
+	}
+
+}
+
+
+
+function removeme_content(&$a) {
+
+	if(! local_user())
+		goaway($a->get_baseurl());
+
+	$hash = random_string();
+
+	$_SESSION['remove_account_verify'] = $hash;
+
+	$tpl = load_view_file('view/removeme.tpl');
+	$o .= replace_macros($tpl, array(
+		'$basedir' => $a->get_baseurl(),
+		'$hash' => $hash,
+		'$title' => t('Remove My Account'),
+		'$desc' => t('This will completely remove your account. Once this has been done it is not recoverable.'),
+		'$passwd' => t('Please enter your password for verification:'),
+		'$submit' => t('Remove My Account')
+	));
+
+	return $o;		
+
+}
--- a/view/de/settings.tpl
+++ b/view/de/settings.tpl
@ -5,7 +5,7 @@
 $nickname_block


-<form action="settings" id="settings-form" method="post" autocomplete="false" >
+<form action="settings" id="settings-form" method="post" autocomplete="off" >


 <h3 class="settings-heading">Grundeinstellungen</h3>
--- a/view/en/settings.tpl
+++ b/view/en/settings.tpl
@ -5,7 +5,7 @@
 $nickname_block


-<form action="settings" id="settings-form" method="post" autocomplete="false" >
+<form action="settings" id="settings-form" method="post" autocomplete="off" >


 <h3 class="settings-heading">Basic Settings</h3>
--- a/view/fr/settings.tpl
+++ b/view/fr/settings.tpl
@ -5,7 +5,7 @@
 $nickname_block


-<form action="settings" id="settings-form" method="post" autocomplete="false" >
+<form action="settings" id="settings-form" method="post" autocomplete="off" >


 <h3 class="settings-heading">Basic Settings</h3>
--- a/view/it/settings.tpl
+++ b/view/it/settings.tpl
@ -6,7 +6,7 @@
 $nickname_block


-<form action="settings" id="settings-form" method="post" autocomplete="false" >
+<form action="settings" id="settings-form" method="post" autocomplete="off" >


 <h3 class="settings-heading">Impostazioni base</h3>
--- a/view/removeme.tpl
+++ b/view/removeme.tpl
@ -0,0 +1,20 @@
+<h1>$title</h1>
+
+<div id="remove-account-wrapper">
+
+<div id="remove-account-desc">$desc</div>
+
+<form action="$basedir/removeme" autocomplete="off" method="post" >
+<input type="hidden" name="verify" value="$hash" />
+
+<div id="remove-account-pass-wrapper">
+<label id="remove-account-pass-label" for="remove-account-pass">$passwd</label>
+<input type="password" id="remove-account-pass" name="qxz_password" />
+</div>
+<div id="remove-account-pass-end"></div>
+
+<input type="submit" name="submit" value="$submit" />
+
+</form>
+</div>
+