aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRedMatrix <info@friendica.com>2014-08-15 09:58:43 +1000
committerRedMatrix <info@friendica.com>2014-08-15 09:58:43 +1000
commitf4229dbc3f17463d41a39e6b9038dd10fee6597a (patch)
treebca29c3edd986b28098e56155af8ee367147097a
parentc1b89b413aea94ca81912437e8789f4cd719886e (diff)
parentfc94a638cd16dce8ed0d2772d29432f99396a70f (diff)
downloadvolse-hubzilla-f4229dbc3f17463d41a39e6b9038dd10fee6597a.tar.gz
volse-hubzilla-f4229dbc3f17463d41a39e6b9038dd10fee6597a.tar.bz2
volse-hubzilla-f4229dbc3f17463d41a39e6b9038dd10fee6597a.zip
Merge pull request #561 from cvogeley/master
Some work on account deletion
-rw-r--r--include/Contact.php13
-rw-r--r--mod/admin.php2
-rw-r--r--mod/removeaccount.php66
-rw-r--r--mod/removeme.php2
-rw-r--r--view/tpl/removeaccount.tpl22
5 files changed, 99 insertions, 6 deletions
diff --git a/include/Contact.php b/include/Contact.php
index 100854f0d..47b1763cb 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -162,7 +162,7 @@ function user_remove($uid) {
}
-function account_remove($account_id,$local = true) {
+function account_remove($account_id,$local = true,$unset_session=true) {
logger('account_remove: ' . $account_id);
@@ -196,7 +196,7 @@ function account_remove($account_id,$local = true) {
);
if($x) {
foreach($x as $xx) {
- channel_remove($xx['channel_id'],$local);
+ channel_remove($xx['channel_id'],$local,false);
}
}
@@ -204,11 +204,16 @@ function account_remove($account_id,$local = true) {
intval($account_id)
);
+ if ($unset_session) {
+ unset($_SESSION['authenticated']);
+ unset($_SESSION['uid']);
+ goaway(get_app()->get_baseurl());
+ }
return $r;
}
-function channel_remove($channel_id, $local = true) {
+function channel_remove($channel_id, $local = true, $unset_session=true) {
if(! $channel_id)
return;
@@ -292,7 +297,7 @@ function channel_remove($channel_id, $local = true) {
proc_run('php','include/directory.php',$channel_id);
- if($channel_id == local_user()) {
+ if($channel_id == local_user() && $unset_session) {
unset($_SESSION['authenticated']);
unset($_SESSION['uid']);
goaway($a->get_baseurl());
diff --git a/mod/admin.php b/mod/admin.php
index 9f756c2d2..230ef3011 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -681,7 +681,7 @@ function admin_page_users(&$a){
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
// delete user
require_once("include/Contact.php");
- account_remove($uid,true);
+ account_remove($uid,true,false);
notice( sprintf(t("User '%s' deleted"), $account[0]['account_email']) . EOL);
}; break;
diff --git a/mod/removeaccount.php b/mod/removeaccount.php
new file mode 100644
index 000000000..1f9dbcafa
--- /dev/null
+++ b/mod/removeaccount.php
@@ -0,0 +1,66 @@
+<?php
+
+function removeaccount_post(&$a) {
+
+ if(! local_user())
+ return;
+
+ if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
+ return;
+
+ if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
+ return;
+
+ if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify']))))
+ return;
+
+ if($_POST['verify'] !== $_SESSION['remove_account_verify'])
+ return;
+
+
+ $account = $a->get_account();
+ $account_id = get_account_id();
+
+ if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+ return;
+
+ if($account['account_password_changed'] != '0000-00-00 00:00:00') {
+ $d1 = datetime_convert('UTC','UTC','now - 48 hours');
+ if($account['account_password_changed'] > d1) {
+ notice( t('Account removals are not allowed within 48 hours of changing the account password.') . EOL);
+ return;
+ }
+ }
+
+ require_once('include/Contact.php');
+
+ $global_remove = intval($_POST['global']);
+
+ account_remove($account_id,true);
+
+}
+
+
+
+function removeaccount_content(&$a) {
+
+ if(! local_user())
+ goaway(z_root());
+
+ $hash = random_string();
+
+ $_SESSION['remove_account_verify'] = $hash;
+ $tpl = get_markup_template('removeaccount.tpl');
+ $o .= replace_macros($tpl, array(
+ '$basedir' => $a->get_baseurl(),
+ '$hash' => $hash,
+ '$title' => t('Remove This Account'),
+ '$desc' => t('This will completely remove this account including all its channels from the network. Once this has been done it is not recoverable.'),
+ '$passwd' => t('Please enter your password for verification:'),
+ '$global' => array('global', t('Remove this account, all its channels and all its channel clones from the network'), false, t('By default only the instances of the channels located on this hub will be removed from the network')),
+ '$submit' => t('Remove Account')
+ ));
+
+ return $o;
+
+} \ No newline at end of file
diff --git a/mod/removeme.php b/mod/removeme.php
index 095570480..13bf6cf63 100644
--- a/mod/removeme.php
+++ b/mod/removeme.php
@@ -35,7 +35,7 @@ function removeme_post(&$a) {
$global_remove = intval($_POST['global']);
- channel_remove(local_user(),1 - $global_remove);
+ channel_remove(local_user(),1 - $global_remove,true);
}
diff --git a/view/tpl/removeaccount.tpl b/view/tpl/removeaccount.tpl
new file mode 100644
index 000000000..b7378806b
--- /dev/null
+++ b/view/tpl/removeaccount.tpl
@@ -0,0 +1,22 @@
+<h1>{{$title}}</h1>
+
+<div id="remove-account-wrapper">
+
+<div id="remove-account-desc">{{$desc}}</div>
+
+<form action="{{$basedir}}/removeaccount" autocomplete="off" method="post" >
+<input type="hidden" name="verify" value="{{$hash}}" />
+
+<div id="remove-account-pass-wrapper">
+<label id="remove-account-pass-label" for="remove-account-pass">{{$passwd}}</label>
+<input type="password" id="remove-account-pass" name="qxz_password" />
+</div>
+<div id="remove-account-pass-end"></div>
+
+{{include file="field_checkbox.tpl" field=$global}}
+
+<input type="submit" name="submit" value="{{$submit}}" />
+
+</form>
+</div>
+