diff options
-rw-r--r-- | include/Contact.php | 6 | ||||
-rw-r--r-- | mod/removeme.php | 50 | ||||
-rw-r--r-- | view/de/settings.tpl | 2 | ||||
-rw-r--r-- | view/en/settings.tpl | 2 | ||||
-rw-r--r-- | view/fr/settings.tpl | 2 | ||||
-rw-r--r-- | view/it/settings.tpl | 2 | ||||
-rw-r--r-- | view/removeme.tpl | 20 |
7 files changed, 79 insertions, 5 deletions
diff --git a/include/Contact.php b/include/Contact.php index 98d3e7c0b..7cac3c0e0 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -6,6 +6,10 @@ // authorisation to do this. function user_remove($uid) { + if(! $uid) + return; + $a = get_app(); + logger('Removing user: ' . $uid); q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid)); q("DELETE FROM `group` WHERE `uid` = %d", intval($uid)); q("DELETE FROM `group_member` WHERE `uid` = %d", intval($uid)); @@ -19,7 +23,7 @@ function user_remove($uid) { if($uid == local_user()) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); - killme(); + goaway($a->get_baseurl()); } } diff --git a/mod/removeme.php b/mod/removeme.php new file mode 100644 index 000000000..62b9a6d13 --- /dev/null +++ b/mod/removeme.php @@ -0,0 +1,50 @@ +<?php + +function removeme_post(&$a) { + + if(! local_user()) + return; + + if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password'])))) + return; + + if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify'])))) + return; + + if($_POST['verify'] !== $_SESSION['remove_account_verify']) + return; + + $encrypted = hash('whirlpool',trim($_POST['qxz_password'])); + + if((strlen($a->user['password'])) && ($encrypted === $a->user['password'])) { + require_once('include/Contact.php'); + user_remove($a->user['uid']); + // NOTREACHED + } + +} + + + +function removeme_content(&$a) { + + if(! local_user()) + goaway($a->get_baseurl()); + + $hash = random_string(); + + $_SESSION['remove_account_verify'] = $hash; + + $tpl = load_view_file('view/removeme.tpl'); + $o .= replace_macros($tpl, array( + '$basedir' => $a->get_baseurl(), + '$hash' => $hash, + '$title' => t('Remove My Account'), + '$desc' => t('This will completely remove your account. Once this has been done it is not recoverable.'), + '$passwd' => t('Please enter your password for verification:'), + '$submit' => t('Remove My Account') + )); + + return $o; + +}
\ No newline at end of file diff --git a/view/de/settings.tpl b/view/de/settings.tpl index 6259c171a..0ef50546f 100644 --- a/view/de/settings.tpl +++ b/view/de/settings.tpl @@ -5,7 +5,7 @@ $nickname_block -<form action="settings" id="settings-form" method="post" autocomplete="false" > +<form action="settings" id="settings-form" method="post" autocomplete="off" > <h3 class="settings-heading">Grundeinstellungen</h3> diff --git a/view/en/settings.tpl b/view/en/settings.tpl index 5e1bfabf4..97d67cbf6 100644 --- a/view/en/settings.tpl +++ b/view/en/settings.tpl @@ -5,7 +5,7 @@ $nickname_block -<form action="settings" id="settings-form" method="post" autocomplete="false" > +<form action="settings" id="settings-form" method="post" autocomplete="off" > <h3 class="settings-heading">Basic Settings</h3> diff --git a/view/fr/settings.tpl b/view/fr/settings.tpl index 5e1bfabf4..97d67cbf6 100644 --- a/view/fr/settings.tpl +++ b/view/fr/settings.tpl @@ -5,7 +5,7 @@ $nickname_block -<form action="settings" id="settings-form" method="post" autocomplete="false" > +<form action="settings" id="settings-form" method="post" autocomplete="off" > <h3 class="settings-heading">Basic Settings</h3> diff --git a/view/it/settings.tpl b/view/it/settings.tpl index 2ff259acc..3b68923cf 100644 --- a/view/it/settings.tpl +++ b/view/it/settings.tpl @@ -6,7 +6,7 @@ $nickname_block -<form action="settings" id="settings-form" method="post" autocomplete="false" > +<form action="settings" id="settings-form" method="post" autocomplete="off" > <h3 class="settings-heading">Impostazioni base</h3> diff --git a/view/removeme.tpl b/view/removeme.tpl new file mode 100644 index 000000000..a3ca8d4cf --- /dev/null +++ b/view/removeme.tpl @@ -0,0 +1,20 @@ +<h1>$title</h1> + +<div id="remove-account-wrapper"> + +<div id="remove-account-desc">$desc</div> + +<form action="$basedir/removeme" autocomplete="off" method="post" > +<input type="hidden" name="verify" value="$hash" /> + +<div id="remove-account-pass-wrapper"> +<label id="remove-account-pass-label" for="remove-account-pass">$passwd</label> +<input type="password" id="remove-account-pass" name="qxz_password" /> +</div> +<div id="remove-account-pass-end"></div> + +<input type="submit" name="submit" value="$submit" /> + +</form> +</div> + |