summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-25 11:04:19 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-25 11:30:33 +0200
commit7df8dc8bcb0989a8543d699a7c667809170a69b3 (patch)
tree3ded7b5d19c0ebea74c943ce8e3bced195f072fb /web
parentf4ee1278e5509c531675828dc8fce78ae1a608b9 (diff)
downloadaur-7df8dc8bcb0989a8543d699a7c667809170a69b3.tar.gz
aur-7df8dc8bcb0989a8543d699a7c667809170a69b3.tar.xz
Add support for deleting user accounts
Users can now delete their own accounts by clicking a link in the account edit form and confirming the deletion on a follow-up page. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/html/account.php16
-rw-r--r--web/html/index.php2
-rw-r--r--web/template/account_delete.php22
-rw-r--r--web/template/account_edit_form.php4
4 files changed, 44 insertions, 0 deletions
diff --git a/web/html/account.php b/web/html/account.php
index f212eabb..d2899502 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
}
}
+ } elseif ($action == "DeleteAccount") {
+ /* Details for account being deleted. */
+ $acctinfo = account_details(in_request('ID'), in_request('U'));
+
+ if (can_edit_account($acctinfo)) {
+ $UID = $acctinfo['ID'];
+ if (in_request('confirm_Delete') && check_token()) {
+ user_delete($UID);
+ header('Location: /');
+ } else {
+ $username = $acctinfo['Username'];
+ include("account_delete.php");
+ }
+ } else {
+ print __("You do not have permission to edit this account.");
+ }
} elseif ($action == "AccountInfo") {
# no editing, just looking up user info
#
diff --git a/web/html/index.php b/web/html/index.php
index 554e86c6..e05b555b 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
$_REQUEST['Action'] = "DisplayAccount";
} elseif ($tokens[3] == 'update') {
$_REQUEST['Action'] = "UpdateAccount";
+ } elseif ($tokens[3] == 'delete') {
+ $_REQUEST['Action'] = "DeleteAccount";
} else {
header("HTTP/1.0 404 Not Found");
include "./404.php";
diff --git a/web/template/account_delete.php b/web/template/account_delete.php
new file mode 100644
index 00000000..0d40e5a0
--- /dev/null
+++ b/web/template/account_delete.php
@@ -0,0 +1,22 @@
+<p>
+ <?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?>
+</p>
+<p>
+ <?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?>
+</p>
+
+<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post">
+ <fieldset>
+ <input type="hidden" name="Action" value="<?= $A ?>" />
+ <input type="hidden" name="ID" value="<?= $UID ?>" />
+ <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+ </fieldset>
+ <fieldset>
+ <p><input type="checkbox" name="confirm_Delete" value="1" />
+ <?= __("Confirm deletion") ?></p>
+
+ <p>
+ <input type="submit" class="button" value="<?= __("Delete") ?>" />
+ </p>
+ </fieldset>
+</form>
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index f5890fcb..37339853 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,3 +1,7 @@
+<p>
+ <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+</p>
+
<?php if ($A == "UpdateAccount"): ?>
<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
<?php else: ?>