summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/html/account.php16
-rw-r--r--web/html/index.php2
-rw-r--r--web/template/account_delete.php22
-rw-r--r--web/template/account_edit_form.php4
4 files changed, 44 insertions, 0 deletions
diff --git a/web/html/account.php b/web/html/account.php
index f212eabb..d2899502 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
}
}
+ } elseif ($action == "DeleteAccount") {
+ /* Details for account being deleted. */
+ $acctinfo = account_details(in_request('ID'), in_request('U'));
+
+ if (can_edit_account($acctinfo)) {
+ $UID = $acctinfo['ID'];
+ if (in_request('confirm_Delete') && check_token()) {
+ user_delete($UID);
+ header('Location: /');
+ } else {
+ $username = $acctinfo['Username'];
+ include("account_delete.php");
+ }
+ } else {
+ print __("You do not have permission to edit this account.");
+ }
} elseif ($action == "AccountInfo") {
# no editing, just looking up user info
#
diff --git a/web/html/index.php b/web/html/index.php
index 554e86c6..e05b555b 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
$_REQUEST['Action'] = "DisplayAccount";
} elseif ($tokens[3] == 'update') {
$_REQUEST['Action'] = "UpdateAccount";
+ } elseif ($tokens[3] == 'delete') {
+ $_REQUEST['Action'] = "DeleteAccount";
} else {
header("HTTP/1.0 404 Not Found");
include "./404.php";
diff --git a/web/template/account_delete.php b/web/template/account_delete.php
new file mode 100644
index 00000000..0d40e5a0
--- /dev/null
+++ b/web/template/account_delete.php
@@ -0,0 +1,22 @@
+<p>
+ <?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?>
+</p>
+<p>
+ <?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?>
+</p>
+
+<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post">
+ <fieldset>
+ <input type="hidden" name="Action" value="<?= $A ?>" />
+ <input type="hidden" name="ID" value="<?= $UID ?>" />
+ <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+ </fieldset>
+ <fieldset>
+ <p><input type="checkbox" name="confirm_Delete" value="1" />
+ <?= __("Confirm deletion") ?></p>
+
+ <p>
+ <input type="submit" class="button" value="<?= __("Delete") ?>" />
+ </p>
+ </fieldset>
+</form>
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index f5890fcb..37339853 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,3 +1,7 @@
+<p>
+ <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+</p>
+
<?php if ($A == "UpdateAccount"): ?>
<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
<?php else: ?>