From 7df8dc8bcb0989a8543d699a7c667809170a69b3 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Fri, 25 Jul 2014 11:04:19 +0200
Subject: Add support for deleting user accounts

Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 po/POTFILES                        |  1 +
 web/html/account.php               | 16 ++++++++++++++++
 web/html/index.php                 |  2 ++
 web/template/account_delete.php    | 22 ++++++++++++++++++++++
 web/template/account_edit_form.php |  4 ++++
 5 files changed, 45 insertions(+)
 create mode 100644 web/template/account_delete.php

diff --git a/po/POTFILES b/po/POTFILES
index 1b4d6a65..2b9322b8 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -34,6 +34,7 @@ lib/stats.inc.php
 lib/streams.php
 lib/translator.inc.php
 lib/version.inc.php
+template/account_delete.php
 template/account_details.php
 template/account_edit_form.php
 template/account_search_results.php
diff --git a/web/html/account.php b/web/html/account.php
index f212eabb..d2899502 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
 			}
 		}
 
+	} elseif ($action == "DeleteAccount") {
+		/* Details for account being deleted. */
+		$acctinfo = account_details(in_request('ID'), in_request('U'));
+
+		if (can_edit_account($acctinfo)) {
+			$UID = $acctinfo['ID'];
+			if (in_request('confirm_Delete') && check_token()) {
+				user_delete($UID);
+				header('Location: /');
+			} else {
+				$username = $acctinfo['Username'];
+				include("account_delete.php");
+			}
+		} else {
+			print __("You do not have permission to edit this account.");
+		}
 	} elseif ($action == "AccountInfo") {
 		# no editing, just looking up user info
 		#
diff --git a/web/html/index.php b/web/html/index.php
index 554e86c6..e05b555b 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 				$_REQUEST['Action'] = "DisplayAccount";
 			} elseif ($tokens[3] == 'update') {
 				$_REQUEST['Action'] = "UpdateAccount";
+			} elseif ($tokens[3] == 'delete') {
+				$_REQUEST['Action'] = "DeleteAccount";
 			} else {
 				header("HTTP/1.0 404 Not Found");
 				include "./404.php";
diff --git a/web/template/account_delete.php b/web/template/account_delete.php
new file mode 100644
index 00000000..0d40e5a0
--- /dev/null
+++ b/web/template/account_delete.php
@@ -0,0 +1,22 @@
+<p>
+	<?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?>
+</p>
+<p>
+	<?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?>
+</p>
+
+<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post">
+	<fieldset>
+		<input type="hidden" name="Action" value="<?= $A ?>" />
+		<input type="hidden" name="ID" value="<?= $UID ?>" />
+		<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+	</fieldset>
+	<fieldset>
+		<p><input type="checkbox" name="confirm_Delete" value="1" />
+		<?= __("Confirm deletion") ?></p>
+
+		<p>
+			<input type="submit" class="button" value="<?= __("Delete") ?>" />
+		</p>
+	</fieldset>
+</form>
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index f5890fcb..37339853 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,3 +1,7 @@
+<p>
+	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+</p>
+
 <?php if ($A == "UpdateAccount"): ?>
 <form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
 <?php else: ?>
-- 
cgit v1.2.3-24-g4f1b