From 7df8dc8bcb0989a8543d699a7c667809170a69b3 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Fri, 25 Jul 2014 11:04:19 +0200
Subject: Add support for deleting user accounts

Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/html/account.php | 16 ++++++++++++++++
 web/html/index.php   |  2 ++
 2 files changed, 18 insertions(+)

(limited to 'web/html')

diff --git a/web/html/account.php b/web/html/account.php
index f212eabb..d2899502 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
 			}
 		}
 
+	} elseif ($action == "DeleteAccount") {
+		/* Details for account being deleted. */
+		$acctinfo = account_details(in_request('ID'), in_request('U'));
+
+		if (can_edit_account($acctinfo)) {
+			$UID = $acctinfo['ID'];
+			if (in_request('confirm_Delete') && check_token()) {
+				user_delete($UID);
+				header('Location: /');
+			} else {
+				$username = $acctinfo['Username'];
+				include("account_delete.php");
+			}
+		} else {
+			print __("You do not have permission to edit this account.");
+		}
 	} elseif ($action == "AccountInfo") {
 		# no editing, just looking up user info
 		#
diff --git a/web/html/index.php b/web/html/index.php
index 554e86c6..e05b555b 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 				$_REQUEST['Action'] = "DisplayAccount";
 			} elseif ($tokens[3] == 'update') {
 				$_REQUEST['Action'] = "UpdateAccount";
+			} elseif ($tokens[3] == 'delete') {
+				$_REQUEST['Action'] = "DeleteAccount";
 			} else {
 				header("HTTP/1.0 404 Not Found");
 				include "./404.php";
-- 
cgit v1.2.3-24-g4f1b