From 2875f7095562b302f13e1ef7e8cfd581cfc984bf Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sat, 20 Aug 2016 23:11:34 +0200
Subject: Allow users to delete their accounts

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/controllers/user.php                  | 61 +++++++++++++++++++++++
 application/views/user/delete_account_form.php    | 27 ++++++++++
 application/views/user/delete_account_success.php |  8 +++
 application/views/user/profile.php                |  6 +++
 public_html/data/css/style.css                    |  5 ++
 5 files changed, 107 insertions(+)
 create mode 100644 application/views/user/delete_account_form.php
 create mode 100644 application/views/user/delete_account_success.php

diff --git a/application/controllers/user.php b/application/controllers/user.php
index 891ef9451..a298d1076 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -241,6 +241,67 @@ class User extends MY_Controller {
 		$this->load->view('footer', $this->data);
 	}
 
+	public function delete_account()
+	{
+		$this->muser->require_access();
+		$this->duser->require_implemented("can_delete_account");
+
+		if ($_SERVER["REQUEST_METHOD"] == "GET") {
+			return $this->_delete_account_form();
+		} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
+			return $this->_delete_account_process();
+		}
+	}
+
+	public function _delete_account_form()
+	{
+		$this->data['username'] = $this->muser->get_username();
+
+		$this->load->view('header', $this->data);
+		$this->load->view($this->var->view_dir.'delete_account_form', $this->data);
+		$this->load->view('footer', $this->data);
+	}
+
+	public function _delete_account_process()
+	{
+		$username = $this->muser->get_username();
+		$password = $this->input->post("password");
+
+		$useremail = $this->muser->get_email($this->muser->get_userid());
+
+		if ($this->muser->delete_user($username, $password)) {
+			$this->muser->logout();
+
+			$this->load->library("email");
+			$this->email->from($this->config->item("email_from"));
+			$this->email->to($useremail);
+			$this->email->subject("FileBin account deleted");
+			$this->email->message(""
+				."Your FileBin account '${username}' at ".site_url()."\n"
+				."has been permemently deleted.\n"
+				."\n"
+				."The request has been sent from the IP address '${_SERVER["REMOTE_ADDR"]}'\n"
+				."and was confirmed with your password.\n"
+				."\n"
+				."Thank you for using FileBin!\n"
+				);
+			$this->email->send();
+			unset($this->data['username']);
+			unset($this->data['user_logged_in']);
+
+			$this->load->view('header', $this->data);
+			$this->load->view($this->var->view_dir.'delete_account_success', $this->data);
+			$this->load->view('footer', $this->data);
+			return;
+		} else {
+			$this->data['alerts'][] = array(
+				"type" => "danger",
+				"message" => "Your password was incorrect",
+			);
+			return $this->_delete_account_form();
+		}
+	}
+
 	// This routes the different steps of a password reset
 	function reset_password()
 	{
diff --git a/application/views/user/delete_account_form.php b/application/views/user/delete_account_form.php
new file mode 100644
index 000000000..dbb28531d
--- /dev/null
+++ b/application/views/user/delete_account_form.php
@@ -0,0 +1,27 @@
+<div class="row">
+	<div class="col-sm-12">
+		<h1>Account deletion</h1>
+		<p>
+			Here you can permanently delete your account on this FileBin installation.<br>
+			<b>WARNING: All your data will be irrevocably deleted.</b>
+		</p>
+	</div>
+</div>
+
+<?php echo form_open("user/delete_account"); ?>
+	<div class="row">
+		<div class="form-group col-lg-8 col-md-10">
+			<label class="control-label col-lg-2 col-md-2" for="inputPassword">Password</label>
+			<div class="col-lg-5 col-md-5">
+				<input type="password" id="inputPassword" name="password" placeholder="Password" class="form-control">
+			</div>
+		</div>
+	</div>
+	<div class='row'>
+		<div class="form-group col-lg-8 col-md-10">
+			<div class="col-lg-offset-2 col-lg-5 col-md-offset-2 col-md-5">
+				<button type="submit" name="delete" class="form-control btn-danger">Delete my account (<?php echo htmlentities($username); ?>)</button>
+			</div>
+		</div>
+	</div>
+</form>
diff --git a/application/views/user/delete_account_success.php b/application/views/user/delete_account_success.php
new file mode 100644
index 000000000..72d7ff12b
--- /dev/null
+++ b/application/views/user/delete_account_success.php
@@ -0,0 +1,8 @@
+<div class="row">
+	<div class="col-sm-12">
+		<h1>Account deletion successful</h1>
+		<p>
+			Your account has been successfully deleted. Thank you for using FileBin!
+		</p>
+	</div>
+</div>
diff --git a/application/views/user/profile.php b/application/views/user/profile.php
index 6e0a7089f..1aa22ec10 100644
--- a/application/views/user/profile.php
+++ b/application/views/user/profile.php
@@ -38,3 +38,9 @@
 	</div>
 </div>
 </form>
+
+<div class="row vertical-space-small"></div>
+
+<div class="row">
+	<p>If you want to permanently delete your account, please click <a href="<?php echo site_url("user/delete_account"); ?>">here</a>.</p>
+</div>
diff --git a/public_html/data/css/style.css b/public_html/data/css/style.css
index 4d29e89fd..57366d3d6 100644
--- a/public_html/data/css/style.css
+++ b/public_html/data/css/style.css
@@ -37,6 +37,11 @@
 	margin:0 9px;
 	border-left:1px solid #e1e1e1;
 }
+
+.vertical-space-small {
+	height: 50px;
+}
+
 @media (max-width: 768px) {
 	.dont-float {
 		float: left;
-- 
cgit v1.2.3-24-g4f1b