diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-25 11:04:19 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-25 11:30:33 +0200 |
commit | 7df8dc8bcb0989a8543d699a7c667809170a69b3 (patch) | |
tree | 3ded7b5d19c0ebea74c943ce8e3bced195f072fb /web | |
parent | f4ee1278e5509c531675828dc8fce78ae1a608b9 (diff) | |
download | aurweb-7df8dc8bcb0989a8543d699a7c667809170a69b3.tar.xz |
Add support for deleting user accounts
Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/html/account.php | 16 | ||||
-rw-r--r-- | web/html/index.php | 2 | ||||
-rw-r--r-- | web/template/account_delete.php | 22 | ||||
-rw-r--r-- | web/template/account_edit_form.php | 4 |
4 files changed, 44 insertions, 0 deletions
diff --git a/web/html/account.php b/web/html/account.php index f212eab..d289950 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) { } } + } elseif ($action == "DeleteAccount") { + /* Details for account being deleted. */ + $acctinfo = account_details(in_request('ID'), in_request('U')); + + if (can_edit_account($acctinfo)) { + $UID = $acctinfo['ID']; + if (in_request('confirm_Delete') && check_token()) { + user_delete($UID); + header('Location: /'); + } else { + $username = $acctinfo['Username']; + include("account_delete.php"); + } + } else { + print __("You do not have permission to edit this account."); + } } elseif ($action == "AccountInfo") { # no editing, just looking up user info # diff --git a/web/html/index.php b/web/html/index.php index 554e86c..e05b555 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { $_REQUEST['Action'] = "DisplayAccount"; } elseif ($tokens[3] == 'update') { $_REQUEST['Action'] = "UpdateAccount"; + } elseif ($tokens[3] == 'delete') { + $_REQUEST['Action'] = "DeleteAccount"; } else { header("HTTP/1.0 404 Not Found"); include "./404.php"; diff --git a/web/template/account_delete.php b/web/template/account_delete.php new file mode 100644 index 0000000..0d40e5a --- /dev/null +++ b/web/template/account_delete.php @@ -0,0 +1,22 @@ +<p> + <?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?> +</p> +<p> + <?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?> +</p> + +<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post"> + <fieldset> + <input type="hidden" name="Action" value="<?= $A ?>" /> + <input type="hidden" name="ID" value="<?= $UID ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + </fieldset> + <fieldset> + <p><input type="checkbox" name="confirm_Delete" value="1" /> + <?= __("Confirm deletion") ?></p> + + <p> + <input type="submit" class="button" value="<?= __("Delete") ?>" /> + </p> + </fieldset> +</form> diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index f5890fc..3733985 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -1,3 +1,7 @@ +<p> + <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?> +</p> + <?php if ($A == "UpdateAccount"): ?> <form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post"> <?php else: ?> |