[aur-dev] [PATCH 2/2] Add support for deleting user accounts
Lukas Fleischer
archlinux at cryptocrack.de
Fri Jul 25 05:32:06 EDT 2014
Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.
Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
po/POTFILES | 1 +
web/html/account.php | 16 ++++++++++++++++
web/html/index.php | 2 ++
web/template/account_delete.php | 22 ++++++++++++++++++++++
web/template/account_edit_form.php | 4 ++++
5 files changed, 45 insertions(+)
create mode 100644 web/template/account_delete.php
diff --git a/po/POTFILES b/po/POTFILES
index 1b4d6a6..2b9322b 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -34,6 +34,7 @@ lib/stats.inc.php
lib/streams.php
lib/translator.inc.php
lib/version.inc.php
+template/account_delete.php
template/account_details.php
template/account_edit_form.php
template/account_search_results.php
diff --git a/web/html/account.php b/web/html/account.php
index f212eab..d289950 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
}
}
+ } elseif ($action == "DeleteAccount") {
+ /* Details for account being deleted. */
+ $acctinfo = account_details(in_request('ID'), in_request('U'));
+
+ if (can_edit_account($acctinfo)) {
+ $UID = $acctinfo['ID'];
+ if (in_request('confirm_Delete') && check_token()) {
+ user_delete($UID);
+ header('Location: /');
+ } else {
+ $username = $acctinfo['Username'];
+ include("account_delete.php");
+ }
+ } else {
+ print __("You do not have permission to edit this account.");
+ }
} elseif ($action == "AccountInfo") {
# no editing, just looking up user info
#
diff --git a/web/html/index.php b/web/html/index.php
index 554e86c..e05b555 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
$_REQUEST['Action'] = "DisplayAccount";
} elseif ($tokens[3] == 'update') {
$_REQUEST['Action'] = "UpdateAccount";
+ } elseif ($tokens[3] == 'delete') {
+ $_REQUEST['Action'] = "DeleteAccount";
} else {
header("HTTP/1.0 404 Not Found");
include "./404.php";
diff --git a/web/template/account_delete.php b/web/template/account_delete.php
new file mode 100644
index 0000000..0d40e5a
--- /dev/null
+++ b/web/template/account_delete.php
@@ -0,0 +1,22 @@
+<p>
+ <?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?>
+</p>
+<p>
+ <?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?>
+</p>
+
+<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post">
+ <fieldset>
+ <input type="hidden" name="Action" value="<?= $A ?>" />
+ <input type="hidden" name="ID" value="<?= $UID ?>" />
+ <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+ </fieldset>
+ <fieldset>
+ <p><input type="checkbox" name="confirm_Delete" value="1" />
+ <?= __("Confirm deletion") ?></p>
+
+ <p>
+ <input type="submit" class="button" value="<?= __("Delete") ?>" />
+ </p>
+ </fieldset>
+</form>
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index f5890fc..3733985 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,3 +1,7 @@
+<p>
+ <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+</p>
+
<?php if ($A == "UpdateAccount"): ?>
<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
<?php else: ?>
--
2.0.2
More information about the aur-dev
mailing list