[aur-dev] [PATCH 2/2] Add support for deleting user accounts

Lukas Fleischer archlinux at cryptocrack.de
Fri Jul 25 05:32:06 EDT 2014


Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.

Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
 po/POTFILES                        |  1 +
 web/html/account.php               | 16 ++++++++++++++++
 web/html/index.php                 |  2 ++
 web/template/account_delete.php    | 22 ++++++++++++++++++++++
 web/template/account_edit_form.php |  4 ++++
 5 files changed, 45 insertions(+)
 create mode 100644 web/template/account_delete.php

diff --git a/po/POTFILES b/po/POTFILES
index 1b4d6a6..2b9322b 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -34,6 +34,7 @@ lib/stats.inc.php
 lib/streams.php
 lib/translator.inc.php
 lib/version.inc.php
+template/account_delete.php
 template/account_details.php
 template/account_edit_form.php
 template/account_search_results.php
diff --git a/web/html/account.php b/web/html/account.php
index f212eab..d289950 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
 			}
 		}
 
+	} elseif ($action == "DeleteAccount") {
+		/* Details for account being deleted. */
+		$acctinfo = account_details(in_request('ID'), in_request('U'));
+
+		if (can_edit_account($acctinfo)) {
+			$UID = $acctinfo['ID'];
+			if (in_request('confirm_Delete') && check_token()) {
+				user_delete($UID);
+				header('Location: /');
+			} else {
+				$username = $acctinfo['Username'];
+				include("account_delete.php");
+			}
+		} else {
+			print __("You do not have permission to edit this account.");
+		}
 	} elseif ($action == "AccountInfo") {
 		# no editing, just looking up user info
 		#
diff --git a/web/html/index.php b/web/html/index.php
index 554e86c..e05b555 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 				$_REQUEST['Action'] = "DisplayAccount";
 			} elseif ($tokens[3] == 'update') {
 				$_REQUEST['Action'] = "UpdateAccount";
+			} elseif ($tokens[3] == 'delete') {
+				$_REQUEST['Action'] = "DeleteAccount";
 			} else {
 				header("HTTP/1.0 404 Not Found");
 				include "./404.php";
diff --git a/web/template/account_delete.php b/web/template/account_delete.php
new file mode 100644
index 0000000..0d40e5a
--- /dev/null
+++ b/web/template/account_delete.php
@@ -0,0 +1,22 @@
+<p>
+	<?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?>
+</p>
+<p>
+	<?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?>
+</p>
+
+<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post">
+	<fieldset>
+		<input type="hidden" name="Action" value="<?= $A ?>" />
+		<input type="hidden" name="ID" value="<?= $UID ?>" />
+		<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+	</fieldset>
+	<fieldset>
+		<p><input type="checkbox" name="confirm_Delete" value="1" />
+		<?= __("Confirm deletion") ?></p>
+
+		<p>
+			<input type="submit" class="button" value="<?= __("Delete") ?>" />
+		</p>
+	</fieldset>
+</form>
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index f5890fc..3733985 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,3 +1,7 @@
+<p>
+	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+</p>
+
 <?php if ($A == "UpdateAccount"): ?>
 <form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
 <?php else: ?>
-- 
2.0.2


More information about the aur-dev mailing list