account deletion
This commit is contained in:
parent
1d28eda86a
commit
c8caf0dfac
1 changed files with 167 additions and 0 deletions
167
docs/www/deleteaccount.php
Normal file
167
docs/www/deleteaccount.php
Normal file
|
@ -0,0 +1,167 @@
|
|||
<?php
|
||||
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
||||
|
||||
include_once($COMMONS."/header.php");
|
||||
|
||||
display_header("Delete account");
|
||||
|
||||
// Error string for the content deletion confirmation
|
||||
$confStringErr = "";
|
||||
|
||||
/**
|
||||
* Evaluate validity of content deletion and set error message on error or
|
||||
* perform needed database operations.
|
||||
*/
|
||||
function delete_user($conn, $confirmString) {
|
||||
global $confStringErr;
|
||||
|
||||
// Check DB connection
|
||||
if($conn == null){
|
||||
printf("
|
||||
<article>
|
||||
<h1>Failed DB connection, cannot proceed!</h1>
|
||||
If you see this error in production,
|
||||
please shoot me an email with helpful details.
|
||||
</article>");
|
||||
include_once($GLOBALS['COMMONS']."/footer.php");
|
||||
die();
|
||||
}
|
||||
|
||||
// Check a user is logged in
|
||||
if(!isset($_SESSION["current_user"])){
|
||||
$confStringErr = "I don't know how you got here, but you aren't
|
||||
logged in, thus I cannot delete your account.";
|
||||
return;
|
||||
}
|
||||
|
||||
$deleteContent = false;
|
||||
$deleteAuthor = $_POST["remove_author"] == "yes";
|
||||
|
||||
// The user might want to delete the content of their messages
|
||||
if(!empty($confirmString)) {
|
||||
// He does indeed, set the var for that
|
||||
if($confirmString == "DELETE CONTENT OF ALL COMMENTS") {
|
||||
$deleteContent = true;
|
||||
}
|
||||
// He might have entered text by mistake, return and show warning.
|
||||
else {
|
||||
$confStringErr = "The confirmation string is filled,
|
||||
but does not match expected value";
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Prepare, bind and execute the statement for modification of
|
||||
// users comments, depending on the actions he wants to take.
|
||||
if($deleteContent && $deleteAuthor) {
|
||||
$stmt = $conn->prepare("UPDATE blogpost_comments SET
|
||||
poster_id = NULL, content='' WHERE poster_id = :userId;");
|
||||
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
||||
$stmt->execute();
|
||||
}
|
||||
else if ($deleteContent) {
|
||||
$stmt = $conn->prepare("UPDATE blogpost_comments SET
|
||||
content='' WHERE poster_id = :userId;");
|
||||
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
||||
$stmt->execute();
|
||||
}
|
||||
else if ($deleteAuthor) {
|
||||
$stmt = $conn->prepare("UPDATE blogpost_comments SET
|
||||
poster_id = NULL WHERE poster_id = :userId;");
|
||||
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
||||
$stmt->execute();
|
||||
}
|
||||
|
||||
// Delete the user from the database
|
||||
$stmt = $conn->prepare("DELETE FROM users WHERE user_id = :userId;");
|
||||
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
||||
$stmt->execute();
|
||||
|
||||
if (ini_get("session.use_cookies")) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(session_name(), '', time() - 42000,
|
||||
$params["path"], $params["domain"],
|
||||
$params["secure"], $params["httponly"]
|
||||
);
|
||||
}
|
||||
|
||||
// Redirect to this page with GET
|
||||
header(sprintf("Location: %s?success=true", sanitize_input($_SERVER["PHP_SELF"])));
|
||||
}
|
||||
|
||||
if (isset($_POST["submit"])) {
|
||||
// Try to delete the user from db
|
||||
delete_user($conn, sanitize_input($_POST["remove_content"]));
|
||||
}
|
||||
|
||||
if(sanitize_input($_GET["success"]) == "true"){
|
||||
printf("<article><h2>Deletion succesful.</h2></article>");
|
||||
}
|
||||
|
||||
if(isset($_SESSION["current_user"])){
|
||||
printf("
|
||||
<article>
|
||||
<h2>Account deletion</h2>
|
||||
<p>
|
||||
You are about to delete your account, this means it will be
|
||||
completely erased from the database, but your contributions
|
||||
will remain, their authors name will now be shown as
|
||||
`[Deleted]` instead of your username. Internally, they will
|
||||
still have your old id set as the author.
|
||||
</p>
|
||||
<p>
|
||||
If you wish for all your contributions to be seen as been
|
||||
made by a guest (no author id) instead, you can check the
|
||||
checkbox below. Then they will completely loose their
|
||||
authorship info.
|
||||
<p>
|
||||
<p>
|
||||
If you want to erase their content as well, please enter
|
||||
the string `<tt>DELETE CONTENT OF ALL COMMENTS</tt>` in all caps
|
||||
into the appropriate input as well. But I would urge you
|
||||
not to do this unless absolutely necessary. Don't we all hate
|
||||
coming up on an interesting thread on the internet only to
|
||||
find the most important/interesting message has been deleted?
|
||||
</p>
|
||||
<hr>
|
||||
<form method=\"post\" action=\"%s\">
|
||||
<table class=\"noborder-table\">
|
||||
<tr>
|
||||
<td>
|
||||
<label for=\"remove_author\">
|
||||
Remove comment authorship</label>
|
||||
</td><td>
|
||||
<input type=\"checkbox\"
|
||||
name=\"remove_author\" value=\"yes\">
|
||||
</td>
|
||||
</tr><tr>
|
||||
<td>
|
||||
<label for=\"remove_content\">
|
||||
Remove content of all comments:</label>
|
||||
</td><td>
|
||||
<input type=\"text\" name=\"remove_content\">
|
||||
</td>
|
||||
<td>
|
||||
%s
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<input type=\"submit\" name=\"submit\"
|
||||
value=\"Delete account\">
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</article>
|
||||
", htmlspecialchars($_SERVER["PHP_SELF"]), $confStringErr);
|
||||
}
|
||||
else{
|
||||
printf("
|
||||
<article>
|
||||
<h2> You are not signed in </h2>
|
||||
Please sign in to delete your account.
|
||||
</article>");
|
||||
}
|
||||
include_once($COMMONS."/footer.php");
|
||||
?>
|
Loading…
Reference in a new issue