166 lines
4.8 KiB
PHP
166 lines
4.8 KiB
PHP
<?php
|
|
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
|
|
|
include_once($COMMONS."/header.php");
|
|
|
|
// Error string for the content deletion confirmation
|
|
$confStringErr = "";
|
|
|
|
/**
|
|
* Evaluate validity of content deletion and set error message on error or
|
|
* perform needed database operations.
|
|
*/
|
|
function delete_user($conn, $confirmString) {
|
|
global $confStringErr;
|
|
|
|
$conn = null;
|
|
// Check DB connection
|
|
if($conn == null){
|
|
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
|
|
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
|
|
include_once($COMMONS."/footer.php");
|
|
die();
|
|
}
|
|
|
|
// Check a user is logged in
|
|
if(!isset($_SESSION["current_user"])){
|
|
$confStringErr = "I don't know how you got here, but you aren't
|
|
logged in, thus I cannot delete your account.";
|
|
return;
|
|
}
|
|
|
|
$deleteContent = false;
|
|
$deleteAuthor = $_POST["remove_author"] == "yes";
|
|
|
|
// The user might want to delete the content of their messages
|
|
if(!empty($confirmString)) {
|
|
// He does indeed, set the var for that
|
|
if($confirmString == "DELETE CONTENT OF ALL COMMENTS") {
|
|
$deleteContent = true;
|
|
}
|
|
// He might have entered text by mistake, return and show warning.
|
|
else {
|
|
$confStringErr = "The confirmation string is filled,
|
|
but does not match expected value";
|
|
return;
|
|
}
|
|
}
|
|
|
|
// Prepare, bind and execute the statement for modification of
|
|
// users comments, depending on the actions he wants to take.
|
|
if($deleteContent && $deleteAuthor) {
|
|
$stmt = $conn->prepare("UPDATE blogpost_comments SET
|
|
poster_id = NULL, content='' WHERE poster_id = :userId;");
|
|
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
|
$stmt->execute();
|
|
}
|
|
else if ($deleteContent) {
|
|
$stmt = $conn->prepare("UPDATE blogpost_comments SET
|
|
content='' WHERE poster_id = :userId;");
|
|
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
|
$stmt->execute();
|
|
}
|
|
else if ($deleteAuthor) {
|
|
$stmt = $conn->prepare("UPDATE blogpost_comments SET
|
|
poster_id = NULL WHERE poster_id = :userId;");
|
|
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
|
$stmt->execute();
|
|
}
|
|
|
|
// Delete the user from the database
|
|
$stmt = $conn->prepare("DELETE FROM users WHERE user_id = :userId;");
|
|
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
|
|
$stmt->execute();
|
|
|
|
// Log the user out
|
|
if (ini_get("session.use_cookies")) {
|
|
$params = session_get_cookie_params();
|
|
setcookie(session_name(), '', time() - 42000,
|
|
$params["path"], $params["domain"],
|
|
$params["secure"], $params["httponly"]
|
|
);
|
|
}
|
|
|
|
// Redirect to this page with GET
|
|
header(sprintf("Location: %s?success=true", sanitize_input($_SERVER["PHP_SELF"])));
|
|
}
|
|
|
|
if (isset($_POST["submit"])) {
|
|
// Try to delete the user from db
|
|
delete_user($conn, sanitize_input($_POST["remove_content"]));
|
|
}
|
|
|
|
display_header("Delete account");
|
|
|
|
if(sanitize_input($_GET["success"]) == "true"){
|
|
printf("<article><h2>Deletion succesful.</h2></article>");
|
|
}
|
|
|
|
if(isset($_SESSION["current_user"])){
|
|
printf("
|
|
<article>
|
|
<h2>Account deletion</h2>
|
|
<p>
|
|
You are about to delete your account, this means it will be
|
|
completely erased from the database, but your contributions
|
|
will remain, their authors name will now be shown as
|
|
`[Deleted]` instead of your username. Internally, they will
|
|
still have your old id set as the author.
|
|
</p>
|
|
<p>
|
|
If you wish for all your contributions to be seen as been
|
|
made by a guest (no author id) instead, you can check the
|
|
checkbox below. Then they will completely loose their
|
|
authorship info.
|
|
<p>
|
|
<p>
|
|
If you want to erase their content as well, please enter
|
|
the string `<tt>DELETE CONTENT OF ALL COMMENTS</tt>` in all caps
|
|
into the appropriate input as well. But I would urge you
|
|
not to do this unless absolutely necessary. Don't we all hate
|
|
coming up on an interesting thread on the internet only to
|
|
find the most important/interesting message has been deleted?
|
|
</p>
|
|
<hr>
|
|
<form method=\"post\" action=\"%s\">
|
|
<table class=\"noborder-table\">
|
|
<tr>
|
|
<td>
|
|
<label for=\"remove_author\">
|
|
Remove comment authorship</label>
|
|
</td><td>
|
|
<input type=\"checkbox\"
|
|
name=\"remove_author\" value=\"yes\">
|
|
</td>
|
|
</tr><tr>
|
|
<td>
|
|
<label for=\"remove_content\">
|
|
Remove content of all comments:</label>
|
|
</td><td>
|
|
<input type=\"text\" name=\"remove_content\">
|
|
</td>
|
|
<td>
|
|
%s
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<input type=\"submit\" name=\"submit\"
|
|
value=\"Delete account\">
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
</article>
|
|
", htmlspecialchars($_SERVER["PHP_SELF"]), $confStringErr);
|
|
}
|
|
else{
|
|
printf("
|
|
<article>
|
|
<h2> You are not signed in </h2>
|
|
Please sign in to delete your account.
|
|
</article>");
|
|
}
|
|
|
|
include_once($COMMONS."/footer.php");
|
|
?>
|