personal-website/docs/www/deleteaccount.php

166 lines
4.8 KiB
PHP

<?php
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
include_once($COMMONS."/header.php");
// Error string for the content deletion confirmation
$confStringErr = "";
/**
* Evaluate validity of content deletion and set error message on error or
* perform needed database operations.
*/
function delete_user($conn, $confirmString) {
global $confStringErr;
$conn = null;
// Check DB connection
if($conn == null){
header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503);
include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
include_once($COMMONS."/footer.php");
die();
}
// Check a user is logged in
if(!isset($_SESSION["current_user"])){
$confStringErr = "I don't know how you got here, but you aren't
logged in, thus I cannot delete your account.";
return;
}
$deleteContent = false;
$deleteAuthor = $_POST["remove_author"] == "yes";
// The user might want to delete the content of their messages
if(!empty($confirmString)) {
// He does indeed, set the var for that
if($confirmString == "DELETE CONTENT OF ALL COMMENTS") {
$deleteContent = true;
}
// He might have entered text by mistake, return and show warning.
else {
$confStringErr = "The confirmation string is filled,
but does not match expected value";
return;
}
}
// Prepare, bind and execute the statement for modification of
// users comments, depending on the actions he wants to take.
if($deleteContent && $deleteAuthor) {
$stmt = $conn->prepare("UPDATE blogpost_comments SET
poster_id = NULL, content='' WHERE poster_id = :userId;");
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
$stmt->execute();
}
else if ($deleteContent) {
$stmt = $conn->prepare("UPDATE blogpost_comments SET
content='' WHERE poster_id = :userId;");
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
$stmt->execute();
}
else if ($deleteAuthor) {
$stmt = $conn->prepare("UPDATE blogpost_comments SET
poster_id = NULL WHERE poster_id = :userId;");
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
$stmt->execute();
}
// Delete the user from the database
$stmt = $conn->prepare("DELETE FROM users WHERE user_id = :userId;");
$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
$stmt->execute();
// Log the user out
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Redirect to this page with GET
header(sprintf("Location: %s?success=true", sanitize_input($_SERVER["PHP_SELF"])));
}
if (isset($_POST["submit"])) {
// Try to delete the user from db
delete_user($conn, sanitize_input($_POST["remove_content"]));
}
display_header("Delete account");
if(sanitize_input($_GET["success"]) == "true"){
printf("<article><h2>Deletion succesful.</h2></article>");
}
if(isset($_SESSION["current_user"])){
printf("
<article>
<h2>Account deletion</h2>
<p>
You are about to delete your account, this means it will be
completely erased from the database, but your contributions
will remain, their authors name will now be shown as
`[Deleted]` instead of your username. Internally, they will
still have your old id set as the author.
</p>
<p>
If you wish for all your contributions to be seen as been
made by a guest (no author id) instead, you can check the
checkbox below. Then they will completely loose their
authorship info.
<p>
<p>
If you want to erase their content as well, please enter
the string `<tt>DELETE CONTENT OF ALL COMMENTS</tt>` in all caps
into the appropriate input as well. But I would urge you
not to do this unless absolutely necessary. Don't we all hate
coming up on an interesting thread on the internet only to
find the most important/interesting message has been deleted?
</p>
<hr>
<form method=\"post\" action=\"%s\">
<table class=\"noborder-table\">
<tr>
<td>
<label for=\"remove_author\">
Remove comment authorship</label>
</td><td>
<input type=\"checkbox\"
name=\"remove_author\" value=\"yes\">
</td>
</tr><tr>
<td>
<label for=\"remove_content\">
Remove content of all comments:</label>
</td><td>
<input type=\"text\" name=\"remove_content\">
</td>
<td>
%s
</td>
</tr>
<tr>
<td>
<input type=\"submit\" name=\"submit\"
value=\"Delete account\">
</td>
</tr>
</table>
</form>
</article>
", htmlspecialchars($_SERVER["PHP_SELF"]), $confStringErr);
}
else{
printf("
<article>
<h2> You are not signed in </h2>
Please sign in to delete your account.
</article>");
}
include_once($COMMONS."/footer.php");
?>