deleteaccount.php 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325
  1. <?php
  2. /**
  3. * StatusNet - the distributed open-source microblogging tool
  4. * Copyright (C) 2010, StatusNet, Inc.
  5. *
  6. * Delete your own account
  7. *
  8. * PHP version 5
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. * @category Account
  24. * @package StatusNet
  25. * @author Evan Prodromou <evan@status.net>
  26. * @copyright 2010 StatusNet, Inc.
  27. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  28. * @link http://status.net/
  29. */
  30. if (!defined('STATUSNET')) {
  31. // This check helps protect against security problems;
  32. // your code file can't be executed directly from the web.
  33. exit(1);
  34. }
  35. /**
  36. * Action to delete your own account
  37. *
  38. * Note that this is distinct from DeleteuserAction, which see. I thought
  39. * that making that action do both things (delete another user and delete the
  40. * current user) would open a lot of holes. I'm open to refactoring, however.
  41. *
  42. * @category Account
  43. * @package StatusNet
  44. * @author Evan Prodromou <evan@status.net>
  45. * @copyright 2010 StatusNet, Inc.
  46. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  47. * @link http://status.net/
  48. */
  49. class DeleteaccountAction extends Action
  50. {
  51. private $_complete = false;
  52. private $_error = null;
  53. /**
  54. * For initializing members of the class.
  55. *
  56. * @param array $args misc. arguments
  57. *
  58. * @return boolean true
  59. * @throws ClientException
  60. */
  61. function prepare(array $args = [])
  62. {
  63. parent::prepare($args);
  64. $cur = common_current_user();
  65. if (empty($cur)) {
  66. // TRANS: Client exception displayed trying to delete a user account while not logged in.
  67. throw new ClientException(_("Only logged-in users can delete their account."), 403);
  68. }
  69. if (!$cur->hasRight(Right::DELETEACCOUNT)) {
  70. // TRANS: Client exception displayed trying to delete a user account without have the rights to do that.
  71. throw new ClientException(_("You cannot delete your account."), 403);
  72. }
  73. return true;
  74. }
  75. /**
  76. * Handler method
  77. *
  78. * @return void
  79. * @throws AuthorizationException
  80. * @throws ServerException
  81. */
  82. function handle()
  83. {
  84. parent::handle();
  85. if ($this->isPost()) {
  86. $this->deleteAccount();
  87. } else {
  88. $this->showPage();
  89. }
  90. return null;
  91. }
  92. /**
  93. * Delete the current user's account
  94. *
  95. * Checks for the "I am sure." string to make sure the user really
  96. * wants to delete their account.
  97. *
  98. * Then, marks the account as deleted and begins the deletion process
  99. * (actually done by a back-end handler).
  100. *
  101. * If successful it logs the user out, and shows a brief completion message.
  102. *
  103. * @return void
  104. * @throws AuthorizationException
  105. * @throws ServerException
  106. */
  107. function deleteAccount()
  108. {
  109. $this->checkSessionToken();
  110. // !!! If this string is changed, it also needs to be changed in DeleteAccountForm::formData()
  111. // TRANS: Confirmation text for user deletion. The user has to type this exactly the same, including punctuation.
  112. $iamsure = _('I am sure.');
  113. if ($this->trimmed('iamsure') != $iamsure) {
  114. // TRANS: Notification for user about the text that must be input to be able to delete a user account.
  115. // TRANS: %s is the text that needs to be input.
  116. $this->_error = sprintf(_('You must write "%s" exactly in the box.'), $iamsure);
  117. $this->showPage();
  118. return null;
  119. }
  120. $cur = common_current_user();
  121. // Mark the account as deleted and shove low-level deletion tasks
  122. // to background queues. Removing a lot of posts can take a while...
  123. if (!$cur->hasRole(Profile_role::DELETED)) {
  124. $cur->grantRole(Profile_role::DELETED);
  125. }
  126. $qm = QueueManager::get();
  127. $qm->enqueue($cur, 'deluser');
  128. // The user is really-truly logged out
  129. common_set_user(null);
  130. common_real_login(false); // not logged in
  131. common_forgetme(); // don't log back in!
  132. $this->_complete = true;
  133. $this->showPage();
  134. }
  135. /**
  136. * Return true if read only.
  137. *
  138. * MAY override
  139. *
  140. * @param array $args other arguments
  141. *
  142. * @return boolean is read only action?
  143. */
  144. function isReadOnly($args)
  145. {
  146. return false;
  147. }
  148. /**
  149. * Return last modified, if applicable.
  150. *
  151. * MAY override
  152. *
  153. * @return string last modified http header
  154. */
  155. function lastModified()
  156. {
  157. // For comparison with If-Last-Modified
  158. // If not applicable, return null
  159. return null;
  160. }
  161. /**
  162. * Return etag, if applicable.
  163. *
  164. * MAY override
  165. *
  166. * @return string etag http header
  167. */
  168. function etag()
  169. {
  170. return null;
  171. }
  172. /**
  173. * Shows the page content.
  174. *
  175. * If the deletion is complete, just shows a completion message.
  176. *
  177. * Otherwise, shows the deletion form.
  178. *
  179. * @return void
  180. *
  181. */
  182. function showContent()
  183. {
  184. if ($this->_complete) {
  185. $this->element('p', 'confirmation',
  186. // TRANS: Confirmation that a user account has been deleted.
  187. _('Account deleted.'));
  188. return null;
  189. }
  190. if (!empty($this->_error)) {
  191. $this->element('p', 'error', $this->_error);
  192. $this->_error = null;
  193. }
  194. $form = new DeleteAccountForm($this);
  195. $form->show();
  196. }
  197. /**
  198. * Show the title of the page
  199. *
  200. * @return string title
  201. */
  202. function title()
  203. {
  204. // TRANS: Page title for page on which a user account can be deleted.
  205. return _('Delete account');
  206. }
  207. }
  208. /**
  209. * Form for deleting your account
  210. *
  211. * Note that this mostly is here to keep you from accidentally deleting your
  212. * account.
  213. *
  214. * @category Account
  215. * @package StatusNet
  216. * @author Evan Prodromou <evan@status.net>
  217. * @copyright 2010 StatusNet, Inc.
  218. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  219. * @link http://status.net/
  220. */
  221. class DeleteAccountForm extends Form
  222. {
  223. /**
  224. * Class of the form.
  225. *
  226. * @return string the form's class
  227. */
  228. function formClass()
  229. {
  230. return 'form_profile_delete';
  231. }
  232. /**
  233. * URL the form posts to
  234. *
  235. * @return string the form's action URL
  236. */
  237. function action()
  238. {
  239. return common_local_url('deleteaccount');
  240. }
  241. /**
  242. * Output form data
  243. *
  244. * Instructions plus an 'i am sure' entry box.
  245. *
  246. * @return void
  247. */
  248. function formData()
  249. {
  250. $cur = common_current_user();
  251. // TRANS: Form text for user deletion form.
  252. $msg = '<p>' . _('This will <strong>permanently delete</strong> your account data from this server.') . '</p>';
  253. if ($cur->hasRight(Right::BACKUPACCOUNT)) {
  254. // TRANS: Additional form text for user deletion form shown if a user has account backup rights.
  255. // TRANS: %s is a URL to the backup page.
  256. $msg .= '<p>' . sprintf(_('You are strongly advised to <a href="%s">back up your data</a> before deletion.'),
  257. common_local_url('backupaccount')) . '</p>';
  258. }
  259. $this->out->elementStart('p');
  260. $this->out->raw($msg);
  261. $this->out->elementEnd('p');
  262. // !!! If this string is changed, it also needs to be changed in class DeleteaccountAction.
  263. // TRANS: Confirmation text for user deletion. The user has to type this exactly the same, including punctuation.
  264. $iamsure = _("I am sure.");
  265. $this->out->input('iamsure',
  266. // TRANS: Field label for delete account confirmation entry.
  267. _('Confirm'),
  268. null,
  269. // TRANS: Input title for the delete account field.
  270. // TRANS: %s is the text that needs to be input.
  271. sprintf(_('Enter "%s" to confirm that ' .
  272. 'you want to delete your account.'), $iamsure));
  273. }
  274. /**
  275. * Buttons for the form
  276. *
  277. * In this case, a single submit button
  278. *
  279. * @return void
  280. */
  281. function formActions()
  282. {
  283. $this->out->submit('submit',
  284. // TRANS: Button text for user account deletion.
  285. _m('BUTTON', 'Delete'),
  286. 'submit',
  287. null,
  288. // TRANS: Button title for user account deletion.
  289. _('Permanently delete your account.'));
  290. }
  291. }