svrjs/svrjs-mods-directory
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
svrjs-mods-directory/includes/page_deleteaccount.php

137 lines
5.7 KiB
PHP
Raw Normal View History

chore: init
2024-12-27 15:05:54 +01:00
<?php
if (!defined('SVRJS_MOD_DIRECTORY')) die;
$errorMessage = null;
$modDiscarded = false;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['csrf']) {
$errorMessage = "Potential CSRF attack detected.";
} elseif (!isset($_POST['oldpassword']) || !$_POST['oldpassword']) {
$errorMessage = "You need to input password.";
} elseif (!password_verify($_POST['oldpassword'], $userData['password'])) {
$errorMessage = "The password is wrong.";
} elseif ($userData['is_moderator']) {
$errorMessage = "Can't delete the moderator account.";
} else {
$statement = $connection->prepare("SELECT slug, image_ext FROM mods_pending WHERE user = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while deleting the account.";
} else {
$statement->bind_param('i', $userData['id']);
$statement->execute();
$result = $statement->get_result();
if (!$result) {
$errorMessage = "An unexpected error occurred while deleting the account.";
} else {
$modPendingUploadDirectory = APP_FSROOT . '/img/mods_pending';
$coverDeletionError = false;
while ($modDataToDiscard = $result->fetch_assoc()) {
$pendingCoverImagePathname = isset($modDataToDiscard['image_ext']) && $modDataToDiscard['image_ext'] ? $modPendingUploadDirectory . '/' . str_replace(['/', '\\'], '', $modDataToDiscard['slug']) . '.' . str_replace(['/', '\\'], '', $modDataToDiscard['image_ext']) : null;
if ($pendingCoverImagePathname && file_exists($pendingCoverImagePathname) && !unlink($pendingCoverImagePathname)) {
$errorMessage = "An unexpected error occurred while deleting the account.";
$coverDeletionError = true;
break;
}
}
$statement->close();
if (!$coverDeletionError) {
$statement = $connection->prepare("DELETE FROM mods_pending WHERE user = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while deleting the account.";
} else {
$statement->bind_param('i', $userData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while deleting the account.";
$statement->close();
} else {
$statement->close();
$statement = $connection->prepare("DELETE FROM reviews WHERE user = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while deleting the account.";
} else {
$statement->bind_param('i', $userData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while deleting the account.";
$statement->close();
} else {
$statement->close();
$statement = $connection->prepare("UPDATE users SET email = '', password = '', bio = NULL, is_deleted = 1 WHERE id = ?");
if (!$statement) {
$errorMessage = "An unexpected error occurred while deleting the account.";
} else {
$statement->bind_param('i', $userData['id']);
if (!$statement->execute()) {
$errorMessage = "An unexpected error occurred while deleting the account.";
} else {
session_regenerate_id(true);
unset($_SESSION['user']);
$accountDeleted = true;
}
$statement->close();
}
}
}
}
}
}
}
}
}
}
if (!$accountDeleted) {
$pageTitle = "Account deleted";
$pageDescription = "Your account has been deleted.";
} else {
$pageTitle = "Delete account";
$pageDescription = "Are you sure to delete your account from SVR.JS Mods directory?";
}
include 'header.php';
?>
<main class="content">
<?php if ($accountDeleted) { ?>
<h1>Account deleted</h1>
<p>Your account has been deleted.</p>
<p><a href="<?php echo htmlspecialchars(URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') ?>" class="btn">Return to home</a></p>
<?php } else { ?>
<h1>Delete account</h1>
<p>Are you sure to delete your account from SVR.JS Mods directory?</p>
<ul>
<li>All your pending mods will be discarded.</li>
<li>All your mods will be removed.</li>
<li>All your reviews will be removed.</li>
<li>You will not be able to register under the username of your deleted account.</li>
</ul>
<form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'delete-account') ?>" method="post" class="form" enctype="multipart/form-data">
<div class="form-block">
<label for="oldpassword">Current password:</label>
<input type="password" name="oldpassword" id="oldpassword" required>
</div>
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
<div class="form-block">
<input type="submit" value="Delete account">
</div>
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">
</form>
<?php } ?>
</main>
<?php
include 'footer.php';
if ($accountDeleted) {
sendEmail(
[[
"name" => $userData['username'],
"address" => $userData['email']
]],
'Your account has been deleted.',
"Your account has been deleted. If you did it, you are safe - you can ignore the message. If not, contact the administrator of SVR.JS Mods directory immediately, as your account might be compromised."
);
}
?>
Reference in a new issue Copy permalink