137 lines
No EOL
5.7 KiB
PHP
137 lines
No EOL
5.7 KiB
PHP
<?php
|
|
if (!defined('SVRJS_MOD_DIRECTORY')) die;
|
|
|
|
$errorMessage = null;
|
|
$modDiscarded = false;
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['csrf']) {
|
|
$errorMessage = "Potential CSRF attack detected.";
|
|
} elseif (!isset($_POST['oldpassword']) || !$_POST['oldpassword']) {
|
|
$errorMessage = "You need to input password.";
|
|
} elseif (!password_verify($_POST['oldpassword'], $userData['password'])) {
|
|
$errorMessage = "The password is wrong.";
|
|
} elseif ($userData['is_moderator']) {
|
|
$errorMessage = "Can't delete the moderator account.";
|
|
} else {
|
|
$statement = $connection->prepare("SELECT slug, image_ext FROM mods_pending WHERE user = ?");
|
|
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
} else {
|
|
$statement->bind_param('i', $userData['id']);
|
|
$statement->execute();
|
|
$result = $statement->get_result();
|
|
if (!$result) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
} else {
|
|
$modPendingUploadDirectory = APP_FSROOT . '/img/mods_pending';
|
|
$coverDeletionError = false;
|
|
while ($modDataToDiscard = $result->fetch_assoc()) {
|
|
$pendingCoverImagePathname = isset($modDataToDiscard['image_ext']) && $modDataToDiscard['image_ext'] ? $modPendingUploadDirectory . '/' . str_replace(['/', '\\'], '', $modDataToDiscard['slug']) . '.' . str_replace(['/', '\\'], '', $modDataToDiscard['image_ext']) : null;
|
|
|
|
if ($pendingCoverImagePathname && file_exists($pendingCoverImagePathname) && !unlink($pendingCoverImagePathname)) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
$coverDeletionError = true;
|
|
break;
|
|
}
|
|
}
|
|
$statement->close();
|
|
if (!$coverDeletionError) {
|
|
$statement = $connection->prepare("DELETE FROM mods_pending WHERE user = ?");
|
|
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
} else {
|
|
$statement->bind_param('i', $userData['id']);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
$statement->close();
|
|
} else {
|
|
$statement->close();
|
|
$statement = $connection->prepare("DELETE FROM reviews WHERE user = ?");
|
|
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
} else {
|
|
$statement->bind_param('i', $userData['id']);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
$statement->close();
|
|
} else {
|
|
$statement->close();
|
|
$statement = $connection->prepare("UPDATE users SET email = '', password = '', bio = NULL, is_deleted = 1 WHERE id = ?");
|
|
|
|
if (!$statement) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
} else {
|
|
$statement->bind_param('i', $userData['id']);
|
|
if (!$statement->execute()) {
|
|
$errorMessage = "An unexpected error occurred while deleting the account.";
|
|
} else {
|
|
session_regenerate_id(true);
|
|
unset($_SESSION['user']);
|
|
$accountDeleted = true;
|
|
}
|
|
$statement->close();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!$accountDeleted) {
|
|
$pageTitle = "Account deleted";
|
|
$pageDescription = "Your account has been deleted.";
|
|
} else {
|
|
$pageTitle = "Delete account";
|
|
$pageDescription = "Are you sure to delete your account from SVR.JS Mods directory?";
|
|
}
|
|
include 'header.php';
|
|
?>
|
|
<main class="content">
|
|
<?php if ($accountDeleted) { ?>
|
|
<h1>Account deleted</h1>
|
|
<p>Your account has been deleted.</p>
|
|
<p><a href="<?php echo htmlspecialchars(URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') ?>" class="btn">Return to home</a></p>
|
|
<?php } else { ?>
|
|
<h1>Delete account</h1>
|
|
<p>Are you sure to delete your account from SVR.JS Mods directory?</p>
|
|
<ul>
|
|
<li>All your pending mods will be discarded.</li>
|
|
<li>All your mods will be removed.</li>
|
|
<li>All your reviews will be removed.</li>
|
|
<li>You will not be able to register under the username of your deleted account.</li>
|
|
</ul>
|
|
<form action="<?php echo htmlspecialchars((URL_REWRITTEN ? APP_ROOT : APP_ROOT . APP_FILENAME . '/') . 'delete-account') ?>" method="post" class="form" enctype="multipart/form-data">
|
|
<div class="form-block">
|
|
<label for="oldpassword">Current password:</label>
|
|
<input type="password" name="oldpassword" id="oldpassword" required>
|
|
</div>
|
|
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
|
|
<div class="form-block">
|
|
<input type="submit" value="Delete account">
|
|
</div>
|
|
<input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']) ?>">
|
|
</form>
|
|
<?php } ?>
|
|
</main>
|
|
<?php
|
|
include 'footer.php';
|
|
|
|
if ($accountDeleted) {
|
|
sendEmail(
|
|
[[
|
|
"name" => $userData['username'],
|
|
"address" => $userData['email']
|
|
]],
|
|
'Your account has been deleted.',
|
|
"Your account has been deleted. If you did it, you are safe - you can ignore the message. If not, contact the administrator of SVR.JS Mods directory immediately, as your account might be compromised."
|
|
);
|
|
}
|
|
?>
|