Add self-service user account deletion
parent
48882cbb1b
commit
007e0ac4fb
|
@ -187,6 +187,86 @@
|
|||
return $statementUser->fetchColumn();
|
||||
}
|
||||
|
||||
public function deleteUser($uuid): bool
|
||||
{
|
||||
global $RUNTIME;
|
||||
|
||||
try {
|
||||
$RUNTIME['PDO']->beginTransaction();
|
||||
|
||||
$statementAuth = $RUNTIME['PDO']->prepare('DELETE FROM auth WHERE UUID = ?');
|
||||
$statementAuth->execute([$uuid]);
|
||||
|
||||
$statementAgentPrefs = $RUNTIME['PDO']->prepare('DELETE FROM AgentPrefs WHERE PrincipalID = ?');
|
||||
$statementAgentPrefs->execute([$uuid]);
|
||||
|
||||
$statementAvatars = $RUNTIME['PDO']->prepare('DELETE FROM Avatars WHERE PrincipalID = ?');
|
||||
$statementAvatars->execute([$uuid]);
|
||||
|
||||
$statementGridUser = $RUNTIME['PDO']->prepare('DELETE FROM GridUser WHERE UserID = ?');
|
||||
$statementGridUser->execute([$uuid]);
|
||||
|
||||
$statementEstateUser = $RUNTIME['PDO']->prepare('DELETE FROM estate_users WHERE uuid = ?');
|
||||
$statementEstateUser->execute([$uuid]);
|
||||
|
||||
$statementEstateBan = $RUNTIME['PDO']->prepare('DELETE FROM estateban WHERE bannedUUID = ?');
|
||||
$statementEstateBan->execute([$uuid]);
|
||||
|
||||
$statementHgTraveling = $RUNTIME['PDO']->prepare('DELETE FROM hg_traveling_data WHERE UserID = ?');
|
||||
$statementHgTraveling->execute([$uuid]);
|
||||
|
||||
$statementUserIdentitys = $RUNTIME['PDO']->prepare('DELETE FROM UserIdentitys WHERE PrincipalID = ?');
|
||||
$statementUserIdentitys->execute([$uuid]);
|
||||
|
||||
$statementFriends = $RUNTIME['PDO']->prepare('DELETE FROM Friends WHERE PrincipalID = ? OR Friend = ?');
|
||||
$statementFriends->execute([$uuid, $uuid]);
|
||||
|
||||
$statementImOffline = $RUNTIME['PDO']->prepare('DELETE FROM im_offline WHERE PrincipalID = ?');
|
||||
$statementImOffline->execute([$uuid]);
|
||||
|
||||
$statementInventoryFolders = $RUNTIME['PDO']->prepare('DELETE FROM inventoryfolders WHERE agentID = ?');
|
||||
$statementInventoryFolders->execute([$uuid]);
|
||||
|
||||
$statementInventoryItems = $RUNTIME['PDO']->prepare('DELETE FROM inventoryitems WHERE avatarID = ?');
|
||||
$statementInventoryItems->execute([$uuid]);
|
||||
|
||||
$statementGroupMembership = $RUNTIME['PDO']->prepare('DELETE FROM os_groups_membership WHERE PrincipalID = ?');
|
||||
$statementGroupMembership->execute([$uuid]);
|
||||
|
||||
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM os_groups_rolemembership WHERE PrincipalID = ?');
|
||||
$statementGroupRoles->execute([$uuid]);
|
||||
|
||||
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = ?');
|
||||
$statementGroupRoles->execute([$uuid]);
|
||||
|
||||
$statementMute = $RUNTIME['PDO']->prepare('DELETE FROM MuteList WHERE AgentID = ? OR MuteID = ?');
|
||||
$statementMute->execute([$uuid, $uuid]);
|
||||
|
||||
$statementUserAccounts = $RUNTIME['PDO']->prepare('DELETE FROM UserAccounts WHERE PrincipalID = ?');
|
||||
$statementUserAccounts->execute([$uuid]);
|
||||
|
||||
$statementUserData = $RUNTIME['PDO']->prepare('DELETE FROM userdata WHERE UserId = ?');
|
||||
$statementUserData->execute([$uuid]);
|
||||
|
||||
$statementUserNotes = $RUNTIME['PDO']->prepare('DELETE FROM usernotes WHERE targetuuid = ?');
|
||||
$statementUserNotes->execute([$uuid]);
|
||||
|
||||
$statementUserProfile = $RUNTIME['PDO']->prepare('DELETE FROM userprofile WHERE useruuid = ?');
|
||||
$statementUserProfile->execute([$uuid]);
|
||||
|
||||
$statementUserSettings = $RUNTIME['PDO']->prepare('DELETE FROM usersettings WHERE useruuid = ?');
|
||||
$statementUserSettings->execute([$uuid]);
|
||||
|
||||
$RUNTIME['PDO']->commit();
|
||||
|
||||
return true;
|
||||
} catch (Exception $pdoException) {
|
||||
$RUNTIME['PDO']->rollBack();
|
||||
error_log('Could not delete account '.$uuid.': '.$pdoException->getMessage());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public function gen_uuid()
|
||||
{
|
||||
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
|
||||
|
|
|
@ -153,6 +153,33 @@
|
|||
} else {
|
||||
$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
|
||||
}
|
||||
} elseif (isset($_POST['deleteAccount'])) {
|
||||
$validator = new FormValidator(array(
|
||||
'delete-confirm-password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
|
||||
'delete-confirm' => array('required' => true, 'regex' => '/^(|on)$/')
|
||||
));
|
||||
|
||||
if ($validator->isValid($_POST)) {
|
||||
if (hash_equals(md5(md5($_POST['delete-confirm-password']).':'.$_SESSION['SALT']), $_SESSION['PASSWORD'])) {
|
||||
$uuid = $_SESSION['UUID'];
|
||||
include_once 'app/OpenSim.php';
|
||||
$os = new OpenSim();
|
||||
if ($os->deleteUser($_SESSION['UUID'])) {
|
||||
$_SESSION['LOGIN'] = false;
|
||||
session_destroy();
|
||||
header('Location: index.php');
|
||||
die();
|
||||
} else {
|
||||
$_SESSION['profile_info'] = 'Bei der Accountlöschung ist ein Fehler aufgetreten. Bitte versuche es später erneut.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$_SESSION['profile_info'] = 'Zur Bestätigung der Accountlöschung musst du dein Passwort richtig eingeben.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$_SESSION['profile_info'] = 'Um deinen Account zu löschen, ist dein aktuelles Passwort und die Bestätigung des Vorgangs erforderlich.';
|
||||
}
|
||||
}
|
||||
|
||||
header('Location: index.php?page=profile');
|
||||
|
|
|
@ -110,6 +110,37 @@
|
|||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<div class="row" style="margin-top: 15px;">
|
||||
<div class="col">
|
||||
<hr>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="lead"><b>Account löschen</b></p>
|
||||
<p>Du kannst deinen eigenen Account löschen. Dies wird sofort ausgeführt. Deine Daten, einschließlich Inventar, Identitäten und Freundesliste, können danach nicht wiederhergestellt werden.</p>
|
||||
<form action="index.php?page=profile" method="post">
|
||||
<div class="row" style="margin-top: 15px">
|
||||
<div class="col">
|
||||
<div class="form-group">
|
||||
<label for="delete-confirm-password">Aktuelles Passwort</label>
|
||||
<input type="password" class="form-control" id="delete-confirm-password" name="delete-confirm-password">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="form-check">
|
||||
<input class="form-check-input" name="delete-confirm" type="checkbox" id="delete-confirm">
|
||||
<label class="form-check-label" for="delete-confirm">Ich möchte meinen Account, mein Inventar und alle sonstigen Benutzerdaten von mir auf 4Creative unwiderruflich löschen lassen.</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col">
|
||||
%%CSRF%%
|
||||
<center><button type="submit" name="deleteAccount" class="btn btn-danger btn-lg">Account löschen</button></center>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue