diff --git a/app/OpenSim.php b/app/OpenSim.php index 0eed2d4..ff628e8 100644 --- a/app/OpenSim.php +++ b/app/OpenSim.php @@ -187,6 +187,86 @@ return $statementUser->fetchColumn(); } + public function deleteUser($uuid): bool + { + global $RUNTIME; + + try { + $RUNTIME['PDO']->beginTransaction(); + + $statementAuth = $RUNTIME['PDO']->prepare('DELETE FROM auth WHERE UUID = ?'); + $statementAuth->execute([$uuid]); + + $statementAgentPrefs = $RUNTIME['PDO']->prepare('DELETE FROM AgentPrefs WHERE PrincipalID = ?'); + $statementAgentPrefs->execute([$uuid]); + + $statementAvatars = $RUNTIME['PDO']->prepare('DELETE FROM Avatars WHERE PrincipalID = ?'); + $statementAvatars->execute([$uuid]); + + $statementGridUser = $RUNTIME['PDO']->prepare('DELETE FROM GridUser WHERE UserID = ?'); + $statementGridUser->execute([$uuid]); + + $statementEstateUser = $RUNTIME['PDO']->prepare('DELETE FROM estate_users WHERE uuid = ?'); + $statementEstateUser->execute([$uuid]); + + $statementEstateBan = $RUNTIME['PDO']->prepare('DELETE FROM estateban WHERE bannedUUID = ?'); + $statementEstateBan->execute([$uuid]); + + $statementHgTraveling = $RUNTIME['PDO']->prepare('DELETE FROM hg_traveling_data WHERE UserID = ?'); + $statementHgTraveling->execute([$uuid]); + + $statementUserIdentitys = $RUNTIME['PDO']->prepare('DELETE FROM UserIdentitys WHERE PrincipalID = ?'); + $statementUserIdentitys->execute([$uuid]); + + $statementFriends = $RUNTIME['PDO']->prepare('DELETE FROM Friends WHERE PrincipalID = ? OR Friend = ?'); + $statementFriends->execute([$uuid, $uuid]); + + $statementImOffline = $RUNTIME['PDO']->prepare('DELETE FROM im_offline WHERE PrincipalID = ?'); + $statementImOffline->execute([$uuid]); + + $statementInventoryFolders = $RUNTIME['PDO']->prepare('DELETE FROM inventoryfolders WHERE agentID = ?'); + $statementInventoryFolders->execute([$uuid]); + + $statementInventoryItems = $RUNTIME['PDO']->prepare('DELETE FROM inventoryitems WHERE avatarID = ?'); + $statementInventoryItems->execute([$uuid]); + + $statementGroupMembership = $RUNTIME['PDO']->prepare('DELETE FROM os_groups_membership WHERE PrincipalID = ?'); + $statementGroupMembership->execute([$uuid]); + + $statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM os_groups_rolemembership WHERE PrincipalID = ?'); + $statementGroupRoles->execute([$uuid]); + + $statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = ?'); + $statementGroupRoles->execute([$uuid]); + + $statementMute = $RUNTIME['PDO']->prepare('DELETE FROM MuteList WHERE AgentID = ? OR MuteID = ?'); + $statementMute->execute([$uuid, $uuid]); + + $statementUserAccounts = $RUNTIME['PDO']->prepare('DELETE FROM UserAccounts WHERE PrincipalID = ?'); + $statementUserAccounts->execute([$uuid]); + + $statementUserData = $RUNTIME['PDO']->prepare('DELETE FROM userdata WHERE UserId = ?'); + $statementUserData->execute([$uuid]); + + $statementUserNotes = $RUNTIME['PDO']->prepare('DELETE FROM usernotes WHERE targetuuid = ?'); + $statementUserNotes->execute([$uuid]); + + $statementUserProfile = $RUNTIME['PDO']->prepare('DELETE FROM userprofile WHERE useruuid = ?'); + $statementUserProfile->execute([$uuid]); + + $statementUserSettings = $RUNTIME['PDO']->prepare('DELETE FROM usersettings WHERE useruuid = ?'); + $statementUserSettings->execute([$uuid]); + + $RUNTIME['PDO']->commit(); + + return true; + } catch (Exception $pdoException) { + $RUNTIME['PDO']->rollBack(); + error_log('Could not delete account '.$uuid.': '.$pdoException->getMessage()); + return false; + } + } + public function gen_uuid() { return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', diff --git a/pages/profile.php b/pages/profile.php index 4391bb6..97a77a2 100644 --- a/pages/profile.php +++ b/pages/profile.php @@ -153,6 +153,33 @@ } else { $_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.'; } + } elseif (isset($_POST['deleteAccount'])) { + $validator = new FormValidator(array( + 'delete-confirm-password' => array('required' => true, 'regex' => '/^.{1,1000}$/'), + 'delete-confirm' => array('required' => true, 'regex' => '/^(|on)$/') + )); + + if ($validator->isValid($_POST)) { + if (hash_equals(md5(md5($_POST['delete-confirm-password']).':'.$_SESSION['SALT']), $_SESSION['PASSWORD'])) { + $uuid = $_SESSION['UUID']; + include_once 'app/OpenSim.php'; + $os = new OpenSim(); + if ($os->deleteUser($_SESSION['UUID'])) { + $_SESSION['LOGIN'] = false; + session_destroy(); + header('Location: index.php'); + die(); + } else { + $_SESSION['profile_info'] = 'Bei der Accountlöschung ist ein Fehler aufgetreten. Bitte versuche es später erneut.'; + } + } + else { + $_SESSION['profile_info'] = 'Zur Bestätigung der Accountlöschung musst du dein Passwort richtig eingeben.'; + } + } + else { + $_SESSION['profile_info'] = 'Um deinen Account zu löschen, ist dein aktuelles Passwort und die Bestätigung des Vorgangs erforderlich.'; + } } header('Location: index.php?page=profile'); diff --git a/templates/profile.html b/templates/profile.html index 11045ea..bf2ff48 100644 --- a/templates/profile.html +++ b/templates/profile.html @@ -110,6 +110,37 @@ + +
+
+
+
+
+ +

Account löschen

+

Du kannst deinen eigenen Account löschen. Dies wird sofort ausgeführt. Deine Daten, einschließlich Inventar, Identitäten und Freundesliste, können danach nicht wiederhergestellt werden.

+
+
+
+
+ + +
+
+
+ + +
+
+
+
+
+
+ %%CSRF%% +
+
+
+