Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Add self-service user account deletion

master
Anonymous Contributor 2023-08-27 11:20:50 +02:00
parent 48882cbb1b
commit 007e0ac4fb
3 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
app/OpenSim.php
View File

@ -187,6 +187,86 @@
return $statementUser->fetchColumn(); return $statementUser->fetchColumn();
} }
public function deleteUser($uuid): bool
{
global $RUNTIME;
try {
$RUNTIME['PDO']->beginTransaction();
$statementAuth = $RUNTIME['PDO']->prepare('DELETE FROM auth WHERE UUID = ?');
$statementAuth->execute([$uuid]);
$statementAgentPrefs = $RUNTIME['PDO']->prepare('DELETE FROM AgentPrefs WHERE PrincipalID = ?');
$statementAgentPrefs->execute([$uuid]);
$statementAvatars = $RUNTIME['PDO']->prepare('DELETE FROM Avatars WHERE PrincipalID = ?');
$statementAvatars->execute([$uuid]);
$statementGridUser = $RUNTIME['PDO']->prepare('DELETE FROM GridUser WHERE UserID = ?');
$statementGridUser->execute([$uuid]);
$statementEstateUser = $RUNTIME['PDO']->prepare('DELETE FROM estate_users WHERE uuid = ?');
$statementEstateUser->execute([$uuid]);
$statementEstateBan = $RUNTIME['PDO']->prepare('DELETE FROM estateban WHERE bannedUUID = ?');
$statementEstateBan->execute([$uuid]);
$statementHgTraveling = $RUNTIME['PDO']->prepare('DELETE FROM hg_traveling_data WHERE UserID = ?');
$statementHgTraveling->execute([$uuid]);
$statementUserIdentitys = $RUNTIME['PDO']->prepare('DELETE FROM UserIdentitys WHERE PrincipalID = ?');
$statementUserIdentitys->execute([$uuid]);
$statementFriends = $RUNTIME['PDO']->prepare('DELETE FROM Friends WHERE PrincipalID = ? OR Friend = ?');
$statementFriends->execute([$uuid, $uuid]);
$statementImOffline = $RUNTIME['PDO']->prepare('DELETE FROM im_offline WHERE PrincipalID = ?');
$statementImOffline->execute([$uuid]);
$statementInventoryFolders = $RUNTIME['PDO']->prepare('DELETE FROM inventoryfolders WHERE agentID = ?');
$statementInventoryFolders->execute([$uuid]);
$statementInventoryItems = $RUNTIME['PDO']->prepare('DELETE FROM inventoryitems WHERE avatarID = ?');
$statementInventoryItems->execute([$uuid]);
$statementGroupMembership = $RUNTIME['PDO']->prepare('DELETE FROM os_groups_membership WHERE PrincipalID = ?');
$statementGroupMembership->execute([$uuid]);
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM os_groups_rolemembership WHERE PrincipalID = ?');
$statementGroupRoles->execute([$uuid]);
$statementGroupRoles = $RUNTIME['PDO']->prepare('DELETE FROM Presence WHERE UserID = ?');
$statementGroupRoles->execute([$uuid]);
$statementMute = $RUNTIME['PDO']->prepare('DELETE FROM MuteList WHERE AgentID = ? OR MuteID = ?');
$statementMute->execute([$uuid, $uuid]);
$statementUserAccounts = $RUNTIME['PDO']->prepare('DELETE FROM UserAccounts WHERE PrincipalID = ?');
$statementUserAccounts->execute([$uuid]);
$statementUserData = $RUNTIME['PDO']->prepare('DELETE FROM userdata WHERE UserId = ?');
$statementUserData->execute([$uuid]);
$statementUserNotes = $RUNTIME['PDO']->prepare('DELETE FROM usernotes WHERE targetuuid = ?');
$statementUserNotes->execute([$uuid]);
$statementUserProfile = $RUNTIME['PDO']->prepare('DELETE FROM userprofile WHERE useruuid = ?');
$statementUserProfile->execute([$uuid]);
$statementUserSettings = $RUNTIME['PDO']->prepare('DELETE FROM usersettings WHERE useruuid = ?');
$statementUserSettings->execute([$uuid]);
$RUNTIME['PDO']->commit();
return true;
} catch (Exception $pdoException) {
$RUNTIME['PDO']->rollBack();
error_log('Could not delete account '.$uuid.': '.$pdoException->getMessage());
return false;
}
}
public function gen_uuid() public function gen_uuid()
{ {
return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',

27
pages/profile.php
View File

@ -153,6 +153,33 @@
} else { } else {
$_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.'; $_SESSION['profile_info'] = 'Bitte fülle das Formular vollständig aus.';
} }
} elseif (isset($_POST['deleteAccount'])) {
$validator = new FormValidator(array(
'delete-confirm-password' => array('required' => true, 'regex' => '/^.{1,1000}$/'),
'delete-confirm' => array('required' => true, 'regex' => '/^(|on)$/')
));
if ($validator->isValid($_POST)) {
if (hash_equals(md5(md5($_POST['delete-confirm-password']).':'.$_SESSION['SALT']), $_SESSION['PASSWORD'])) {
$uuid = $_SESSION['UUID'];
include_once 'app/OpenSim.php';
$os = new OpenSim();
if ($os->deleteUser($_SESSION['UUID'])) {
$_SESSION['LOGIN'] = false;
session_destroy();
header('Location: index.php');
die();
} else {
$_SESSION['profile_info'] = 'Bei der Accountlöschung ist ein Fehler aufgetreten. Bitte versuche es später erneut.';
}
}
else {
$_SESSION['profile_info'] = 'Zur Bestätigung der Accountlöschung musst du dein Passwort richtig eingeben.';
}
}
else {
$_SESSION['profile_info'] = 'Um deinen Account zu löschen, ist dein aktuelles Passwort und die Bestätigung des Vorgangs erforderlich.';
}
} }
header('Location: index.php?page=profile'); header('Location: index.php?page=profile');

31
templates/profile.html
View File

@ -110,6 +110,37 @@
</div> </div>
</div> </div>
</form> </form>
<div class="row" style="margin-top: 15px;">
<div class="col">
<hr>
</div>
</div>
<p class="lead"><b>Account löschen</b></p>
<p>Du kannst deinen eigenen Account löschen. Dies wird sofort ausgeführt. Deine Daten, einschließlich Inventar, Identitäten und Freundesliste, können danach nicht wiederhergestellt werden.</p>
<form action="index.php?page=profile" method="post">
<div class="row" style="margin-top: 15px">
<div class="col">
<div class="form-group">
<label for="delete-confirm-password">Aktuelles Passwort</label>
<input type="password" class="form-control" id="delete-confirm-password" name="delete-confirm-password">
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" name="delete-confirm" type="checkbox" id="delete-confirm">
<label class="form-check-label" for="delete-confirm">Ich möchte meinen Account, mein Inventar und alle sonstigen Benutzerdaten von mir auf 4Creative unwiderruflich löschen lassen.</label>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col">
%%CSRF%%
<center><button type="submit" name="deleteAccount" class="btn btn-danger btn-lg">Account löschen</button></center>
</div>
</div>
</form>
</div> </div>
</div> </div>
</div> </div>