FS#2751 - self deletion of user account

5 files changed, 86 insertions, 8 deletions

diff --git a/inc/actions.php b/inc/actions.php
index da3414eb2..bf124c887 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -92,14 +92,26 @@ function act_dispatch(){
             $ACT = 'login';
         }
 
-        //update user profile
-        if ($ACT == 'profile') {
+        // user profile changes
+        if (in_array($ACT, array('profile','profile_delete'))) {
             if(!$_SERVER['REMOTE_USER']) {
                 $ACT = 'login';
             } else {
-                if(updateprofile()) {
-                    msg($lang['profchanged'],1);
-                    $ACT = 'show';
+                switch ($ACT) {
+                    case 'profile' :
+                        if(updateprofile()) {
+                            msg($lang['profchanged'],1);
+                            $ACT = 'show';
+                        }
+                        break;
+                    case 'profile_delete' :
+                        if(auth_deleteprofile()){
+                            msg($lang['profdeleted'],1);
+                            $ACT = 'show';
+                        } else {
+                            $ACT = 'profile';
+                        }
+                        break;
                 }
             }
         }
@@ -247,7 +259,7 @@ function act_validate($act) {
     //disable all acl related commands if ACL is disabled
     if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin',
                     'subscribe','unsubscribe','profile','revert',
-                    'resendpwd'))){
+                    'resendpwd','profile_delete'))){
         msg('Command unavailable: '.htmlspecialchars($act),-1);
         return 'show';
     }
@@ -258,7 +270,7 @@ function act_validate($act) {
     if(!in_array($act,array('login','logout','register','save','cancel','edit','draft',
                     'preview','search','show','check','index','revisions',
                     'diff','recent','backlink','admin','subscribe','revert',
-                    'unsubscribe','profile','resendpwd','recover',
+                    'unsubscribe','profile','profile_delete','resendpwd','recover',
                     'draftdel','sitemap','media')) && substr($act,0,7) != 'export_' ) {
         msg('Command unknown: '.htmlspecialchars($act),-1);
         return 'show';
@@ -287,7 +299,7 @@ function act_permcheck($act){
         }else{
             $permneed = AUTH_CREATE;
         }
-    }elseif(in_array($act,array('login','search','recent','profile','index', 'sitemap'))){
+    }elseif(in_array($act,array('login','search','recent','profile','profile_delete','index', 'sitemap'))){
         $permneed = AUTH_NONE;
     }elseif($act == 'revert'){
         $permneed = AUTH_ADMIN;
diff --git a/inc/auth.php b/inc/auth.php
index 537d44c01..75ba9a9ba 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -901,6 +901,45 @@ function updateprofile() {
     return false;
 }
 
+function auth_deleteprofile(){
+    global $conf;
+    global $lang;
+    /* @var auth_basic $auth */
+    global $auth;
+    /* @var Input $INPUT */
+    global $INPUT;
+
+    if(!$INPUT->post->bool('delete')) return false;
+    if(!checkSecurityToken()) return false;
+
+    // action prevented or auth module disallows 
+    if(!actionOK('profile_delete') || !$auth->canDo('delUser')) {
+        msg($lang['profnodelete'], -1);
+        return false;
+    }
+
+    if(!$INPUT->post->bool('confirm_delete')){
+        msg($lang['profconfdeletemissing'], -1);
+        return false;
+    }
+
+    if($conf['profileconfirm']) {
+        if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
+            msg($lang['badpassconfirm'], -1);
+            return false;
+        }
+    }
+
+    $deleted[] = $_SERVER['REMOTE_USER'];
+    if($result = $auth->triggerUserMod('delete', array($deleted))) {
+        // force and immediate logout including removing the sticky cookie
+        auth_logoff();
+        return true;
+    }
+
+    return false;
+}
+
 /**
  * Send a  new password
  *
diff --git a/inc/confutils.php b/inc/confutils.php
index 404cc6050..02be0089c 100644
--- a/inc/confutils.php
+++ b/inc/confutils.php
@@ -261,6 +261,9 @@ function actionOK($action){
         if (is_null($auth) || !$auth->canDo('Profile')) {
             $disabled[] = 'profile';
         }
+        if (is_null($auth) || !$auth->canDo('delUser')) {
+            $disabled[] = 'profile_delete';
+        }
         if (is_null($auth)) {
             $disabled[] = 'login';
         }
diff --git a/inc/html.php b/inc/html.php
index fb39fcb3c..5e3388a52 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -1381,6 +1381,23 @@ function html_updateprofile(){
     $form->addElement(form_makeButton('reset', '', $lang['btn_reset']));
     $form->endFieldset();
     html_form('updateprofile', $form);
+
+    if ($auth->canDo('delUser') && actionOK('profile_delete')) {
+        $form_profiledelete = new Doku_Form(array('id' => 'dw__profiledelete'));
+        $form_profiledelete->startFieldset($lang['profdeleteuser']);
+        $form_profiledelete->addHidden('do', 'profile_delete');
+        $form_profiledelete->addHidden('delete', '1');
+        $form_profiledelete->addElement(form_makeCheckboxField('confirm_delete', '1', $lang['profconfdelete'],'dw__confirmdelete','', array('required' => 'required')));
+        if ($conf['profileconfirm']) {
+            $form_profiledelete->addElement(form_makeTag('br'));
+            $form_profiledelete->addElement(form_makePasswordField('oldpass', $lang['oldpass'], '', 'block', array('size'=>'50', 'required' => 'required')));
+        }
+        $form_profiledelete->addElement(form_makeButton('submit', '', $lang['btn_deleteuser']));
+        $form_profiledelete->endFieldset();
+
+        html_form('profiledelete', $form_profiledelete);
+    }
+
     print '</div>'.NL;
 }
 
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php
index cdad6c9a6..d4acfad6e 100644
--- a/inc/lang/en/lang.php
+++ b/inc/lang/en/lang.php
@@ -51,6 +51,7 @@ $lang['btn_revert']            = 'Restore';
 $lang['btn_register']          = 'Register';
 $lang['btn_apply']             = 'Apply';
 $lang['btn_media']             = 'Media Manager';
+$lang['btn_deleteuser']        = 'Remove My Account';
 
 $lang['loggedinas']            = 'Logged in as';
 $lang['user']                  = 'Username';
@@ -63,6 +64,7 @@ $lang['fullname']              = 'Real name';
 $lang['email']                 = 'E-Mail';
 $lang['profile']               = 'User Profile';
 $lang['badlogin']              = 'Sorry, username or password was wrong.';
+$lang['badpassconfirm']        = 'Sorry, the password was wrong';
 $lang['minoredit']             = 'Minor Changes';
 $lang['draftdate']             = 'Draft autosaved on'; // full dformat date will be added
 $lang['nosecedit']             = 'The page was changed in the meantime, section info was out of date loaded full page instead.';
@@ -81,6 +83,11 @@ $lang['profna']                = 'This wiki does not support profile modificatio
 $lang['profnochange']          = 'No changes, nothing to do.';
 $lang['profnoempty']           = 'An empty name or email address is not allowed.';
 $lang['profchanged']           = 'User profile successfully updated.';
+$lang['profnodelete']          = 'This wiki does not support deleting users';
+$lang['profdeleteuser']        = 'Delete Account'; 
+$lang['profdeleted']           = 'Your user account has been deleted from this wiki';
+$lang['profconfdelete']        = 'I wish to remove my account from this wiki. <br/> This action can not be undone.';
+$lang['profconfdeletemissing'] = 'Confirmation check box not ticked';
 
 $lang['pwdforget']             = 'Forgotten your password? Get a new one';
 $lang['resendna']              = 'This wiki does not support password resending.';