From 2a7abf2d7fee6a2d6418e5ad4b79e37e6049bd92 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 31 Jul 2013 18:14:26 +0200 Subject: FS#2751 - self deletion of user account --- inc/actions.php | 28 ++++++++++++++++++++-------- inc/auth.php | 39 +++++++++++++++++++++++++++++++++++++++ inc/confutils.php | 3 +++ inc/html.php | 17 +++++++++++++++++ inc/lang/en/lang.php | 7 +++++++ 5 files changed, 86 insertions(+), 8 deletions(-) (limited to 'inc') diff --git a/inc/actions.php b/inc/actions.php index da3414eb2..bf124c887 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -92,14 +92,26 @@ function act_dispatch(){ $ACT = 'login'; } - //update user profile - if ($ACT == 'profile') { + // user profile changes + if (in_array($ACT, array('profile','profile_delete'))) { if(!$_SERVER['REMOTE_USER']) { $ACT = 'login'; } else { - if(updateprofile()) { - msg($lang['profchanged'],1); - $ACT = 'show'; + switch ($ACT) { + case 'profile' : + if(updateprofile()) { + msg($lang['profchanged'],1); + $ACT = 'show'; + } + break; + case 'profile_delete' : + if(auth_deleteprofile()){ + msg($lang['profdeleted'],1); + $ACT = 'show'; + } else { + $ACT = 'profile'; + } + break; } } } @@ -247,7 +259,7 @@ function act_validate($act) { //disable all acl related commands if ACL is disabled if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin', 'subscribe','unsubscribe','profile','revert', - 'resendpwd'))){ + 'resendpwd','profile_delete'))){ msg('Command unavailable: '.htmlspecialchars($act),-1); return 'show'; } @@ -258,7 +270,7 @@ function act_validate($act) { if(!in_array($act,array('login','logout','register','save','cancel','edit','draft', 'preview','search','show','check','index','revisions', 'diff','recent','backlink','admin','subscribe','revert', - 'unsubscribe','profile','resendpwd','recover', + 'unsubscribe','profile','profile_delete','resendpwd','recover', 'draftdel','sitemap','media')) && substr($act,0,7) != 'export_' ) { msg('Command unknown: '.htmlspecialchars($act),-1); return 'show'; @@ -287,7 +299,7 @@ function act_permcheck($act){ }else{ $permneed = AUTH_CREATE; } - }elseif(in_array($act,array('login','search','recent','profile','index', 'sitemap'))){ + }elseif(in_array($act,array('login','search','recent','profile','profile_delete','index', 'sitemap'))){ $permneed = AUTH_NONE; }elseif($act == 'revert'){ $permneed = AUTH_ADMIN; diff --git a/inc/auth.php b/inc/auth.php index 537d44c01..75ba9a9ba 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -901,6 +901,45 @@ function updateprofile() { return false; } +function auth_deleteprofile(){ + global $conf; + global $lang; + /* @var auth_basic $auth */ + global $auth; + /* @var Input $INPUT */ + global $INPUT; + + if(!$INPUT->post->bool('delete')) return false; + if(!checkSecurityToken()) return false; + + // action prevented or auth module disallows + if(!actionOK('profile_delete') || !$auth->canDo('delUser')) { + msg($lang['profnodelete'], -1); + return false; + } + + if(!$INPUT->post->bool('confirm_delete')){ + msg($lang['profconfdeletemissing'], -1); + return false; + } + + if($conf['profileconfirm']) { + if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + msg($lang['badpassconfirm'], -1); + return false; + } + } + + $deleted[] = $_SERVER['REMOTE_USER']; + if($result = $auth->triggerUserMod('delete', array($deleted))) { + // force and immediate logout including removing the sticky cookie + auth_logoff(); + return true; + } + + return false; +} + /** * Send a new password * diff --git a/inc/confutils.php b/inc/confutils.php index 404cc6050..02be0089c 100644 --- a/inc/confutils.php +++ b/inc/confutils.php @@ -261,6 +261,9 @@ function actionOK($action){ if (is_null($auth) || !$auth->canDo('Profile')) { $disabled[] = 'profile'; } + if (is_null($auth) || !$auth->canDo('delUser')) { + $disabled[] = 'profile_delete'; + } if (is_null($auth)) { $disabled[] = 'login'; } diff --git a/inc/html.php b/inc/html.php index fb39fcb3c..5e3388a52 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1381,6 +1381,23 @@ function html_updateprofile(){ $form->addElement(form_makeButton('reset', '', $lang['btn_reset'])); $form->endFieldset(); html_form('updateprofile', $form); + + if ($auth->canDo('delUser') && actionOK('profile_delete')) { + $form_profiledelete = new Doku_Form(array('id' => 'dw__profiledelete')); + $form_profiledelete->startFieldset($lang['profdeleteuser']); + $form_profiledelete->addHidden('do', 'profile_delete'); + $form_profiledelete->addHidden('delete', '1'); + $form_profiledelete->addElement(form_makeCheckboxField('confirm_delete', '1', $lang['profconfdelete'],'dw__confirmdelete','', array('required' => 'required'))); + if ($conf['profileconfirm']) { + $form_profiledelete->addElement(form_makeTag('br')); + $form_profiledelete->addElement(form_makePasswordField('oldpass', $lang['oldpass'], '', 'block', array('size'=>'50', 'required' => 'required'))); + } + $form_profiledelete->addElement(form_makeButton('submit', '', $lang['btn_deleteuser'])); + $form_profiledelete->endFieldset(); + + html_form('profiledelete', $form_profiledelete); + } + print ''.NL; } diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index cdad6c9a6..d4acfad6e 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -51,6 +51,7 @@ $lang['btn_revert'] = 'Restore'; $lang['btn_register'] = 'Register'; $lang['btn_apply'] = 'Apply'; $lang['btn_media'] = 'Media Manager'; +$lang['btn_deleteuser'] = 'Remove My Account'; $lang['loggedinas'] = 'Logged in as'; $lang['user'] = 'Username'; @@ -63,6 +64,7 @@ $lang['fullname'] = 'Real name'; $lang['email'] = 'E-Mail'; $lang['profile'] = 'User Profile'; $lang['badlogin'] = 'Sorry, username or password was wrong.'; +$lang['badpassconfirm'] = 'Sorry, the password was wrong'; $lang['minoredit'] = 'Minor Changes'; $lang['draftdate'] = 'Draft autosaved on'; // full dformat date will be added $lang['nosecedit'] = 'The page was changed in the meantime, section info was out of date loaded full page instead.'; @@ -81,6 +83,11 @@ $lang['profna'] = 'This wiki does not support profile modificatio $lang['profnochange'] = 'No changes, nothing to do.'; $lang['profnoempty'] = 'An empty name or email address is not allowed.'; $lang['profchanged'] = 'User profile successfully updated.'; +$lang['profnodelete'] = 'This wiki does not support deleting users'; +$lang['profdeleteuser'] = 'Delete Account'; +$lang['profdeleted'] = 'Your user account has been deleted from this wiki'; +$lang['profconfdelete'] = 'I wish to remove my account from this wiki.
This action can not be undone.'; +$lang['profconfdeletemissing'] = 'Confirmation check box not ticked'; $lang['pwdforget'] = 'Forgotten your password? Get a new one'; $lang['resendna'] = 'This wiki does not support password resending.'; -- cgit v1.2.3 From 020ea9e10577217f17372cb6510d872f9a5c647c Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 31 Jul 2013 18:15:57 +0200 Subject: unit tests for self deleting of user accounts --- inc/confutils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc') diff --git a/inc/confutils.php b/inc/confutils.php index 02be0089c..0ac003b72 100644 --- a/inc/confutils.php +++ b/inc/confutils.php @@ -241,7 +241,7 @@ function getConfigFiles($type) { */ function actionOK($action){ static $disabled = null; - if(is_null($disabled)){ + if(is_null($disabled) || defined('SIMPLE_TEST')){ global $conf; /** @var auth_basic $auth */ global $auth; -- cgit v1.2.3 From d6d38cc20037bd20fb7183733267d2fbf68b03e4 Mon Sep 17 00:00:00 2001 From: Matthias Schulte Date: Thu, 1 Aug 2013 22:06:14 +0200 Subject: de/de-informal: localization updates (delete user function) --- inc/lang/de-informal/lang.php | 7 +++++++ inc/lang/de/lang.php | 7 +++++++ 2 files changed, 14 insertions(+) (limited to 'inc') diff --git a/inc/lang/de-informal/lang.php b/inc/lang/de-informal/lang.php index 9a6e6f72c..aaf92ef35 100644 --- a/inc/lang/de-informal/lang.php +++ b/inc/lang/de-informal/lang.php @@ -64,6 +64,7 @@ $lang['btn_revert'] = 'Wiederherstellen'; $lang['btn_register'] = 'Registrieren'; $lang['btn_apply'] = 'Übernehmen'; $lang['btn_media'] = 'Medien-Manager'; +$lang['btn_deleteuser'] = 'Benutzerprofil löschen'; $lang['loggedinas'] = 'Angemeldet als'; $lang['user'] = 'Benutzername'; $lang['pass'] = 'Passwort'; @@ -75,6 +76,7 @@ $lang['fullname'] = 'Voller Name'; $lang['email'] = 'E-Mail'; $lang['profile'] = 'Benutzerprofil'; $lang['badlogin'] = 'Nutzername oder Passwort sind falsch.'; +$lang['badpassconfirm'] = 'Das Passwort war falsch.'; $lang['minoredit'] = 'Kleine Änderung'; $lang['draftdate'] = 'Entwurf gespeichert am'; $lang['nosecedit'] = 'Diese Seite wurde in der Zwischenzeit geändert, da das Sektionsinfo veraltet ist. Die ganze Seite wird stattdessen geladen.'; @@ -91,6 +93,11 @@ $lang['profna'] = 'Änderung des Benutzerprofils in diesem Wiki n $lang['profnochange'] = 'Keine Änderungen, nichts zu tun.'; $lang['profnoempty'] = 'Es muss ein Name oder eine E-Mail Adresse angegeben werden.'; $lang['profchanged'] = 'Benutzerprofil erfolgreich geändert.'; +$lang['profnodelete'] = 'Dieses Wiki unterstützt nicht das Löschen von Benutzern.'; +$lang['profdeleteuser'] = 'Benutzerprofil löschen'; +$lang['profdeleted'] = 'Dein Benutzerprofil wurde im Wiki gelöscht.'; +$lang['profconfdelete'] = 'Ich möchte mein Benutzerprofil löschen.
Diese Aktion ist nicht umkehrbar.'; +$lang['profconfdeletemissing'] = 'Bestätigungs-Checkbox wurde nicht angehakt.'; $lang['pwdforget'] = 'Passwort vergessen? Fordere ein neues an'; $lang['resendna'] = 'Passwörter versenden ist in diesem Wiki nicht möglich.'; $lang['resendpwd'] = 'Neues Passwort setzen für'; diff --git a/inc/lang/de/lang.php b/inc/lang/de/lang.php index af6f32bf4..f7e551c63 100644 --- a/inc/lang/de/lang.php +++ b/inc/lang/de/lang.php @@ -65,6 +65,7 @@ $lang['btn_revert'] = 'Wiederherstellen'; $lang['btn_register'] = 'Registrieren'; $lang['btn_apply'] = 'Übernehmen'; $lang['btn_media'] = 'Medien-Manager'; +$lang['btn_deleteuser'] = 'Benutzerprofil löschen'; $lang['loggedinas'] = 'Angemeldet als'; $lang['user'] = 'Benutzername'; $lang['pass'] = 'Passwort'; @@ -76,6 +77,7 @@ $lang['fullname'] = 'Voller Name'; $lang['email'] = 'E-Mail'; $lang['profile'] = 'Benutzerprofil'; $lang['badlogin'] = 'Nutzername oder Passwort sind falsch.'; +$lang['badpassconfirm'] = 'Das Passwort war falsch.'; $lang['minoredit'] = 'kleine Änderung'; $lang['draftdate'] = 'Entwurf gespeichert am'; $lang['nosecedit'] = 'Diese Seite wurde in der Zwischenzeit geändert, Sektionsinfo ist veraltet, lade stattdessen volle Seite.'; @@ -92,6 +94,11 @@ $lang['profna'] = 'Änderung des Benutzerprofils in diesem Wiki n $lang['profnochange'] = 'Keine Änderungen, nichts zu tun.'; $lang['profnoempty'] = 'Es muss ein Name und eine E-Mail-Adresse angegeben werden.'; $lang['profchanged'] = 'Benutzerprofil erfolgreich geändert.'; +$lang['profnodelete'] = 'Dieses Wiki unterstützt nicht das Löschen von Benutzern.'; +$lang['profdeleteuser'] = 'Benutzerprofil löschen'; +$lang['profdeleted'] = 'Ihr Benutzerprofil wurde im Wiki gelöscht.'; +$lang['profconfdelete'] = 'Ich möchte mein Benutzerprofil löschen.
Diese Aktion ist nicht umkehrbar.'; +$lang['profconfdeletemissing'] = 'Bestätigungs-Checkbox wurde nicht angehakt.'; $lang['pwdforget'] = 'Passwort vergessen? Fordere ein neues an'; $lang['resendna'] = 'Passwörter versenden ist in diesem Wiki nicht möglich.'; $lang['resendpwd'] = 'Neues Passwort setzen für'; -- cgit v1.2.3 From 20284fef7eb61e54db0fd854a9172295aa4f8baa Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 2 Aug 2013 13:44:33 +0200 Subject: HTTPClient don't pull too much bytes when no content-length is given --- inc/HTTPClient.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'inc') diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php index 3964c8fbc..b2621bdbb 100644 --- a/inc/HTTPClient.php +++ b/inc/HTTPClient.php @@ -463,6 +463,8 @@ class HTTPClient { } $r_body = $this->_readData($socket, $length, 'response (content-length limited)', true); + }elseif( !isset($this->resp_headers['transfer-encoding']) && $this->max_bodysize && !$this->keep_alive){ + $r_body = $this->_readData($socket, $this->max_bodysize, 'response (content-length limited)', true); }else{ // read entire socket $r_size = 0; -- cgit v1.2.3 From 73012efd9607b31a4ddd7856761cd1dac5774eef Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Fri, 2 Aug 2013 17:57:07 +0200 Subject: coding corrections. correct type hint, remove unused variable assignment --- inc/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc') diff --git a/inc/auth.php b/inc/auth.php index 75ba9a9ba..a9d53779c 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -904,7 +904,7 @@ function updateprofile() { function auth_deleteprofile(){ global $conf; global $lang; - /* @var auth_basic $auth */ + /* @var DokuWiki_Auth_Plugin $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; @@ -931,7 +931,7 @@ function auth_deleteprofile(){ } $deleted[] = $_SERVER['REMOTE_USER']; - if($result = $auth->triggerUserMod('delete', array($deleted))) { + if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie auth_logoff(); return true; -- cgit v1.2.3