account_delete.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * CALLERS
  19  *      This page is called from:
  20  *      - account_page.php
  21  *
  22  * EXPECTED BEHAVIOUR
  23  *      - Delete the currently logged in user account
  24  *      - Logout the current user
  25  *      - Redirect to the page specified in the logout_redirect_page config option
  26  *
  27  * CALLS
  28  *      This page conditionally redirects upon completion
  29  *
  30  * RESTRICTIONS & PERMISSIONS
  31  *      - User must be authenticated
  32  *      - allow_account_delete config option must be enabled
  33  * @todo review form security tokens for this page
  34  * @todo should page_top1 be before meta redirect?
  35  *
  36  * @package MantisBT
  37  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  38  * @copyright Copyright (C) 2002 - 2010  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  39  * @link http://www.mantisbt.org
  40  *
  41  * @uses core.php
  42  * @uses access_api.php
  43  * @uses authentication_api.php
  44  * @uses config_api.php
  45  * @uses constant_inc.php
  46  * @uses current_user_api.php
  47  * @uses form_api.php
  48  * @uses helper_api.php
  49  * @uses lang_api.php
  50  * @uses print_api.php
  51  * @uses user_api.php
  52  */
  53
  54 require_once( 'core.php' );
  55 require_api( 'access_api.php' );
  56 require_api( 'authentication_api.php' );
  57 require_api( 'config_api.php' );
  58 require_api( 'constant_inc.php' );
  59 require_api( 'current_user_api.php' );
  60 require_api( 'form_api.php' );
  61 require_api( 'helper_api.php' );
  62 require_api( 'lang_api.php' );
  63 require_api( 'print_api.php' );
  64 require_api( 'user_api.php' );
  65
  66 form_security_validate('account_delete');
  67
  68 auth_ensure_user_authenticated();
  69
  70 current_user_ensure_unprotected();
  71
  72 # Only allow users to delete their own accounts if allow_account_delete = ON or
  73 # the user has permission to manage user accounts.
  74 if ( OFF == config_get( 'allow_account_delete' ) &&
  75      !access_has_global_level( config_get( 'manage_user_threshold' ) ) ) {
  76         print_header_redirect( 'account_page.php' );
  77 }
  78
  79 # check that we are not deleting the last administrator account
  80 $t_admin_threshold = config_get_global( 'admin_site_threshold' );
  81 if ( current_user_is_administrator() &&
  82      user_count_level( $t_admin_threshold ) <= 1 ) {
  83         trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
  84 }
  85
  86 helper_ensure_confirmed( lang_get( 'confirm_delete_msg' ),
  87                                                  lang_get( 'delete_account_button' ) );
  88
  89 form_security_purge('account_delete');
  90
  91 $t_user_id = auth_get_current_user_id();
  92
  93 auth_logout();
  94
  95 user_delete( $t_user_id );
  96
  97 html_page_top1();
  98 html_page_top2a();
  99
 100 ?>
 101
 102 <br />
 103 <div align="center">
 104 <?php
 105 echo lang_get( 'account_removed_msg' ) . '<br />';
 106 print_bracket_link( config_get( 'logout_redirect_page' ), lang_get( 'proceed' ) );
 107 ?>
 108 </div>
 109
 110 <?php
 111         html_page_bottom1a();