3 # deluser.cgi -- support for user deletion via web
4 # Copyright (c) 2013 Kyle J. McKay. All rights reserved.
5 # Portions (c) Petr Baudis <pasky@suse.cz> and (c) Jan Krueger <jk@jk.gs>
6 # License GPLv2+: GNU GPL version 2 or later.
7 # www.gnu.org/licenses/gpl-2.0.html
8 # This is free software: you are free to change and redistribute it.
9 # There is NO WARRANTY, to the extent permitted by law.
20 my $gcgi = Girocco
::CGI
->new('User Removal');
23 unless ($Girocco::Config
::manage_users
) {
24 print "<p>I don't manage users.</p>";
28 if ($cgi->param('mail')) {
29 print "<p>Go away, bot.</p>";
34 my ($name, $submit) = @_;
36 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi">
37 <input type="hidden" name="name" value="$name" />
38 <p>Authorization code: <input name="auth" size="50" /></p>
39 <p><input type="submit" value="$submit" /></p>
44 if ($cgi->param('name')) {
45 # submitted, let's see
46 # FIXME: racy, do a lock
47 my $name = $gcgi->wparam('name');
48 (Girocco
::User
::valid_name
($name)
49 and Girocco
::User
::does_exist
($name))
50 or $gcgi->err("Username is not registered.");
52 $gcgi->err_check and exit;
55 ($user = Girocco
::User
->load($name)) && valid_email
($user->{email
})
56 or $gcgi->err("Username may not be removed.");
58 $gcgi->err_check and exit;
60 if (!$cgi->param('auth')) {
61 my $auth = $user->gen_auth('DEL');
64 open(MAIL
, '|-', '/usr/bin/mail', '-s', "[$Girocco::Config::name] Account removal authorization", $user->{email
}) or
65 die "Sorry, could not send authorization code: $!";
69 You have requested an authorization code be sent to you for removing
70 your account. If you don't want to actually remove your account, just
71 ignore this e-mail. Otherwise, use this code within 24 hours:
75 Should you run into any problems, please let us know.
81 print "<p>You should shortly receive an e-mail containing an authorization code.
82 Please enter this code below to remove your account.
83 The code will expire in 24 hours or after you have used it.</p>";
84 _auth_form
($name, "'Login'");
87 $user->{auth
} && $user->{authtype
} eq 'DEL' or do {
88 print "<p>There currently isn't any authorization code filed under your account. ".
89 "Please <a href=\"@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi\">generate one</a>.</p>";
93 my $auth = $gcgi->wparam('auth');
94 if ($auth ne $user->{auth
}) {
95 print "<p>Invalid authorization code, please re-enter or ".
96 "<a href=\"@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi\">generate a new one</a>.</p>";
97 _auth_form
($name, "'Login'");
101 my $y0 = $gcgi->wparam('y0') || '';
102 my $conf = $gcgi->wparam('confirm') || '';
103 if ($y0 ne 'Remove user account' || $conf ne $user->{name
}) {
105 my $projectsinfo = '';
106 my @projects = $user->get_projects;
108 $blurb1 = ' and from the following projects:';
109 $projectsinfo = <<EOT;
110 <p><table class='projectlist'><tr><th>Project</th><th>Description</th></tr>
112 my $trclass = ' class="odd"';
113 foreach (sort({lc($a) cmp lc($b)} @projects)) {
114 if (Girocco
::Project
::does_exist
($_)) {
115 my $proj = Girocco
::Project
->load($_);
116 my $projname = $proj->{name
}.".git";
117 $projectsinfo .= <<EOT;
118 <tr$trclass><td><a href="@{[url_path($Girocco::Config::gitweburl)]}/$projname" target="_blank"
119 >@{[CGI::escapeHTML($projname)]}</td><td>@{[CGI::escapeHTML($proj->{desc})]}</td></tr>
121 $trclass = $trclass ?
'' : ' class="odd"';
124 $projectsinfo .= <<EOT
129 <p>Please confirm that you are going to remove user account '$user->{name}'
130 from the site$blurb1</p>$projectsinfo
131 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi">
132 <input type="hidden" name="name" value="$name" />
133 <input type="hidden" name="auth" value="$auth" />
134 <input type="hidden" name="confirm" value="$name" />
135 <p><input type="submit" name="y0" value="Remove user account" /></p>
142 print "<p>User account successfully removed. Have a nice day.</p>\n";
148 <p>Here you can request an authorization code to remove your user account.</p>
150 <p>Please enter your username below;
151 we will send you an email with an authorization code
152 and further instructions.</p>
156 <tr><td class="formlabel">Login:</td><td><input type="text" name="name" /></td></tr>
157 <tr style="display:none"><td class="formlabel">Anti-captcha (leave empty!):</td><td><input type="text" name="mail" /></td></tr>
158 <tr><td class="formlabel"></td><td><input type="submit" value="Send authorization code" /></td></tr>