account_delete.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * CALLERS
  19  *      This page is called from:
  20  *      - account_page.php
  21  *
  22  * EXPECTED BEHAVIOUR
  23  *      - Delete the currently logged in user account
  24  *      - Logout the current user
  25  *      - Redirect to the page specified in the logout_redirect_page config option
  26  *
  27  * CALLS
  28  *      This page conditionally redirects upon completion
  29  *
  30  * RESTRICTIONS & PERMISSIONS
  31  *      - User must be authenticated
  32  *      - allow_account_delete config option must be enabled
  33  * @todo review form security tokens for this page
  34  * @todo should page_top1 be before meta redirect?
  35  *
  36  * @package MantisBT
  37  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  38  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  39  * @link http://www.mantisbt.org
  40  *
  41  * @uses core.php
  42  * @uses access_api.php
  43  * @uses authentication_api.php
  44  * @uses config_api.php
  45  * @uses constant_inc.php
  46  * @uses current_user_api.php
  47  * @uses form_api.php
  48  * @uses helper_api.php
  49  * @uses lang_api.php
  50  * @uses print_api.php
  51  * @uses user_api.php
  52  */
  53
  54 /**
  55  * MantisBT Core API's
  56  */
  57 require_once( 'core.php' );
  58 require_api( 'access_api.php' );
  59 require_api( 'authentication_api.php' );
  60 require_api( 'config_api.php' );
  61 require_api( 'constant_inc.php' );
  62 require_api( 'current_user_api.php' );
  63 require_api( 'form_api.php' );
  64 require_api( 'helper_api.php' );
  65 require_api( 'lang_api.php' );
  66 require_api( 'print_api.php' );
  67 require_api( 'user_api.php' );
  68
  69 form_security_validate('account_delete');
  70
  71 auth_ensure_user_authenticated();
  72
  73 current_user_ensure_unprotected();
  74
  75 # Only allow users to delete their own accounts if allow_account_delete = ON or
  76 # the user has permission to manage user accounts.
  77 if ( OFF == config_get( 'allow_account_delete' ) &&
  78      !access_has_global_level( config_get( 'manage_user_threshold' ) ) ) {
  79         print_header_redirect( 'account_page.php' );
  80 }
  81
  82 # check that we are not deleting the last administrator account
  83 $t_admin_threshold = config_get_global( 'admin_site_threshold' );
  84 if ( current_user_is_administrator() &&
  85      user_count_level( $t_admin_threshold ) <= 1 ) {
  86         trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
  87 }
  88
  89 helper_ensure_confirmed( lang_get( 'confirm_delete_msg' ),
  90                                                  lang_get( 'delete_account_button' ) );
  91
  92 form_security_purge('account_delete');
  93
  94 $t_user_id = auth_get_current_user_id();
  95
  96 auth_logout();
  97
  98 user_delete( $t_user_id );
  99
 100 html_page_top1();
 101 html_page_top2a();
 102
 103 ?>
 104
 105 <br />
 106 <div>
 107 <?php
 108 echo lang_get( 'account_removed_msg' ) . '<br />';
 109 print_bracket_link( config_get( 'logout_redirect_page' ), lang_get( 'proceed' ) );
 110 ?>
 111 </div>
 112
 113 <?php
 114         html_page_bottom1a();