feat(views/user): Implement account deletion

author: Syndamia <kamen@syndamia.com> 2025-02-02 13:43:26 +0200
committer: Syndamia <kamen@syndamia.com> 2025-02-02 13:43:26 +0200
commit: 0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9 (patch)
tree: 892ccf952d364f03734ed95950845037fef26179
parent: 168abc2c8512343f2a65461c6791ae852ae64665 (diff)
download: nowayforward_human-0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9.tar
nowayforward_human-0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9.tar.gz
nowayforward_human-0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9.zip
7 files changed, 102 insertions, 1 deletions
diff --git a/controllers/user.php b/controllers/user.php
index 6c0c105..d79b294 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -21,3 +21,32 @@ function on_post() {
         $user_status = $e;
     }
 }
+
+function on_delete() {
+    global $TOKEN;
+    global $METHOD;
+    global $user_status;
+    $user_status = "";
+
+    try {
+        Database\Cookie::fromDB($TOKEN);
+    }
+    catch (Exception $e) {
+        $user_status = 'Invalid token!';
+        return;
+    }
+
+    $to_delete = null;
+    try {
+        $to_delete = Database\User::fromDBuid($METHOD['uid']);
+    }
+    catch(Exception $e) {
+        $list_status = "The user you're trying to delete doesn't exist!";
+        return;
+    }
+
+    $to_delete->delete();
+
+    header('Location: /');
+    exit();
+}
diff --git a/migrations/00-initial.sql b/migrations/00-initial.sql
index 879b5f1..a4b999f 100644
--- a/migrations/00-initial.sql
+++ b/migrations/00-initial.sql
@@ -15,7 +15,7 @@ CREATE TABLE IF NOT EXISTS Cookies (
     Token   CHAR(36) NOT NULL,
     Expires DATETIME,
     PRIMARY KEY (UID, Token),
-    FOREIGN KEY (UID) REFERENCES Users(UID)
+    FOREIGN KEY (UID) REFERENCES Users(UID) ON DELETE CASCADE
 );
 
 CREATE TABLE IF NOT EXISTS Webpages (
diff --git a/models/user.php b/models/user.php
index 9b76f37..1f58e7c 100644
--- a/models/user.php
+++ b/models/user.php
@@ -57,4 +57,30 @@ class User extends Table {
             include $VIEWS_DIR . '/img/user-star.svg';
         }
     }
+
+    private static $AnonUID = 1;
+
+    function delete() {
+        // Applicable to Anon user
+        if ($this->Password === '') {
+            throw new Exception('Not deleting system account!');
+        }
+
+        Table::_update(
+            'Webpages',
+            'RequesterUID = "' . self::$AnonUID . '"',
+            "RequesterUID = \"$this->UID\""
+        );
+
+        Table::_update(
+            'ArchiveLists',
+            'AuthorUID = "' . self::$AnonUID . '"',
+            "AuthorUID = \"$this->UID\""
+        );
+
+        Table::_delete(
+            'Users',
+            "UID = \"$this->UID\""
+        );
+    }
 }
diff --git a/views/global/router.php b/views/global/router.php
index 2a02e22..661e116 100644
--- a/views/global/router.php
+++ b/views/global/router.php
@@ -33,6 +33,8 @@ function route_view() {
         case '/list/delete': return '/list/delete';
 
         case '/archive/create': return '/archive/create';
+
+        case '/user/delete': return '/user/delete';
     }
 
     switch ($root) {
diff --git a/views/user/delete/index.php b/views/user/delete/index.php
new file mode 100644
index 0000000..d1ce8b9
--- /dev/null
+++ b/views/user/delete/index.php
@@ -0,0 +1,35 @@
+<?php
+    $user = require_login();
+    $to_delete = null;
+
+    try {
+        $to_delete = Database\User::fromDB($username);
+    }
+    catch(Exception $e) {}
+?>
+
+<?php if ($to_delete !== null && $user->UID === $to_delete->UID): ?>
+    <h1>Are you sure you want to delete <?= $to_delete->Username ?>?</h1>
+
+    <form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
+        <input type="hidden" name="method" value="DELETE">
+        <?php if (isset($user_status)): ?>
+            <?php if ($user_status !== ""): ?>
+                <p class="item error"><span>
+                    <strong>Error:</strong> <?= $user_status ?>
+                </span></p>
+            <?php endif; ?>
+        <?php endif; ?>
+
+        <input type="hidden" name="uid" value="<?= $to_delete->UID ?>">
+        <input type="submit" value="Delete forever!">
+    </form>
+
+<?php elseif ($to_delete === null): ?>
+    <h2>The user "<?= $username ?>" doesn't exist!</h2>
+
+<?php else: ?>
+    <h2>You have no permission to delete <?= $to_delete->Username ?>!</h2>
+
+<?php endif; ?>
+
diff --git a/views/user/delete/meta.php b/views/user/delete/meta.php
new file mode 100644
index 0000000..c84ee9d
--- /dev/null
+++ b/views/user/delete/meta.php
@@ -0,0 +1,5 @@
+<?php
+
+$username = $_GET['username'];
+$title = "Delete $username";
+$controller = 'user';
diff --git a/views/user/index.php b/views/user/index.php
index 1462e26..c837556 100644
--- a/views/user/index.php
+++ b/views/user/index.php
@@ -18,6 +18,10 @@
         <form action="/list/new" method="GET">
             <input type="submit" value="Create a new list">
         </form>
+        <form action="/user/delete" method="GET">
+            <input type="hidden" name="username" value="<?= $user->Username ?>">
+            <input type="submit" value="Delete your account">
+        </form>
     </section>
     <script type="text/javascript">
         function showUserButtons() {
author	Syndamia <kamen@syndamia.com>	2025-02-02 13:43:26 +0200
committer	Syndamia <kamen@syndamia.com>	2025-02-02 13:43:26 +0200
commit	0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9 (patch)
tree	892ccf952d364f03734ed95950845037fef26179
parent	168abc2c8512343f2a65461c6791ae852ae64665 (diff)
download	nowayforward_human-0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9.tar nowayforward_human-0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9.tar.gz nowayforward_human-0e4f90e6a82f0fc275d65bf0e4f4c2842052dde9.zip