diff --git a/html/inc/friend.inc b/html/inc/friend.inc
index f32d426513..bdb0af84fd 100644
--- a/html/inc/friend.inc
+++ b/html/inc/friend.inc
@@ -115,4 +115,10 @@ function friend_accept_rss($notify, &$title, &$msg, &$url) {
$url = secure_url_base().USER_HOME;
}
+// delete friendship connections
+//
+function delete_friends($user) {
+ BoincFriend::delete_aux("user_src=$user->id or user_dest=$user->id");
+}
+
?>
diff --git a/html/inc/user.inc b/html/inc/user.inc
index ba5f55ab8a..ac889e3244 100644
--- a/html/inc/user.inc
+++ b/html/inc/user.inc
@@ -24,6 +24,8 @@ require_once("../inc/friend.inc");
require_once("../inc/forum_db.inc");
require_once("../inc/notify.inc");
require_once("../inc/ldap.inc");
+require_once("../inc/host.inc");
+require_once("../inc/friend.inc");
if (!defined('REMOTE_PROJECTS_TTL')) {
define('REMOTE_PROJECTS_TTL', 86400);
@@ -546,6 +548,29 @@ function show_account_private($user) {
);
}
+// "delete" an account: leave user record (for DB consistency) but:
+// - set email address and authenticator to "deleted_pid_time"
+// - clear name, country, postal_code
+// - remove from team
+// - delete posts, subscriptions, and forum prefs
+// - delete private messages (sent and received)
+// - delete profile and associated image
+// for each host:
+// - clear domain_name, last_ip_addr
+//
+function delete_account($user) {
+ $x = "deleted_".time()."_".random_string();
+ $retval = $user->update("email_addr='$x', authenticator='$x', name='deleted', country='', postal_code='', has_profile=0");
+ if (!$retval) return false;
+ user_quit_team($user);
+ forum_delete_user($user);
+ pm_delete_user($user);
+ anonymize_hosts($user);
+ delete_profile($user);
+ delete_friends($user);
+ return true;
+}
+
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
?>
diff --git a/html/ops/delete_user.php b/html/ops/delete_user.php
new file mode 100755
index 0000000000..63f677250d
--- /dev/null
+++ b/html/ops/delete_user.php
@@ -0,0 +1,37 @@
+#!/usr/bin/env php
+.
+
+// usage: delete_user.php ID
+// effectively delete the user with given ID
+// USE THIS WITH EXTREME CAUTION. CAN'T UNDO.
+
+require_once("../inc/user.inc");
+require_once("../inc/boinc_db.inc");
+
+die("Delete this line first\n");
+
+$id = (int) $argv[1];
+
+$user = BoincUser::lookup_id($id);
+if (!$user) die("no such user\n");
+
+delete_account($user);
+
+?>
diff --git a/html/user/delete_account.php b/html/user/delete_account.php
index d10ba90d03..8b7128e4a1 100644
--- a/html/user/delete_account.php
+++ b/html/user/delete_account.php
@@ -17,37 +17,16 @@
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see .
-// "delete" an account:
-// - set email address and authenticator to "deleted_pid_time"
-// - clear name, country, postal_code
-// - remove from team
-// - delete posts, subscriptions, and forum prefs
-// - delete private messages (sent and received)
-// - delete profile and associated image
-// for each host:
-// - clear domain_name, last_ip_addr
+// Disabled because of the possibility of misuse.
+// Admins can delete accounts with ops/delete_user.php
require_once("../inc/util.inc");
-require_once("../inc/host.inc");
-require_once("../inc/profile.inc");
-require_once("../inc/pm.inc");
+require_once("../inc/user.inc");
check_get_args(array("cmd"));
die("This feature has been disabled. Please contact project administators.");
-function delete_account($user) {
- $x = "deleted_".time()."_".random_string();
- $retval = $user->update("email_addr='$x', authenticator='$x', name='', country='', postal_code='', has_profile=0");
- if (!$retval) return false;
- user_quit_team($user);
- forum_delete_user($user);
- pm_delete_user($user);
- anonymize_hosts($user);
- delete_profile($user);
- return true;
-}
-
$user = get_logged_in_user();
$cmd = get_str("cmd", true);
diff --git a/html/user/show_user.php b/html/user/show_user.php
index ffc06d934e..d7414786b9 100644
--- a/html/user/show_user.php
+++ b/html/user/show_user.php
@@ -71,6 +71,9 @@ if ($format=="xml"){
if (!$user) {
error_page("No such user $id");
}
+ if (strstr($user->authenticator, "deleted")) {
+ error_page("No such user");
+ }
BoincForumPrefs::lookup($user);
$user = @get_other_projects($user);
$community_links = get_community_links_object($user);