web: complete UI for delete account

2018-04-18 10:05:12 -05:00 · 2018-04-18 10:05:12 -05:00 · a726238d86
parent 3cac897723
commit a726238d86
3 changed files with 120 additions and 6 deletions
--- a/html/inc/token.inc
+++ b/html/inc/token.inc
@ -16,10 +16,6 @@
 // You should have received a copy of the GNU Lesser General Public License
 // along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

-// express a time difference in readable form, e.g. "7 days ago".
-// If it's more than 30 days, just show the date
-//
-
 require_once("../inc/boinc_db.inc");
 require_once("../inc/util.inc");

@ -38,8 +34,8 @@ function create_confirm_delete_account_token($user) {
    return $token;
 }

-function is_valid_delete_account_token($user, $token) {
-    $boincToken = BoincToken::lookup_valid_token($user->id, $token, TOKEN_TYPE_DELETE_ACCOUNT);
+function is_valid_delete_account_token($userid, $token) {
+    $boincToken = BoincToken::lookup_valid_token($userid, $token, TOKEN_TYPE_DELETE_ACCOUNT);
    if ( $boincToken == null ) {
        return false;
    }
--- a/html/user/delete_account_confirm.php
+++ b/html/user/delete_account_confirm.php
@ -0,0 +1,55 @@
+<?php
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2018 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+require_once("../inc/util.inc");
+require_once("../inc/account.inc");
+require_once("../inc/token.inc");
+
+$config = get_config();
+if ( !parse_bool($config, "enable_delete_account") ) {
+    error_page(
+        tra("This feature is disabled.  Please contact the project administrator.")
+    );
+}
+
+$userid = get_int("id");
+$token = get_str("token");
+
+if( !is_valid_delete_account_token($userid, $token) ) {
+    sleep(LOGIN_FAIL_SLEEP_SEC);
+    error_page(
+        tra("The link you used has expired or is otherwise not valid.  Please request a new one <a href=\"delete_account_request.php\">here</a>")
+    );
+}
+
+page_head(tra("Delete Account"));
+
+echo "<p>".tra("Thank you for verifying ownership of your account.")."</p>"
+     ."<p>".tra("You can now delete your account by entering in your password below and clicking the \"Delete Account\" button.")."</p>"
+     ."<p>".tra("As a reminder, your account <b>cannot be recovered</b> once you delete it.")."</p>"
+     ."<br/>";
+
+form_start(secure_url_base()."delete_account_confirm_action.php", "post");
+form_input_hidden("token",$token);
+form_input_hidden("id",$userid);
+form_input_text(tra("Password"), "passwd", "", "password",'id="passwd"',passwd_visible_checkbox("passwd"));
+form_submit(tra("Delete Account"));
+form_end();
+
+page_tail();
+?>
--- a/html/user/delete_account_confirm_action.php
+++ b/html/user/delete_account_confirm_action.php
@ -0,0 +1,63 @@
+<?php
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2018 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+require_once("../inc/util.inc");
+require_once("../inc/account.inc");
+require_once("../inc/token.inc");
+require_once("../inc/boinc_db.inc");
+require_once("../inc/user_util.inc");
+
+//Make sure feature is enabled
+$config = get_config();
+if ( !parse_bool($config, "enable_delete_account") ) {
+    error_page(
+        tra("This feature is disabled.  Please contact the project administrator.")
+    );
+}
+
+//Make sure the token is still valid
+$userid = post_int("id");
+$token = post_str("token");
+if( !is_valid_delete_account_token($userid, $token) ) {
+    sleep(LOGIN_FAIL_SLEEP_SEC);
+    error_page(
+        tra("The token you used has expired or is otherwise not valid.  Please request a new one <a href=\"delete_account_request.php\">here</a>")
+    );
+}
+
+
+//Verify password
+$user = $user = BoincUser::lookup_id($userid);
+$passwd = post_str("passwd");
+
+if( !check_passwd($user, $passwd) ) {
+    sleep(LOGIN_FAIL_SLEEP_SEC);
+    page_head("Password incorrect");
+    echo "The password you entered is incorrect. Please go back and try again.\n";
+    page_tail();
+    exit;
+}
+
+//do account delete
+
+page_head(tra("Account Deleted"));
+
+echo "<p>".tra("Your account has been deleted.  If you want to contribute to ".PROJECT." in the future you will need to create a new account.")."</p>";
+
+page_tail();
+?>