[geeklog-cvs] geeklog-1.3/public_html usersettings.php,1.82,1.83
dhaun at geeklog.net
dhaun at geeklog.net
Fri Jan 23 04:43:00 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv440
Modified Files:
usersettings.php
Log Message:
Added check for a random hash before deleting an account.
Index: usersettings.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/usersettings.php,v
retrieving revision 1.82
retrieving revision 1.83
diff -C2 -d -r1.82 -r1.83
*** usersettings.php 21 Jan 2004 19:58:00 -0000 1.82
--- usersettings.php 23 Jan 2004 09:42:57 -0000 1.83
***************
*** 6,11 ****
// +---------------------------------------------------------------------------+
// | usersettings.php |
- // | Geeklog user settings page. |
// | |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2004 by the following authors: |
--- 6,11 ----
// +---------------------------------------------------------------------------+
// | usersettings.php |
// | |
+ // | Geeklog user settings page. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2004 by the following authors: |
***************
*** 170,174 ****
$preferences->set_var ('lang_button_delete', $LANG04[96]);
$preferences->set_var ('delete_mode', 'confirmdelete');
! $preferences->set_var ('account_id', $_USER['uid']);
$preferences->parse ('delete_account_option', 'deleteaccount', false);
} else {
--- 170,174 ----
$preferences->set_var ('lang_button_delete', $LANG04[96]);
$preferences->set_var ('delete_mode', 'confirmdelete');
! $preferences->set_var ('account_id', $reqid);
$preferences->parse ('delete_account_option', 'deleteaccount', false);
} else {
***************
*** 192,208 ****
* Ask user for confirmation to delete his/her account.
*
! * @param int account_id uid of account to delete (must match current user's uid)
* @return string confirmation form
*
*/
! function confirmAccountDelete ($account_id)
{
! global $_CONF, $_USER, $LANG04;
! if ($account_id != $_USER['uid']) {
! // now that doesn't look right - abort ...
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
$retval = '';
--- 192,212 ----
* Ask user for confirmation to delete his/her account.
*
! * @param int form_reqid request id
* @return string confirmation form
*
*/
! function confirmAccountDelete ($form_reqid)
{
! global $_CONF, $_TABLES, $_USER, $LANG04;
! if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) {
! // not found - abort
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
+ $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
+ DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
+ 'uid', $_USER['uid']);
+
$retval = '';
***************
*** 218,222 ****
$confirm->set_var ('lang_button_delete', $LANG04[96]);
$confirm->set_var ('delete_mode', 'deleteconfirmed');
! $confirm->set_var ('account_id', $_USER['uid']);
$retval .= COM_siteHeader ('menu');
--- 222,226 ----
$confirm->set_var ('lang_button_delete', $LANG04[96]);
$confirm->set_var ('delete_mode', 'deleteconfirmed');
! $confirm->set_var ('account_id', $reqid);
$retval .= COM_siteHeader ('menu');
***************
*** 234,250 ****
* Delete an account (keep in sync with delete_user() in admin/user.php).
*
! * @param uid int uid of account to delete
* @return string redirection to main page (+ success msg)
*
*/
! function deleteUserAccount ($uid)
{
global $_CONF, $_TABLES, $_USER;
! if ($uid != $_USER['uid']) {
! // now that doesn't look right - abort ...
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
// log the user out
SESS_endUserSession ($_USER['uid']);
--- 238,256 ----
* Delete an account (keep in sync with delete_user() in admin/user.php).
*
! * @param form_reqid string request id
* @return string redirection to main page (+ success msg)
*
*/
! function deleteUserAccount ($form_reqid)
{
global $_CONF, $_TABLES, $_USER;
! if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) {
! // not found - abort
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
+ $uid = $_USER['uid'];
+
// log the user out
SESS_endUserSession ($_USER['uid']);
***************
*** 273,276 ****
--- 279,285 ----
DB_query ("UPDATE {$_TABLES['stories']} SET uid = 1 WHERE uid = $uid");
+ // delete personal events
+ DB_delete ($_TABLES['personal_events'], 'uid', $uid);
+
// now delete the user itself
DB_delete ($_TABLES['users'], 'uid', $uid);
***************
*** 979,985 ****
break;
case 'confirmdelete':
! $accountId = COM_applyFilter ($HTTP_POST_VARS['account_id'], true);
! if ($accountId > 1) {
! $display .= confirmAccountDelete ($accountId);
} else {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
--- 988,998 ----
break;
case 'confirmdelete':
! if ($_CONF['allow_account_delete'] == 1) {
! $accountId = COM_applyFilter ($HTTP_POST_VARS['account_id']);
! if (!empty ($accountId)) {
! $display .= confirmAccountDelete ($accountId);
! } else {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! }
} else {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
***************
*** 987,993 ****
break;
case 'deleteconfirmed':
! $accountId = COM_applyFilter ($HTTP_POST_VARS['account_id'], true);
! if ($accountId > 1) {
! $display .= deleteUserAccount ($accountId);
} else {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
--- 1000,1010 ----
break;
case 'deleteconfirmed':
! if ($_CONF['allow_account_delete'] == 1) {
! $accountId = COM_applyFilter ($HTTP_POST_VARS['account_id']);
! if (!empty ($accountId)) {
! $display .= deleteUserAccount ($accountId);
! } else {
! $display = COM_refresh ($_CONF['site_url'] . '/index.php');
! }
} else {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
More information about the geeklog-cvs
mailing list