remove.php 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. <?php
  2. $user_guid = (int) get_input("user_guid");
  3. $type = get_input("type");
  4. $reason = get_input("reason");
  5. $confirm_token = get_input("confirm_token");
  6. $forward_url = REFERER;
  7. if (($user_guid == elgg_get_logged_in_user_guid()) && elgg_is_admin_logged_in()) {
  8. register_error(elgg_echo("account_removal:actions:remove:error:user_guid:admin"));
  9. } elseif (($user_guid != elgg_get_logged_in_user_guid()) && !elgg_is_admin_logged_in()) {
  10. register_error(elgg_echo("account_removal:actions:remove:error:user_guid:user"));
  11. } elseif ($user = get_user($user_guid)) {
  12. $group_admins_allowed = elgg_get_plugin_setting("groupadmins_allowed", "account_removal");
  13. $user_options = elgg_get_plugin_setting("user_options", "account_removal");
  14. $reason_required = elgg_get_plugin_setting("reason_required", "account_removal");
  15. $group_options = array(
  16. "type" => "group",
  17. "owner_guid" => $user->getGUID(),
  18. "count" => true
  19. );
  20. if (($group_admins_allowed != "yes") && elgg_get_entities($group_options)) {
  21. register_error(elgg_echo("account_removal:actions:remove:error:group_owner"));
  22. } elseif (($reason_required == "yes") && empty($reason)) {
  23. register_error(elgg_echo("account_removal:actions:remove:error:reason"));
  24. } else {
  25. // make sure the given action is allowed
  26. switch ($user_options) {
  27. case "remove":
  28. $action = "remove";
  29. break;
  30. case "disable_and_remove":
  31. if ($type == "remove") {
  32. $action = "remove";
  33. } else {
  34. $action = "disable";
  35. }
  36. break;
  37. case "disable":
  38. default:
  39. $action = "disable";
  40. break;
  41. }
  42. // is the user removal type the same as the system removal type
  43. if ($type == $action) {
  44. // check if we can do the user action
  45. if (!empty($confirm_token) && acount_removal_validate_confirm_token($confirm_token, $type, $user_guid)) {
  46. // prepend the reason with users own request
  47. $reason = elgg_echo("account_removal:disable:default") . ". " . $reason;
  48. // send a thank you e-mail
  49. account_removal_send_thank_notification($action, $user_guid);
  50. // user has supplied a token, so we can do the action
  51. if ($action == "disable") {
  52. $user->ban($reason, false);
  53. logout();
  54. } elseif ($action == "remove") {
  55. delete_entity($user->getGUID(), false);
  56. }
  57. system_message(elgg_echo("account_removal:actions:remove:success:" . $action));
  58. $forward_url = "";
  59. } elseif (!empty($confirm_token) && !acount_removal_validate_confirm_token($confirm_token, $action, $user_guid)) {
  60. // token mismatch
  61. register_error(elgg_echo("account_removal:actions:remove:error:token_mismatch"));
  62. } else {
  63. // user requests removal, generate token and sent confirm mail
  64. account_removal_send_notification($action, $user_guid);
  65. system_message(elgg_echo("account_removal:actions:remove:success:request"));
  66. $forward_url = "settings/user/" . $user->username;
  67. }
  68. } else {
  69. register_error(elgg_echo("account_removal:actions:remove:error:type_match"));
  70. }
  71. }
  72. } else {
  73. register_error(elgg_echo("account_removal:actions:remove:error:user_guid:unknown"));
  74. }
  75. forward($forward_url);