1<?php 2# MantisBT - A PHP based bugtracking system 3 4# MantisBT is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 2 of the License, or 7# (at your option) any later version. 8# 9# MantisBT is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * CALLERS 19 * This page is called from: 20 * - account_page.php 21 * 22 * EXPECTED BEHAVIOUR 23 * - Delete the currently logged in user account 24 * - Logout the current user 25 * - Redirect to the page specified in the logout_redirect_page config option 26 * 27 * CALLS 28 * This page conditionally redirects upon completion 29 * 30 * RESTRICTIONS & PERMISSIONS 31 * - User must be authenticated 32 * - allow_account_delete config option must be enabled 33 * @todo review form security tokens for this page 34 * @todo should page_top1 be before meta redirect? 35 * 36 * @package MantisBT 37 * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 38 * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net 39 * @link http://www.mantisbt.org 40 * 41 * @uses core.php 42 * @uses access_api.php 43 * @uses authentication_api.php 44 * @uses config_api.php 45 * @uses constant_inc.php 46 * @uses current_user_api.php 47 * @uses form_api.php 48 * @uses helper_api.php 49 * @uses lang_api.php 50 * @uses print_api.php 51 * @uses user_api.php 52 */ 53 54require_once( 'core.php' ); 55require_api( 'access_api.php' ); 56require_api( 'authentication_api.php' ); 57require_api( 'config_api.php' ); 58require_api( 'constant_inc.php' ); 59require_api( 'current_user_api.php' ); 60require_api( 'form_api.php' ); 61require_api( 'helper_api.php' ); 62require_api( 'lang_api.php' ); 63require_api( 'print_api.php' ); 64require_api( 'user_api.php' ); 65 66form_security_validate( 'account_delete' ); 67 68auth_ensure_user_authenticated(); 69 70current_user_ensure_unprotected(); 71 72# Only allow users to delete their own accounts if allow_account_delete = ON or 73# the user has permission to manage user accounts. 74if( OFF == config_get( 'allow_account_delete' ) && 75 !access_has_global_level( config_get( 'manage_user_threshold' ) ) ) { 76 print_header_redirect( 'account_page.php' ); 77} 78 79# check that we are not deleting the last administrator account 80$t_admin_threshold = config_get_global( 'admin_site_threshold' ); 81if( current_user_is_administrator() && 82 user_count_level( $t_admin_threshold ) <= 1 ) { 83 trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR ); 84} 85 86helper_ensure_confirmed( lang_get( 'confirm_delete_msg' ), 87 lang_get( 'delete_account_button' ) ); 88 89form_security_purge( 'account_delete' ); 90 91$t_user_id = auth_get_current_user_id(); 92 93auth_logout(); 94 95user_delete( $t_user_id ); 96 97layout_page_header(); 98 99layout_page_begin(); 100?> 101 102<div class="col-md-12 col-xs-12"> 103 <div class="space-10"></div> 104<?php 105echo lang_get( 'account_removed_msg' ) . '<br />'; 106print_link_button( config_get_global( 'logout_redirect_page' ), lang_get( 'proceed' )); 107?> 108</div> 109 110<?php 111layout_page_end(); 112