1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Prune old/unused users from database
19 *
20 * @package MantisBT
21 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @link http://www.mantisbt.org
24 *
25 * @uses core.php
26 * @uses access_api.php
27 * @uses authentication_api.php
28 * @uses config_api.php
29 * @uses constant_inc.php
30 * @uses database_api.php
31 * @uses form_api.php
32 * @uses helper_api.php
33 * @uses lang_api.php
34 * @uses print_api.php
35 * @uses user_api.php
36 */
37
38require_once( 'core.php' );
39require_api( 'access_api.php' );
40require_api( 'authentication_api.php' );
41require_api( 'config_api.php' );
42require_api( 'constant_inc.php' );
43require_api( 'database_api.php' );
44require_api( 'form_api.php' );
45require_api( 'helper_api.php' );
46require_api( 'lang_api.php' );
47require_api( 'print_api.php' );
48require_api( 'user_api.php' );
49
50form_security_validate( 'manage_user_prune' );
51
52auth_reauthenticate();
53
54access_ensure_global_level( config_get( 'manage_user_threshold' ) );
55
56
57# Delete the users who have never logged in and are older than 1 week
58$t_days_old = (int)7 * SECONDS_PER_DAY;
59
60$t_query = 'SELECT id, access_level FROM {user}
61		WHERE ( login_count = 0 ) AND ( date_created = last_visit ) AND ' .
62		'( protected = 0 ) AND ' . db_helper_compare_time( db_param(), '>', 'date_created', $t_days_old );
63$t_result = db_query( $t_query, array( db_now() ) );
64
65if( !$t_result ) {
66	trigger_error( ERROR_GENERIC, ERROR );
67}
68
69$t_count = db_num_rows( $t_result );
70
71if( $t_count > 0 ) {
72	helper_ensure_confirmed( lang_get( 'confirm_account_pruning' ),
73							 lang_get( 'prune_accounts_button' ) );
74}
75
76for( $i=0; $i < $t_count; $i++ ) {
77	$t_row = db_fetch_array( $t_result );
78	# Don't prune accounts with a higher global access level than the current user
79	if( access_has_global_level( $t_row['access_level'] ) ) {
80		user_delete( $t_row['id'] );
81	}
82}
83
84form_security_purge( 'manage_user_prune' );
85
86print_header_redirect( 'manage_user_page.php' );
87