3 * StatusNet - the distributed open-source microblogging tool
4 * Copyright (C) 2010, StatusNet, Inc.
6 * Delete your own account
10 * This program is free software: you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation, either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25 * @author Evan Prodromou <evan@status.net>
26 * @copyright 2010 StatusNet, Inc.
27 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
28 * @link http://status.net/
31 if (!defined('STATUSNET')) {
32 // This check helps protect against security problems;
33 // your code file can't be executed directly from the web.
38 * Action to delete your own account
40 * Note that this is distinct from DeleteuserAction, which see. I thought
41 * that making that action do both things (delete another user and delete the
42 * current user) would open a lot of holes. I'm open to refactoring, however.
46 * @author Evan Prodromou <evan@status.net>
47 * @copyright 2010 StatusNet, Inc.
48 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
49 * @link http://status.net/
51 class DeleteaccountAction extends Action
53 private $_complete = false;
54 private $_error = null;
57 * For initializing members of the class.
59 * @param array $args misc. arguments
61 * @return boolean true
62 * @throws ClientException
64 function prepare(array $args = [])
66 parent::prepare($args);
68 $cur = common_current_user();
71 // TRANS: Client exception displayed trying to delete a user account while not logged in.
72 throw new ClientException(_("Only logged-in users can delete their account."), 403);
75 if (!$cur->hasRight(Right::DELETEACCOUNT)) {
76 // TRANS: Client exception displayed trying to delete a user account without have the rights to do that.
77 throw new ClientException(_("You cannot delete your account."), 403);
87 * @throws AuthorizationException
88 * @throws ServerException
94 if ($this->isPost()) {
95 $this->deleteAccount();
103 * Delete the current user's account
105 * Checks for the "I am sure." string to make sure the user really
106 * wants to delete their account.
108 * Then, marks the account as deleted and begins the deletion process
109 * (actually done by a back-end handler).
111 * If successful it logs the user out, and shows a brief completion message.
114 * @throws AuthorizationException
115 * @throws ServerException
117 function deleteAccount()
119 $this->checkSessionToken();
120 // !!! If this string is changed, it also needs to be changed in DeleteAccountForm::formData()
121 // TRANS: Confirmation text for user deletion. The user has to type this exactly the same, including punctuation.
122 $iamsure = _('I am sure.');
123 if ($this->trimmed('iamsure') != $iamsure) {
124 // TRANS: Notification for user about the text that must be input to be able to delete a user account.
125 // TRANS: %s is the text that needs to be input.
126 $this->_error = sprintf(_('You must write "%s" exactly in the box.'), $iamsure);
131 $cur = common_current_user();
133 // Mark the account as deleted and shove low-level deletion tasks
134 // to background queues. Removing a lot of posts can take a while...
136 if (!$cur->hasRole(Profile_role::DELETED)) {
137 $cur->grantRole(Profile_role::DELETED);
140 $qm = QueueManager::get();
141 $qm->enqueue($cur, 'deluser');
143 // The user is really-truly logged out
145 common_set_user(null);
146 common_real_login(false); // not logged in
147 common_forgetme(); // don't log back in!
149 $this->_complete = true;
154 * Return true if read only.
158 * @param array $args other arguments
160 * @return boolean is read only action?
162 function isReadOnly($args)
168 * Return last modified, if applicable.
172 * @return string last modified http header
174 function lastModified()
176 // For comparison with If-Last-Modified
177 // If not applicable, return null
182 * Return etag, if applicable.
186 * @return string etag http header
194 * Shows the page content.
196 * If the deletion is complete, just shows a completion message.
198 * Otherwise, shows the deletion form.
203 function showContent()
205 if ($this->_complete) {
206 $this->element('p', 'confirmation',
207 // TRANS: Confirmation that a user account has been deleted.
208 _('Account deleted.'));
212 if (!empty($this->_error)) {
213 $this->element('p', 'error', $this->_error);
214 $this->_error = null;
217 $form = new DeleteAccountForm($this);
222 * Show the title of the page
224 * @return string title
229 // TRANS: Page title for page on which a user account can be deleted.
230 return _('Delete account');
235 * Form for deleting your account
237 * Note that this mostly is here to keep you from accidentally deleting your
242 * @author Evan Prodromou <evan@status.net>
243 * @copyright 2010 StatusNet, Inc.
244 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
245 * @link http://status.net/
247 class DeleteAccountForm extends Form
252 * @return string the form's class
256 return 'form_profile_delete';
260 * URL the form posts to
262 * @return string the form's action URL
266 return common_local_url('deleteaccount');
272 * Instructions plus an 'i am sure' entry box.
278 $cur = common_current_user();
280 // TRANS: Form text for user deletion form.
281 $msg = '<p>' . _('This will <strong>permanently delete</strong> your account data from this server.') . '</p>';
283 if ($cur->hasRight(Right::BACKUPACCOUNT)) {
284 // TRANS: Additional form text for user deletion form shown if a user has account backup rights.
285 // TRANS: %s is a URL to the backup page.
286 $msg .= '<p>' . sprintf(_('You are strongly advised to <a href="%s">back up your data</a> before deletion.'),
287 common_local_url('backupaccount')) . '</p>';
290 $this->out->elementStart('p');
291 $this->out->raw($msg);
292 $this->out->elementEnd('p');
294 // !!! If this string is changed, it also needs to be changed in class DeleteaccountAction.
295 // TRANS: Confirmation text for user deletion. The user has to type this exactly the same, including punctuation.
296 $iamsure = _("I am sure.");
297 $this->out->input('iamsure',
298 // TRANS: Field label for delete account confirmation entry.
301 // TRANS: Input title for the delete account field.
302 // TRANS: %s is the text that needs to be input.
303 sprintf(_('Enter "%s" to confirm that ' .
304 'you want to delete your account.'), $iamsure));
308 * Buttons for the form
310 * In this case, a single submit button
314 function formActions()
316 $this->out->submit('submit',
317 // TRANS: Button text for user account deletion.
318 _m('BUTTON', 'Delete'),
321 // TRANS: Button title for user account deletion.
322 _('Permanently delete your account.'));