Catch HTTPExceptions in App::runFrontend()

[friendica.git] / mod / removeme.php

diff --git a/mod/removeme.php b/mod/removeme.php
index 0363bf9f32990ad900d182c2c14bd5719b22eaf9..741a67598a2745b575ff2e8deaa704a6c8d112ed 100644 (file)
--- a/mod/removeme.php
+++ b/mod/removeme.php
@@ -2,10 +2,15 @@
 /**
  * @file mod/removeme.php
  */
+
 use Friendica\App;
+use Friendica\Core\Config;
 use Friendica\Core\L10n;
+use Friendica\Core\Renderer;
 use Friendica\Core\System;
+use Friendica\Database\DBA;
 use Friendica\Model\User;
+use Friendica\Util\Strings;
 
 function removeme_post(App $a)
 {
@@ -13,15 +18,15 @@ function removeme_post(App $a)
                return;
        }
 
-       if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
+       if (!empty($_SESSION['submanage'])) {
                return;
        }
 
-       if ((!x($_POST, 'qxz_password')) || (!strlen(trim($_POST['qxz_password'])))) {
+       if (empty($_POST['qxz_password'])) {
                return;
        }
 
-       if ((!x($_POST, 'verify')) || (!strlen(trim($_POST['verify'])))) {
+       if (empty($_POST['verify'])) {
                return;
        }
 
@@ -29,8 +34,33 @@ function removeme_post(App $a)
                return;
        }
 
-       if (User::authenticate($a->user, trim($_POST['qxz_password']))) {
+       // send notification to admins so that they can clean um the backups
+       // send email to admins
+       $admin_mails = explode(",", str_replace(" ", "", Config::get('config', 'admin_email')));
+       foreach ($admin_mails as $mail) {
+               $admin = DBA::selectFirst('user', ['uid', 'language', 'email', 'username'], ['email' => $mail]);
+               if (!DBA::isResult($admin)) {
+                       continue;
+               }
+               notification([
+                       'type'         => SYSTEM_EMAIL,
+                       'subject'      => L10n::t('[Friendica System Notify]') . ' ' . L10n::t('User deleted their account'),
+                       'preamble'     => L10n::t('On your Friendica node an user deleted their account. Please ensure that their data is removed from the backups.'),
+                       'body'         => L10n::t('The user id is %d', local_user()),
+                       'to_email'     => $admin['email'],
+                       'to_name'      => $admin['username'],
+                       'uid'          => $admin['uid'],
+                       'language'     => $admin['language'] ? $admin['language'] : 'en',
+                       'show_in_notification_page' => false
+               ]);
+       }
+
+       if (User::getIdFromPasswordAuthentication($a->user, trim($_POST['qxz_password']))) {
                User::remove($a->user['uid']);
+
+               unset($_SESSION['authenticated']);
+               unset($_SESSION['uid']);
+               $a->internalRedirect();
                // NOTREACHED
        }
 }
@@ -38,19 +68,19 @@ function removeme_post(App $a)
 function removeme_content(App $a)
 {
        if (!local_user()) {
-               goaway(System::baseUrl());
+               $a->internalRedirect();
        }
 
-       $hash = random_string();
+       $hash = Strings::getRandomHex();
 
        require_once("mod/settings.php");
        settings_init($a);
 
        $_SESSION['remove_account_verify'] = $hash;
 
-       $tpl = get_markup_template('removeme.tpl');
-       $o = replace_macros($tpl, [
-               '$basedir' => System::baseUrl(),
+       $tpl = Renderer::getMarkupTemplate('removeme.tpl');
+       $o = Renderer::replaceMacros($tpl, [
+               '$basedir' => $a->getBaseURL(),
                '$hash' => $hash,
                '$title' => L10n::t('Remove My Account'),
                '$desc' => L10n::t('This will completely remove your account. Once this has been done it is not recoverable.'),