Add support for deleting user accounts

Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

po/POTFILES

@@ -34,6 +34,7 @@ lib/stats.inc.php
 lib/streams.php
 lib/translator.inc.php
 lib/version.inc.php
+template/account_delete.php
 template/account_details.php
 template/account_edit_form.php
 template/account_search_results.php

web/html/account.php

@@ -55,6 +55,22 @@ if (isset($_COOKIE["AURSID"])) {
 			}
 		}
 
+	} elseif ($action == "DeleteAccount") {
+		/* Details for account being deleted. */
+		$acctinfo = account_details(in_request('ID'), in_request('U'));
+
+		if (can_edit_account($acctinfo)) {
+			$UID = $acctinfo['ID'];
+			if (in_request('confirm_Delete') && check_token()) {
+				user_delete($UID);
+				header('Location: /');
+			} else {
+				$username = $acctinfo['Username'];
+				include("account_delete.php");
+			}
+		} else {
+			print __("You do not have permission to edit this account.");
+		}
 	} elseif ($action == "AccountInfo") {
 		# no editing, just looking up user info
 		#

web/html/index.php

@@ -123,6 +123,8 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 				$_REQUEST['Action'] = "DisplayAccount";
 			} elseif ($tokens[3] == 'update') {
 				$_REQUEST['Action'] = "UpdateAccount";
+			} elseif ($tokens[3] == 'delete') {
+				$_REQUEST['Action'] = "DeleteAccount";
 			} else {
 				header("HTTP/1.0 404 Not Found");
 				include "./404.php";

web/template/account_delete.php

@@ -0,0 +1,22 @@
+<p>
+	<?= __('You can use this form to permanently delete the AUR account %s.', '<strong>' . htmlspecialchars($username) . '</strong>') ?>
+</p>
+<p>
+	<?= __('%sWARNING%s: This action cannot be undone.', '<strong>', '</strong>') ?>
+</p>
+
+<form id="edit-profile-form" action="<?= get_user_uri($username) . 'delete/'; ?>" method="post">
+	<fieldset>
+		<input type="hidden" name="Action" value="<?= $A ?>" />
+		<input type="hidden" name="ID" value="<?= $UID ?>" />
+		<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+	</fieldset>
+	<fieldset>
+		<p><input type="checkbox" name="confirm_Delete" value="1" />
+		<?= __("Confirm deletion") ?></p>
+
+		<p>
+			<input type="submit" class="button" value="<?= __("Delete") ?>" />
+		</p>
+	</fieldset>
+</form>

web/template/account_edit_form.php

@@ -1,3 +1,7 @@
+<p>
+	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+</p>
+
 <?php if ($A == "UpdateAccount"): ?>
 <form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
 <?php else: ?>