1. Added delete_user() function to core_user_API.php and replaced thi…

…s functionality in other files with a call to this function.

2. Account pruning now also removes profiles, preferences and such.
3. Removed the f_protected hidden form fields in user delete/update/etc. and let the scripts check it directly.


git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1209 f5dc347c-c33d-0410-90a0-b07cc1902cb9

account_delete.php

@@ -6,11 +6,11 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.10 $
+	# $Revision: 1.11 $
 	# $Author: jlatour $
-	# $Date: 2002-08-15 20:35:00 $
+	# $Date: 2002-08-15 22:21:11 $
 	#
-	# $Id: account_delete.php,v 1.10 2002-08-15 20:35:00 jlatour Exp $
+	# $Id: account_delete.php,v 1.11 2002-08-15 22:21:11 jlatour Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -35,42 +35,14 @@
 
 	# If an account is protected then no one can change the information
 	# This is useful for shared accounts or for demo purposes
-	$result = 0;
-	if ( OFF == $t_protected ) {
-
-		# get user id
-		$t_user_id = get_current_user_field( 'id' );
-
-		# Remove account
-		$query ="DELETE ".
-				"FROM $g_mantis_user_table ".
-				"WHERE id='$t_user_id'";
-		$result = db_query( $query );
-
-		# Remove associated profiles
-		$query ="DELETE ".
-				"FROM $g_mantis_user_profile_table ".
-				"WHERE user_id='$t_user_id'";
-		$result = db_query( $query );
-
-		# Remove associated preferences
-		$query ="DELETE ".
-				"FROM $g_mantis_user_pref_table ".
-				"WHERE user_id='$t_user_id'";
-		$result = db_query( $query );
-
-		$query ="DELETE ".
-				"FROM $g_mantis_project_user_list_table ".
-				"WHERE user_id='$f_id'";
-		$result = db_query( $query );
-
+	$t_user_id = get_current_user_field( 'id' );
+
+	if (user_delete( $t_user_id )) {
 		# delete cookies
 		setcookie( $g_string_cookie );
 		setcookie( $g_project_cookie );
 		setcookie( $g_view_all_cookie );
-
-		drop_user_info_cache();
-	} # end if protected
+	}
 ?>
 <?php print_page_top1() ?>
 <?php

core_database_API.php

@@ -6,11 +6,11 @@
 	# See the files README and LICENSE for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.15 $
+	# $Revision: 1.16 $
 	# $Author: jlatour $
-	# $Date: 2002-08-15 20:35:02 $
+	# $Date: 2002-08-15 22:21:11 $
 	#
-	# $Id: core_database_API.php,v 1.15 2002-08-15 20:35:02 jlatour Exp $
+	# $Id: core_database_API.php,v 1.16 2002-08-15 22:21:11 jlatour Exp $
 	# --------------------------------------------------------
 
 	###########################################################################
@@ -90,6 +90,10 @@ function db_num_rows( $p_result ) {
 		return mysql_num_rows( $p_result );
 	}
 	# --------------------
+	function db_affected_rows() {
+		return mysql_affected_rows();
+	}
+	# --------------------
 	function db_fetch_array( $p_result ) {
 		return mysql_fetch_array( $p_result );
 	}

core_user_API.php

@@ -319,6 +319,48 @@ function signup_user( $p_username, $p_email=false ) {
 
 		return $t_cookie_string;
 	}
+	# --------------------
+	# delete an account
+	# returns true when the account was successfully deleted
+	function delete_user( $p_user_id ) {
+		global $g_mantis_user_table, $g_mantis_user_profile_table,
+		       $g_mantis_user_pref_table, $g_mantis_project_user_list_table;
+
+		$c_user_id = (integer)$p_user_id;
+
+	    if ( !get_user_field( $p_user_id, 'protected' ) ) {
+		    # Remove account
+	    	$query = "DELETE
+    				FROM $g_mantis_user_table
+    				WHERE id='$c_user_id'";
+	    	$result = db_query( $query );
+			$success = db_affected_rows();
+
+		    # Remove associated profiles
+		    $query = "DELETE
+	    			FROM $g_mantis_user_profile_table
+	    			WHERE user_id='$c_user_id'";
+		    $result = db_query( $query );
+
+			# Remove associated preferences
+    		$query = "DELETE
+    				FROM $g_mantis_user_pref_table
+    				WHERE user_id='$c_user_id'";
+    		$result = db_query( $query );
+
+	    	$query = "DELETE
+    				FROM $g_mantis_project_user_list_table
+	    			WHERE user_id='$c_user_id'";
+		    $result = db_query( $query );
+
+			drop_user_info_cache();
+
+			return $success;
+		} else {
+			return 0;
+		}
+    }
+
 	# --------------------
 	###########################################################################
 	# Access Control API

doc/ChangeLog

@@ -2,6 +2,7 @@ Mantis ChangeLog
 
 2002.08.??  -  0.18.0
 
+ * Account pruning now also removes profiles, preferences and such.
  * Added $g_auto_set_status_to_assigned to allow enabling/disabling of automatically setting the status to ASSIGNED when the defect is assigned.  Default is ON.
  * Added $g_default_notify_flags and $g_notify_flags which replace $g_notify_developers_on_new, $g_notify_on_new_threshold, and $g_notify_admin_on_new.  The old flags are no longer supported.  The new ones provide full control on who should be notified on each event/action.
  * Added $g_handle_bug_threshold to allow controlling the access level required for a user to appear in the assign to list and be able to handle bugs.
@@ -20,9 +21,10 @@ Mantis ChangeLog
  * Added button to copy categories from another project, in addition to the current 'copy to'.
  * Added capability to monitor bugs even when not reporter or handler
  * Added check_varset() function to replace if isset() else checks.
- * Added Chinese Simplified transaltion.
+ * Added Chinese Simplified translation.
  * Added configuration flags ($g_show_queries_count and $g_show_queries_list) that track the executed queries and display their total count, unique queries count, and the actual list of queries executed.
  * Added custom attributes for the 7 ones in config_inc.php : priority, severity, status (with colors), etc... Define it in manage_proj_menu_page.php ; implementation has been thought in a 'per project Settings' conception, but only available for all projects right now.
+ * Added delete_user() function to core_user_API.php and replaced this functionality in other files with a call to this function.
  * Added links from the counters of bugs reported and assigned to logged in user to their corresponding filtered view.
  * Added more visual graph pages in summary_page.php. Caution, old versions of JPGraph may cause problems, use v1.6.3 or above if you can.
  * Added multiple bug actions in view_all_bug_page.php.
@@ -46,6 +48,7 @@ Mantis ChangeLog
  * Added word2k and excel export in print_all_bug_page.php. Users can choose the bugs to display/print, and the fields to export with the 'Printing Options' link.
  * Administrators can now modify the preferences for all users that are not protected.  Protected users need to be unprotected first.
  * Closed a security problem with print_all_bug_page.php which allowed reporters to see bug summaries of bugs they hadn't reported.
+ * Early 2002, an extraordinary thing happened. While Kenzaburo Ito had been maintaining Mantis mostly on his own for years, suddenly others started to help with the development. To reflect/celebrate that, copyright on Mantis for the years 2002 and onward is transferred to the 'Mantis Group', consisting of all of Mantis' developers. All files have had their copyright notices changed to reflect this.
  * Enhanced the admin_upgrade.php script, and supported auto-generation of SQL files.
  * Fixed defects with updating project categories and versions.
  * Fixed problem deleting bugnotes.
@@ -75,11 +78,11 @@ Mantis ChangeLog
  * Removed HTML entities from all localization files.
  * Removed most file variables from default/config_inc2.php.
  * Removed special status of 'closed' concerning colors. 'View all bugs' will use the configured background color.
+ * Removed the f_protected hidden form fields in user delete/update/etc. and let the scripts check it directly.
  * Replaced $g_<status>_color variables with $g_status_colors['<status color>'] array in the configuration.  For example, $g_new_color is replaced with $g_status_colors['new'].
  * Reworked !isset() checks to use check_varset().
  * Reworked BCTimer class to be more useful for debugging.
  * Reworked code formatting for $c_ variables.
- * Early 2002, an extraordinary thing happened. While Kenzaburo Ito had been maintaining Mantis mostly on his own for years, suddenly others started to help with the development. To reflect/celebrate that, copyright on Mantis for the years 2002 and onward is transferred to the 'Mantis Group', consisting of all of Mantis' developers. All files have had their copyright notices changed to reflect this.
  * Updated comments in all localization files to point to correct file names.
  * Updated Hungarian, Russian, Romanian, German, Danish, Norwegian and Dutch localizations.
 

manage_prune.php

@@ -13,11 +13,16 @@
 	# Delete the users who have never logged in and are older than 1 week
 	$days_old = 7;
 	$days_old = (integer)$days_old;
-	$query = "DELETE
+	$query = "SELECT id
 			FROM $g_mantis_user_table
 			WHERE login_count=0 AND TO_DAYS(NOW()) - '$days_old' > TO_DAYS(date_created)";
 	$result = db_query($query);
 
+	for ($i=0; $i < db_num_rows( $result ); $i++) {
+		$row = db_fetch_array( $result );
+		delete_user($row['id']);
+	}
+
 	$t_redirect_url = 'manage_page.php';
 	if ( $result ) {
 		print_header_redirect( $t_redirect_url );

manage_user_delete.php

@@ -9,37 +9,9 @@
 <?php login_cookie_check() ?>
 <?php
 	check_access( ADMINISTRATOR );
-	$c_id = (integer)$f_id;
-
-	# delete account
-    if ( $f_protected != 'on' ) {
-	    # Remove account
-    	$query = "DELETE
-    			FROM $g_mantis_user_table
-    			WHERE id='$c_id'";
-	    $result = db_query( $query );
-
-	    # Remove associated profiles
-	    $query = "DELETE
-	    		FROM $g_mantis_user_profile_table
-	    		WHERE user_id='$c_id'";
-	    $result = db_query( $query );
-
-		# Remove associated preferences
-    	$query = "DELETE
-    			FROM $g_mantis_user_pref_table
-    			WHERE user_id='$c_id'";
-    	$result = db_query( $query );
-
-    	$query = "DELETE
-    			FROM $g_mantis_project_user_list_table
-	    		WHERE user_id='$c_id'";
-	    $result = db_query( $query );
-
-		drop_user_info_cache();
-    }
-
     $t_redirect_url = 'manage_page.php';
+
+	$t_protected = !delete_user($f_id);
 ?>
 <?php print_page_top1() ?>
 <?php
@@ -52,12 +24,10 @@
 <p>
 <div align="center">
 <?php
-	if ( "on" == $f_protected ) {				# PROTECTED
+	if ( $t_protected ) {				# PROTECTED
 		PRINT $s_account_delete_protected_msg.'<p>';
-	} else if ( $result ) {						# SUCCESS
+	} else {						# SUCCESS
 		PRINT $s_operation_successful.'<p>';
-	} else {									# FAILURE
-		print_sql_error( $query );
 	}
 
 	print_bracket_link( $t_redirect_url, $s_proceed );

manage_user_delete_page.php

@@ -20,7 +20,6 @@
 
 	<form method="post" action="manage_user_delete.php">
 		<input type="hidden" name="f_id" value="<?php echo $f_id ?>">
-		<input type="hidden" name="f_protected" value="<?php echo $f_protected ?>">
 		<input type="submit" value="<?php echo $s_delete_account_button ?>">
 	</form>
 

manage_user_page.php

@@ -80,14 +80,12 @@
 		<form method="post" action="manage_user_reset.php">
 		<input type="hidden" name="f_id" value="<?php echo $u_id ?>">
 		<input type="hidden" name="f_email" value="<?php echo $u_email ?>">
-		<input type="hidden" name="f_protected" value="<?php echo $u_protected ?>">
 		<input type="submit" value="<?php echo $s_reset_password_button ?>">
 		</form>
 	</td>
 	<td class="center">
 		<form method="post" action="manage_user_delete_page.php">
 		<input type="hidden" name="f_id" value="<?php echo $u_id ?>">
-		<input type="hidden" name="f_protected" value="<?php echo $u_protected ?>">
 		<input type="submit" value="<?php echo $s_delete_user_button ?>">
 		</form>
 	</td>

manage_user_reset.php

@@ -10,6 +10,7 @@
 <?php
 	check_access( ADMINISTRATOR );
 	$c_id = (integer)$f_id;
+	$f_protected = get_user_field( $p_user_id, 'protected' );
 
 	# Either generate a random password and email it if emailing is enabled.
 	# Otherwise make a blank one.

proj_doc_delete_page.php

@@ -20,7 +20,6 @@
 
 	<form method="post" action="proj_doc_delete.php">
 		<input type="hidden" name="f_id" value="<?php echo $f_id ?>">
-		<input type="hidden" name="f_protected" value="<?php echo $f_protected ?>">
 		<input type="submit" value="<?php echo $s_file_delete_button ?>">
 	</form>