function deleteMembers($users, $check_not_admin = false)
{
global $sourcedir, $modSettings, $user_info, $backend_subdir;
// Try give us a while to sort this out...
@set_time_limit(600);
// Try to get some more memory.
if (@ini_get('memory_limit') < 128) {
@ini_set('memory_limit', '128M');
}
// If it's not an array, make it so!
if (!is_array($users)) {
$users = array($users);
} else {
$users = array_unique($users);
}
// Make sure there's no void user in here.
$users = array_diff($users, array(0));
// How many are they deleting?
if (empty($users)) {
return;
} elseif (count($users) == 1) {
list($user) = $users;
if ($user == $user_info['id']) {
isAllowedTo('profile_remove_own');
} else {
isAllowedTo('profile_remove_any');
}
} else {
foreach ($users as $k => $v) {
$users[$k] = (int) $v;
}
// Deleting more than one? You can't have more than one account...
isAllowedTo('profile_remove_any');
}
// Get their names for logging purposes.
$request = smf_db_query('
SELECT id_member, member_name, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
FROM {db_prefix}members
WHERE id_member IN ({array_int:user_list})
LIMIT ' . count($users), array('user_list' => $users, 'admin_group' => 1));
$admins = array();
$user_log_details = array();
while ($row = mysql_fetch_assoc($request)) {
if ($row['is_admin']) {
$admins[] = $row['id_member'];
}
$user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
}
mysql_free_result($request);
if (empty($user_log_details)) {
return;
}
// Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
if (!empty($admins) && ($check_not_admin || !allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))) {
$users = array_diff($users, $admins);
foreach ($admins as $id) {
unset($user_log_details[$id]);
}
}
// No one left?
if (empty($users)) {
return;
}
// Log the action - regardless of who is deleting it.
$log_inserts = array();
foreach ($user_log_details as $user) {
// Integration rocks!
HookAPI::callHook('integrate_delete_member', array($user[0]));
// Add it to the administration log for future reference.
$log_inserts[] = array(time(), 3, $user_info['id'], $user_info['ip'], 'delete_member', 0, 0, 0, serialize(array('member' => $user[0], 'name' => $user[1], 'member_acted' => $user_info['name'])));
// Remove any cached data if enabled.
if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
CacheAPI::putCache('user_settings-' . $user[0], null, 60);
}
}
// Do the actual logging...
if (!empty($log_inserts) && !empty($modSettings['modlog_enabled'])) {
smf_db_insert('', '{db_prefix}log_actions', array('log_time' => 'int', 'id_log' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'action' => 'string', 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string-65534'), $log_inserts, array('id_action'));
}
// Make these peoples' posts guest posts.
smf_db_query('
UPDATE {db_prefix}messages
SET id_member = {int:guest_id}, poster_email = {string:blank_email}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'blank_email' => '', 'users' => $users));
smf_db_query('
UPDATE {db_prefix}polls
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// Make these peoples' posts guest first posts and last posts.
smf_db_query('
UPDATE {db_prefix}topics
SET id_member_started = {int:guest_id}
WHERE id_member_started IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
smf_db_query('
UPDATE {db_prefix}topics
SET id_member_updated = {int:guest_id}
WHERE id_member_updated IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
smf_db_query('
UPDATE {db_prefix}log_actions
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
smf_db_query('
UPDATE {db_prefix}log_banned
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
smf_db_query('
UPDATE {db_prefix}log_errors
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// Delete the member.
smf_db_query('
DELETE FROM {db_prefix}members
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete the logs...
smf_db_query('
DELETE FROM {db_prefix}log_actions
WHERE id_log = {int:log_type}
AND id_member IN ({array_int:users})', array('log_type' => 2, 'users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_boards
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_comments
WHERE id_recipient IN ({array_int:users})
AND comment_type = {string:warntpl}', array('users' => $users, 'warntpl' => 'warntpl'));
smf_db_query('
DELETE FROM {db_prefix}log_group_requests
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_karma
WHERE id_target IN ({array_int:users})
OR id_executor IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_mark_read
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_notify
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_online
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_subscribed
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}log_topics
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}collapsed_categories
WHERE id_member IN ({array_int:users})', array('users' => $users));
// delete activities and corresponding notifications
smf_db_query('
DELETE a.*, n.* FROM {db_prefix}log_activities AS a LEFT JOIN {db_prefix}log_notifications AS n ON (n.id_act = a.id_act)
WHERE a.id_member IN ({array_int:users})', array('users' => $users));
// Make their votes appear as guest votes - at least it keeps the totals right.
//!!! Consider adding back in cookie protection.
smf_db_query('
UPDATE {db_prefix}log_polls
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// Delete personal messages.
require_once $sourcedir . '/PersonalMessage.php';
deleteMessages(null, null, $users);
smf_db_query('
UPDATE {db_prefix}personal_messages
SET id_member_from = {int:guest_id}
WHERE id_member_from IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// They no longer exist, so we don't know who it was sent to.
smf_db_query('
DELETE FROM {db_prefix}pm_recipients
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}drafts WHERE id_member IN ({array_int:members})', array('members' => $users));
// Delete avatar.
require_once $sourcedir . '/lib/Subs-ManageAttachments.php';
removeAttachments(array('id_member' => $users));
// It's over, no more moderation for you.
smf_db_query('
DELETE FROM {db_prefix}moderators
WHERE id_member IN ({array_int:users})', array('users' => $users));
smf_db_query('
DELETE FROM {db_prefix}group_moderators
WHERE id_member IN ({array_int:users})', array('users' => $users));
// If you don't exist we can't ban you.
smf_db_query('
DELETE FROM {db_prefix}ban_items
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Remove individual theme settings.
smf_db_query('
DELETE FROM {db_prefix}themes
WHERE id_member IN ({array_int:users})', array('users' => $users));
// These users are nobody's buddy nomore.
$request = smf_db_query('
SELECT id_member, pm_ignore_list, buddy_list
FROM {db_prefix}members
WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0', array('pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users), 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users)));
while ($row = mysql_fetch_assoc($request)) {
smf_db_query('
UPDATE {db_prefix}members
SET
pm_ignore_list = {string:pm_ignore_list},
buddy_list = {string:buddy_list}
WHERE id_member = {int:id_member}', array('id_member' => $row['id_member'], 'pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)), 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users))));
}
mysql_free_result($request);
// Make sure no member's birthday is still sticking in the calendar...
updateSettings(array('calendar_updated' => time()));
updateStats('member');
}
/**
* This will apply rules to all unread messages. If all_messages is set will, clearly, do it to all!
*
* @param bool $all_messages = false
*/
function ApplyRules($all_messages = false)
{
global $user_info, $smcFunc, $context, $options;
// Want this - duh!
loadRules();
// No rules?
if (empty($context['rules'])) {
return;
}
// Just unread ones?
$ruleQuery = $all_messages ? '' : ' AND pmr.is_new = 1';
// @todo Apply all should have timeout protection!
// Get all the messages that match this.
$request = $smcFunc['db_query']('', '
SELECT
pmr.id_pm, pm.id_member_from, pm.subject, pm.body, mem.id_group, pmr.labels
FROM {db_prefix}pm_recipients AS pmr
INNER JOIN {db_prefix}personal_messages AS pm ON (pm.id_pm = pmr.id_pm)
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = pm.id_member_from)
WHERE pmr.id_member = {int:current_member}
AND pmr.deleted = {int:not_deleted}
' . $ruleQuery, array('current_member' => $user_info['id'], 'not_deleted' => 0));
$actions = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
foreach ($context['rules'] as $rule) {
$match = false;
// Loop through all the criteria hoping to make a match.
foreach ($rule['criteria'] as $criterium) {
if ($criterium['t'] == 'mid' && $criterium['v'] == $row['id_member_from'] || $criterium['t'] == 'gid' && $criterium['v'] == $row['id_group'] || $criterium['t'] == 'sub' && strpos($row['subject'], $criterium['v']) !== false || $criterium['t'] == 'msg' && strpos($row['body'], $criterium['v']) !== false) {
$match = true;
} elseif ($rule['logic'] == 'and') {
$match = false;
break;
}
}
// If we have a match the rule must be true - act!
if ($match) {
if ($rule['delete']) {
$actions['deletes'][] = $row['id_pm'];
} else {
foreach ($rule['actions'] as $ruleAction) {
if ($ruleAction['t'] == 'lab') {
// Get a basic pot started!
if (!isset($actions['labels'][$row['id_pm']])) {
$actions['labels'][$row['id_pm']] = empty($row['labels']) ? array() : explode(',', $row['labels']);
}
$actions['labels'][$row['id_pm']][] = $ruleAction['v'];
}
}
}
}
}
}
$smcFunc['db_free_result']($request);
// Deletes are easy!
if (!empty($actions['deletes'])) {
deleteMessages($actions['deletes']);
}
// Relabel?
if (!empty($actions['labels'])) {
foreach ($actions['labels'] as $pm => $labels) {
// Quickly check each label is valid!
$realLabels = array();
foreach ($context['labels'] as $label) {
if (in_array($label['id'], $labels) && ($label['id'] != -1 || empty($options['pm_remove_inbox_label']))) {
$realLabels[] = $label['id'];
}
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}pm_recipients
SET labels = {string:new_labels}
WHERE id_pm = {int:id_pm}
AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'id_pm' => $pm, 'new_labels' => empty($realLabels) ? '' : implode(',', $realLabels)));
}
}
}
});
$app->get('/users/:facebookId', function ($facebookId) use($entityManager) {
$sql = "select username from users where facebookId = :facebookId";
$params['facebookId'] = $facebookId;
$stmt = $entityManager->getConnection()->prepare($sql);
$stmt->execute($params);
$result = $stmt->fetchAll();
if (count($result) == 0) {
echo json_encode($result);
} else {
echo json_encode($result);
}
});
$app->delete('/users/:id', function ($id) {
deleteVotes($id, $entityManager);
deleteMessages($id, $entityManager);
deleteUser($id, $entityManager);
});
function deleteVotes($id, $entityManager)
{
$sql = "DELETE FROM votes WHERE votes.from = :id or votes.to = :id";
$params['id'] = $id;
$stmt = $entityManager->getConnection()->prepare($sql);
$stmt->execute($params);
echo json_encode($stmt->fetchAll());
}
function deleteMessages($id, $entityManager)
{
$sql = "DELETE FROM messages WHERE messages.from = :id or messages.to = :id";
$params['id'] = $id;
$stmt = $entityManager->getConnection()->prepare($sql);
function MessagePrune()
{
global $txt, $context, $db_prefix, $ID_MEMBER, $scripturl;
// Actually delete the messages.
if (isset($_REQUEST['age'])) {
checkSession();
// Calculate the time to delete before.
$deleteTime = time() - 86400 * (int) $_REQUEST['age'];
// Array to store the IDs in.
$toDelete = array();
// Select all the messages they have sent older than $deleteTime.
$request = db_query("\n\t\t\tSELECT ID_PM\n\t\t\tFROM {$db_prefix}personal_messages\n\t\t\tWHERE deletedBySender = 0\n\t\t\t\tAND ID_MEMBER_FROM = {$ID_MEMBER}\n\t\t\t\tAND msgtime < {$deleteTime}", __FILE__, __LINE__);
while ($row = mysql_fetch_row($request)) {
$toDelete[] = $row[0];
}
mysql_free_result($request);
// Select all messages in their inbox older than $deleteTime.
$request = db_query("\n\t\t\tSELECT pmr.ID_PM\n\t\t\tFROM ({$db_prefix}pm_recipients AS pmr, {$db_prefix}personal_messages AS pm)\n\t\t\tWHERE pmr.deleted = 0\n\t\t\t\tAND pmr.ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND pm.ID_PM = pmr.ID_PM\n\t\t\t\tAND pm.msgtime < {$deleteTime}", __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
$toDelete[] = $row['ID_PM'];
}
mysql_free_result($request);
// Delete the actual messages.
deleteMessages($toDelete);
// Go back to their inbox.
redirectexit($context['current_label_redirect']);
}
// Build the link tree elements.
$context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=prune', 'name' => $txt['pm_prune']);
$context['sub_template'] = 'prune';
$context['page_title'] = $txt['pm_prune'];
}
}
$messagesIds = str_ireplace(' ', ',', $messagesIds);
$requiredMessageActions = array('read', 'unread', 'delete');
if (in_array($action, $requiredMessageActions) && strlen($messagesIds) == 0) {
header("Location: {$url}?page={$current_page}&error_message=0");
die;
}
switch ($action) {
case 'read':
readMessages($messagesIds);
break;
case 'unread':
unreadMessages($messagesIds);
break;
case 'delete':
deleteMessages($messagesIds);
break;
case 'selectall':
$select_all = selectAll($_POST['page']);
header("Location: {$url}?page={$current_page}&select_all={$select_all}");
die;
break;
case 'nothing':
header("Location: {$url}?page={$current_page}&error_message=1");
die;
break;
default:
break;
}
header("Location: {$url}?page={$current_page}");
function readMessages($messages)
function deleteMembers($users)
{
global $db_prefix, $sourcedir, $modSettings, $ID_MEMBER;
// If it's not an array, make it so!
if (!is_array($users)) {
$users = array($users);
} else {
$users = array_unique($users);
}
// Make sure there's no void user in here.
$users = array_diff($users, array(0));
// How many are they deleting?
if (empty($users)) {
return;
} elseif (count($users) == 1) {
list($user) = $users;
$condition = '= ' . $user;
if ($user == $ID_MEMBER) {
isAllowedTo('profile_remove_own');
} else {
isAllowedTo('profile_remove_any');
}
} else {
foreach ($users as $k => $v) {
$users[$k] = (int) $v;
}
$condition = 'IN (' . implode(', ', $users) . ')';
// Deleting more than one? You can't have more than one account...
isAllowedTo('profile_remove_any');
}
// Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
if (!allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $ID_MEMBER)) {
$request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE ID_MEMBER IN (" . implode(', ', $users) . ")\n\t\t\t\tAND (ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups) != 0)\n\t\t\tLIMIT " . count($users), __FILE__, __LINE__);
$admins = array();
while ($row = mysql_fetch_assoc($request)) {
$admins[] = $row['ID_MEMBER'];
}
mysql_free_result($request);
if (!empty($admins)) {
$users = array_diff($users, $admins);
}
}
if (empty($users)) {
return;
}
// Log the action - regardless of who is deleting it.
foreach ($users as $user) {
// Integration rocks!
if (isset($modSettings['integrate_delete_member']) && function_exists($modSettings['integrate_delete_member'])) {
call_user_func($modSettings['integrate_delete_member'], $user);
}
logAction('delete_member', array('member' => $user));
}
// Make these peoples' posts guest posts.
db_query("\n\t\tUPDATE {$db_prefix}messages\n\t\tSET ID_MEMBER = 0" . (!empty($modSettings['allow_hideEmail']) ? ", posterEmail = ''" : '') . "\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tUPDATE {$db_prefix}polls\n\t\tSET ID_MEMBER = 0\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
// Make these peoples' posts guest first posts and last posts.
db_query("\n\t\tUPDATE {$db_prefix}topics\n\t\tSET ID_MEMBER_STARTED = 0\n\t\tWHERE ID_MEMBER_STARTED {$condition}", __FILE__, __LINE__);
db_query("\n\t\tUPDATE {$db_prefix}topics\n\t\tSET ID_MEMBER_UPDATED = 0\n\t\tWHERE ID_MEMBER_UPDATED {$condition}", __FILE__, __LINE__);
db_query("\n\t\tUPDATE {$db_prefix}log_actions\n\t\tSET ID_MEMBER = 0\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tUPDATE {$db_prefix}log_banned\n\t\tSET ID_MEMBER = 0\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tUPDATE {$db_prefix}log_errors\n\t\tSET ID_MEMBER = 0\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
// Delete the member.
db_query("\n\t\tDELETE FROM {$db_prefix}members\n\t\tWHERE ID_MEMBER {$condition}\n\t\tLIMIT " . count($users), __FILE__, __LINE__);
// Delete the logs...
db_query("\n\t\tDELETE FROM {$db_prefix}log_boards\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_karma\n\t\tWHERE ID_TARGET {$condition}\n\t\t\tOR ID_EXECUTOR {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_mark_read\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_notify\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_online\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_polls\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_topics\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}collapsed_categories\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
// Delete personal messages.
require_once $sourcedir . '/PersonalMessage.php';
deleteMessages(null, null, $users);
db_query("\n\t\tUPDATE {$db_prefix}personal_messages\n\t\tSET ID_MEMBER_FROM = 0\n\t\tWHERE ID_MEMBER_FROM {$condition}", __FILE__, __LINE__);
// Delete avatar.
require_once $sourcedir . '/ManageAttachments.php';
removeAttachments('a.ID_MEMBER ' . $condition);
// It's over, no more moderation for you.
db_query("\n\t\tDELETE FROM {$db_prefix}moderators\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
// If you don't exist we can't ban you.
db_query("\n\t\tDELETE FROM {$db_prefix}ban_items\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
// Remove individual theme settings.
db_query("\n\t\tDELETE FROM {$db_prefix}themes\n\t\tWHERE ID_MEMBER {$condition}", __FILE__, __LINE__);
// These users are nobody's buddy nomore.
$request = db_query("\n\t\tSELECT ID_MEMBER, pm_ignore_list, buddy_list\n\t\tFROM {$db_prefix}members\n\t\tWHERE FIND_IN_SET(" . implode(', pm_ignore_list) OR FIND_IN_SET(', $users) . ', pm_ignore_list) OR FIND_IN_SET(' . implode(', buddy_list) OR FIND_IN_SET(', $users) . ', buddy_list)', __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
db_query("\n\t\t\tUPDATE {$db_prefix}members\n\t\t\tSET\n\t\t\t\tpm_ignore_list = '" . implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)) . "',\n\t\t\t\tbuddy_list = '" . implode(',', array_diff(explode(',', $row['buddy_list']), $users)) . "'\n\t\t\tWHERE ID_MEMBER = {$row['ID_MEMBER']}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
}
mysql_free_result($request);
// Make sure no member's birthday is still sticking in the calendar...
updateStats('calendar');
updateStats('member');
}
/**
* Delete one or more members.
*
* What it does:
* - Requires profile_remove_own or profile_remove_any permission for
* respectively removing your own account or any account.
* - Non-admins cannot delete admins.
*
* The function:
* - changes author of messages, topics and polls to guest authors.
* - removes all log entries concerning the deleted members, except the
* error logs, ban logs and moderation logs.
* - removes these members' personal messages (only the inbox)
* - rmoves avatars, ban entries, theme settings, moderator positions, poll votes,
* drafts, likes, mentions, notifications
* - removes custom field data associated with them
* - updates member statistics afterwards.
*
* @package Members
* @param int[]|int $users
* @param bool $check_not_admin = false
*/
function deleteMembers($users, $check_not_admin = false)
{
global $modSettings, $user_info;
$db = database();
// Try give us a while to sort this out...
@set_time_limit(600);
// Try to get some more memory.
setMemoryLimit('128M');
// If it's not an array, make it so!
if (!is_array($users)) {
$users = array($users);
} else {
$users = array_unique($users);
}
// Make sure there's no void user in here.
$users = array_diff($users, array(0));
// How many are they deleting?
if (empty($users)) {
return;
} elseif (count($users) == 1) {
list($user) = $users;
if ($user == $user_info['id']) {
isAllowedTo('profile_remove_own');
} else {
isAllowedTo('profile_remove_any');
}
} else {
foreach ($users as $k => $v) {
$users[$k] = (int) $v;
}
// Deleting more than one? You can't have more than one account...
isAllowedTo('profile_remove_any');
}
// Get their names for logging purposes.
$request = $db->query('', '
SELECT id_member, member_name, email_address, CASE WHEN id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 THEN 1 ELSE 0 END AS is_admin
FROM {db_prefix}members
WHERE id_member IN ({array_int:user_list})
LIMIT ' . count($users), array('user_list' => $users, 'admin_group' => 1));
$admins = array();
$emails = array();
$user_log_details = array();
while ($row = $db->fetch_assoc($request)) {
if ($row['is_admin']) {
$admins[] = $row['id_member'];
}
$user_log_details[$row['id_member']] = array($row['id_member'], $row['member_name']);
$emails[] = $row['email_address'];
}
$db->free_result($request);
if (empty($user_log_details)) {
return;
}
// Make sure they aren't trying to delete administrators if they aren't one. But don't bother checking if it's just themself.
if (!empty($admins) && ($check_not_admin || !allowedTo('admin_forum') && (count($users) != 1 || $users[0] != $user_info['id']))) {
$users = array_diff($users, $admins);
foreach ($admins as $id) {
unset($user_log_details[$id]);
}
}
// No one left?
if (empty($users)) {
return;
}
// Log the action - regardless of who is deleting it.
$log_changes = array();
foreach ($user_log_details as $user) {
$log_changes[] = array('action' => 'delete_member', 'log_type' => 'admin', 'extra' => array('member' => $user[0], 'name' => $user[1], 'member_acted' => $user_info['name']));
// Remove any cached data if enabled.
if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
cache_put_data('user_settings-' . $user[0], null, 60);
}
}
// Make these peoples' posts guest posts.
$db->query('', '
UPDATE {db_prefix}messages
SET id_member = {int:guest_id}' . (!empty($modSettings['deleteMembersRemovesEmail']) ? ',
poster_email = {string:blank_email}' : '') . '
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'blank_email' => '', 'users' => $users));
$db->query('', '
UPDATE {db_prefix}polls
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// Make these peoples' posts guest first posts and last posts.
$db->query('', '
UPDATE {db_prefix}topics
SET id_member_started = {int:guest_id}
WHERE id_member_started IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
$db->query('', '
UPDATE {db_prefix}topics
SET id_member_updated = {int:guest_id}
WHERE id_member_updated IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
$db->query('', '
UPDATE {db_prefix}log_actions
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
$db->query('', '
UPDATE {db_prefix}log_banned
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
$db->query('', '
UPDATE {db_prefix}log_errors
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// Delete the member.
$db->query('', '
DELETE FROM {db_prefix}members
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete any drafts...
$db->query('', '
DELETE FROM {db_prefix}user_drafts
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete any likes...
$db->query('', '
DELETE FROM {db_prefix}message_likes
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete any custom field data...
$db->query('', '
DELETE FROM {db_prefix}custom_fields_data
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete any post by email keys...
$db->query('', '
DELETE FROM {db_prefix}postby_emails
WHERE email_to IN ({array_string:emails})', array('emails' => $emails));
// Delete the logs...
$db->query('', '
DELETE FROM {db_prefix}log_actions
WHERE id_log = {int:log_type}
AND id_member IN ({array_int:users})', array('log_type' => 2, 'users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_boards
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_comments
WHERE id_recipient IN ({array_int:users})
AND comment_type = {string:warntpl}', array('users' => $users, 'warntpl' => 'warntpl'));
$db->query('', '
DELETE FROM {db_prefix}log_group_requests
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_karma
WHERE id_target IN ({array_int:users})
OR id_executor IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_mark_read
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_notify
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_online
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_subscribed
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}log_topics
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}collapsed_categories
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Make their votes appear as guest votes - at least it keeps the totals right.
// @todo Consider adding back in cookie protection.
$db->query('', '
UPDATE {db_prefix}log_polls
SET id_member = {int:guest_id}
WHERE id_member IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// Remove the mentions
$db->query('', '
DELETE FROM {db_prefix}log_mentions
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete personal messages.
require_once SUBSDIR . '/PersonalMessage.subs.php';
deleteMessages(null, null, $users);
$db->query('', '
UPDATE {db_prefix}personal_messages
SET id_member_from = {int:guest_id}
WHERE id_member_from IN ({array_int:users})', array('guest_id' => 0, 'users' => $users));
// They no longer exist, so we don't know who it was sent to.
$db->query('', '
DELETE FROM {db_prefix}pm_recipients
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Delete avatar.
require_once SUBSDIR . '/ManageAttachments.subs.php';
removeAttachments(array('id_member' => $users));
// It's over, no more moderation for you.
$db->query('', '
DELETE FROM {db_prefix}moderators
WHERE id_member IN ({array_int:users})', array('users' => $users));
$db->query('', '
DELETE FROM {db_prefix}group_moderators
WHERE id_member IN ({array_int:users})', array('users' => $users));
// If you don't exist we can't ban you.
$db->query('', '
DELETE FROM {db_prefix}ban_items
WHERE id_member IN ({array_int:users})', array('users' => $users));
// Remove individual theme settings.
$db->query('', '
DELETE FROM {db_prefix}themes
WHERE id_member IN ({array_int:users})', array('users' => $users));
// These users are nobody's buddy nomore.
$request = $db->query('', '
SELECT id_member, pm_ignore_list, buddy_list
FROM {db_prefix}members
WHERE FIND_IN_SET({raw:pm_ignore_list}, pm_ignore_list) != 0 OR FIND_IN_SET({raw:buddy_list}, buddy_list) != 0', array('pm_ignore_list' => implode(', pm_ignore_list) != 0 OR FIND_IN_SET(', $users), 'buddy_list' => implode(', buddy_list) != 0 OR FIND_IN_SET(', $users)));
while ($row = $db->fetch_assoc($request)) {
updateMemberData($row['id_member'], array('pm_ignore_list' => implode(',', array_diff(explode(',', $row['pm_ignore_list']), $users)), 'buddy_list' => implode(',', array_diff(explode(',', $row['buddy_list']), $users))));
}
$db->free_result($request);
// Make sure no member's birthday is still sticking in the calendar...
updateSettings(array('calendar_updated' => time()));
// Integration rocks!
call_integration_hook('integrate_delete_members', array($users));
updateMemberStats();
logActions($log_changes);
}
/**
* This function allows the user to prune (delete) all messages older than a supplied duration.
*/
public function action_prune()
{
global $txt, $context, $user_info, $scripturl;
// Actually delete the messages.
if (isset($_REQUEST['age'])) {
checkSession();
// Calculate the time to delete before.
$deleteTime = max(0, time() - 86400 * (int) $_REQUEST['age']);
// Select all the messages older than $deleteTime.
$toDelete = getPMsOlderThan($user_info['id'], $deleteTime);
// Delete the actual messages.
deleteMessages($toDelete);
// Go back to their inbox.
redirectexit($context['current_label_redirect']);
}
// Build the link tree elements.
$context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=prune', 'name' => $txt['pm_prune']);
$context['sub_template'] = 'prune';
$context['page_title'] = $txt['pm_prune'];
}
function method_delete_message()
{
global $mobdb, $mobsettings, $modSettings, $context, $sourcedir, $user_info, $txt;
if ($user_info['is_guest']) {
outputRPCResult(false, $txt[1]);
}
if (!allowedTo('pm_read')) {
outputRPCResult(false, $txt['cannot_pm_read']);
}
// Invalid message ID?
if (!isset($context['mob_request']['params'][0])) {
outputRPCResult(false, $txt['smf272']);
}
$id_pm = $context['mob_request']['params'][0][0];
// Delete the PM
require_once $sourcedir . '/PersonalMessage.php';
deleteMessages(array((int) $id_pm));
outputRPCResult(true);
}
