/**
* Delete member
*
* This function deletes all member data, and all communications from said member
* stored on the system, and returns the id for further use
*
* @access public
* @param mixed Single member ID as int, or array of member IDs to delete
* @param int Member ID to take over ownership of deleted members' entries
* @return void
*/
function delete_member($member_ids = array(), $heir_id = NULL)
{
// Make sure $member_ids is an array
if (!is_array($member_ids)) {
$member_ids = array((int) $member_ids);
}
// ---------------------------------------------------------------
// 'member_delete' hook.
// - Provides an opportunity for extra code to be executed upon
// member deletion, and also gives the opportunity to skip
// deletion for some members all together by altering the array of
// member IDs we pass to the hook.
//
if ($this->extensions->active_hook('member_delete')) {
$member_ids = $this->extensions->call('member_delete', $member_ids);
}
//
// ---------------------------------------------------------------
// No member IDs? Bail out
if ($member_ids == NULL or !count($member_ids)) {
return FALSE;
}
// ---------------------------------------------------------------
// Remove traces of member from base member tables
// ---------------------------------------------------------------
$tables_fields = array('members' => 'member_id', 'member_data' => 'member_id', 'member_homepage' => 'member_id', 'message_data' => 'sender_id', 'message_folders' => 'member_id', 'message_listed' => 'member_id', 'message_listed' => 'listed_member', 'message_copies' => 'recipient_id', 'remember_me' => 'member_id', 'sessions' => 'member_id');
// If comment module is installed
if ($this->db->table_exists('comment_subscriptions')) {
$tables_fields['comment_subscriptions'] = 'member_id';
}
// Loop through tables array and clear out based on member ID
foreach ($tables_fields as $table => $field) {
$this->db->where_in($field, $member_ids)->delete($table);
}
// ---------------------------------------------------------------
// Delete private messages and update members' unread count
// ---------------------------------------------------------------
// First, we need to get a list of recipient IDs who will be affected
// by deleting the members we are deleting so that we can update the
// unread PM count for those users only
$this->db->distinct('recipient_id');
$this->db->where('message_read', 'n');
$this->db->where_in('sender_id', $member_ids);
$messages = $this->db->get('message_copies');
// Now that we know which recipients are affected, we can delete the
// member-to-be-deleted's messages...
$this->db->where_in('sender_id', $member_ids)->delete('message_copies');
if ($messages->num_rows()) {
// Build recipient IDs array
foreach ($messages->result_array() as $message) {
$recipient_ids[] = $message['recipient_id'];
}
// ...and get the new unread count for the affected users
$this->db->select('count(*) as count, recipient_id');
$this->db->where('message_read', 'n');
$this->db->where_in('recipient_id', $recipient_ids);
$this->db->group_by('recipient_id');
$unread_messages = $this->db->get('message_copies');
// Set everyone's unread message count to zero first, because if a user
// has zero messages now, they won't have shown up in the above query
$this->db->where_in('member_id', $recipient_ids);
$this->db->update('members', array('private_messages' => 0));
// For each user, update their private messages unread count with
// what we gathered above
foreach ($unread_messages->result_array() as $message) {
$this->db->where('member_id', $message['recipient_id']);
$this->db->update('members', array('private_messages' => $message['count']));
}
}
// ---------------------------------------------------------------
// Get member's channel entries, reassign them to the entries heir
// or delete them all together if heir isn't specified
// ---------------------------------------------------------------
// Get member's entries
$this->db->select('entry_id, channel_id');
$this->db->where_in('author_id', $member_ids);
$entries = $this->db->get('channel_titles');
$channel_ids = array();
if ($entries->num_rows()) {
// Reassign entries if heir ID is present
if (!empty($heir_id) && is_numeric($heir_id)) {
$this->db->where_in('author_id', $member_ids);
$this->db->update('channel_titles', array('author_id' => $heir_id));
$this->update_member_entry_stats($heir_id);
} else {
foreach ($entries->result_array() as $entry) {
// Entries to delete
$entry_ids[] = $entry['entry_id'];
// Gather channel IDs to update stats later
$channel_ids[] = $entry['channel_id'];
}
$this->db->where_in('author_id', $member_ids)->delete('channel_titles');
$this->db->where_in('entry_id', $entry_ids)->delete('channel_data');
if ($this->db->table_exists('comments')) {
$this->db->where_in('entry_id', $entry_ids)->delete('comments');
}
}
}
// ---------------------------------------------------------------
// Find affected entries for members's comments and update totals
// ---------------------------------------------------------------
if ($this->db->table_exists('comments')) {
$this->db->select('DISTINCT(entry_id), channel_id');
$this->db->where_in('author_id', $member_ids);
$entries = $this->db->get('comments');
$entry_ids = array();
foreach ($entries->result_array() as $row) {
// Entries to update
$entry_ids[] = $row['entry_id'];
// Gather channel IDs to update stats later
$channel_ids[] = $row['channel_id'];
}
// Delete comments
$this->db->where_in('author_id', $member_ids)->delete('comments');
// Update individual entry comment counts
$this->load->model('comment_model');
$this->comment_model->recount_entry_comments($entry_ids);
}
// Update channel and comment stats
$channel_ids = array_unique($channel_ids);
foreach ($channel_ids as $channel_id) {
$this->stats->update_channel_stats($channel_id);
$this->stats->update_comment_stats($channel_id);
}
// ---------------------------------------------------------------
// Forum Clean-Up
// ---------------------------------------------------------------
if ($this->config->item('forum_is_installed') == "y") {
// Forum tables to clean up
$forum_tables_fields = array('forum_subscriptions' => 'member_id', 'forum_pollvotes' => 'member_id', 'forum_topics' => 'author_id', 'forum_administrators' => 'admin_member_id', 'forum_moderators' => 'mod_member_id', 'forum_polls' => 'author_id');
// Clean out mentions of member in forum tables
foreach ($forum_tables_fields as $table => $field) {
$this->db->where_in($field, $member_ids)->delete($table);
}
// Load forum class
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum.php';
require PATH_MOD . 'forum/mod.forum_core.php';
}
$forum_core = new Forum_Core();
// -----------------------------------------------------------
// Grab affected topic IDs before deleting the member so we can
// update stats
$this->db->select('topic_id');
$this->db->distinct();
$this->db->where_in('author_id', $member_ids);
$topics = $this->db->get('forum_posts');
// Now delete those posts
$this->db->where_in('author_id', $member_ids)->delete('forum_posts');
// Update topic stats
foreach ($topics->result_array() as $row) {
$forum_core->_update_topic_stats($row['topic_id']);
}
// -----------------------------------------------------------
// Update forum stats
$this->db->select('forum_id');
$this->db->where('forum_is_cat', 'n');
$forums = $this->db->get('exp_forums');
foreach ($forums->result_array() as $row) {
$forum_core->_update_post_stats($row['forum_id']);
}
$forum_core->_update_global_stats();
// -----------------------------------------------------------
// Delete from Online Users
$this->db->where_in('member_id', $member_ids)->delete('online_users');
// -----------------------------------------------------------
// Remove attachments
$this->db->select('attachment_id, board_id');
$this->db->where_in('member_id', $member_ids);
$attachments = $this->db->get('forum_attachments');
foreach ($attachments->result_array() as $attachment) {
$forum_core->_remove_attachment($attachment['attachment_id'], $attachment['board_id'], TRUE);
}
}
$this->stats->update_member_stats();
}
/** -------------------------------------
/** Member self-delete
/** -------------------------------------*/
function member_delete()
{
global $DB, $FNS, $IN, $LANG, $OUT, $PREFS, $REGX, $SESS, $STAT;
/** -------------------------------------
/** Make sure they got here via a form
/** -------------------------------------*/
if ( ! $IN->GBL('ACT', 'POST'))
{
// No output for you, Mr. URL Hax0r
return FALSE;
}
$LANG->fetch_language_file('login');
/* -------------------------------------
/* No sneakiness - we'll do this in case the site administrator
/* has foolishly turned off secure forms and some monkey is
/* trying to delete their account from an off-site form or
/* after logging out.
/* -------------------------------------*/
if ($SESS->userdata['member_id'] == 0 OR $SESS->userdata['can_delete_self'] !== 'y')
{
return $OUT->show_user_error('general', $LANG->line('not_authorized'));
}
/** -------------------------------------
/** If the user is a SuperAdmin, then no deletion
/** -------------------------------------*/
if ($SESS->userdata['group_id'] == 1)
{
return $OUT->show_user_error('general', $LANG->line('cannot_delete_super_admin'));
}
/** ----------------------------------------
/** Is IP and User Agent required for login? Then, same here.
/** ----------------------------------------*/
if ($PREFS->ini('require_ip_for_login') == 'y')
{
if ($SESS->userdata['ip_address'] == '' || $SESS->userdata['user_agent'] == '')
{
return $OUT->show_user_error('general', $LANG->line('unauthorized_request'));
}
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if ($SESS->check_password_lockout() === TRUE)
{
return $OUT->show_user_error('general', str_replace("%x", $PREFS->ini('password_lockout_interval'), $LANG->line('password_lockout_in_effect')));
}
/* -------------------------------------
/* Are you who you say you are, or someone sitting at someone
/* else's computer being mean?!
/* -------------------------------------*/
$query = $DB->query("SELECT password FROM exp_members WHERE member_id = '".$SESS->userdata['member_id']."'");
$password = $FNS->hash(stripslashes($IN->GBL('password', 'POST')));
if ($query->row['password'] != $password)
{
$SESS->save_password_lockout();
return $OUT->show_user_error('general', $LANG->line('invalid_pw'));
}
/** -------------------------------------
/** No turning back, get to deletin'!
/** -------------------------------------*/
$id = $SESS->userdata['member_id'];
$DB->query("DELETE FROM exp_members WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'");
$message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'");
$DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'");
$DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'");
$DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'");
if ($message_query->num_rows > 0)
{
foreach($message_query->result as $row)
{
$count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'");
$DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'"));
}
}
/** -------------------------------------
/** Delete Forum Posts
/** -------------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y")
{
$DB->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'");
// Snag the affected topic id's before deleting the member for the update afterwards
$query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
$topic_ids = array();
foreach ($query->result as $row)
{
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$DB->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'");
$DB->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'");
// Update the forum stats
$query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if ( ! class_exists('Forum'))
{
require PATH_MOD.'forum/mod.forum'.EXT;
require PATH_MOD.'forum/mod.forum_core'.EXT;
}
$FRM = new Forum_Core;
foreach ($query->result as $row)
{
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids))
{
foreach ($topic_ids as $topic_id)
{
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Va-poo-rize Weblog Entries and Comments
/** -------------------------------------*/
$entry_ids = array();
$weblog_ids = array();
$recount_ids = array();
// Find Entry IDs and Weblog IDs, then delete
$query = $DB->query("SELECT entry_id, weblog_id FROM exp_weblog_titles WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$entry_ids[] = $row['entry_id'];
$weblog_ids[] = $row['weblog_id'];
}
$DB->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'");
$DB->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('".implode("','", $entry_ids)."')");
$DB->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')");
$DB->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('".implode("','", $entry_ids)."')");
}
// Find the affected entries AND weblog ids for author's comments
$query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE author_id = '{$id}'");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$recount_ids[] = $row['entry_id'];
$weblog_ids[] = $row['weblog_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
$DB->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
// Update stats on weblog entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0)
{
foreach (array_unique($recount_ids) as $entry_id)
{
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($entry_id)."'");
$comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'");
}
}
if (count($weblog_ids) > 0)
{
foreach (array_unique($weblog_ids) as $weblog_id)
{
$STAT->update_weblog_stats($weblog_id);
$STAT->update_comment_stats($weblog_id);
}
}
/** -------------------------------------
/** Email notification recipients
/** -------------------------------------*/
if ($SESS->userdata['mbr_delete_notify_emails'] != '')
{
$notify_address = $SESS->userdata['mbr_delete_notify_emails'];
$swap = array(
'name' => $SESS->userdata['screen_name'],
'email' => $SESS->userdata['email'],
'site_name' => stripslashes($PREFS->ini('site_name'))
);
$email_tit = $FNS->var_swap($LANG->line('mbr_delete_notify_title'), $swap);
$email_msg = $FNS->var_swap($LANG->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (eregi($SESS->userdata('email'), $notify_address))
{
$notify_address = str_replace($SESS->userdata['email'], "", $notify_address);
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '')
{
/** ----------------------------
/** Send email
/** ----------------------------*/
if ( ! class_exists('EEmail'))
{
require PATH_CORE.'core.email'.EXT;
}
$email = new EEmail;
foreach (explode(',', $notify_address) as $addy)
{
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($PREFS->ini('webmaster_email'));
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
}
}
}
/** -------------------------------------
/** Trash the Session and cookies
/** -------------------------------------*/
$DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ip_address = '{$IN->IP}' AND member_id = '{$id}'");
$DB->query("DELETE FROM exp_sessions WHERE session_id = '".$SESS->userdata['session_id']."'");
$FNS->set_cookie($SESS->c_uniqueid);
$FNS->set_cookie($SESS->c_password);
$FNS->set_cookie($SESS->c_session);
$FNS->set_cookie($SESS->c_expire);
$FNS->set_cookie($SESS->c_anon);
$FNS->set_cookie('read_topics');
$FNS->set_cookie('tracker');
/** -------------------------------------
/** Update global member stats
/** -------------------------------------*/
$STAT->update_member_stats();
/** -------------------------------------
/** Build Success Message
/** -------------------------------------*/
$url = $PREFS->ini('site_url');
$name = stripslashes($PREFS->ini('site_name'));
$data = array( 'title' => $LANG->line('mbr_delete'),
'heading' => $LANG->line('thank_you'),
'content' => $LANG->line('mbr_account_deleted'),
'redirect' => '',
'link' => array($url, $name)
);
$OUT->show_message($data);
}
private function _member_delete()
{
// No sneakiness - we'll do this in case the site administrator
// has foolishly turned off secure forms and some monkey is
// trying to delete their account from an off-site form or
// after logging out.
if ($this->EE->session->userdata('member_id') == 0 or $this->EE->session->userdata('can_delete_self') !== 'y') {
return array('error' => $this->EE->lang->line('not_authorized'));
}
// If the user is a SuperAdmin, then no deletion
if ($this->EE->session->userdata('group_id') == 1) {
return array('error' => $this->EE->lang->line('cannot_delete_super_admin'));
}
// Is IP and User Agent required for login? Then, same here.
if ($this->EE->config->item('require_ip_for_login') == 'y') {
if ($this->EE->session->userdata('ip_address') == '' or $this->EE->session->userdata('user_agent') == '') {
return array('error' => $this->EE->lang->line('unauthorized_request'));
}
}
// Check password lockout status
if ($this->EE->session->check_password_lockout($this->EE->session->userdata('username')) === TRUE) {
$this->EE->lang->loadfile('login');
return array('error' => sprintf(lang('password_lockout_in_effect'), $this->EE->config->item('password_lockout_interval')));
}
/** -------------------------------------
/** Validate submitted password
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate' . EXT;
}
$VAL = new EE_Validate(array('member_id' => $this->EE->session->userdata('member_id'), 'cur_password' => $_POST['password']));
$VAL->password_safety_check();
if (isset($VAL->errors) && count($VAL->errors) > 0) {
$this->EE->session->save_password_lockout($this->EE->session->userdata('username'));
return array('error' => $this->EE->lang->line('invalid_pw'));
}
// Are you who you say you are, or someone sitting at someone
// else's computer being mean?!
// $query = $this->EE->db->select('password')
// ->where('member_id', $this->EE->session->userdata('member_id'))
// ->get('members');
//
// $password = $this->EE->functions->hash(stripslashes($_POST['password']));
// echo '<br/>'.$query->row('password') .'<br/>'. $password;
// if ($query->row('password') != $password)
// {
// $this->EE->session->save_password_lockout($this->EE->session->userdata('username'));
//
// return array('error' => $this->EE->lang->line('invalid_pw'));
// }
// No turning back, get to deletin'!
$id = $this->EE->session->userdata('member_id');
$this->EE->db->where('member_id', (int) $id)->delete('members');
$this->EE->db->where('member_id', (int) $id)->delete('member_data');
$this->EE->db->where('member_id', (int) $id)->delete('member_homepage');
$this->EE->db->where('sender_id', (int) $id)->delete('message_copies');
$this->EE->db->where('sender_id', (int) $id)->delete('message_data');
$this->EE->db->where('member_id', (int) $id)->delete('message_folders');
$this->EE->db->where('member_id', (int) $id)->delete('message_listed');
$message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'"));
}
}
// Delete Forum Posts
if ($this->EE->config->item('forum_is_installed') == "y") {
$this->EE->db->where('member_id', (int) $id)->delete('forum_subscriptions');
$this->EE->db->where('member_id', (int) $id)->delete('forum_pollvotes');
$this->EE->db->where('author_id', (int) $id)->delete('forum_topics');
$this->EE->db->where('admin_member_id', (int) $id)->delete('forum_administrators');
$this->EE->db->where('mod_member_id', (int) $id)->delete('forum_moderators');
// Snag the affected topic id's before deleting the member for the update afterwards
$query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$this->EE->db->where('author_id', (int) $id)->delete('forum_posts');
$this->EE->db->where('author_id', (int) $id)->delete('forum_polls');
// Kill any attachments
$query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'");
if ($query->num_rows() > 0) {
// Grab the upload path
$res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result_array() as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result_array() as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$this->EE->db->where('attachment_id', (int) $row['attachment_id'])->delete('forum_attachments');
}
}
// Update the forum stats
$query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum.php';
require PATH_MOD . 'forum/mod.forum_core.php';
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
// Va-poo-rize Channel Entries and Comments
$entry_ids = array();
$channel_ids = array();
$recount_ids = array();
// Find Entry IDs and Channel IDs, then delete
$query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$entry_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'");
$this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
$this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
// Find the affected entries AND channel ids for author's comments
$query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$recount_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
$this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
// Update stats on channel entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0) {
foreach (array_unique($recount_ids) as $entry_id) {
$query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->EE->db->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
$this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '" . $this->EE->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
}
}
if (count($channel_ids) > 0) {
foreach (array_unique($channel_ids) as $channel_id) {
$this->EE->stats->update_channel_stats($channel_id);
$this->EE->stats->update_comment_stats($channel_id);
}
}
// Email notification recipients
if ($this->EE->session->userdata('mbr_delete_notify_emails') != '') {
$notify_address = $this->EE->session->userdata('mbr_delete_notify_emails');
$swap = array('name' => $this->EE->session->userdata('screen_name'), 'email' => $this->EE->session->userdata('email'), 'site_name' => stripslashes($this->EE->config->item('site_name')));
$email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap);
$email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) {
$notify_address = str_replace($this->EE->session->userdata('email'), "", $notify_address);
}
$this->EE->load->helper('string');
// Remove multiple commas
$notify_address = reduce_multiples($notify_address, ',', TRUE);
if ($notify_address != '') {
// Send email
$this->EE->load->library('email');
// Load the text helper
$this->EE->load->helper('text');
foreach (explode(',', $notify_address) as $addy) {
$this->EE->email->EE_initialize();
$this->EE->email->wordwrap = FALSE;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($addy);
$this->EE->email->reply_to($this->EE->config->item('webmaster_email'));
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->send();
}
}
}
// Trash the Session and cookies
$this->EE->db->where('site_id', $this->EE->config->item('site_id'))->where('ip_address', $this->EE->input->ip_address())->where('member_id', (int) $id)->delete('online_users');
$this->EE->db->where('session_id', $this->EE->session->userdata('session_id'))->delete('sessions');
$this->EE->functions->set_cookie($this->EE->session->c_session);
$this->EE->functions->set_cookie($this->EE->session->c_expire);
$this->EE->functions->set_cookie($this->EE->session->c_anon);
$this->EE->functions->set_cookie('read_topics');
$this->EE->functions->set_cookie('tracker');
// Update
$this->EE->stats->update_member_stats();
// Build Success Message
$url = $this->EE->config->item('site_url');
$name = stripslashes($this->EE->config->item('site_name'));
$data = array('title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name));
return array('success' => $data);
}
/**
* Delete Member Account Processing
*
* @access public
* @return string
*/
public function delete_account()
{
/** ----------------------------------------
/** Authorization Check
/** ----------------------------------------*/
if ($this->_param('member_id') == FALSE or !ctype_digit($this->_param('member_id')) or !isset($_POST['ACT'])) {
return $this->_output_error('general', array(ee()->lang->line('not_authorized')));
}
if (ee()->session->userdata['member_id'] == 0) {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
// If not deleting yourself, you must be a SuperAdmin or have Delete Member permissions
// If deleting yourself, you must have permission to do so.
if ($this->_param('member_id') != ee()->session->userdata['member_id']) {
if (ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_delete_members'] != 'y') {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
} elseif (ee()->session->userdata['can_delete_self'] !== 'y') {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
$admin = ee()->session->userdata['member_id'] != $this->_param('member_id') ? TRUE : FALSE;
/** --------------------------------------------
/** Member Data
/** --------------------------------------------*/
$query = ee()->db->query("SELECT m.*,\n\t\t\t\t\tmg.mbr_delete_notify_emails\n\t\t\t FROM \texp_members AS m, \n\t\t\t\t\texp_member_groups AS mg\n\t\t\t WHERE \tm.member_id = '" . ee()->db->escape_str($this->_param('member_id')) . "'\n\t\t\t AND \tm.group_id = mg.group_id");
if ($query->num_rows() == 0) {
return $this->_output_error('general', ee()->lang->line('not_authorized'));
}
/** -------------------------------------
/** One cannot delete a SuperAdmin from the User side. Sorry...
/** -------------------------------------*/
if ($query->row('group_id') == 1) {
return $this->_output_error('general', ee()->lang->line('cannot_delete_super_admin'));
}
/** --------------------------------------------
/** Variables!
/** --------------------------------------------*/
$id = $query->row('member_id');
$check_password = $query->row('password');
$mbr_delete_notify_emails = $query->row('mbr_delete_notify_emails');
$screen_name = $query->row('screen_name');
$email = $query->row('email');
/** ----------------------------------------
/** Is IP and User Agent required for login? Then, same here.
/** ----------------------------------------*/
if (ee()->config->item('require_ip_for_login') == 'y') {
if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') {
return $this->_output_error('general', ee()->lang->line('unauthorized_request'));
}
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if (ee()->session->check_password_lockout() === TRUE) {
return $this->_output_error('general', str_replace("%x", ee()->config->item('password_lockout_interval'), ee()->lang->line('password_lockout_in_effect')));
}
/* -------------------------------------
/* If deleting self, you must submit your password.
/* If SuperAdmin deleting another, must submit your password
/* -------------------------------------*/
if (APP_VER >= '2.2.0') {
$check_salt = $query->row('salt');
}
// Fetch the SAs password instead as they are the one doing the deleting
if (ee()->session->userdata['member_id'] != $this->_param('member_id')) {
$squery = ee()->db->query("SELECT password" . (APP_VER < '2.2.0' ? '' : ', salt') . " \n\t\t\t\t FROM \texp_members \n\t\t\t\t WHERE \tmember_id = '" . ee()->db->escape_str(ee()->session->userdata['member_id']) . "'");
$check_password = $squery->row('password');
if (APP_VER >= '2.2.0') {
$check_salt = $squery->row('salt');
}
unset($squery);
}
if (APP_VER < '2.2.0') {
$password = ee()->functions->hash(stripslashes(ee()->input->post('password')));
if ($check_password != $password) {
ee()->session->save_password_lockout();
return $this->_output_error('general', ee()->lang->line('invalid_pw'));
}
} else {
ee()->load->library('auth');
$passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $check_salt);
if (!isset($passwd['salt']) or $passwd['password'] != $check_password) {
ee()->session->save_password_lockout();
return $this->_output_error('general', ee()->lang->line('invalid_pw'));
}
}
// --------------------------------------------
// EE 2.4 Added a Member Model for Deleting That Works Rather Well
// --------------------------------------------
if (APP_VER >= '2.4.0') {
ee()->load->model('member_model');
ee()->member_model->delete_member($id);
} else {
/** -------------------------------------
/** No turning back, get to deletin'!
/** -------------------------------------*/
ee()->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'");
$message_query = ee()->db->query("SELECT DISTINCT \trecipient_id \n\t\t\t\t FROM \t\t\t\texp_message_copies \n\t\t\t\t WHERE \t\t\t\tsender_id = '{$id}' \n\t\t\t\t AND \t\t\t\tmessage_read = 'n'");
ee()->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'");
ee()->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'");
ee()->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_message_copies \n\t\t\t\t\t\t WHERE \trecipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
ee()->db->query(ee()->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), array('member_id' => $row['recipient_id'])));
}
}
/** -------------------------------------
/** Delete Forum Posts
/** -------------------------------------*/
if (ee()->config->item('forum_is_installed') == "y") {
ee()->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'");
// Snag the affected topic id's before deleting the member for the update afterwards
$query = ee()->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'");
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
ee()->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'");
ee()->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'");
// Update the forum stats
$query = ee()->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Va-poo-rize Weblog Entries and Comments
/** -------------------------------------*/
$entry_ids = array();
$channel_ids = array();
$recount_ids = array();
// Find Entry IDs and Channel IDs, then DELETE! DELETE, WHA HA HA HA!!
if (APP_VER < 2.0) {
$query = ee()->db->query("SELECT entry_id, weblog_id AS channel_id FROM exp_weblog_titles WHERE author_id = '{$id}'");
} else {
$query = ee()->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'");
}
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$entry_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
if (APP_VER < 2.0) {
ee()->db->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'");
ee()->db->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
} else {
ee()->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'");
ee()->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
ee()->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
ee()->db->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('" . implode("','", $entry_ids) . "')");
}
// Find the affected entries AND channel ids for author's comments
if (APP_VER < 2.0) {
$query = ee()->db->query("SELECT DISTINCT(entry_id), weblog_id AS channel_id FROM exp_comments WHERE author_id = '{$id}'");
} else {
$query = ee()->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'");
}
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$recount_ids[] = $row['entry_id'];
$channel_ids[] = $row['channel_id'];
}
$recount_ids = array_diff($recount_ids, $entry_ids);
}
// Delete comments by member
ee()->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'");
$this->EE->stats->update_member_stats();
// Update stats on channel entries that were NOT deleted AND had comments by author
if (count($recount_ids) > 0) {
foreach (array_unique($recount_ids) as $entry_id) {
$query = ee()->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . ee()->db->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'");
if (APP_VER < 2.0) {
ee()->db->query("UPDATE exp_weblog_titles SET\tcomment_total = '" . ee()->db->escape_str($query->row('count')) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
} else {
ee()->db->query("UPDATE exp_channel_titles SET comment_total = '" . ee()->db->escape_str($query->row('count')) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'");
}
}
}
foreach (array_unique($channel_ids) as $channel_id) {
if (APP_VER < 2.0) {
ee()->stats->update_weblog_stats($channel_id);
} else {
ee()->stats->update_channel_stats($channel_id);
}
ee()->stats->update_comment_stats($channel_id);
}
}
// END conditional for EE versions below EE 2.4.0
/** -------------------------------------
/** Email notification recipients
/** -------------------------------------*/
if ($mbr_delete_notify_emails != '') {
$notify_address = $mbr_delete_notify_emails;
$swap = array('name' => $screen_name, 'email' => $email, 'site_name' => stripslashes(ee()->config->item('site_name')));
$email_tit = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap);
$email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap);
// No notification for the user themselves, if they're in the list
if (stristr($notify_address, $email)) {
$notify_address = str_replace($email, "", $notify_address);
}
ee()->load->helper('string');
$notify_address = reduce_multiples($notify_address, ',', TRUE);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
ee()->load->library('email');
ee()->load->helper('text');
foreach (explode(',', $notify_address) as $addy) {
ee()->email->initialize();
ee()->email->wordwrap = false;
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($addy);
ee()->email->reply_to(ee()->config->item('webmaster_email'));
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
}
}
}
/** -------------------------------------
/** Trash the Session and cookies
/** -------------------------------------*/
ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' \n\t\t\t\t\t\t AND ip_address = '{ee()->input->ip_address()}' \n\t\t\t\t\t\t AND member_id = '{$id}'");
ee()->db->query("DELETE FROM exp_sessions WHERE member_id = '" . $id . "'");
if ($admin === FALSE) {
if (APP_VER < '2.2.0') {
ee()->functions->set_cookie(ee()->session->c_password);
}
ee()->functions->set_cookie(ee()->session->c_session);
ee()->functions->set_cookie(ee()->session->c_expire);
ee()->functions->set_cookie(ee()->session->c_anon);
ee()->functions->set_cookie('read_topics');
ee()->functions->set_cookie('tracker');
}
if (ee()->extensions->active_hook('user_delete_account_end') === TRUE) {
$edata = ee()->extensions->universal_call('user_delete_account_end', $this);
if (ee()->extensions->end_script === TRUE) {
return;
}
}
/** ----------------------------------------
/** Override Return
/** ----------------------------------------*/
if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' && $this->is_ajax_request() === FALSE) {
ee()->functions->redirect($this->_param('override_return'));
exit;
}
/** ----------------------------------------
/** Set return
/** ----------------------------------------*/
if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') {
$return = ee()->input->get_post('return');
} elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') {
$return = ee()->input->get_post('RET');
} else {
$return = ee()->config->item('site_url');
}
if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) {
$return = ee()->functions->create_url($match['1']);
}
/** ----------------------------------------
/** Return
/** ----------------------------------------*/
$return = $this->_chars_decode($return);
// --------------------------------------------
// AJAX Response
// --------------------------------------------
if ($this->is_ajax_request()) {
$this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_account_deleted'), 'content' => lang('mbr_account_deleted')));
}
/** -------------------------------------
/** Build Success Message
/** -------------------------------------*/
$name = stripslashes(ee()->config->item('site_name'));
$data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => $return);
ee()->output->show_message($data);
}
/**
* Member Delete
*
* Delete Members
*
* @access public
* @return mixed
*/
function member_delete()
{
if (!$this->cp->allowed_group('can_access_members') or !$this->cp->allowed_group('can_delete_members')) {
show_error($this->lang->line('unauthorized_access'));
}
if (!$this->input->post('delete') or !is_array($this->input->post('delete'))) {
$this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members');
}
$this->load->model('member_model');
// Fetch member ID numbers and build the query
$ids = array();
$mids = array();
foreach ($this->input->post('delete') as $key => $val) {
if ($val != '') {
$ids[] = "member_id = '" . $this->db->escape_str($val) . "'";
$mids[] = $this->db->escape_str($val);
}
}
$IDS = implode(" OR ", $ids);
// SAFETY CHECK
// Let's fetch the Member Group ID of each member being deleted
// If there is a Super Admin in the bunch we'll run a few more safeties
$super_admins = 0;
$query = $this->db->query("SELECT group_id FROM exp_members WHERE " . $IDS);
foreach ($query->result_array() as $row) {
if ($query->row('group_id') == 1) {
$super_admins++;
}
}
if ($super_admins > 0) {
// You must be a Super Admin to delete a Super Admin
if ($this->session->userdata['group_id'] != 1) {
show_error($this->lang->line('must_be_superadmin_to_delete_one'));
}
// You can't delete the only Super Admin
$query = $this->member_model->count_members(1);
if ($super_admins >= $query) {
show_error($this->lang->line('can_not_delete_super_admin'));
}
}
// If we got this far we're clear to delete the members
$this->db->query("DELETE FROM exp_members WHERE " . $IDS);
$this->db->query("DELETE FROM exp_member_data WHERE " . $IDS);
$this->db->query("DELETE FROM exp_member_homepage WHERE " . $IDS);
foreach ($mids as $val) {
$message_query = $this->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'");
$this->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'");
$this->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'");
$this->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'");
$this->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'");
if ($message_query->num_rows() > 0) {
foreach ($message_query->result_array() as $row) {
$count_query = $this->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$this->db->query($this->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'"));
}
}
}
/** ----------------------------------
/** Are there forum posts to delete?
/** ----------------------------------*/
if ($this->config->item('forum_is_installed') == "y") {
$this->db->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS);
$this->db->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS);
$IDS = str_replace('member_id', 'admin_member_id', $IDS);
$this->db->query("DELETE FROM exp_forum_administrators WHERE " . $IDS);
$IDS = str_replace('admin_member_id', 'mod_member_id', $IDS);
$this->db->query("DELETE FROM exp_forum_moderators WHERE " . $IDS);
$IDS = str_replace('mod_member_id', 'author_id', $IDS);
$this->db->query("DELETE FROM exp_forum_topics WHERE " . $IDS);
// Snag the affected topic id's before deleting the members for the update afterwards
$query = $this->db->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS);
if ($query->num_rows() > 0) {
$topic_ids = array();
foreach ($query->result_array() as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$this->db->query("DELETE FROM exp_forum_posts WHERE " . $IDS);
$this->db->query("DELETE FROM exp_forum_polls WHERE " . $IDS);
$IDS = str_replace('author_id', 'member_id', $IDS);
// Kill any attachments
$query = $this->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . $IDS);
if ($query->num_rows() > 0) {
// Grab the upload path
$res = $this->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result_array() as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result_array() as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$this->db->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'");
}
}
// Update the forum stats
$query = $this->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
$FRM = new Forum_Core();
foreach ($query->result_array() as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Delete comments and update entry stats
/** -------------------------------------*/
$channel_ids = array();
if ($this->db->table_exists('comment_subscriptions')) {
$this->db->query("DELETE FROM exp_comment_subscriptions WHERE " . $IDS);
}
if ($this->db->table_exists('comments')) {
$IDS = str_replace('member_id', 'author_id', $IDS);
$query = $this->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE " . $IDS);
if ($query->num_rows() > 0) {
$this->db->query("DELETE FROM exp_comments WHERE " . $IDS);
foreach ($query->result_array() as $row) {
$channel_ids[] = $row['channel_id'];
$query = $this->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->db->escape_str($row['entry_id']) . "'");
$comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date');
$query = $this->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'");
$this->db->query("UPDATE exp_channel_titles\n\t\t\t\t\t\t\t\tSET comment_total = '" . $this->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}'\n\t\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'");
}
}
if (count($channel_ids) > 0) {
foreach (array_unique($channel_ids) as $channel_id) {
$this->stats->update_comment_stats($channel_id);
}
}
}
/** ----------------------------------
/** Reassign Entires to Heir
/** ----------------------------------*/
$heir_id = $this->input->post('heir');
if ($heir_id !== FALSE && is_numeric($heir_id)) {
$this->db->query("UPDATE exp_channel_titles SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS));
$query = $this->db->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n\t\t\t\t\t\t\t\t FROM exp_channel_titles\n\t\t\t\t\t\t\t\t WHERE author_id = '{$heir_id}'");
$this->db->query("UPDATE exp_members\n\t\t\t\t\t\tSET total_entries = '" . $this->db->escape_str($query->row('count')) . "', last_entry_date = '" . $this->db->escape_str($query->row('entry_date')) . "'\n\t\t\t\t\t\tWHERE member_id = '{$heir_id}'");
}
/* -------------------------------------------
/* 'cp_members_member_delete_end' hook.
/* - Additional processing when a member is deleted through the CP
*/
$edata = $this->extensions->call('cp_members_member_delete_end');
if ($this->extensions->end_script === TRUE) {
return;
}
/*
/* -------------------------------------------*/
// Update
$this->stats->update_member_stats();
$cp_message = count($ids) == 1 ? $this->lang->line('member_deleted') : $this->lang->line('members_deleted');
$this->session->set_flashdata('message_success', $cp_message);
$this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members');
}
/** ---------------------------------------------
/** Delete Members
/** ---------------------------------------------*/
function member_delete()
{
global $IN, $DSP, $PREFS, $LANG, $SESS, $FNS, $DB, $STAT, $EXT;
if (!$DSP->allowed_group('can_delete_members')) {
return $DSP->no_access_message();
}
if (!$IN->GBL('delete', 'POST')) {
return $this->view_all_members();
}
/** ---------------------------------------------
/** Fetch member ID numbers and build the query
/** ---------------------------------------------*/
$ids = array();
$mids = array();
foreach ($_POST as $key => $val) {
if (strstr($key, 'delete') and !is_array($val) and $val != '') {
$ids[] = "member_id = '" . $DB->escape_str($val) . "'";
$mids[] = $DB->escape_str($val);
}
}
$IDS = implode(" OR ", $ids);
// SAFETY CHECK
// Let's fetch the Member Group ID of each member being deleted
// If there is a Super Admin in the bunch we'll run a few more safeties
$super_admins = 0;
$query = $DB->query("SELECT group_id FROM exp_members WHERE " . $IDS);
foreach ($query->result as $row) {
if ($query->row['group_id'] == 1) {
$super_admins++;
}
}
if ($super_admins > 0) {
// You must be a Super Admin to delete a Super Admin
if ($SESS->userdata['group_id'] != 1) {
return $DSP->error_message($LANG->line('must_be_superadmin_to_delete_one'));
}
// You can't detete the only Super Admin
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '1'");
if ($super_admins >= $query->row['count']) {
return $DSP->error_message($LANG->line('can_not_delete_super_admin'));
}
}
// If we got this far we're clear to delete the members
$DB->query("DELETE FROM exp_members WHERE " . $IDS);
$DB->query("DELETE FROM exp_member_data WHERE " . $IDS);
$DB->query("DELETE FROM exp_member_homepage WHERE " . $IDS);
foreach ($mids as $val) {
$message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'");
$DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'");
$DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'");
$DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'");
$DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'");
if ($message_query->num_rows > 0) {
foreach ($message_query->result as $row) {
$count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'");
$DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '" . $row['recipient_id'] . "'"));
}
}
}
/** ----------------------------------
/** Are there forum posts to delete?
/** ----------------------------------*/
if ($PREFS->ini('forum_is_installed') == "y") {
$DB->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS);
$DB->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS);
$IDS = str_replace('member_id', 'admin_member_id', $IDS);
$DB->query("DELETE FROM exp_forum_administrators WHERE " . $IDS);
$IDS = str_replace('admin_member_id', 'mod_member_id', $IDS);
$DB->query("DELETE FROM exp_forum_moderators WHERE " . $IDS);
$IDS = str_replace('mod_member_id', 'author_id', $IDS);
$DB->query("DELETE FROM exp_forum_topics WHERE " . $IDS);
// Snag the affected topic id's before deleting the members for the update afterwards
$query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS);
if ($query->num_rows > 0) {
$topic_ids = array();
foreach ($query->result as $row) {
$topic_ids[] = $row['topic_id'];
}
$topic_ids = array_unique($topic_ids);
}
$DB->query("DELETE FROM exp_forum_posts WHERE " . $IDS);
$DB->query("DELETE FROM exp_forum_polls WHERE " . $IDS);
// Kill any attachments
$query = $DB->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . str_replace('author_id', 'member_id', $IDS));
if ($query->num_rows > 0) {
// Grab the upload path
$res = $DB->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
$paths = array();
foreach ($res->result as $row) {
$paths[$row['board_id']] = $row['board_upload_path'];
}
foreach ($query->result as $row) {
if (!isset($paths[$row['board_id']])) {
continue;
}
$file = $paths[$row['board_id']] . $row['filehash'] . $row['extension'];
$thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension'];
@unlink($file);
@unlink($thumb);
$DB->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'");
}
}
// Update the forum stats
$query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
if (!class_exists('Forum')) {
require PATH_MOD . 'forum/mod.forum' . EXT;
require PATH_MOD . 'forum/mod.forum_core' . EXT;
}
$FRM = new Forum_Core();
foreach ($query->result as $row) {
$FRM->_update_post_stats($row['forum_id']);
}
if (isset($topic_ids)) {
foreach ($topic_ids as $topic_id) {
$FRM->_update_topic_stats($topic_id);
}
}
}
/** -------------------------------------
/** Delete comments and update entry stats
/** -------------------------------------*/
$weblog_ids = array();
$IDS = str_replace('member_id', 'author_id', $IDS);
$query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE " . $IDS);
if ($query->num_rows > 0) {
$DB->query("DELETE FROM exp_comments WHERE " . $IDS);
foreach ($query->result as $row) {
$weblog_ids[] = $row['weblog_id'];
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($row['entry_id']) . "'");
$comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles \n\t\t\t\t\t\t\tSET comment_total = '" . $DB->escape_str($query->row['count']) . "', recent_comment_date = '{$comment_date}' \n\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'");
}
}
if (count($weblog_ids) > 0) {
foreach (array_unique($weblog_ids) as $weblog_id) {
$STAT->update_comment_stats($weblog_id);
}
}
/** ----------------------------------
/** Reassign Entires to Heir
/** ----------------------------------*/
$heir_id = $IN->GBL('heir', 'POST');
$entries_exit = $IN->GBL('entries_exit', 'POST');
$gallery_entries_exit = $IN->GBL('gallery_entries_exit', 'POST');
if ($heir_id !== FALSE && is_numeric($heir_id)) {
if ($entries_exit == 'yes') {
$DB->query("UPDATE exp_weblog_titles SET author_id = '{$heir_id}' WHERE \n\t\t\t\t\t" . str_replace('member_id', 'author_id', $IDS));
$query = $DB->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n \t\t\t\t\t\t FROM exp_weblog_titles\n \t\t\t\t\t\t WHERE author_id = '{$heir_id}'");
$DB->query("UPDATE exp_members \n \t\t\t\tSET total_entries = '" . $DB->escape_str($query->row['count']) . "', last_entry_date = '" . $DB->escape_str($query->row['entry_date']) . "' \n \t\t\t\tWHERE member_id = '{$heir_id}'");
}
if ($gallery_entries_exit == 'yes') {
$DB->query("UPDATE exp_gallery_entries SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS));
}
}
// -------------------------------------------
// 'cp_members_member_delete_end' hook.
// - Additional processing when a member is deleted through the CP
//
$edata = $EXT->call_extension('cp_members_member_delete_end');
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
// Update global stats
$STAT->update_member_stats();
$message = count($ids) == 1 ? $DSP->qdiv('success', $LANG->line('member_deleted')) : $DSP->qdiv('success', $LANG->line('members_deleted'));
return $this->view_all_members($message);
}
