/** * Delete member * * This function deletes all member data, and all communications from said member * stored on the system, and returns the id for further use * * @access public * @param mixed Single member ID as int, or array of member IDs to delete * @param int Member ID to take over ownership of deleted members' entries * @return void */ function delete_member($member_ids = array(), $heir_id = NULL) { // Make sure $member_ids is an array if (!is_array($member_ids)) { $member_ids = array((int) $member_ids); } // --------------------------------------------------------------- // 'member_delete' hook. // - Provides an opportunity for extra code to be executed upon // member deletion, and also gives the opportunity to skip // deletion for some members all together by altering the array of // member IDs we pass to the hook. // if ($this->extensions->active_hook('member_delete')) { $member_ids = $this->extensions->call('member_delete', $member_ids); } // // --------------------------------------------------------------- // No member IDs? Bail out if ($member_ids == NULL or !count($member_ids)) { return FALSE; } // --------------------------------------------------------------- // Remove traces of member from base member tables // --------------------------------------------------------------- $tables_fields = array('members' => 'member_id', 'member_data' => 'member_id', 'member_homepage' => 'member_id', 'message_data' => 'sender_id', 'message_folders' => 'member_id', 'message_listed' => 'member_id', 'message_listed' => 'listed_member', 'message_copies' => 'recipient_id', 'remember_me' => 'member_id', 'sessions' => 'member_id'); // If comment module is installed if ($this->db->table_exists('comment_subscriptions')) { $tables_fields['comment_subscriptions'] = 'member_id'; } // Loop through tables array and clear out based on member ID foreach ($tables_fields as $table => $field) { $this->db->where_in($field, $member_ids)->delete($table); } // --------------------------------------------------------------- // Delete private messages and update members' unread count // --------------------------------------------------------------- // First, we need to get a list of recipient IDs who will be affected // by deleting the members we are deleting so that we can update the // unread PM count for those users only $this->db->distinct('recipient_id'); $this->db->where('message_read', 'n'); $this->db->where_in('sender_id', $member_ids); $messages = $this->db->get('message_copies'); // Now that we know which recipients are affected, we can delete the // member-to-be-deleted's messages... $this->db->where_in('sender_id', $member_ids)->delete('message_copies'); if ($messages->num_rows()) { // Build recipient IDs array foreach ($messages->result_array() as $message) { $recipient_ids[] = $message['recipient_id']; } // ...and get the new unread count for the affected users $this->db->select('count(*) as count, recipient_id'); $this->db->where('message_read', 'n'); $this->db->where_in('recipient_id', $recipient_ids); $this->db->group_by('recipient_id'); $unread_messages = $this->db->get('message_copies'); // Set everyone's unread message count to zero first, because if a user // has zero messages now, they won't have shown up in the above query $this->db->where_in('member_id', $recipient_ids); $this->db->update('members', array('private_messages' => 0)); // For each user, update their private messages unread count with // what we gathered above foreach ($unread_messages->result_array() as $message) { $this->db->where('member_id', $message['recipient_id']); $this->db->update('members', array('private_messages' => $message['count'])); } } // --------------------------------------------------------------- // Get member's channel entries, reassign them to the entries heir // or delete them all together if heir isn't specified // --------------------------------------------------------------- // Get member's entries $this->db->select('entry_id, channel_id'); $this->db->where_in('author_id', $member_ids); $entries = $this->db->get('channel_titles'); $channel_ids = array(); if ($entries->num_rows()) { // Reassign entries if heir ID is present if (!empty($heir_id) && is_numeric($heir_id)) { $this->db->where_in('author_id', $member_ids); $this->db->update('channel_titles', array('author_id' => $heir_id)); $this->update_member_entry_stats($heir_id); } else { foreach ($entries->result_array() as $entry) { // Entries to delete $entry_ids[] = $entry['entry_id']; // Gather channel IDs to update stats later $channel_ids[] = $entry['channel_id']; } $this->db->where_in('author_id', $member_ids)->delete('channel_titles'); $this->db->where_in('entry_id', $entry_ids)->delete('channel_data'); if ($this->db->table_exists('comments')) { $this->db->where_in('entry_id', $entry_ids)->delete('comments'); } } } // --------------------------------------------------------------- // Find affected entries for members's comments and update totals // --------------------------------------------------------------- if ($this->db->table_exists('comments')) { $this->db->select('DISTINCT(entry_id), channel_id'); $this->db->where_in('author_id', $member_ids); $entries = $this->db->get('comments'); $entry_ids = array(); foreach ($entries->result_array() as $row) { // Entries to update $entry_ids[] = $row['entry_id']; // Gather channel IDs to update stats later $channel_ids[] = $row['channel_id']; } // Delete comments $this->db->where_in('author_id', $member_ids)->delete('comments'); // Update individual entry comment counts $this->load->model('comment_model'); $this->comment_model->recount_entry_comments($entry_ids); } // Update channel and comment stats $channel_ids = array_unique($channel_ids); foreach ($channel_ids as $channel_id) { $this->stats->update_channel_stats($channel_id); $this->stats->update_comment_stats($channel_id); } // --------------------------------------------------------------- // Forum Clean-Up // --------------------------------------------------------------- if ($this->config->item('forum_is_installed') == "y") { // Forum tables to clean up $forum_tables_fields = array('forum_subscriptions' => 'member_id', 'forum_pollvotes' => 'member_id', 'forum_topics' => 'author_id', 'forum_administrators' => 'admin_member_id', 'forum_moderators' => 'mod_member_id', 'forum_polls' => 'author_id'); // Clean out mentions of member in forum tables foreach ($forum_tables_fields as $table => $field) { $this->db->where_in($field, $member_ids)->delete($table); } // Load forum class if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum.php'; require PATH_MOD . 'forum/mod.forum_core.php'; } $forum_core = new Forum_Core(); // ----------------------------------------------------------- // Grab affected topic IDs before deleting the member so we can // update stats $this->db->select('topic_id'); $this->db->distinct(); $this->db->where_in('author_id', $member_ids); $topics = $this->db->get('forum_posts'); // Now delete those posts $this->db->where_in('author_id', $member_ids)->delete('forum_posts'); // Update topic stats foreach ($topics->result_array() as $row) { $forum_core->_update_topic_stats($row['topic_id']); } // ----------------------------------------------------------- // Update forum stats $this->db->select('forum_id'); $this->db->where('forum_is_cat', 'n'); $forums = $this->db->get('exp_forums'); foreach ($forums->result_array() as $row) { $forum_core->_update_post_stats($row['forum_id']); } $forum_core->_update_global_stats(); // ----------------------------------------------------------- // Delete from Online Users $this->db->where_in('member_id', $member_ids)->delete('online_users'); // ----------------------------------------------------------- // Remove attachments $this->db->select('attachment_id, board_id'); $this->db->where_in('member_id', $member_ids); $attachments = $this->db->get('forum_attachments'); foreach ($attachments->result_array() as $attachment) { $forum_core->_remove_attachment($attachment['attachment_id'], $attachment['board_id'], TRUE); } } $this->stats->update_member_stats(); }
/** ------------------------------------- /** Member self-delete /** -------------------------------------*/ function member_delete() { global $DB, $FNS, $IN, $LANG, $OUT, $PREFS, $REGX, $SESS, $STAT; /** ------------------------------------- /** Make sure they got here via a form /** -------------------------------------*/ if ( ! $IN->GBL('ACT', 'POST')) { // No output for you, Mr. URL Hax0r return FALSE; } $LANG->fetch_language_file('login'); /* ------------------------------------- /* No sneakiness - we'll do this in case the site administrator /* has foolishly turned off secure forms and some monkey is /* trying to delete their account from an off-site form or /* after logging out. /* -------------------------------------*/ if ($SESS->userdata['member_id'] == 0 OR $SESS->userdata['can_delete_self'] !== 'y') { return $OUT->show_user_error('general', $LANG->line('not_authorized')); } /** ------------------------------------- /** If the user is a SuperAdmin, then no deletion /** -------------------------------------*/ if ($SESS->userdata['group_id'] == 1) { return $OUT->show_user_error('general', $LANG->line('cannot_delete_super_admin')); } /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if ($PREFS->ini('require_ip_for_login') == 'y') { if ($SESS->userdata['ip_address'] == '' || $SESS->userdata['user_agent'] == '') { return $OUT->show_user_error('general', $LANG->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if ($SESS->check_password_lockout() === TRUE) { return $OUT->show_user_error('general', str_replace("%x", $PREFS->ini('password_lockout_interval'), $LANG->line('password_lockout_in_effect'))); } /* ------------------------------------- /* Are you who you say you are, or someone sitting at someone /* else's computer being mean?! /* -------------------------------------*/ $query = $DB->query("SELECT password FROM exp_members WHERE member_id = '".$SESS->userdata['member_id']."'"); $password = $FNS->hash(stripslashes($IN->GBL('password', 'POST'))); if ($query->row['password'] != $password) { $SESS->save_password_lockout(); return $OUT->show_user_error('general', $LANG->line('invalid_pw')); } /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ $id = $SESS->userdata['member_id']; $DB->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); $DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); $DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows > 0) { foreach($message_query->result as $row) { $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'"); $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'")); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y") { $DB->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { $topic_ids = array(); foreach ($query->result as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $DB->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if ( ! class_exists('Forum')) { require PATH_MOD.'forum/mod.forum'.EXT; require PATH_MOD.'forum/mod.forum_core'.EXT; } $FRM = new Forum_Core; foreach ($query->result as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $weblog_ids = array(); $recount_ids = array(); // Find Entry IDs and Weblog IDs, then delete $query = $DB->query("SELECT entry_id, weblog_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { $entry_ids[] = $row['entry_id']; $weblog_ids[] = $row['weblog_id']; } $DB->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); $DB->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $DB->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $DB->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('".implode("','", $entry_ids)."')"); } // Find the affected entries AND weblog ids for author's comments $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { $recount_ids[] = $row['entry_id']; $weblog_ids[] = $row['weblog_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $DB->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on weblog entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($entry_id)."'"); $comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date']; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $DB->query("UPDATE exp_weblog_titles SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'"); } } if (count($weblog_ids) > 0) { foreach (array_unique($weblog_ids) as $weblog_id) { $STAT->update_weblog_stats($weblog_id); $STAT->update_comment_stats($weblog_id); } } /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($SESS->userdata['mbr_delete_notify_emails'] != '') { $notify_address = $SESS->userdata['mbr_delete_notify_emails']; $swap = array( 'name' => $SESS->userdata['screen_name'], 'email' => $SESS->userdata['email'], 'site_name' => stripslashes($PREFS->ini('site_name')) ); $email_tit = $FNS->var_swap($LANG->line('mbr_delete_notify_title'), $swap); $email_msg = $FNS->var_swap($LANG->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (eregi($SESS->userdata('email'), $notify_address)) { $notify_address = str_replace($SESS->userdata['email'], "", $notify_address); } $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $email = new EEmail; foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ $DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ip_address = '{$IN->IP}' AND member_id = '{$id}'"); $DB->query("DELETE FROM exp_sessions WHERE session_id = '".$SESS->userdata['session_id']."'"); $FNS->set_cookie($SESS->c_uniqueid); $FNS->set_cookie($SESS->c_password); $FNS->set_cookie($SESS->c_session); $FNS->set_cookie($SESS->c_expire); $FNS->set_cookie($SESS->c_anon); $FNS->set_cookie('read_topics'); $FNS->set_cookie('tracker'); /** ------------------------------------- /** Update global member stats /** -------------------------------------*/ $STAT->update_member_stats(); /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $url = $PREFS->ini('site_url'); $name = stripslashes($PREFS->ini('site_name')); $data = array( 'title' => $LANG->line('mbr_delete'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name) ); $OUT->show_message($data); }
private function _member_delete() { // No sneakiness - we'll do this in case the site administrator // has foolishly turned off secure forms and some monkey is // trying to delete their account from an off-site form or // after logging out. if ($this->EE->session->userdata('member_id') == 0 or $this->EE->session->userdata('can_delete_self') !== 'y') { return array('error' => $this->EE->lang->line('not_authorized')); } // If the user is a SuperAdmin, then no deletion if ($this->EE->session->userdata('group_id') == 1) { return array('error' => $this->EE->lang->line('cannot_delete_super_admin')); } // Is IP and User Agent required for login? Then, same here. if ($this->EE->config->item('require_ip_for_login') == 'y') { if ($this->EE->session->userdata('ip_address') == '' or $this->EE->session->userdata('user_agent') == '') { return array('error' => $this->EE->lang->line('unauthorized_request')); } } // Check password lockout status if ($this->EE->session->check_password_lockout($this->EE->session->userdata('username')) === TRUE) { $this->EE->lang->loadfile('login'); return array('error' => sprintf(lang('password_lockout_in_effect'), $this->EE->config->item('password_lockout_interval'))); } /** ------------------------------------- /** Validate submitted password /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => $this->EE->session->userdata('member_id'), 'cur_password' => $_POST['password'])); $VAL->password_safety_check(); if (isset($VAL->errors) && count($VAL->errors) > 0) { $this->EE->session->save_password_lockout($this->EE->session->userdata('username')); return array('error' => $this->EE->lang->line('invalid_pw')); } // Are you who you say you are, or someone sitting at someone // else's computer being mean?! // $query = $this->EE->db->select('password') // ->where('member_id', $this->EE->session->userdata('member_id')) // ->get('members'); // // $password = $this->EE->functions->hash(stripslashes($_POST['password'])); // echo '<br/>'.$query->row('password') .'<br/>'. $password; // if ($query->row('password') != $password) // { // $this->EE->session->save_password_lockout($this->EE->session->userdata('username')); // // return array('error' => $this->EE->lang->line('invalid_pw')); // } // No turning back, get to deletin'! $id = $this->EE->session->userdata('member_id'); $this->EE->db->where('member_id', (int) $id)->delete('members'); $this->EE->db->where('member_id', (int) $id)->delete('member_data'); $this->EE->db->where('member_id', (int) $id)->delete('member_homepage'); $this->EE->db->where('sender_id', (int) $id)->delete('message_copies'); $this->EE->db->where('sender_id', (int) $id)->delete('message_data'); $this->EE->db->where('member_id', (int) $id)->delete('message_folders'); $this->EE->db->where('member_id', (int) $id)->delete('message_listed'); $message_query = $this->EE->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $this->EE->db->query($this->EE->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'")); } } // Delete Forum Posts if ($this->EE->config->item('forum_is_installed') == "y") { $this->EE->db->where('member_id', (int) $id)->delete('forum_subscriptions'); $this->EE->db->where('member_id', (int) $id)->delete('forum_pollvotes'); $this->EE->db->where('author_id', (int) $id)->delete('forum_topics'); $this->EE->db->where('admin_member_id', (int) $id)->delete('forum_administrators'); $this->EE->db->where('mod_member_id', (int) $id)->delete('forum_moderators'); // Snag the affected topic id's before deleting the member for the update afterwards $query = $this->EE->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $this->EE->db->where('author_id', (int) $id)->delete('forum_posts'); $this->EE->db->where('author_id', (int) $id)->delete('forum_polls'); // Kill any attachments $query = $this->EE->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE member_id = '{$id}'"); if ($query->num_rows() > 0) { // Grab the upload path $res = $this->EE->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result_array() as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result_array() as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $this->EE->db->where('attachment_id', (int) $row['attachment_id'])->delete('forum_attachments'); } } // Update the forum stats $query = $this->EE->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum.php'; require PATH_MOD . 'forum/mod.forum_core.php'; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } // Va-poo-rize Channel Entries and Comments $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then delete $query = $this->EE->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $this->EE->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); $this->EE->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); $this->EE->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments $query = $this->EE->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $this->EE->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $this->EE->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->EE->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $this->EE->db->query("UPDATE exp_channel_titles SET comment_total = '" . $this->EE->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } if (count($channel_ids) > 0) { foreach (array_unique($channel_ids) as $channel_id) { $this->EE->stats->update_channel_stats($channel_id); $this->EE->stats->update_comment_stats($channel_id); } } // Email notification recipients if ($this->EE->session->userdata('mbr_delete_notify_emails') != '') { $notify_address = $this->EE->session->userdata('mbr_delete_notify_emails'); $swap = array('name' => $this->EE->session->userdata('screen_name'), 'email' => $this->EE->session->userdata('email'), 'site_name' => stripslashes($this->EE->config->item('site_name'))); $email_tit = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_title'), $swap); $email_msg = $this->EE->functions->var_swap($this->EE->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $this->EE->session->userdata('email')) !== FALSE) { $notify_address = str_replace($this->EE->session->userdata('email'), "", $notify_address); } $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email $this->EE->load->library('email'); // Load the text helper $this->EE->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { $this->EE->email->EE_initialize(); $this->EE->email->wordwrap = FALSE; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($addy); $this->EE->email->reply_to($this->EE->config->item('webmaster_email')); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->send(); } } } // Trash the Session and cookies $this->EE->db->where('site_id', $this->EE->config->item('site_id'))->where('ip_address', $this->EE->input->ip_address())->where('member_id', (int) $id)->delete('online_users'); $this->EE->db->where('session_id', $this->EE->session->userdata('session_id'))->delete('sessions'); $this->EE->functions->set_cookie($this->EE->session->c_session); $this->EE->functions->set_cookie($this->EE->session->c_expire); $this->EE->functions->set_cookie($this->EE->session->c_anon); $this->EE->functions->set_cookie('read_topics'); $this->EE->functions->set_cookie('tracker'); // Update $this->EE->stats->update_member_stats(); // Build Success Message $url = $this->EE->config->item('site_url'); $name = stripslashes($this->EE->config->item('site_name')); $data = array('title' => $this->EE->lang->line('mbr_delete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name)); return array('success' => $data); }
/** * Delete Member Account Processing * * @access public * @return string */ public function delete_account() { /** ---------------------------------------- /** Authorization Check /** ----------------------------------------*/ if ($this->_param('member_id') == FALSE or !ctype_digit($this->_param('member_id')) or !isset($_POST['ACT'])) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } if (ee()->session->userdata['member_id'] == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } // If not deleting yourself, you must be a SuperAdmin or have Delete Member permissions // If deleting yourself, you must have permission to do so. if ($this->_param('member_id') != ee()->session->userdata['member_id']) { if (ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_delete_members'] != 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } } elseif (ee()->session->userdata['can_delete_self'] !== 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } $admin = ee()->session->userdata['member_id'] != $this->_param('member_id') ? TRUE : FALSE; /** -------------------------------------------- /** Member Data /** --------------------------------------------*/ $query = ee()->db->query("SELECT m.*,\n\t\t\t\t\tmg.mbr_delete_notify_emails\n\t\t\t FROM \texp_members AS m, \n\t\t\t\t\texp_member_groups AS mg\n\t\t\t WHERE \tm.member_id = '" . ee()->db->escape_str($this->_param('member_id')) . "'\n\t\t\t AND \tm.group_id = mg.group_id"); if ($query->num_rows() == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } /** ------------------------------------- /** One cannot delete a SuperAdmin from the User side. Sorry... /** -------------------------------------*/ if ($query->row('group_id') == 1) { return $this->_output_error('general', ee()->lang->line('cannot_delete_super_admin')); } /** -------------------------------------------- /** Variables! /** --------------------------------------------*/ $id = $query->row('member_id'); $check_password = $query->row('password'); $mbr_delete_notify_emails = $query->row('mbr_delete_notify_emails'); $screen_name = $query->row('screen_name'); $email = $query->row('email'); /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_login') == 'y') { if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') { return $this->_output_error('general', ee()->lang->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if (ee()->session->check_password_lockout() === TRUE) { return $this->_output_error('general', str_replace("%x", ee()->config->item('password_lockout_interval'), ee()->lang->line('password_lockout_in_effect'))); } /* ------------------------------------- /* If deleting self, you must submit your password. /* If SuperAdmin deleting another, must submit your password /* -------------------------------------*/ if (APP_VER >= '2.2.0') { $check_salt = $query->row('salt'); } // Fetch the SAs password instead as they are the one doing the deleting if (ee()->session->userdata['member_id'] != $this->_param('member_id')) { $squery = ee()->db->query("SELECT password" . (APP_VER < '2.2.0' ? '' : ', salt') . " \n\t\t\t\t FROM \texp_members \n\t\t\t\t WHERE \tmember_id = '" . ee()->db->escape_str(ee()->session->userdata['member_id']) . "'"); $check_password = $squery->row('password'); if (APP_VER >= '2.2.0') { $check_salt = $squery->row('salt'); } unset($squery); } if (APP_VER < '2.2.0') { $password = ee()->functions->hash(stripslashes(ee()->input->post('password'))); if ($check_password != $password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } else { ee()->load->library('auth'); $passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $check_salt); if (!isset($passwd['salt']) or $passwd['password'] != $check_password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } // -------------------------------------------- // EE 2.4 Added a Member Model for Deleting That Works Rather Well // -------------------------------------------- if (APP_VER >= '2.4.0') { ee()->load->model('member_model'); ee()->member_model->delete_member($id); } else { /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = ee()->db->query("SELECT DISTINCT \trecipient_id \n\t\t\t\t FROM \t\t\t\texp_message_copies \n\t\t\t\t WHERE \t\t\t\tsender_id = '{$id}' \n\t\t\t\t AND \t\t\t\tmessage_read = 'n'"); ee()->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_message_copies \n\t\t\t\t\t\t WHERE \trecipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); ee()->db->query(ee()->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), array('member_id' => $row['recipient_id']))); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if (ee()->config->item('forum_is_installed') == "y") { ee()->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = ee()->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } ee()->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = ee()->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then DELETE! DELETE, WHA HA HA HA!! if (APP_VER < 2.0) { $query = ee()->db->query("SELECT entry_id, weblog_id AS channel_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } if (APP_VER < 2.0) { ee()->db->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } else { ee()->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } ee()->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); ee()->db->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments if (APP_VER < 2.0) { $query = ee()->db->query("SELECT DISTINCT(entry_id), weblog_id AS channel_id FROM exp_comments WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member ee()->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); $this->EE->stats->update_member_stats(); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = ee()->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . ee()->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); if (APP_VER < 2.0) { ee()->db->query("UPDATE exp_weblog_titles SET\tcomment_total = '" . ee()->db->escape_str($query->row('count')) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } else { ee()->db->query("UPDATE exp_channel_titles SET comment_total = '" . ee()->db->escape_str($query->row('count')) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } } foreach (array_unique($channel_ids) as $channel_id) { if (APP_VER < 2.0) { ee()->stats->update_weblog_stats($channel_id); } else { ee()->stats->update_channel_stats($channel_id); } ee()->stats->update_comment_stats($channel_id); } } // END conditional for EE versions below EE 2.4.0 /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($mbr_delete_notify_emails != '') { $notify_address = $mbr_delete_notify_emails; $swap = array('name' => $screen_name, 'email' => $email, 'site_name' => stripslashes(ee()->config->item('site_name'))); $email_tit = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap); $email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (stristr($notify_address, $email)) { $notify_address = str_replace($email, "", $notify_address); } ee()->load->helper('string'); $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' \n\t\t\t\t\t\t AND ip_address = '{ee()->input->ip_address()}' \n\t\t\t\t\t\t AND member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_sessions WHERE member_id = '" . $id . "'"); if ($admin === FALSE) { if (APP_VER < '2.2.0') { ee()->functions->set_cookie(ee()->session->c_password); } ee()->functions->set_cookie(ee()->session->c_session); ee()->functions->set_cookie(ee()->session->c_expire); ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie('read_topics'); ee()->functions->set_cookie('tracker'); } if (ee()->extensions->active_hook('user_delete_account_end') === TRUE) { $edata = ee()->extensions->universal_call('user_delete_account_end', $this); if (ee()->extensions->end_script === TRUE) { return; } } /** ---------------------------------------- /** Override Return /** ----------------------------------------*/ if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' && $this->is_ajax_request() === FALSE) { ee()->functions->redirect($this->_param('override_return')); exit; } /** ---------------------------------------- /** Set return /** ----------------------------------------*/ if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') { $return = ee()->input->get_post('return'); } elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') { $return = ee()->input->get_post('RET'); } else { $return = ee()->config->item('site_url'); } if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) { $return = ee()->functions->create_url($match['1']); } /** ---------------------------------------- /** Return /** ----------------------------------------*/ $return = $this->_chars_decode($return); // -------------------------------------------- // AJAX Response // -------------------------------------------- if ($this->is_ajax_request()) { $this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_account_deleted'), 'content' => lang('mbr_account_deleted'))); } /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $name = stripslashes(ee()->config->item('site_name')); $data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => $return); ee()->output->show_message($data); }
/** * Member Delete * * Delete Members * * @access public * @return mixed */ function member_delete() { if (!$this->cp->allowed_group('can_access_members') or !$this->cp->allowed_group('can_delete_members')) { show_error($this->lang->line('unauthorized_access')); } if (!$this->input->post('delete') or !is_array($this->input->post('delete'))) { $this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members'); } $this->load->model('member_model'); // Fetch member ID numbers and build the query $ids = array(); $mids = array(); foreach ($this->input->post('delete') as $key => $val) { if ($val != '') { $ids[] = "member_id = '" . $this->db->escape_str($val) . "'"; $mids[] = $this->db->escape_str($val); } } $IDS = implode(" OR ", $ids); // SAFETY CHECK // Let's fetch the Member Group ID of each member being deleted // If there is a Super Admin in the bunch we'll run a few more safeties $super_admins = 0; $query = $this->db->query("SELECT group_id FROM exp_members WHERE " . $IDS); foreach ($query->result_array() as $row) { if ($query->row('group_id') == 1) { $super_admins++; } } if ($super_admins > 0) { // You must be a Super Admin to delete a Super Admin if ($this->session->userdata['group_id'] != 1) { show_error($this->lang->line('must_be_superadmin_to_delete_one')); } // You can't delete the only Super Admin $query = $this->member_model->count_members(1); if ($super_admins >= $query) { show_error($this->lang->line('can_not_delete_super_admin')); } } // If we got this far we're clear to delete the members $this->db->query("DELETE FROM exp_members WHERE " . $IDS); $this->db->query("DELETE FROM exp_member_data WHERE " . $IDS); $this->db->query("DELETE FROM exp_member_homepage WHERE " . $IDS); foreach ($mids as $val) { $message_query = $this->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'"); $this->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = $this->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $this->db->query($this->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'")); } } } /** ---------------------------------- /** Are there forum posts to delete? /** ----------------------------------*/ if ($this->config->item('forum_is_installed') == "y") { $this->db->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS); $this->db->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS); $IDS = str_replace('member_id', 'admin_member_id', $IDS); $this->db->query("DELETE FROM exp_forum_administrators WHERE " . $IDS); $IDS = str_replace('admin_member_id', 'mod_member_id', $IDS); $this->db->query("DELETE FROM exp_forum_moderators WHERE " . $IDS); $IDS = str_replace('mod_member_id', 'author_id', $IDS); $this->db->query("DELETE FROM exp_forum_topics WHERE " . $IDS); // Snag the affected topic id's before deleting the members for the update afterwards $query = $this->db->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $this->db->query("DELETE FROM exp_forum_posts WHERE " . $IDS); $this->db->query("DELETE FROM exp_forum_polls WHERE " . $IDS); $IDS = str_replace('author_id', 'member_id', $IDS); // Kill any attachments $query = $this->db->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . $IDS); if ($query->num_rows() > 0) { // Grab the upload path $res = $this->db->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result_array() as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result_array() as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $this->db->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'"); } } // Update the forum stats $query = $this->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Delete comments and update entry stats /** -------------------------------------*/ $channel_ids = array(); if ($this->db->table_exists('comment_subscriptions')) { $this->db->query("DELETE FROM exp_comment_subscriptions WHERE " . $IDS); } if ($this->db->table_exists('comments')) { $IDS = str_replace('member_id', 'author_id', $IDS); $query = $this->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE " . $IDS); if ($query->num_rows() > 0) { $this->db->query("DELETE FROM exp_comments WHERE " . $IDS); foreach ($query->result_array() as $row) { $channel_ids[] = $row['channel_id']; $query = $this->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $this->db->escape_str($row['entry_id']) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = $this->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'"); $this->db->query("UPDATE exp_channel_titles\n\t\t\t\t\t\t\t\tSET comment_total = '" . $this->db->escape_str($query->row('count')) . "', recent_comment_date = '{$comment_date}'\n\t\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'"); } } if (count($channel_ids) > 0) { foreach (array_unique($channel_ids) as $channel_id) { $this->stats->update_comment_stats($channel_id); } } } /** ---------------------------------- /** Reassign Entires to Heir /** ----------------------------------*/ $heir_id = $this->input->post('heir'); if ($heir_id !== FALSE && is_numeric($heir_id)) { $this->db->query("UPDATE exp_channel_titles SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS)); $query = $this->db->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n\t\t\t\t\t\t\t\t FROM exp_channel_titles\n\t\t\t\t\t\t\t\t WHERE author_id = '{$heir_id}'"); $this->db->query("UPDATE exp_members\n\t\t\t\t\t\tSET total_entries = '" . $this->db->escape_str($query->row('count')) . "', last_entry_date = '" . $this->db->escape_str($query->row('entry_date')) . "'\n\t\t\t\t\t\tWHERE member_id = '{$heir_id}'"); } /* ------------------------------------------- /* 'cp_members_member_delete_end' hook. /* - Additional processing when a member is deleted through the CP */ $edata = $this->extensions->call('cp_members_member_delete_end'); if ($this->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ // Update $this->stats->update_member_stats(); $cp_message = count($ids) == 1 ? $this->lang->line('member_deleted') : $this->lang->line('members_deleted'); $this->session->set_flashdata('message_success', $cp_message); $this->functions->redirect(BASE . AMP . 'C=members' . AMP . 'M=view_all_members'); }
/** --------------------------------------------- /** Delete Members /** ---------------------------------------------*/ function member_delete() { global $IN, $DSP, $PREFS, $LANG, $SESS, $FNS, $DB, $STAT, $EXT; if (!$DSP->allowed_group('can_delete_members')) { return $DSP->no_access_message(); } if (!$IN->GBL('delete', 'POST')) { return $this->view_all_members(); } /** --------------------------------------------- /** Fetch member ID numbers and build the query /** ---------------------------------------------*/ $ids = array(); $mids = array(); foreach ($_POST as $key => $val) { if (strstr($key, 'delete') and !is_array($val) and $val != '') { $ids[] = "member_id = '" . $DB->escape_str($val) . "'"; $mids[] = $DB->escape_str($val); } } $IDS = implode(" OR ", $ids); // SAFETY CHECK // Let's fetch the Member Group ID of each member being deleted // If there is a Super Admin in the bunch we'll run a few more safeties $super_admins = 0; $query = $DB->query("SELECT group_id FROM exp_members WHERE " . $IDS); foreach ($query->result as $row) { if ($query->row['group_id'] == 1) { $super_admins++; } } if ($super_admins > 0) { // You must be a Super Admin to delete a Super Admin if ($SESS->userdata['group_id'] != 1) { return $DSP->error_message($LANG->line('must_be_superadmin_to_delete_one')); } // You can't detete the only Super Admin $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '1'"); if ($super_admins >= $query->row['count']) { return $DSP->error_message($LANG->line('can_not_delete_super_admin')); } } // If we got this far we're clear to delete the members $DB->query("DELETE FROM exp_members WHERE " . $IDS); $DB->query("DELETE FROM exp_member_data WHERE " . $IDS); $DB->query("DELETE FROM exp_member_homepage WHERE " . $IDS); foreach ($mids as $val) { $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'"); $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'"); $DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'"); $DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'"); $DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'"); if ($message_query->num_rows > 0) { foreach ($message_query->result as $row) { $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '" . $row['recipient_id'] . "'")); } } } /** ---------------------------------- /** Are there forum posts to delete? /** ----------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y") { $DB->query("DELETE FROM exp_forum_subscriptions WHERE " . $IDS); $DB->query("DELETE FROM exp_forum_pollvotes WHERE " . $IDS); $IDS = str_replace('member_id', 'admin_member_id', $IDS); $DB->query("DELETE FROM exp_forum_administrators WHERE " . $IDS); $IDS = str_replace('admin_member_id', 'mod_member_id', $IDS); $DB->query("DELETE FROM exp_forum_moderators WHERE " . $IDS); $IDS = str_replace('mod_member_id', 'author_id', $IDS); $DB->query("DELETE FROM exp_forum_topics WHERE " . $IDS); // Snag the affected topic id's before deleting the members for the update afterwards $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE " . $IDS); if ($query->num_rows > 0) { $topic_ids = array(); foreach ($query->result as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $DB->query("DELETE FROM exp_forum_posts WHERE " . $IDS); $DB->query("DELETE FROM exp_forum_polls WHERE " . $IDS); // Kill any attachments $query = $DB->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE " . str_replace('author_id', 'member_id', $IDS)); if ($query->num_rows > 0) { // Grab the upload path $res = $DB->query('SELECT board_id, board_upload_path FROM exp_forum_boards'); $paths = array(); foreach ($res->result as $row) { $paths[$row['board_id']] = $row['board_upload_path']; } foreach ($query->result as $row) { if (!isset($paths[$row['board_id']])) { continue; } $file = $paths[$row['board_id']] . $row['filehash'] . $row['extension']; $thumb = $paths[$row['board_id']] . $row['filehash'] . '_t' . $row['extension']; @unlink($file); @unlink($thumb); $DB->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'"); } } // Update the forum stats $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Delete comments and update entry stats /** -------------------------------------*/ $weblog_ids = array(); $IDS = str_replace('member_id', 'author_id', $IDS); $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE " . $IDS); if ($query->num_rows > 0) { $DB->query("DELETE FROM exp_comments WHERE " . $IDS); foreach ($query->result as $row) { $weblog_ids[] = $row['weblog_id']; $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($row['entry_id']) . "'"); $comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date']; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'"); $DB->query("UPDATE exp_weblog_titles \n\t\t\t\t\t\t\tSET comment_total = '" . $DB->escape_str($query->row['count']) . "', recent_comment_date = '{$comment_date}' \n\t\t\t\t\t\t\tWHERE entry_id = '{$row['entry_id']}'"); } } if (count($weblog_ids) > 0) { foreach (array_unique($weblog_ids) as $weblog_id) { $STAT->update_comment_stats($weblog_id); } } /** ---------------------------------- /** Reassign Entires to Heir /** ----------------------------------*/ $heir_id = $IN->GBL('heir', 'POST'); $entries_exit = $IN->GBL('entries_exit', 'POST'); $gallery_entries_exit = $IN->GBL('gallery_entries_exit', 'POST'); if ($heir_id !== FALSE && is_numeric($heir_id)) { if ($entries_exit == 'yes') { $DB->query("UPDATE exp_weblog_titles SET author_id = '{$heir_id}' WHERE \n\t\t\t\t\t" . str_replace('member_id', 'author_id', $IDS)); $query = $DB->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date\n \t\t\t\t\t\t FROM exp_weblog_titles\n \t\t\t\t\t\t WHERE author_id = '{$heir_id}'"); $DB->query("UPDATE exp_members \n \t\t\t\tSET total_entries = '" . $DB->escape_str($query->row['count']) . "', last_entry_date = '" . $DB->escape_str($query->row['entry_date']) . "' \n \t\t\t\tWHERE member_id = '{$heir_id}'"); } if ($gallery_entries_exit == 'yes') { $DB->query("UPDATE exp_gallery_entries SET author_id = '{$heir_id}' WHERE " . str_replace('member_id', 'author_id', $IDS)); } } // ------------------------------------------- // 'cp_members_member_delete_end' hook. // - Additional processing when a member is deleted through the CP // $edata = $EXT->call_extension('cp_members_member_delete_end'); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- // Update global stats $STAT->update_member_stats(); $message = count($ids) == 1 ? $DSP->qdiv('success', $LANG->line('member_deleted')) : $DSP->qdiv('success', $LANG->line('members_deleted')); return $this->view_all_members($message); }