*
* TODO:
* Double check comment backup function
* Allow to admin defined a default setting for normal users
* Integrate with batchapi
*/
define('USER_DELETE_FILE_PATH', file_directory_path() .'/user_delete_backup');
/**
* Implementation of hook_perm().
*/
function user_delete_perm() {
return array('delete own account');
}
/**
* Implementation of hook_menu().
*/
function user_delete_menu() {
$items['admin/user/user_delete'] = array(
'title' => 'User delete',
'description' => "Configure the user delete action.",
'page callback' => 'drupal_get_form',
'page arguments' => array('user_delete_settings'),
'access arguments' => array('administer users'),
'file' => 'user_delete.admin.inc',
);
return $items;
}
/**
* Checks whether a user can delete an account
*/
function user_delete_access($account) {
global $user;
return (user_access('administer users') || (user_access('delete own account') && $account->uid == $user->uid));
}
/**
* Implementation of hook_menu_alter().
*/
function user_delete_menu_alter(&$callbacks) {
$callbacks['user/%user/delete']['access callback'] = 'user_delete_access';
$callbacks['user/%user/delete']['access arguments'] = array(1);
$callbacks['user/%user/delete']['type'] = MENU_CALLBACK;
}
/**
* Implementation of hook_form_alter().
*/
function user_delete_form_alter(&$form, $form_state, $form_id) {
global $user;
if($form_id == 'user_profile_form') {
//access check
if(user_access('delete own account') && arg(1) == $user->uid) {
$form['delete'] = array(
'#type' => 'submit',
'#value' => t('Delete'),
'#weight' => 31,
'#submit' => array('user_edit_delete_submit'),
);
}
}
if ($form_id == 'user_confirm_delete') {
$backup = variable_get('user_delete_backup', 0);
if ($backup) {
$period = variable_get('user_delete_backup_period', 60*60*24*7*12);
$form['user_delete_remark'] = array(
'#value' => t('All data that is being deleted will be backed up for %period and automatically deleted afterwards.', array('%period' => format_interval($period, 2))),
'#weight' => -10,
);
}
$form['user_delete_action'] = array(
'#type' => 'radios',
'#title' => t('When deleting the account'),
'#default_value' => 'user_delete_block',
'#options' => array(
'user_delete_block' => t('Disable the account and keep all content.'),
'user_delete_block_unpublish' => t('Disable the account and unpublish all content.'),
'user_delete_reassign' => t('Delete the account and make all content belong to the Anonymous user.'),
'user_delete_delete' => t('Delete the account and all content.'),
),
'#weight' => 0,
);
$form['#redirect'] = 'user/' . $form['_account']['#value']->uid;
$form['#submit'] = array('user_delete_submit');
}
}
/**
* Deal with the user/content after form submission
*/
function user_delete_submit($form, &$form_state) {
global $user;
$op = $form_state['values']['user_delete_action'];
$uid = $form_state['values']['_account']->uid;
$account = user_load(array('uid' => $uid));
$backup = variable_get('user_delete_backup', 0);
if (!$account) {
drupal_set_message(t('The user account %id does not exist.', array('%id' => $uid)), 'error');
watchdog('user', 'Attempted to cancel non-existing user account: %id.', array('%id' => $uid), WATCHDOG_ERROR);
return;
}
switch ($op) {
case 'user_delete_block':
// block user
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
drupal_set_message(t('%name has been blocked.', array('%name' => check_plain($account->name))));
break;
case 'user_delete_block_unpublish':
// block user
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
// unpublish content
db_query("UPDATE {node} SET status = 0 WHERE uid = %d", $uid);
db_query("UPDATE {comments} SET status = 1 WHERE uid = %d", $uid);
drupal_set_message(t('%name has been blocked, all submitted content from that user has benn unpublished.', array('%name' => check_plain($account->name))));
break;
case 'user_delete_reassign':
// Set redirect
$redirect = variable_get('user_delete_redirect', 'node');
// reassign content
db_query("UPDATE {node} SET uid = 0 WHERE uid = %d", $uid);
db_query("UPDATE {comments} SET uid = 0 WHERE uid = %d", $uid);
// delete account
user_delete($form_values, $uid);
drupal_set_message(t('All submitted content from %name has benn reassigned to %anonymous.', array('%name' => check_plain($account->name), '%anonymous' => variable_get('anonymous', t('Anonymous')))));
break;
case 'user_delete_delete':
// TODO: Deleting/Backing-up nodes and comments should be done with
// http://drupal.org/project/batchapi
// Set redirect
$redirect = variable_get('user_delete_redirect', 'node');
// delete comments
$result = db_query("SELECT cid FROM {comments} WHERE uid = %d", $uid);
while ($row = db_fetch_object($result)) {
// backup
if ($backup) {
$comment = _comment_load($row->cid);
user_delete_backup($account, $comment);
}
user_delete_comment_delete($row->cid);
}
// delete nodes
$result = db_query("SELECT nid FROM {node} WHERE uid = %d", $uid);
while ($row = db_fetch_object($result)) {
// backup
if ($backup) {
$node = node_load($row->nid);
user_delete_backup($account, $node);
}
user_delete_node_delete($row->nid);
}
// backup
if ($backup) {
user_delete_backup($account);
}
// delete user
user_delete($form_values, $uid);
drupal_set_message(t('All submitted content from %name has been deleted.', array('%name' => check_plain($account->name), '!anonymous' => variable_get('anonymous', t('Anonymous')))));
break;
}
// After cancelling account, ensure that user is logged out.
// Destroy the current session.
db_query("DELETE FROM {sessions} WHERE uid = %d", $account->uid);
if ($account->uid == $user->uid) {
// Load the anonymous user.
$user = drupal_anonymous_user();
// Set redirect
$redirect = variable_get('user_delete_redirect', 'node');
}
// Clear the cache for anonymous users.
cache_clear_all();
// Redirect
if (!empty($redirect)) {
drupal_goto($redirect);
}
}
/**
* Implementation of hook_cron().
*/
function user_delete_cron() {
user_delete_backup_scan_expired();
}
/**
* Backup an user/node/comment object to the filesystem
*/
function user_delete_backup($account, $object = NULL) {
// check for directory
$dir = USER_DELETE_FILE_PATH;
user_delete_file_check_directory($dir, TRUE);
file_check_directory($dir, TRUE);
$backup_dir = $dir .'/'. check_plain($account->name);
user_delete_file_check_directory($backup_dir, TRUE);
if (is_numeric($object->cid)) {
$dest = $backup_dir . '/comments';
user_delete_file_check_directory($dest, TRUE);
$dest = $dest . '/comment-' . $object->cid . '.txt';
}
else if (is_numeric($object->nid)) {
$dest = $backup_dir . '/nodes';
user_delete_file_check_directory($dest, TRUE);
$dest = $dest . '/node-' . $object->nid . '.txt';
}
else {
$dest = $backup_dir;
$object = $account;
user_delete_file_check_directory($dest, TRUE);
$dest = $dest . '/user-' . $object->uid . '.txt';
}
$data = serialize((array) $object);
file_save_data($data, $dest, FILE_EXISTS_REPLACE);
}
/**
* Scan for and delete expired files
*/
function user_delete_backup_scan_expired() {
// check for directory
$dir = USER_DELETE_FILE_PATH;
if (file_check_directory($dir, TRUE)) {
file_scan_directory($dir, '.*', array('.', '..', 'CVS'), 'user_delete_backup_remove_expired', FALSE);
}
}
/**
* Check if a folder is expired and delete
*/
function user_delete_backup_remove_expired($filename) {
$period = variable_get('user_delete_backup_period', 60*60*24*7*12);
$created = filemtime($filename);
if ($created && (time() >= ($created + $period))) {
user_delete_backup_remove_dir($filename);
}
}
/**
* Recursive delete a folder with files
*/
function user_delete_backup_remove_dir($dir) {
if (!file_exists($dir)) {
return true;
}
if (!is_dir($dir)) {
return unlink($dir);
}
foreach (scandir($dir) as $item) {
if ($item == '.' || $item == '..') {
continue;
}
if (!user_delete_backup_remove_dir($dir.DIRECTORY_SEPARATOR.$item)) {
return false;
}
}
return rmdir($dir);
}
/**
* Copy of node_delete() whithout access check and drupal_set_message().
* see http://api.drupal.org/api/function/node_delete/6
*/
function user_delete_node_delete($nid) {
$node = node_load($nid);
db_query('DELETE FROM {node} WHERE nid = %d', $node->nid);
db_query('DELETE FROM {node_revisions} WHERE nid = %d', $node->nid);
// Call the node-specific callback (if any):
node_invoke($node, 'delete');
node_invoke_nodeapi($node, 'delete');
// Clear the cache so an anonymous poster can see the node being deleted.
cache_clear_all();
// Remove this node from the search index if needed.
if (function_exists('search_wipe')) {
search_wipe($node->nid, 'node');
}
//drupal_set_message(t('%title has been deleted.', array('%title' => $node->title)));
watchdog('content', t('@type: deleted %title.', array('@type' => t($node->type), '%title' => $node->title)));
}
/**
* Copy of file_check_directory() without drupal_set_message().
* see http://api.drupal.org/api/function/file_check_directory/6
*/
function user_delete_file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
$directory = rtrim($directory, '/\\');
// Check if directory exists.
if (!is_dir($directory)) {
if (($mode & FILE_CREATE_DIRECTORY) && @mkdir($directory)) {
//drupal_set_message(t('The directory %directory has been created.', array('%directory' => $directory)));
@chmod($directory, 0775); // Necessary for non-webserver users.
}
else {
if ($form_item) {
form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => $directory)));
}
return FALSE;
}
}
// Check to see if the directory is writable.
if (!is_writable($directory)) {
if (($mode & FILE_MODIFY_PERMISSIONS) && @chmod($directory, 0775)) {
//drupal_set_message(t('The permissions of directory %directory have been changed to make it writable.', array('%directory' => $directory)));
}
else {
form_set_error($form_item, t('The directory %directory is not writable', array('%directory' => $directory)));
watchdog('file system', 'The directory %directory is not writable, because it does not have the correct permissions set.', array('%directory' => $directory), WATCHDOG_ERROR);
return FALSE;
}
}
if ((file_directory_path() == $directory || file_directory_temp() == $directory) && !is_file("$directory/.htaccess")) {
$htaccess_lines = "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006\nOptions None\nOptions +FollowSymLinks";
if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) {
fclose($fp);
chmod($directory .'/.htaccess', 0664);
}
else {
$variables = array('%directory' => $directory, '!htaccess' => '
'. nl2br(check_plain($htaccess_lines)));
form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: !htaccess
", $variables));
watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: !htaccess
", $variables, WATCHDOG_ERROR);
}
}
return TRUE;
}
/**
* Delete comment thread
*/
function user_delete_comment_delete($cid = NULL) {
include_once(drupal_get_path('module', 'comment') . '/comment.admin.inc');
$comment = db_fetch_object(db_query('SELECT c.*, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.cid = %d', $cid));
_comment_delete_thread($comment);
_comment_update_node_statistics($comment->nid);
cache_clear_all();
}