XFileSharing Pro - own account deletion button

Message
Author
PowerChaos
Posts: 521
Joined: Dec 19, 2009 5:12 pm

own account deletion button

#1 Postby PowerChaos » Mar 28, 2012 3:05 pm

Hey all

i was wondering if ohter users would be intrested in this kind of small mod/hack

so for the users who are intrested in this

Code: Select all

<TMPL_UNLESS premium><a href="?op=my_account&del_id=<TMPL_VAR usr_id>" onClick="return confirm('Destroy <TMPL_VAR usr_login> Account with All files?')"><img src="<TMPL_VAR site_url>/images/del.gif" border=0 alt="Delete Account"></a></TMPL_UNLESS>
place above code in my_account.html

now open index.cgi and search for following line

Code: Select all

sub MyAccount
{
place under it this code

Code: Select all

   if($f->{del_id})
   {
	$ses->message("Security error: not_owner") unless ($f->{del_id} == $ses->{user}->{usr_id});
      my $files = $db->SelectARef("SELECT srv_id,file_code,file_id,file_real,file_real_id FROM Files WHERE usr_id=?",$f->{del_id});
      $ses->DeleteFilesMass($files);
      $ses->DeleteUserDB($f->{del_id});
      $ses->redirect("$c->{site_url}/?msg=Account%20and%20files%20succesfully%20Deleted");
   }
for the users who are wondering how it was created
it is partial taken from the admin arena and added the sesion check to be sure that your account request the same id instead a other id
my skills of cgi/perl are to limited to create my own code from scratch :s

The reason why i release it is because i feel that it is needed to have a self delete option

i got differend requests from users who like to delete his own account
or users who does not want to get a email (if 1 get sended) or want to have anything to do anymore with the filehost and a lot of other reasons

so now those users got the option to delete his own accounts

enjoy
Greetings From PowerChaos

RockDiz
Posts: 135
Joined: May 05, 2011 4:47 pm

#2 Postby RockDiz » Mar 28, 2012 4:32 pm

Very useful mod, thanks a lot for your contribution!
also, is there like a verification process? it'd be useful for in case someone left their account open and an anonymous user wanted to raise hell by deleting the account

PowerChaos
Posts: 521
Joined: Dec 19, 2009 5:12 pm

#3 Postby PowerChaos » Mar 28, 2012 4:37 pm

they need to press ok in the popup

like i say , it came from the admin arena and i just converted it so a client can use it

only verification is the sesion checking on it , if that id doesnt match then it says system error

i added that to prevent direct acces to the code

for the rest there are no verifications on

Greetings From PowerChaos

HKirste
Posts: 5
Joined: Mar 25, 2012 4:41 am

Re: own account deletion button

#4 Postby HKirste » Mar 28, 2012 8:59 pm

PowerChaos wrote:Hey all

i was wondering if ohter users would be intrested in this kind of small mod/hack

so for the users who are intrested in this

Code: Select all

<TMPL_UNLESS premium><a href="?op=my_account&del_id=<TMPL_VAR usr_id>" onClick="return confirm('Destroy <TMPL_VAR usr_login> Account with All files?')"><img src="<TMPL_VAR site_url>/images/del.gif" border=0 alt="Delete Account"></a></TMPL_UNLESS>
place above code in my_account.html

now open index.cgi and search for following line

Code: Select all

sub MyAccount
{
place under it this code

Code: Select all

   if($f->{del_id})
   {
	$ses->message("Security error: not_owner") unless ($f->{del_id} == $ses->{user}->{usr_id});
      my $files = $db->SelectARef("SELECT srv_id,file_code,file_id,file_real,file_real_id FROM Files WHERE usr_id=?",$f->{del_id});
      $ses->DeleteFilesMass($files);
      $ses->DeleteUserDB($f->{del_id});
      $ses->redirect("$c->{site_url}/?msg=Account%20and%20files%20succesfully%20Deleted");
   }
for the users who are wondering how it was created
it is partial taken from the admin arena and added the sesion check to be sure that your account request the same id instead a other id
my skills of cgi/perl are to limited to create my own code from scratch :s

The reason why i release it is because i feel that it is needed to have a self delete option

i got differend requests from users who like to delete his own account
or users who does not want to get a email (if 1 get sended) or want to have anything to do anymore with the filehost and a lot of other reasons

so now those users got the option to delete his own accounts

enjoy
Greetings From PowerChaos
I dont know in perl, but in php that would be very vulnerable to csrf. You should add a token or something like that to verificate

stamos
Posts: 139
Joined: Nov 11, 2010 5:37 pm

#5 Postby stamos » Mar 28, 2012 10:17 pm

also hacked accounts could be deleted very easily like this,
then you will have difficulties if users complain to find their account.
better would be a admin approval of user deletion list or something ;)