4 files changed, 128 insertions, 1 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 036c9d1b..ba2d1d94 100755
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -229,12 +229,49 @@ class Database {
            return FALSE;
        }
    }
+    
+    public function listUsers($username=null) {
+        $sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : '');
+        $query = $this->executeQuery($sql, ( $username ? array($username) : array()));
+        list($count) = $query->fetch();
+        return $count;
+    }
+    
+    public function getUserPassword($userID) {
+        $sql = "SELECT * FROM users WHERE id=?";
+        $query = $this->executeQuery($sql, array($userID));
+        $password = $query->fetchAll();
+        return isset($password[0]['password']) ? $password[0]['password'] : null;
+    }
+    
+    public function deleteUserConfig($userID) {
+        $sql_action = 'DELETE from users_config WHERE user_id=?';
+        $params_action = array($userID);
+        $query = $this->executeQuery($sql_action, $params_action);
+        return $query;
+    }
+    
+    public function deleteTagsEntriesAndEntries($userID) {
+        $entries = $this->retrieveAll($userID);
+        foreach($entries as $entryid) {
+            $tags = $this->retrieveTagsByEntry($entryid);
+            foreach($tags as $tag) {
+                $this->removeTagForEntry($entryid,$tags);
+            }
+            $this->deleteById($entryid,$userID);
+        }
+    }
+    
+    public function deleteUser($userID) {
+        $sql_action = 'DELETE from users WHERE id=?';
+        $params_action = array($userID);
+        $query = $this->executeQuery($sql_action, $params_action);
+    }
    public function updateContentAndTitle($id, $title, $body, $user_id) {
        $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
        $params_action = array($body, $title, $id, $user_id);
        $query = $this->executeQuery($sql_action, $params_action);
        return $query;
    }
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 811895dc..aa313c25 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -241,6 +241,58 @@ class Poche
        $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime');
        $this->tpl->addFilter($filter);
    }
+    
+    public function createNewUser() {
+        if (isset($_GET['newuser'])){
+            if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){
+                $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING);
+                if (!$this->store->userExists($newusername)){   
+                    if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) {
+                        Tools::logm('The new user '.$newusername.' has been installed');
+                        $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername));
+                        Tools::redirect();
+                    }
+                    else {
+                        Tools::logm('error during adding new user');
+                        Tools::redirect();
+                    }
+                }
+                else {
+                    $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername));
+                    Tools::logm('An user with the name '.$newusername.' already exists !');
+                    Tools::redirect();
+                }
+            }
+        }
+    }
+   
+    public function deleteUser(){
+        if (isset($_GET['deluser'])){
+            if ($this->store->listUsers() > 1) {
+                if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) {
+                    $username = $this->user->getUsername();
+                    $this->store->deleteUserConfig($this->user->getId());
+                    Tools::logm('The configuration for user '. $username .' has been deleted !');
+                    $this->store->deleteTagsEntriesAndEntries($this->user->getId());
+                    Tools::logm('The entries for user '. $username .' has been deleted !');
+                    $this->store->deleteUser($this->user->getId());
+                    Tools::logm('User '. $username .' has been completely deleted !');
+                    Session::logout();
+                    Tools::logm('logout');
+                    Tools::redirect();
+                    $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername));
+                }
+                else {
+                    Tools::logm('Bad password !');
+                    $this->messages->add('e', _('Error : The password is wrong !'));
+                }
+            }
+            else {
+                Tools::logm('Only user !');
+                $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !'));
+            }
+        }
+    }
    private function install()
    {
@@ -520,6 +572,7 @@ class Poche
                $languages = $this->getInstalledLanguages();
                $token = $this->user->getConfigValue('token');
                $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
+                $only_user = ($this->store->listUsers() > 1) ? false : true;
                $tpl_vars = array(
                    'themes' => $themes,
                    'languages' => $languages,
@@ -532,6 +585,7 @@ class Poche
                    'token' => $token,
                    'user_id' => $this->user->getId(),
                    'http_auth' => $http_auth,
+                    'only_user' => $only_user
                );
                Tools::logm('config view');
                break;
diff --git a/index.php b/index.php
index deb13d7a..9c943b1d 100755
--- a/index.php
+++ b/index.php
@@ -66,6 +66,10 @@ if (isset($_GET['login'])) {
 } elseif (isset($_GET['config'])) {
    # Update password
    $poche->updatePassword();
+} elseif (isset($_GET['newuser'])) {
+    $poche->createNewUser();
+} elseif (isset($_GET['deluser'])) {
+    $poche->deleteUser();
 } elseif (isset($_GET['import'])) {
    $import = $poche->import();
    $tpl_vars = array_merge($tpl_vars, $import);
diff --git a/themes/baggy/config.twig b/themes/baggy/config.twig
index d441de7c..29d9e048 100755
--- a/themes/baggy/config.twig
+++ b/themes/baggy/config.twig
@@ -128,4 +128,36 @@
            <h2>{% trans "Cache" %}</h2>
            <p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p>
+            <h2>{% trans 'Add user' %}</h2>
+            <p>{% trans 'Add a new user :' %}</p>
+            <form method="post" action="?newuser">
+                <fieldset class="w500p">
+                <div class="row">
+                    <label class="col w150p" for="newusername">{% trans 'Login for new user' %}</label>
+                    <input class="col" type="text" id="newusername" name="newusername" placeholder="{% trans 'Login' %}">
+                </div>
+                <div class="row">
+                    <label class="col w150p" for="password4newuser">{% trans "Password for new user" %}</label>
+                    <input class="col" type="password" id="password4newuser" name="password4newuser" placeholder="{% trans "Password" %}">
+                </div>
+                <div class="row mts txtcenter">
+                    <button type="submit">{% trans "Send" %}</button>   
+                </div>
+                </fieldset>
+            </form>
+            
+            <h2>{% trans "Delete account" %}</h2>
+            {% if not only_user %}<form method="post" action="?deluser">
+            <p>{% trans "You can delete your account by entering your password and validating." %}<br /><b>{% trans "Be careful, data will be erased forever (that is a very long time)." %}</b></p>
+            <fieldset class="w500p">
+                <div class="row">
+                    <label class="col w150p" for="password4deletinguser">{% trans "Type here your password" %}</label>
+                    <input class="col" type="password" id="password4deletinguser" name="password4deletinguser" placeholder="{% trans "Password" %}">
+                </div>
+            <div class="row mts txtcenter">
+                <button type="submit">{% trans "Send" %}</button>
+            </div>
+            </form>
+            {% else %}<p>{% trans "You are the only user, you cannot delete your own account." %}<br />
+            {% trans "To completely remove wallabag, delete the wallabag folder on your web server." %}</p>{% endif %}
 {% endblock %}

diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 036c9d1b..ba2d1d94 100755 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php
@@ -229,12 +229,49 @@ class Database {
229	return FALSE;	229	return FALSE;
230	}	230	}
231	}	231	}
		232
		233	public function listUsers($username=null) {
		234	$sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : '');
		235	$query = $this->executeQuery($sql, ( $username ? array($username) : array()));
		236	list($count) = $query->fetch();
		237	return $count;
		238	}
		239
		240	public function getUserPassword($userID) {
		241	$sql = "SELECT * FROM users WHERE id=?";
		242	$query = $this->executeQuery($sql, array($userID));
		243	$password = $query->fetchAll();
		244	return isset($password[0]['password']) ? $password[0]['password'] : null;
		245	}
		246
		247	public function deleteUserConfig($userID) {
		248	$sql_action = 'DELETE from users_config WHERE user_id=?';
		249	$params_action = array($userID);
		250	$query = $this->executeQuery($sql_action, $params_action);
		251	return $query;
		252	}
		253
		254	public function deleteTagsEntriesAndEntries($userID) {
		255	$entries = $this->retrieveAll($userID);
		256	foreach($entries as $entryid) {
		257	$tags = $this->retrieveTagsByEntry($entryid);
		258	foreach($tags as $tag) {
		259	$this->removeTagForEntry($entryid,$tags);
		260	}
		261	$this->deleteById($entryid,$userID);
		262	}
		263	}
		264
		265	public function deleteUser($userID) {
		266	$sql_action = 'DELETE from users WHERE id=?';
		267	$params_action = array($userID);
		268	$query = $this->executeQuery($sql_action, $params_action);
		269	}
232		270
233	public function updateContentAndTitle($id, $title, $body, $user_id) {	271	public function updateContentAndTitle($id, $title, $body, $user_id) {
234	$sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';	272	$sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
235	$params_action = array($body, $title, $id, $user_id);	273	$params_action = array($body, $title, $id, $user_id);
236	$query = $this->executeQuery($sql_action, $params_action);	274	$query = $this->executeQuery($sql_action, $params_action);
237
238	return $query;	275	return $query;
239	}	276	}
240		277


diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 811895dc..aa313c25 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -241,6 +241,58 @@ class Poche
241	$filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime');	241	$filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime');
242	$this->tpl->addFilter($filter);	242	$this->tpl->addFilter($filter);
243	}	243	}
		244
		245	public function createNewUser() {
		246	if (isset($_GET['newuser'])){
		247	if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){
		248	$newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING);
		249	if (!$this->store->userExists($newusername)){
		250	if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) {
		251	Tools::logm('The new user '.$newusername.' has been installed');
		252	$this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername));
		253	Tools::redirect();
		254	}
		255	else {
		256	Tools::logm('error during adding new user');
		257	Tools::redirect();
		258	}
		259	}
		260	else {
		261	$this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername));
		262	Tools::logm('An user with the name '.$newusername.' already exists !');
		263	Tools::redirect();
		264	}
		265	}
		266	}
		267	}
		268
		269	public function deleteUser(){
		270	if (isset($_GET['deluser'])){
		271	if ($this->store->listUsers() > 1) {
		272	if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) {
		273	$username = $this->user->getUsername();
		274	$this->store->deleteUserConfig($this->user->getId());
		275	Tools::logm('The configuration for user '. $username .' has been deleted !');
		276	$this->store->deleteTagsEntriesAndEntries($this->user->getId());
		277	Tools::logm('The entries for user '. $username .' has been deleted !');
		278	$this->store->deleteUser($this->user->getId());
		279	Tools::logm('User '. $username .' has been completely deleted !');
		280	Session::logout();
		281	Tools::logm('logout');
		282	Tools::redirect();
		283	$this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername));
		284	}
		285	else {
		286	Tools::logm('Bad password !');
		287	$this->messages->add('e', _('Error : The password is wrong !'));
		288	}
		289	}
		290	else {
		291	Tools::logm('Only user !');
		292	$this->messages->add('e', _('Error : You are the only user, you cannot delete your account !'));
		293	}
		294	}
		295	}
244		296
245	private function install()	297	private function install()
246	{	298	{
@@ -520,6 +572,7 @@ class Poche
520	$languages = $this->getInstalledLanguages();	572	$languages = $this->getInstalledLanguages();
521	$token = $this->user->getConfigValue('token');	573	$token = $this->user->getConfigValue('token');
522	$http_auth = (isset($_SERVER['PHP_AUTH_USER']) \|\| isset($_SERVER['REMOTE_USER'])) ? true : false;	574	$http_auth = (isset($_SERVER['PHP_AUTH_USER']) \|\| isset($_SERVER['REMOTE_USER'])) ? true : false;
		575	$only_user = ($this->store->listUsers() > 1) ? false : true;
523	$tpl_vars = array(	576	$tpl_vars = array(
524	'themes' => $themes,	577	'themes' => $themes,
525	'languages' => $languages,	578	'languages' => $languages,
@@ -532,6 +585,7 @@ class Poche
532	'token' => $token,	585	'token' => $token,
533	'user_id' => $this->user->getId(),	586	'user_id' => $this->user->getId(),
534	'http_auth' => $http_auth,	587	'http_auth' => $http_auth,
		588	'only_user' => $only_user
535	);	589	);
536	Tools::logm('config view');	590	Tools::logm('config view');
537	break;	591	break;


diff --git a/index.php b/index.php index deb13d7a..9c943b1d 100755 --- a/index.php +++ b/index.php
@@ -66,6 +66,10 @@ if (isset($_GET['login'])) {
66	} elseif (isset($_GET['config'])) {	66	} elseif (isset($_GET['config'])) {
67	# Update password	67	# Update password
68	$poche->updatePassword();	68	$poche->updatePassword();
		69	} elseif (isset($_GET['newuser'])) {
		70	$poche->createNewUser();
		71	} elseif (isset($_GET['deluser'])) {
		72	$poche->deleteUser();
69	} elseif (isset($_GET['import'])) {	73	} elseif (isset($_GET['import'])) {
70	$import = $poche->import();	74	$import = $poche->import();
71	$tpl_vars = array_merge($tpl_vars, $import);	75	$tpl_vars = array_merge($tpl_vars, $import);


diff --git a/themes/baggy/config.twig b/themes/baggy/config.twig index d441de7c..29d9e048 100755 --- a/themes/baggy/config.twig +++ b/themes/baggy/config.twig
@@ -128,4 +128,36 @@
128	<h2>{% trans "Cache" %}</h2>	128	<h2>{% trans "Cache" %}</h2>
129	<p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p>	129	<p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p>
130		130
		131	<h2>{% trans 'Add user' %}</h2>
		132	<p>{% trans 'Add a new user :' %}</p>
		133	<form method="post" action="?newuser">
		134	<fieldset class="w500p">
		135	<div class="row">
		136	<label class="col w150p" for="newusername">{% trans 'Login for new user' %}</label>
		137	<input class="col" type="text" id="newusername" name="newusername" placeholder="{% trans 'Login' %}">
		138	</div>
		139	<div class="row">
		140	<label class="col w150p" for="password4newuser">{% trans "Password for new user" %}</label>
		141	<input class="col" type="password" id="password4newuser" name="password4newuser" placeholder="{% trans "Password" %}">
		142	</div>
		143	<div class="row mts txtcenter">
		144	<button type="submit">{% trans "Send" %}</button>
		145	</div>
		146	</fieldset>
		147	</form>
		148
		149	<h2>{% trans "Delete account" %}</h2>
		150	{% if not only_user %}<form method="post" action="?deluser">
		151	<p>{% trans "You can delete your account by entering your password and validating." %}<br /><b>{% trans "Be careful, data will be erased forever (that is a very long time)." %}</b></p>
		152	<fieldset class="w500p">
		153	<div class="row">
		154	<label class="col w150p" for="password4deletinguser">{% trans "Type here your password" %}</label>
		155	<input class="col" type="password" id="password4deletinguser" name="password4deletinguser" placeholder="{% trans "Password" %}">
		156	</div>
		157	<div class="row mts txtcenter">
		158	<button type="submit">{% trans "Send" %}</button>
		159	</div>
		160	</form>
		161	{% else %}<p>{% trans "You are the only user, you cannot delete your own account." %}<br />
		162	{% trans "To completely remove wallabag, delete the wallabag folder on your web server." %}</p>{% endif %}
131	{% endblock %}	163	{% endblock %}