Qubadi · November 11, 2023 20:44
diff --git a/gistfile1.txt b/gistfile1.txt
 1. Allows logged-in users, except administrators, to delete their accounts.
 Incorporates a nonce for security, ensuring the deletion request is valid and intentional.
 Features a JavaScript confirmation dialog for users to confirm before proceeding with the deletion.
 2. Deletes all posts and attachments created by the user, ensuring complete removal of their content from the website.
 Finally, deletes the user's account from the WordPress system.
 Security and Permissions:
 3. Performs a security check using nonce verification to prevent unauthorized actions.
 Restricts the ability to delete accounts to non-administrator users, ensuring only the account owner can initiate deletion.
 4. Uses WordPress hooks and shortcodes for seamless integration into the WordPress environment.
 Ensures the custom functions don't exist before defining them, avoiding conflicts with other plugins or themes.

 Shortcode: [custom_delete]



 // Prevent direct access to the script
 defined('ABSPATH') or die('No script kiddies please!');

 if (!function_exists('custom_delete_account')) {
    function custom_delete_account() {
        if (is_user_logged_in() && !current_user_can('administrator')) {
            $current_user = wp_get_current_user();
            $user_id = $current_user->ID;
            
            // Create nonce for security
            $nonce = wp_create_nonce('custom_user_delete_nonce');

            // Delete URL with nonce and user ID
            $delete_url = admin_url('admin-post.php?action=custom_user_delete&user_id=' . $user_id . '&_wpnonce=' . $nonce);

            // Delete button with JavaScript confirmation
            $html = '<a href="' . esc_url($delete_url) . '" id="custom-delete-account" onclick="return confirmDeletion();" style="display: inline-block; color: #ffffff !important; text-decoration: none; font-size: 14px; font-weight: 400;">Delete Account?</a>';

            // JavaScript for confirmation dialog
            $html .= '
            <script>
                function confirmDeletion() {
                    return confirm("Are you sure you want to delete your account?");
                }
            </script>';

            return $html;
        } else {
            return '<div>You do not have permission to delete this account.</div>';
        }
    }
 }

 if (!function_exists('custom_user_delete')) {
    function custom_user_delete() {
        // Verify nonce for security
        if (!isset($_GET['_wpnonce']) || !wp_verify_nonce($_GET['_wpnonce'], 'custom_user_delete_nonce')) {
            wp_die('Security check failed');
        }

        $user_id = intval($_GET['user_id']);

        if (get_current_user_id() == $user_id && !current_user_can('administrator')) {
            require_once(ABSPATH.'wp-admin/includes/user.php');

            // Delete all posts and attachments by this user
            $user_posts = get_posts(array(
                'author' => $user_id,
                'posts_per_page' => -1, // Retrieve all posts
                'post_type' => 'any', // Include all post types
                'fields' => 'ids' // Only get post IDs
            ));

            foreach ($user_posts as $post_id) {
                // Get all attachments associated with the post
                $attachments = get_posts(array(
                    'post_type' => 'attachment',
                    'posts_per_page' => -1,
                    'post_parent' => $post_id,
                    'fields' => 'ids'
                ));

                foreach ($attachments as $attachment_id) {
                    wp_delete_attachment($attachment_id, true);
                }

                wp_delete_post($post_id, true);
            }

            // Finally, delete the user
            wp_delete_user($user_id);

            wp_redirect(home_url());
            exit;
        } else {
            wp_die('You do not have permission to perform this action.');
        }
    }
 }

 add_action('admin_post_custom_user_delete', 'custom_user_delete');
 add_shortcode('custom_delete', 'custom_delete_account');
	1. Allows logged-in users, except administrators, to delete their accounts.
	Incorporates a nonce for security, ensuring the deletion request is valid and intentional.
	Features a JavaScript confirmation dialog for users to confirm before proceeding with the deletion.
	2. Deletes all posts and attachments created by the user, ensuring complete removal of their content from the website.
	Finally, deletes the user's account from the WordPress system.
	Security and Permissions:
	3. Performs a security check using nonce verification to prevent unauthorized actions.
	Restricts the ability to delete accounts to non-administrator users, ensuring only the account owner can initiate deletion.
	4. Uses WordPress hooks and shortcodes for seamless integration into the WordPress environment.
	Ensures the custom functions don't exist before defining them, avoiding conflicts with other plugins or themes.

	Shortcode: [custom_delete]



	// Prevent direct access to the script
	defined('ABSPATH') or die('No script kiddies please!');

	if (!function_exists('custom_delete_account')) {
	function custom_delete_account() {
	if (is_user_logged_in() && !current_user_can('administrator')) {
	$current_user = wp_get_current_user();
	$user_id = $current_user->ID;

	// Create nonce for security
	$nonce = wp_create_nonce('custom_user_delete_nonce');

	// Delete URL with nonce and user ID
	$delete_url = admin_url('admin-post.php?action=custom_user_delete&user_id=' . $user_id . '&_wpnonce=' . $nonce);

	// Delete button with JavaScript confirmation
	$html = '<a href="' . esc_url($delete_url) . '" id="custom-delete-account" onclick="return confirmDeletion();" style="display: inline-block; color: #ffffff !important; text-decoration: none; font-size: 14px; font-weight: 400;">Delete Account?</a>';

	// JavaScript for confirmation dialog
	$html .= '
	<script>
	function confirmDeletion() {
	return confirm("Are you sure you want to delete your account?");
	}
	</script>';

	return $html;
	} else {
	return '<div>You do not have permission to delete this account.</div>';
	}
	}
	}

	if (!function_exists('custom_user_delete')) {
	function custom_user_delete() {
	// Verify nonce for security
	if (!isset($_GET['_wpnonce']) \|\| !wp_verify_nonce($_GET['_wpnonce'], 'custom_user_delete_nonce')) {
	wp_die('Security check failed');
	}

	$user_id = intval($_GET['user_id']);

	if (get_current_user_id() == $user_id && !current_user_can('administrator')) {
	require_once(ABSPATH.'wp-admin/includes/user.php');

	// Delete all posts and attachments by this user
	$user_posts = get_posts(array(
	'author' => $user_id,
	'posts_per_page' => -1, // Retrieve all posts
	'post_type' => 'any', // Include all post types
	'fields' => 'ids' // Only get post IDs
	));

	foreach ($user_posts as $post_id) {
	// Get all attachments associated with the post
	$attachments = get_posts(array(
	'post_type' => 'attachment',
	'posts_per_page' => -1,
	'post_parent' => $post_id,
	'fields' => 'ids'
	));

	foreach ($attachments as $attachment_id) {
	wp_delete_attachment($attachment_id, true);
	}

	wp_delete_post($post_id, true);
	}

	// Finally, delete the user
	wp_delete_user($user_id);

	wp_redirect(home_url());
	exit;
	} else {
	wp_die('You do not have permission to perform this action.');
	}
	}
	}

	add_action('admin_post_custom_user_delete', 'custom_user_delete');
	add_shortcode('custom_delete', 'custom_delete_account');