Last active
July 5, 2023 10:05
-
-
Save kloon/4951687 to your computer and use it in GitHub Desktop.
WooCommerce add Delete Account button to My Account page This is very dangerous functionality and can cause your whole WordPress installation to break
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Delete Account Functionality | |
| add_action( 'woocommerce_after_my_account', 'woo_delete_account_button' ); | |
| function woo_delete_account_button() { | |
| ?> | |
| <a href="<?php echo add_query_arg( 'wc-api', 'wc-delete-account', home_url( '/' ) ) ?>" class="button">Delete Account</a> | |
| <?php | |
| } | |
| add_action( 'woocommerce_api_' . strtolower( 'wc-delete-account' ), 'woo_handle_account_delete' ); | |
| function woo_handle_account_delete() { | |
| // we do not want the admin to delete their account | |
| // advised to add more checks here to ensure you delete the correct account. | |
| if ( ! is_admin() ) { | |
| require('./wp-admin/includes/user.php'); | |
| wp_delete_user(get_current_user_id()); | |
| } | |
| } | |
| ?> |
@icreatesolutions does not work. when I click it. giving critical error
@WOLKYDJ I'd recommend adding a plugin if you need this feature.
https://wordpress.org/plugins/wp-delete-user-accounts/
https://wordpress.org/plugins/delete-me/
I don't know what happens to the orders of deleted users, so you'd want to test that.
@icreatesolutions
the error because of this code line "require('./wp-admin/includes/user.php');" If you remove it, it will fix it
@WOLKYDJ Thanks I have edited my comment.
I further added a condition for the button to not appear if the user is admin:
add_action( 'woocommerce_after_my_account', 'woo_delete_account_button' );
function woo_delete_account_button() {
$delete_url = add_query_arg( 'wc-api', 'wc-delete-account', home_url( '/' ) );
$delete_url = wp_nonce_url( $delete_url, 'wc_delete_user' );
?>
<?php if (! current_user_can( 'manage_options' )):?>
<a href="<?php echo $delete_url; ?>" class="button">Delete Account</a>
<?php endif; ?>
<?php
}
add_action( 'woocommerce_api_' . strtolower( 'wc-delete-account' ), 'woo_handle_account_delete' );
function woo_handle_account_delete() {
if ( ! current_user_can( 'manage_options' ) ) {
$security_check_result = check_admin_referer( 'wc_delete_user' );
if ( $security_check_result ) {
wp_delete_user( get_current_user_id() );
wp_redirect( home_url() ); die();
}
}
}
Hello, how are you? How do I add this button to Edit Account only? (/account/edit-account)
How, before delete user, cancel all orders???
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are a couple of issues with this.
The check to see if a user is an admin is wrong. Your check is_admin() is to see we are currently in the back end of the site.
This is a poorly named function, and a very common mistake.
More importantly, this is very open to cross-site forgery attacks. Users can easily be sent a link that will delete their account once clicked.
The solution to this to add a nonce.
Here is an example fix:
<?php // Delete Account Functionality add_action( 'woocommerce_after_my_account', 'woo_delete_account_button' ); function woo_delete_account_button() { $delete_url = add_query_arg( 'wc-api', 'wc-delete-account', home_url( '/' ) ); $delete_url = wp_nonce_url( $delete_url, 'wc_delete_user' ); ?> <a href="<?php echo $delete_url; ?>" class="button">Delete Account</a> <?php } add_action( 'woocommerce_api_' . strtolower( 'wc-delete-account' ), 'woo_handle_account_delete' ); function woo_handle_account_delete() { if ( ! current_user_can( 'manage_options' ) ) { $security_check_result = check_admin_referer( 'wc_delete_user' ); if ( $security_check_result ) { wp_delete_user( get_current_user_id() ); wp_redirect( home_url() ); die(); } } } ?>