This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/app/Controllers/Settings/AdvancedController.php

95 lines
2.6 KiB
PHP
Raw Normal View History

<?php
/**
* Holds the advanced section controller.
* @package Sakura
*/
namespace Sakura\Controllers\Settings;
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
2016-08-07 14:10:27 +00:00
use Sakura\CurrentSession;
use Sakura\DB;
2016-08-07 14:10:27 +00:00
use Sakura\Session;
2016-04-01 21:44:31 +00:00
/**
* Advanced settings.
* @package Sakura
* @author Julian van de Groep <me@flash.moe>
*/
class AdvancedController extends Controller
{
2016-08-05 02:35:37 +00:00
/**
* Renders the session management page.
* @return string
*/
2016-12-04 16:33:52 +00:00
public function sessions(): string
{
2016-04-03 21:29:46 +00:00
$id = $_POST['id'] ?? null;
$all = isset($_POST['all']);
2016-08-02 20:35:12 +00:00
if (session_check() && ($id || $all)) {
2016-04-03 21:29:46 +00:00
// End all sessions
if ($all) {
2016-08-07 14:10:27 +00:00
CurrentSession::$user->purgeSessions();
2016-12-09 16:56:07 +00:00
return $this->json([
'text' => 'Deleted all active session associated with your account!',
'go' => route('main.index'),
]);
2016-04-03 21:29:46 +00:00
}
2016-08-07 14:10:27 +00:00
$session = new Session($id);
2016-04-03 21:29:46 +00:00
// Check if the session exists
2016-08-07 14:10:27 +00:00
if ($session->id < 1 || $session->user !== CurrentSession::$user->id) {
2016-12-09 16:56:07 +00:00
return $this->json(['error' => "This session doesn't exist!"]);
2016-04-03 21:29:46 +00:00
}
$session->delete();
2016-12-09 16:56:07 +00:00
$result = ['error' => null];
if ($session->id === CurrentSession::$session->id) {
$result['go'] = route('main.index');
}
return $this->json($result);
2016-04-03 21:29:46 +00:00
}
2016-08-07 14:10:27 +00:00
$sessions = CurrentSession::$user->sessions();
$active = CurrentSession::$session->id;
2016-04-01 21:44:31 +00:00
2016-08-02 20:35:12 +00:00
return view('settings/advanced/sessions', compact('sessions', 'active'));
}
2016-08-05 02:35:37 +00:00
/**
* Renders the deactivation page.
* @return string
*/
2016-12-04 16:33:52 +00:00
public function deactivate(): string
{
if (!CurrentSession::$user->perms->deactivateAccount) {
throw new HttpMethodNotAllowedException;
2016-04-03 21:29:46 +00:00
}
$password = $_POST['password'] ?? null;
if (session_check()) {
if (!$password || strlen($password) < 1 || !CurrentSession::$user->verifyPassword($password)) {
return $this->json(['error' => 'Incorrect password!']);
2016-04-03 21:29:46 +00:00
}
// Deactivate account
DB::table('users')
->where('user_id', CurrentSession::$user->id)
->update(['user_activated' => 0]);
2016-04-03 21:29:46 +00:00
// Destroy all active sessions
2016-08-07 14:10:27 +00:00
CurrentSession::$user->purgeSessions();
2016-04-03 21:29:46 +00:00
// should probably not use the error var for the farewell msg but w/e
return $this->json(['error' => 'Farewell!', 'go' => route('main.index')]);
2016-04-03 21:29:46 +00:00
}
2016-08-02 20:35:12 +00:00
return view('settings/advanced/deactivate');
}
}