dynamicify and fix account deactivation

This commit is contained in:
flash 2016-12-08 21:43:36 +01:00
parent 0a4b9de9d7
commit dd8d87aa07
3 changed files with 61 additions and 14 deletions

View file

@ -63,29 +63,26 @@ class AdvancedController extends Controller
public function deactivate(): string
{
if (!CurrentSession::$user->perms->deactivateAccount) {
throw new HttpMethodNotAllowedException();
throw new HttpMethodNotAllowedException;
}
$password = $_POST['password'] ?? null;
if (session_check() && $password) {
$redirect = route('settings.advanced.deactivate');
// Check password
if (!CurrentSession::$user->verifyPassword($password)) {
$message = "Your password was invalid!";
return view('global/information', compact('message', 'redirect'));
if (session_check()) {
if (!$password || strlen($password) < 1 || !CurrentSession::$user->verifyPassword($password)) {
return $this->json(['error' => 'Incorrect password!']);
}
// Deactivate account
CurrentSession::$user->removeRanks(array_keys(CurrentSession::$user->ranks));
CurrentSession::$user->addRanks([1]);
CurrentSession::$user->setMainRank(1);
DB::table('users')
->where('user_id', CurrentSession::$user->id)
->update(['user_activated' => 0]);
// Destroy all active sessions
CurrentSession::$user->purgeSessions();
return view('settings/advanced/deactivate_bye');
// should probably not use the error var for the farewell msg but w/e
return $this->json(['error' => 'Farewell!', 'go' => route('main.index')]);
}
return view('settings/advanced/deactivate');

View file

@ -286,6 +286,7 @@ class User
* @param string $username
* @param string $password
* @param string $email
* @param bool $active
* @param array $ranks
* @return User
*/

View file

@ -9,14 +9,63 @@
<p>You can reactivate your account by logging in within 30 days, after that period your account will be removed.</p>
{% endblock %}
{% block js %}
<script>
function yuunoDeactivate(form) {
var confirm = new Sakura.Dialogue;
confirm.SetType(Sakura.DialogueType.Confirm);
confirm.Text = "Are you really sure? You can reactivate your account within 30 days of deactivated, after that it'll be permanently deleted!";
confirm.AddCallback(Sakura.DialogueButton.No, function () {
this.Close();
});
confirm.AddCallback(Sakura.DialogueButton.Yes, function () {
var ajax = new Sakura.AJAX;
ajax.SetUrl("{{ route('settings.advanced.deactivate') }}");
ajax.SetFormData(new FormData(form));
ajax.AddCallback(200, function () {
var result = ajax.JSON();
confirm.Close();
if (result.error) {
var error = new Sakura.Dialogue;
error.Text = result.error;
error.SetType(Sakura.DialogueType.Info);
error.AddCallback(Sakura.DialogueButton.Ok, function () {
this.Close();
if (result.go) {
window.location.assign(result.go);
}
});
error.Display();
} else {
window.location.reload();
}
});
ajax.Start(Sakura.HTTPMethod.POST);
});
confirm.Display();
}
</script>
{% endblock %}
{% block settingsContent %}
<form enctype="multipart/form-data" method="post" action="{{ route('settings.advanced.deactivate') }}">
<form enctype="multipart/form-data" method="post" action="javascript:void(0);" onsubmit="yuunoDeactivate(this)">
<input type="hidden" name="session" value="{{ session_id() }}">
<div class="profile-field">
<div><h2>Enter your password to continue</h2></div>
<div><input type="password" name="password" class="input__text"></div>
</div>
<div style="text-align: center; margin: 2em;">
<button name="session" value="{{ session_id() }}" class="input__button input__button--danger">I understand, deactivate my account</button>
<button class="input__button input__button--danger">I understand, deactivate my account</button>
</div>
</form>
{% endblock %}