*/ class AdvancedController extends Controller { /** * Renders the session management page. * @return string */ public function sessions(): string { $id = $_POST['id'] ?? null; $all = isset($_POST['all']); if (session_check() && ($id || $all)) { $redirect = route('settings.advanced.sessions'); // End all sessions if ($all) { CurrentSession::$user->purgeSessions(); $message = "Deleted all active session associated with your account!"; return view('global/information', compact('message', 'redirect')); } // Create the session statement $session = new Session($id); // Check if the session exists if ($session->id < 1 || $session->user !== CurrentSession::$user->id) { $message = "This session doesn't exist!"; return view('global/information', compact('message', 'redirect')); } $session->delete(); return redirect($redirect); } $sessions = CurrentSession::$user->sessions(); $active = CurrentSession::$session->id; return view('settings/advanced/sessions', compact('sessions', 'active')); } /** * Renders the deactivation page. * @return string */ public function deactivate(): string { if (!CurrentSession::$user->perms->deactivateAccount) { throw new HttpMethodNotAllowedException; } $password = $_POST['password'] ?? null; if (session_check()) { if (!$password || strlen($password) < 1 || !CurrentSession::$user->verifyPassword($password)) { return $this->json(['error' => 'Incorrect password!']); } // Deactivate account DB::table('users') ->where('user_id', CurrentSession::$user->id) ->update(['user_activated' => 0]); // Destroy all active sessions CurrentSession::$user->purgeSessions(); // should probably not use the error var for the farewell msg but w/e return $this->json(['error' => 'Farewell!', 'go' => route('main.index')]); } return view('settings/advanced/deactivate'); } }