95 lines
2.6 KiB
PHP
95 lines
2.6 KiB
PHP
<?php
|
|
/**
|
|
* Holds the advanced section controller.
|
|
* @package Sakura
|
|
*/
|
|
|
|
namespace Sakura\Controllers\Settings;
|
|
|
|
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
|
|
use Sakura\CurrentSession;
|
|
use Sakura\DB;
|
|
use Sakura\Session;
|
|
|
|
/**
|
|
* Advanced settings.
|
|
* @package Sakura
|
|
* @author Julian van de Groep <me@flash.moe>
|
|
*/
|
|
class AdvancedController extends Controller
|
|
{
|
|
/**
|
|
* Renders the session management page.
|
|
* @return string
|
|
*/
|
|
public function sessions(): string
|
|
{
|
|
$id = $_POST['id'] ?? null;
|
|
$all = isset($_POST['all']);
|
|
|
|
if (session_check() && ($id || $all)) {
|
|
// End all sessions
|
|
if ($all) {
|
|
CurrentSession::$user->purgeSessions();
|
|
return $this->json([
|
|
'text' => 'Deleted all active session associated with your account!',
|
|
'go' => route('main.index'),
|
|
]);
|
|
}
|
|
|
|
$session = new Session($id);
|
|
|
|
// Check if the session exists
|
|
if ($session->id < 1 || $session->user !== CurrentSession::$user->id) {
|
|
return $this->json(['error' => "This session doesn't exist!"]);
|
|
}
|
|
|
|
$session->delete();
|
|
|
|
$result = ['error' => null];
|
|
if ($session->id === CurrentSession::$session->id) {
|
|
$result['go'] = route('main.index');
|
|
}
|
|
|
|
return $this->json($result);
|
|
}
|
|
|
|
$sessions = CurrentSession::$user->sessions();
|
|
$active = CurrentSession::$session->id;
|
|
|
|
return view('settings/advanced/sessions', compact('sessions', 'active'));
|
|
}
|
|
|
|
/**
|
|
* Renders the deactivation page.
|
|
* @return string
|
|
*/
|
|
public function deactivate(): string
|
|
{
|
|
if (!CurrentSession::$user->perms->deactivateAccount) {
|
|
throw new HttpMethodNotAllowedException;
|
|
}
|
|
|
|
$password = $_POST['password'] ?? null;
|
|
|
|
if (session_check()) {
|
|
if (!$password || strlen($password) < 1 || !CurrentSession::$user->verifyPassword($password)) {
|
|
return $this->json(['error' => 'Incorrect password!']);
|
|
}
|
|
|
|
// Deactivate account
|
|
DB::table('users')
|
|
->where('user_id', CurrentSession::$user->id)
|
|
->update(['user_activated' => 0]);
|
|
|
|
// Destroy all active sessions
|
|
CurrentSession::$user->purgeSessions();
|
|
|
|
// should probably not use the error var for the farewell msg but w/e
|
|
return $this->json(['error' => 'Farewell!', 'go' => route('main.index')]);
|
|
}
|
|
|
|
return view('settings/advanced/deactivate');
|
|
}
|
|
}
|