This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/libraries/Controllers/Settings/AdvancedController.php
2016-04-03 23:29:46 +02:00

144 lines
4.6 KiB
PHP

<?php
/**
* Holds the advanced section controller.
*
* @package Sakura
*/
namespace Sakura\Controllers\Settings;
use Sakura\ActiveUser;
use Sakura\DB;
use Sakura\Hashing;
use Sakura\Perms\Site;
use Sakura\Router;
use Sakura\Template;
/**
* Advanced settings.
*
* @package Sakura
* @author Julian van de Groep <me@flash.moe>
*/
class AdvancedController extends Controller
{
public function sessions()
{
// Check permission
if (!ActiveUser::$user->permission(Site::MANAGE_SESSIONS)) {
$message = "You aren't allowed to manage sessions.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$id = $_POST['id'] ?? null;
$all = isset($_POST['all']);
if ($session && ($id || $all)) {
$redirect = Router::route('settings.advanced.sessions');
// Check if the CSRF session matches
if ($session !== session_id()) {
$message = "Your session expired, not the one you were intending to let expire though!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// End all sessions
if ($all) {
DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->delete();
$message = "Deleted all active session associated with your account!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Create the session statement
$session = DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->where('session_id', $id);
// Check if the session exists
if (!$session->count()) {
$message = "This session doesn't exist!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Delete it
$session->delete();
$message = "Deleted the session!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
$sessions = DB::table('sessions')
->where('user_id', ActiveUser::$user->id)
->get();
Template::vars(compact('sessions'));
return Template::render('settings/advanced/sessions');
}
public function deactivate()
{
// Check permission
if (!ActiveUser::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
$message = "You aren't allowed to deactivate your account.";
$redirect = Router::route('settings.general.home');
Template::vars(compact('message', 'redirect'));
return Template::render('global/information');
}
$session = $_POST['session'] ?? null;
$password = $_POST['password'] ?? null;
if ($session && $password) {
$redirect = Router::route('settings.advanced.deactivate');
// Verify session
if ($session !== session_id()) {
$message = "Session verification failed!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Check password
if (!Hashing::validatePassword($password, [
ActiveUser::$user->passwordAlgo,
ActiveUser::$user->passwordIter,
ActiveUser::$user->passwordSalt,
ActiveUser::$user->passwordHash,
])) {
$message = "Your password was invalid!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
// Deactivate account
ActiveUser::$user->removeRanks(array_keys(ActiveUser::$user->ranks));
ActiveUser::$user->addRanks([1]);
ActiveUser::$user->setMainRank(1);
// Destroy all active sessions
ActiveUser::$session->destroyAll();
$redirect = Router::route('main.index');
$message = "Farewell!";
Template::vars(compact('redirect', 'message'));
return Template::render('global/information');
}
return Template::render('settings/advanced/deactivate');
}
}