2016-03-28 01:18:59 +00:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Holds the advanced section controller.
|
|
|
|
* @package Sakura
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Sakura\Controllers\Settings;
|
|
|
|
|
2016-09-10 15:05:54 +00:00
|
|
|
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
|
2016-08-07 14:10:27 +00:00
|
|
|
use Sakura\CurrentSession;
|
2016-04-03 21:29:46 +00:00
|
|
|
use Sakura\Perms\Site;
|
2016-08-07 14:10:27 +00:00
|
|
|
use Sakura\Session;
|
2016-04-01 21:44:31 +00:00
|
|
|
|
2016-03-28 01:18:59 +00:00
|
|
|
/**
|
|
|
|
* Advanced settings.
|
|
|
|
* @package Sakura
|
|
|
|
* @author Julian van de Groep <me@flash.moe>
|
|
|
|
*/
|
|
|
|
class AdvancedController extends Controller
|
|
|
|
{
|
2016-08-05 02:35:37 +00:00
|
|
|
/**
|
|
|
|
* Renders the session management page.
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-03-28 01:18:59 +00:00
|
|
|
public function sessions()
|
|
|
|
{
|
2016-04-03 21:29:46 +00:00
|
|
|
// Check permission
|
2016-08-07 14:10:27 +00:00
|
|
|
if (!CurrentSession::$user->permission(Site::MANAGE_SESSIONS)) {
|
2016-09-10 15:05:54 +00:00
|
|
|
throw new HttpMethodNotAllowedException();
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$id = $_POST['id'] ?? null;
|
|
|
|
$all = isset($_POST['all']);
|
|
|
|
|
2016-08-02 20:35:12 +00:00
|
|
|
if (session_check() && ($id || $all)) {
|
|
|
|
$redirect = route('settings.advanced.sessions');
|
2016-04-03 21:29:46 +00:00
|
|
|
|
|
|
|
// End all sessions
|
|
|
|
if ($all) {
|
2016-08-07 14:10:27 +00:00
|
|
|
CurrentSession::$user->purgeSessions();
|
2016-04-03 21:29:46 +00:00
|
|
|
$message = "Deleted all active session associated with your account!";
|
2016-08-02 20:35:12 +00:00
|
|
|
return view('global/information', compact('message', 'redirect'));
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Create the session statement
|
2016-08-07 14:10:27 +00:00
|
|
|
$session = new Session($id);
|
2016-04-03 21:29:46 +00:00
|
|
|
|
|
|
|
// Check if the session exists
|
2016-08-07 14:10:27 +00:00
|
|
|
if ($session->id < 1 || $session->user !== CurrentSession::$user->id) {
|
2016-04-03 21:29:46 +00:00
|
|
|
$message = "This session doesn't exist!";
|
2016-08-02 20:35:12 +00:00
|
|
|
return view('global/information', compact('message', 'redirect'));
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Delete it
|
|
|
|
$session->delete();
|
|
|
|
|
2016-09-13 22:05:03 +00:00
|
|
|
redirect($redirect);
|
2016-09-09 23:10:06 +00:00
|
|
|
return;
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-08-07 14:10:27 +00:00
|
|
|
$sessions = CurrentSession::$user->sessions();
|
|
|
|
$active = CurrentSession::$session->id;
|
2016-04-01 21:44:31 +00:00
|
|
|
|
2016-08-02 20:35:12 +00:00
|
|
|
return view('settings/advanced/sessions', compact('sessions', 'active'));
|
2016-03-28 01:18:59 +00:00
|
|
|
}
|
|
|
|
|
2016-08-05 02:35:37 +00:00
|
|
|
/**
|
|
|
|
* Renders the deactivation page.
|
|
|
|
* @return string
|
|
|
|
*/
|
2016-03-28 01:18:59 +00:00
|
|
|
public function deactivate()
|
|
|
|
{
|
2016-08-07 14:10:27 +00:00
|
|
|
if (!CurrentSession::$user->permission(Site::DEACTIVATE_ACCOUNT)) {
|
2016-09-10 15:05:54 +00:00
|
|
|
throw new HttpMethodNotAllowedException();
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$password = $_POST['password'] ?? null;
|
|
|
|
|
2016-08-02 20:35:12 +00:00
|
|
|
if (session_check() && $password) {
|
|
|
|
$redirect = route('settings.advanced.deactivate');
|
2016-04-03 21:29:46 +00:00
|
|
|
|
|
|
|
// Check password
|
2016-08-07 14:10:27 +00:00
|
|
|
if (!CurrentSession::$user->verifyPassword($password)) {
|
2016-04-03 21:29:46 +00:00
|
|
|
$message = "Your password was invalid!";
|
2016-08-02 20:35:12 +00:00
|
|
|
return view('global/information', compact('message', 'redirect'));
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Deactivate account
|
2016-08-07 14:10:27 +00:00
|
|
|
CurrentSession::$user->removeRanks(array_keys(CurrentSession::$user->ranks));
|
|
|
|
CurrentSession::$user->addRanks([1]);
|
|
|
|
CurrentSession::$user->setMainRank(1);
|
2016-04-03 21:29:46 +00:00
|
|
|
|
|
|
|
// Destroy all active sessions
|
2016-08-07 14:10:27 +00:00
|
|
|
CurrentSession::$user->purgeSessions();
|
2016-04-03 21:29:46 +00:00
|
|
|
|
2016-09-13 22:05:03 +00:00
|
|
|
return view('settings/advanced/deactivate_bye');
|
2016-04-03 21:29:46 +00:00
|
|
|
}
|
|
|
|
|
2016-08-02 20:35:12 +00:00
|
|
|
return view('settings/advanced/deactivate');
|
2016-03-28 01:18:59 +00:00
|
|
|
}
|
|
|
|
}
|