Add action 'delete' to Deleteacct MVC

This action will validate the user's password, and make sure you're not
removing the last admin, then proceed to delete the current user's
account from the database and log them out, for good.

1 files changed, 34 insertions, 0 deletions

diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php
index ca01a0d..89aca14 100644
--- a/app/model/deleteacct.mod.php
+++ b/app/model/deleteacct.mod.php
@@ -1,6 +1,8 @@
 <?php
 
 require_once "model/common.mod.php";
+require_once "class/form.class.php";
+require_once "class/user.class.php";
 
 class DeleteacctModel extends CommonModel
 {
@@ -10,6 +12,38 @@ class DeleteacctModel extends CommonModel
     function deflt()
     {
     }
+
+    /*
+     * Delete current user's account
+     */
+    function del($input)
+    {
+        $form = new Form();
+        $form->field_text("password", null, false);
+
+        if (!$form->populate($input))
+        {
+            $this->logFormErrors($form);
+            return;
+        }
+
+        $user = $this->getCurrentUser();
+
+        if (!$user->validatePassword($form->password))
+        {
+            $this->logError("Account not deleted - Password was incorrect");
+            return;
+        }
+
+        if ($user->admin && $user->getNumAdmins() == 1)
+        {
+            $this->logError("Account not deleted - Cannot remove the last admin account");
+            return;
+        }
+
+        $user->delObj();
+        $this->redirectTo($this->ar() . "/");
+    }
 }
 
 ?>