summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorMalf Furious <m@lfurio.us>2016-05-22 16:59:43 -0400
committerMalf Furious <m@lfurio.us>2016-05-22 16:59:43 -0400
commitabd11313d0a9f2b28d7b709fcbd98befd95db15c (patch)
tree152db15fb227134a48fa54d4696f0069bf651d62 /app
parentd431ef2954455ad38454d27f5be866061794b4bf (diff)
parent2d1e4242a87b54578e24546dabe1525a014da24e (diff)
downloadscrott-abd11313d0a9f2b28d7b709fcbd98befd95db15c.tar.gz
scrott-abd11313d0a9f2b28d7b709fcbd98befd95db15c.zip
Merge branch 'feature/user-removal' into dev
Diffstat (limited to '')
-rw-r--r--app/class/user.class.php10
-rw-r--r--app/controller/dashboard.control.php2
-rw-r--r--app/controller/deleteacct.control.php44
-rw-r--r--app/controller/root.control.php2
-rw-r--r--app/model/common.mod.php56
-rw-r--r--app/model/deleteacct.mod.php49
-rw-r--r--app/view/common/setting.modal.view.php16
-rw-r--r--app/view/deleteacct/default.view.php37
8 files changed, 214 insertions, 2 deletions
diff --git a/app/class/user.class.php b/app/class/user.class.php
index 1d17dfe..07bd0d6 100644
--- a/app/class/user.class.php
+++ b/app/class/user.class.php
@@ -75,6 +75,16 @@ class User extends Object
}
/*
+ * Get the number of administrative accounts in the system
+ */
+ function getNumAdmins()
+ {
+ $query = "SELECT count(*) as cnt FROM user WHERE admin = 1";
+ $results = $this->db->query($query);
+ return $results[0]['cnt'];
+ }
+
+ /*
* Check whether a given username is currently in use
*/
function usernameInUse($username)
diff --git a/app/controller/dashboard.control.php b/app/controller/dashboard.control.php
index aa1c0bd..4ee4b38 100644
--- a/app/controller/dashboard.control.php
+++ b/app/controller/dashboard.control.php
@@ -14,8 +14,6 @@ class Dashboard extends Controller
function handle($argv)
{
$mod = new DashboardModel();
- $mod->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']);
- $mod->common_deflt();
$this->action_default($mod);
}
diff --git a/app/controller/deleteacct.control.php b/app/controller/deleteacct.control.php
new file mode 100644
index 0000000..bd81ec7
--- /dev/null
+++ b/app/controller/deleteacct.control.php
@@ -0,0 +1,44 @@
+<?php
+
+require_once "class/controller.class.php";
+require_once "model/deleteacct.mod.php";
+
+/*
+ * Deleteacct is used to delete user accounts, requiring all requests to
+ * correctly enter the user's password
+ */
+class Deleteacct extends Controller
+{
+ /*
+ * Controller implementation
+ */
+ function handle($argv)
+ {
+ $mod = new DeleteacctModel();
+
+ switch ($_REQUEST['input']['action'])
+ {
+ case "delete":
+ $this->action_delete($mod);
+ break;
+
+ default:
+ $this->action_default($mod);
+ break;
+ }
+ }
+
+ function action_default($mod)
+ {
+ $mod->deflt();
+ include "view/deleteacct/default.view.php";
+ }
+
+ function action_delete($mod)
+ {
+ $mod->del($_REQUEST['input']);
+ $this->action_default($mod);
+ }
+}
+
+?>
diff --git a/app/controller/root.control.php b/app/controller/root.control.php
index 7017ada..341fa8a 100644
--- a/app/controller/root.control.php
+++ b/app/controller/root.control.php
@@ -7,6 +7,7 @@ require_once "controller/except.control.php";
require_once "controller/auth.control.php";
require_once "controller/deauth.control.php";
require_once "controller/dashboard.control.php";
+require_once "controller/deleteacct.control.php";
/*
* Root-level controller for Scrott app. This object will delegate the page request to the
@@ -65,6 +66,7 @@ class Root extends Controller
switch ($argv[0])
{
case "logout": $ctrl = new Deauth(); break;
+ case "deleteaccount": $ctrl = new Deleteacct(); break;
default:
throw new Exception("The requested path is not valid.");
break;
diff --git a/app/model/common.mod.php b/app/model/common.mod.php
index 7630dfa..5e6373c 100644
--- a/app/model/common.mod.php
+++ b/app/model/common.mod.php
@@ -14,6 +14,16 @@ class CommonModel extends MasterModel
);
/*
+ * Constructor
+ */
+ function __construct()
+ {
+ parent::__construct();
+ $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']);
+ $this->common_deflt();
+ }
+
+ /*
* Default action
*/
function common_deflt()
@@ -48,6 +58,7 @@ class CommonModel extends MasterModel
case "common-setting-admin": $this->saveSettingAdmin($input); break;
case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break;
case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break;
+ case "common-setting-allusers-deluser": $this->saveSettingAllusersDeluser($input); break;
}
}
@@ -273,6 +284,51 @@ class CommonModel extends MasterModel
else
$this->logFormErrors($form);
}
+
+ /*
+ * Allow admin to remove user accounts
+ */
+ function saveSettingAllusersDeluser($input)
+ {
+ $form = new Form();
+ $form->field_text("guid");
+
+ if (!$form->populate($input))
+ {
+ $this->logFormErrors($form);
+ return;
+ }
+
+ $user = $this->getCurrentUser();
+
+ if (!$user || $user->admin == 0)
+ {
+ $this->logError("Admin permissions required");
+ return;
+ }
+
+ $user = new User($form->guid);
+
+ if ($user->type != "user")
+ {
+ $this->logError("Invalid user GUID");
+ return;
+ }
+
+ if ($user->admin && $user->getNumAdmins() == 1)
+ {
+ $this->logError("Account not deleted - Cannot remove the last admin account");
+ return;
+ }
+
+ $user->delObj();
+
+ if (!$this->getCurrentUser())
+ {
+ /* did user delete their own account? */
+ $this->redirectTo($this->ar() . "/");
+ }
+ }
}
?>
diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php
new file mode 100644
index 0000000..89aca14
--- /dev/null
+++ b/app/model/deleteacct.mod.php
@@ -0,0 +1,49 @@
+<?php
+
+require_once "model/common.mod.php";
+require_once "class/form.class.php";
+require_once "class/user.class.php";
+
+class DeleteacctModel extends CommonModel
+{
+ /*
+ * Default action
+ */
+ function deflt()
+ {
+ }
+
+ /*
+ * Delete current user's account
+ */
+ function del($input)
+ {
+ $form = new Form();
+ $form->field_text("password", null, false);
+
+ if (!$form->populate($input))
+ {
+ $this->logFormErrors($form);
+ return;
+ }
+
+ $user = $this->getCurrentUser();
+
+ if (!$user->validatePassword($form->password))
+ {
+ $this->logError("Account not deleted - Password was incorrect");
+ return;
+ }
+
+ if ($user->admin && $user->getNumAdmins() == 1)
+ {
+ $this->logError("Account not deleted - Cannot remove the last admin account");
+ return;
+ }
+
+ $user->delObj();
+ $this->redirectTo($this->ar() . "/");
+ }
+}
+
+?>
diff --git a/app/view/common/setting.modal.view.php b/app/view/common/setting.modal.view.php
index e43f723..60b0ba5 100644
--- a/app/view/common/setting.modal.view.php
+++ b/app/view/common/setting.modal.view.php
@@ -108,6 +108,11 @@
</form>
<p>&nbsp;</p>
+ <p>&nbsp;</p>
+
+ <a href="<?=$mod->ar()?>/deleteaccount" class="btn btn-danger btn-xs pull-right"><span class="glyphicon glyphicon-trash"></span> Delete Account</a>
+
+ <p>&nbsp;</p>
</div>
<?php if ($mod->getCurrentUser()->admin == 1) { ?>
@@ -288,6 +293,17 @@
<button type="submit" class="btn btn-success pull-right">Save</button>
</form>
+
+ <p>&nbsp;</p>
+ <p>&nbsp;</p>
+
+ <form method="post" action="<?=$mod->ap()?>">
+ <input type="hidden" name="input[action]" value="common-setting-allusers-deluser" />
+ <input type="hidden" name="input[guid]" value="<?=$user->guid?>" />
+ <button type="submit" class="btn btn-danger btn-xs pull-right" onclick="return assertConfirm()">
+ <span class="glyphicon glyphicon-trash"></span> Delete Account
+ </button>
+ </form>
</div>
</div>
</div>
diff --git a/app/view/deleteacct/default.view.php b/app/view/deleteacct/default.view.php
new file mode 100644
index 0000000..de32202
--- /dev/null
+++ b/app/view/deleteacct/default.view.php
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+
+<html lang="en">
+ <head>
+ <?php include "view/common/head.view.php"; ?>
+ <title>Scrott - Delete user account</title>
+ </head>
+
+ <body>
+ <?php include "view/common/topp.view.php"; ?>
+
+ <div class="container">
+ <div class="panel panel-danger">
+ <div class="panel-heading">Warning: Deleting your user account!</div>
+
+ <div class="panel-body text-center">
+ <form method="post" action="<?=$mod->ap()?>">
+ <input type="hidden" name="input[action]" value="delete" />
+ <h1>Are you sure?!</h1>
+ <h4>Please confirm you want to delete your Scrott account. Type your current password in the box below and click the confirm button</h4>
+
+ <div class="form-group">
+ <label>Password</label>
+ <input type="password" name="input[password]" class="form-control" autofocus />
+ </div>
+
+ <button type="submit" class="btn btn-danger btn-lg">
+ <span class="glyphicon glyphicon-trash"></span> Confirm Delete Account
+ </button>
+ </form>
+ </div>
+ </div>
+ </div>
+
+ <?php include "view/common/foot.view.php"; ?>
+ </body>
+</html>