diff options
| -rw-r--r-- | app/class/user.class.php | 10 | ||||
| -rw-r--r-- | app/controller/dashboard.control.php | 2 | ||||
| -rw-r--r-- | app/controller/deleteacct.control.php | 44 | ||||
| -rw-r--r-- | app/controller/root.control.php | 2 | ||||
| -rw-r--r-- | app/model/common.mod.php | 56 | ||||
| -rw-r--r-- | app/model/deleteacct.mod.php | 49 | ||||
| -rw-r--r-- | app/view/common/setting.modal.view.php | 16 | ||||
| -rw-r--r-- | app/view/deleteacct/default.view.php | 37 |
8 files changed, 214 insertions, 2 deletions
diff --git a/app/class/user.class.php b/app/class/user.class.php index 1d17dfe..07bd0d6 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -75,6 +75,16 @@ class User extends Object } /* + * Get the number of administrative accounts in the system + */ + function getNumAdmins() + { + $query = "SELECT count(*) as cnt FROM user WHERE admin = 1"; + $results = $this->db->query($query); + return $results[0]['cnt']; + } + + /* * Check whether a given username is currently in use */ function usernameInUse($username) diff --git a/app/controller/dashboard.control.php b/app/controller/dashboard.control.php index aa1c0bd..4ee4b38 100644 --- a/app/controller/dashboard.control.php +++ b/app/controller/dashboard.control.php @@ -14,8 +14,6 @@ class Dashboard extends Controller function handle($argv) { $mod = new DashboardModel(); - $mod->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']); - $mod->common_deflt(); $this->action_default($mod); } diff --git a/app/controller/deleteacct.control.php b/app/controller/deleteacct.control.php new file mode 100644 index 0000000..bd81ec7 --- /dev/null +++ b/app/controller/deleteacct.control.php @@ -0,0 +1,44 @@ +<?php + +require_once "class/controller.class.php"; +require_once "model/deleteacct.mod.php"; + +/* + * Deleteacct is used to delete user accounts, requiring all requests to + * correctly enter the user's password + */ +class Deleteacct extends Controller +{ + /* + * Controller implementation + */ + function handle($argv) + { + $mod = new DeleteacctModel(); + + switch ($_REQUEST['input']['action']) + { + case "delete": + $this->action_delete($mod); + break; + + default: + $this->action_default($mod); + break; + } + } + + function action_default($mod) + { + $mod->deflt(); + include "view/deleteacct/default.view.php"; + } + + function action_delete($mod) + { + $mod->del($_REQUEST['input']); + $this->action_default($mod); + } +} + +?> diff --git a/app/controller/root.control.php b/app/controller/root.control.php index 7017ada..341fa8a 100644 --- a/app/controller/root.control.php +++ b/app/controller/root.control.php @@ -7,6 +7,7 @@ require_once "controller/except.control.php"; require_once "controller/auth.control.php"; require_once "controller/deauth.control.php"; require_once "controller/dashboard.control.php"; +require_once "controller/deleteacct.control.php"; /* * Root-level controller for Scrott app. This object will delegate the page request to the @@ -65,6 +66,7 @@ class Root extends Controller switch ($argv[0]) { case "logout": $ctrl = new Deauth(); break; + case "deleteaccount": $ctrl = new Deleteacct(); break; default: throw new Exception("The requested path is not valid."); break; diff --git a/app/model/common.mod.php b/app/model/common.mod.php index 7630dfa..5e6373c 100644 --- a/app/model/common.mod.php +++ b/app/model/common.mod.php @@ -14,6 +14,16 @@ class CommonModel extends MasterModel ); /* + * Constructor + */ + function __construct() + { + parent::__construct(); + $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']); + $this->common_deflt(); + } + + /* * Default action */ function common_deflt() @@ -48,6 +58,7 @@ class CommonModel extends MasterModel case "common-setting-admin": $this->saveSettingAdmin($input); break; case "common-setting-allusers-adduser": $this->saveSettingAllusersAdduser($input); break; case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break; + case "common-setting-allusers-deluser": $this->saveSettingAllusersDeluser($input); break; } } @@ -273,6 +284,51 @@ class CommonModel extends MasterModel else $this->logFormErrors($form); } + + /* + * Allow admin to remove user accounts + */ + function saveSettingAllusersDeluser($input) + { + $form = new Form(); + $form->field_text("guid"); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user || $user->admin == 0) + { + $this->logError("Admin permissions required"); + return; + } + + $user = new User($form->guid); + + if ($user->type != "user") + { + $this->logError("Invalid user GUID"); + return; + } + + if ($user->admin && $user->getNumAdmins() == 1) + { + $this->logError("Account not deleted - Cannot remove the last admin account"); + return; + } + + $user->delObj(); + + if (!$this->getCurrentUser()) + { + /* did user delete their own account? */ + $this->redirectTo($this->ar() . "/"); + } + } } ?> diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php new file mode 100644 index 0000000..89aca14 --- /dev/null +++ b/app/model/deleteacct.mod.php @@ -0,0 +1,49 @@ +<?php + +require_once "model/common.mod.php"; +require_once "class/form.class.php"; +require_once "class/user.class.php"; + +class DeleteacctModel extends CommonModel +{ + /* + * Default action + */ + function deflt() + { + } + + /* + * Delete current user's account + */ + function del($input) + { + $form = new Form(); + $form->field_text("password", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = $this->getCurrentUser(); + + if (!$user->validatePassword($form->password)) + { + $this->logError("Account not deleted - Password was incorrect"); + return; + } + + if ($user->admin && $user->getNumAdmins() == 1) + { + $this->logError("Account not deleted - Cannot remove the last admin account"); + return; + } + + $user->delObj(); + $this->redirectTo($this->ar() . "/"); + } +} + +?> diff --git a/app/view/common/setting.modal.view.php b/app/view/common/setting.modal.view.php index e43f723..60b0ba5 100644 --- a/app/view/common/setting.modal.view.php +++ b/app/view/common/setting.modal.view.php @@ -108,6 +108,11 @@ </form> <p> </p> + <p> </p> + + <a href="<?=$mod->ar()?>/deleteaccount" class="btn btn-danger btn-xs pull-right"><span class="glyphicon glyphicon-trash"></span> Delete Account</a> + + <p> </p> </div> <?php if ($mod->getCurrentUser()->admin == 1) { ?> @@ -288,6 +293,17 @@ <button type="submit" class="btn btn-success pull-right">Save</button> </form> + + <p> </p> + <p> </p> + + <form method="post" action="<?=$mod->ap()?>"> + <input type="hidden" name="input[action]" value="common-setting-allusers-deluser" /> + <input type="hidden" name="input[guid]" value="<?=$user->guid?>" /> + <button type="submit" class="btn btn-danger btn-xs pull-right" onclick="return assertConfirm()"> + <span class="glyphicon glyphicon-trash"></span> Delete Account + </button> + </form> </div> </div> </div> diff --git a/app/view/deleteacct/default.view.php b/app/view/deleteacct/default.view.php new file mode 100644 index 0000000..de32202 --- /dev/null +++ b/app/view/deleteacct/default.view.php @@ -0,0 +1,37 @@ +<!DOCTYPE html> + +<html lang="en"> + <head> + <?php include "view/common/head.view.php"; ?> + <title>Scrott - Delete user account</title> + </head> + + <body> + <?php include "view/common/topp.view.php"; ?> + + <div class="container"> + <div class="panel panel-danger"> + <div class="panel-heading">Warning: Deleting your user account!</div> + + <div class="panel-body text-center"> + <form method="post" action="<?=$mod->ap()?>"> + <input type="hidden" name="input[action]" value="delete" /> + <h1>Are you sure?!</h1> + <h4>Please confirm you want to delete your Scrott account. Type your current password in the box below and click the confirm button</h4> + + <div class="form-group"> + <label>Password</label> + <input type="password" name="input[password]" class="form-control" autofocus /> + </div> + + <button type="submit" class="btn btn-danger btn-lg"> + <span class="glyphicon glyphicon-trash"></span> Confirm Delete Account + </button> + </form> + </div> + </div> + </div> + + <?php include "view/common/foot.view.php"; ?> + </body> +</html> |