From 32e4e9606fb2ac95b236913fcc0a98a7ee23bccd Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sat, 21 May 2016 21:44:53 -0400
Subject: Add MVC Deleteacct

This will prompt the user for their password if they opt to delete their
own account.  This is to prevent malicious attempt by others to trick
users into having there accounts deleted by way of a XSS attack.
---
 app/controller/deleteacct.control.php | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 app/controller/deleteacct.control.php

(limited to 'app/controller')

diff --git a/app/controller/deleteacct.control.php b/app/controller/deleteacct.control.php
new file mode 100644
index 0000000..176b7bf
--- /dev/null
+++ b/app/controller/deleteacct.control.php
@@ -0,0 +1,28 @@
+<?php
+
+require_once "class/controller.class.php";
+require_once "model/deleteacct.mod.php";
+
+/*
+ * Deleteacct is used to delete user accounts, requiring all requests to
+ * correctly enter the user's password
+ */
+class Deleteacct extends Controller
+{
+    /*
+     * Controller implementation
+     */
+    function handle($argv)
+    {
+        $mod = new DeleteacctModel();
+        $this->action_default($mod);
+    }
+
+    function action_default($mod)
+    {
+        $mod->deflt();
+        include "view/deleteacct/default.view.php";
+    }
+}
+
+?>
-- 
cgit v1.2.3


From 685c64e3ac98bcf5fc2b17fade4f00726e95b8b0 Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sat, 21 May 2016 22:16:18 -0400
Subject: Hook Deleteacct in the Root app controller

---
 app/controller/root.control.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app/controller')

diff --git a/app/controller/root.control.php b/app/controller/root.control.php
index 7017ada..341fa8a 100644
--- a/app/controller/root.control.php
+++ b/app/controller/root.control.php
@@ -7,6 +7,7 @@ require_once "controller/except.control.php";
 require_once "controller/auth.control.php";
 require_once "controller/deauth.control.php";
 require_once "controller/dashboard.control.php";
+require_once "controller/deleteacct.control.php";
 
 /*
  * Root-level controller for Scrott app.  This object will delegate the page request to the
@@ -65,6 +66,7 @@ class Root extends Controller
                 switch ($argv[0])
                 {
                     case "logout": $ctrl = new Deauth(); break;
+                    case "deleteaccount": $ctrl = new Deleteacct(); break;
                     default:
                         throw new Exception("The requested path is not valid.");
                         break;
-- 
cgit v1.2.3


From f8f8cd372ca2bb6498d96318c159405db13a9fab Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sun, 22 May 2016 00:24:57 -0400
Subject: Add class constructor to Common model

There are two functions that need called in the common model whenever a
page is rendered.  Rather than requiring all of the base MVC controllers
to call them, I am placing them in a constructor for this model class.
This constructor should fire automatically (since base mvc models
inherit this class), unless base classes define their own constructors.
I don't antisipate this happening, however in that case, they would just
need to call parent::__construct().
---
 app/controller/dashboard.control.php | 2 --
 1 file changed, 2 deletions(-)

(limited to 'app/controller')

diff --git a/app/controller/dashboard.control.php b/app/controller/dashboard.control.php
index aa1c0bd..4ee4b38 100644
--- a/app/controller/dashboard.control.php
+++ b/app/controller/dashboard.control.php
@@ -14,8 +14,6 @@ class Dashboard extends Controller
     function handle($argv)
     {
         $mod = new DashboardModel();
-        $mod->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']);
-        $mod->common_deflt();
         $this->action_default($mod);
     }
 
-- 
cgit v1.2.3


From c2137095e8b176affa3e97af579a70d394eeb7c1 Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sun, 22 May 2016 03:02:33 -0400
Subject: Add action 'delete' to Deleteacct MVC

This action will validate the user's password, and make sure you're not
removing the last admin, then proceed to delete the current user's
account from the database and log them out, for good.
---
 app/controller/deleteacct.control.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'app/controller')

diff --git a/app/controller/deleteacct.control.php b/app/controller/deleteacct.control.php
index 176b7bf..bd81ec7 100644
--- a/app/controller/deleteacct.control.php
+++ b/app/controller/deleteacct.control.php
@@ -15,7 +15,17 @@ class Deleteacct extends Controller
     function handle($argv)
     {
         $mod = new DeleteacctModel();
-        $this->action_default($mod);
+
+        switch ($_REQUEST['input']['action'])
+        {
+            case "delete":
+                $this->action_delete($mod);
+                break;
+
+            default:
+                $this->action_default($mod);
+                break;
+        }
     }
 
     function action_default($mod)
@@ -23,6 +33,12 @@ class Deleteacct extends Controller
         $mod->deflt();
         include "view/deleteacct/default.view.php";
     }
+
+    function action_delete($mod)
+    {
+        $mod->del($_REQUEST['input']);
+        $this->action_default($mod);
+    }
 }
 
 ?>
-- 
cgit v1.2.3