From a6f8c82fa4ea831e8a87cf5860f44f84ae68950d Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Fri, 21 Sep 2018 22:42:41 -0400
Subject: deleteaccount:  Implement form handler

---
 app/model/deleteaccount.php | 47 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 app/model/deleteaccount.php

(limited to 'app/model')

diff --git a/app/model/deleteaccount.php b/app/model/deleteaccount.php
new file mode 100644
index 0000000..8153f0f
--- /dev/null
+++ b/app/model/deleteaccount.php
@@ -0,0 +1,47 @@
+<?php
+
+/*
+ * SCROTT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * For more information, please refer to UNLICENSE
+ */
+
+require_once "class/form.class.php";
+require_once "class/user.class.php";
+
+/*
+ * Action: deleteaccount - Remove one's own user account
+ */
+if (isAction("deleteaccount"))
+{
+    $form = new form();
+    $form->text("passwd", false);
+
+    if (!$form->populate(input()))
+        return;
+
+    $user = user::getCurrent();
+
+    if (!$user->validatePasswd($form->passwd))
+    {
+        logError(WARNING, "Account not deleted, password was incorrect");
+        return;
+    }
+
+    if ($user->admin == 1 && count(user::getAllAdmin_ordByUname()) == 1)
+    {
+        logError(ERROR, "Account not deleted, can not remove the last administrator");
+        return;
+    }
+
+    $user->delObj();
+    location("/");
+}
+
+?>
-- 
cgit v1.2.3