From c2137095e8b176affa3e97af579a70d394eeb7c1 Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sun, 22 May 2016 03:02:33 -0400
Subject: Add action 'delete' to Deleteacct MVC

This action will validate the user's password, and make sure you're not
removing the last admin, then proceed to delete the current user's
account from the database and log them out, for good.
---
 app/model/deleteacct.mod.php | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'app/model')

diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php
index ca01a0d..89aca14 100644
--- a/app/model/deleteacct.mod.php
+++ b/app/model/deleteacct.mod.php
@@ -1,6 +1,8 @@
 <?php
 
 require_once "model/common.mod.php";
+require_once "class/form.class.php";
+require_once "class/user.class.php";
 
 class DeleteacctModel extends CommonModel
 {
@@ -10,6 +12,38 @@ class DeleteacctModel extends CommonModel
     function deflt()
     {
     }
+
+    /*
+     * Delete current user's account
+     */
+    function del($input)
+    {
+        $form = new Form();
+        $form->field_text("password", null, false);
+
+        if (!$form->populate($input))
+        {
+            $this->logFormErrors($form);
+            return;
+        }
+
+        $user = $this->getCurrentUser();
+
+        if (!$user->validatePassword($form->password))
+        {
+            $this->logError("Account not deleted - Password was incorrect");
+            return;
+        }
+
+        if ($user->admin && $user->getNumAdmins() == 1)
+        {
+            $this->logError("Account not deleted - Cannot remove the last admin account");
+            return;
+        }
+
+        $user->delObj();
+        $this->redirectTo($this->ar() . "/");
+    }
 }
 
 ?>
-- 
cgit v1.2.3