Frontend: Add support for deleting current account
This commit is contained in:
parent
e6085c6e0b
commit
cf3fe30e4e
10
frontend.pm
10
frontend.pm
@ -495,6 +495,16 @@ sub createUser {
|
||||
$query->execute($aName, $password, $aPrivileges);
|
||||
}
|
||||
|
||||
sub deleteUser {
|
||||
my $aID = $_[0];
|
||||
my $aConnection = $_[1];
|
||||
|
||||
my $query = $aConnection->prepare(qq(delete from users where id=?;));
|
||||
$query->execute($aID);
|
||||
$query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
|
||||
$query->execute($aID);
|
||||
}
|
||||
|
||||
sub httpServerWorker {
|
||||
my $db = DBI->connect("DBI:SQLite:dbname=$configuration::database", "", "", {RaiseError=>1});
|
||||
my $query = $db->prepare(qq(select id from users;));
|
||||
|
||||
@ -181,6 +181,10 @@ sub handlePath {
|
||||
$query = $aConnection->prepare(qq(select id, privileges from users where name=?;));
|
||||
$query->execute($frontend_session::sessions{$aRequest->{"cookies"}{"session"}}{"username"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if(scalar(@row)==0) {
|
||||
frontend::redirect($aClient, "/");
|
||||
return 1;
|
||||
}
|
||||
my $id = $row[0];
|
||||
my $privileges = $row[1];
|
||||
if($privileges>0) {
|
||||
@ -273,6 +277,10 @@ sub handlePath {
|
||||
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
|
||||
$query->execute($session->{"username"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if(scalar(@row)==0) {
|
||||
frontend::redirect($aClient, "/");
|
||||
return 1;
|
||||
}
|
||||
my $privileges = $row[0];
|
||||
|
||||
my $manageChannelAccess = "";
|
||||
@ -407,6 +415,35 @@ sub handlePath {
|
||||
|
||||
return 1;
|
||||
}
|
||||
when("/delete_account_action") {
|
||||
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
|
||||
frontend::redirect($aClient, "/");
|
||||
return 1;
|
||||
}
|
||||
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
|
||||
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
|
||||
if(!defined($parameters{"password"})) {
|
||||
frontend::sendBadRequest($aClient, "Password parameter required");
|
||||
return 1;
|
||||
}
|
||||
my $query = $aConnection->prepare(qq(select id, password from users where name=?;));
|
||||
$query->execute($session->{"username"});
|
||||
my @row = $query->fetchrow_array();
|
||||
my $id = $row[0];
|
||||
my $password = $row[1];
|
||||
if($id==0) {
|
||||
frontend::sendBadRequest($aClient, "Cannot delete user with ID 0 (admin)");
|
||||
return 1;
|
||||
}
|
||||
if($password ne Digest::SHA::sha256_hex($parameters{"password"})) {
|
||||
frontend::sendBadRequest($aClient, "Wrong password");
|
||||
return 1;
|
||||
}
|
||||
frontend::deleteUser($id, $aConnection);
|
||||
frontend_session::deleteSession($aRequest->{"cookies"}{"session"});
|
||||
frontend::redirect($aClient, "/account_deleted.html");
|
||||
return 1;
|
||||
}
|
||||
when("/manage_access_action") {
|
||||
if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
|
||||
return 1;
|
||||
@ -537,10 +574,7 @@ sub handlePath {
|
||||
$query->execute(defined($parameters{"operator"})?1:0, $parameters{"user"});
|
||||
}
|
||||
elsif(defined($parameters{"delete"})) {
|
||||
$query = $aConnection->prepare(qq(delete from users where id=?;));
|
||||
$query->execute($parameters{"user"});
|
||||
$query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
|
||||
$query->execute($parameters{"user"});
|
||||
frontend::deleteUser($parameters{"user"}, $aConnection);
|
||||
}
|
||||
else {
|
||||
frontend::sendBadRequest($aClient, "Action (update or delete) required");
|
||||
|
||||
10
static/account_deleted.html
Normal file
10
static/account_deleted.html
Normal file
@ -0,0 +1,10 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Account deleted</title>
|
||||
</head>
|
||||
<body>
|
||||
<p>Your account successfully deleted</p>
|
||||
<a href="/">Return to index</a>
|
||||
</body>
|
||||
</html>
|
||||
10
static/user_updated.html
Normal file
10
static/user_updated.html
Normal file
@ -0,0 +1,10 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>User updated</title>
|
||||
</head>
|
||||
<body>
|
||||
<p>User successfully updated</p>
|
||||
<a href="/panel">Return to user panel</a>
|
||||
</body>
|
||||
</html>
|
||||
@ -12,6 +12,11 @@
|
||||
<input name="newPassword" type="password" placeholder="New password"><br />
|
||||
<input type="submit" value="Change" />
|
||||
</form>
|
||||
<h3>Delete this account</h3>
|
||||
<form action="delete_account_action" method="POST">
|
||||
<input name="password" type="password" placeholder="Password" /><br />
|
||||
<input type="submit" value="Delete (this operation cannot be reverted!)" />
|
||||
</form>
|
||||
{{manageChannelAccess}}
|
||||
{{addUser}}
|
||||
{{updateUser}}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user