diff --git a/frontend.pm b/frontend.pm
index 67b0dfc..d96f9a6 100644
--- a/frontend.pm
+++ b/frontend.pm
@@ -495,6 +495,16 @@ sub createUser {
$query->execute($aName, $password, $aPrivileges);
}
+sub deleteUser {
+ my $aID = $_[0];
+ my $aConnection = $_[1];
+
+ my $query = $aConnection->prepare(qq(delete from users where id=?;));
+ $query->execute($aID);
+ $query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
+ $query->execute($aID);
+}
+
sub httpServerWorker {
my $db = DBI->connect("DBI:SQLite:dbname=$configuration::database", "", "", {RaiseError=>1});
my $query = $db->prepare(qq(select id from users;));
diff --git a/frontend_routes.pm b/frontend_routes.pm
index f863dd1..fe56bb2 100644
--- a/frontend_routes.pm
+++ b/frontend_routes.pm
@@ -181,6 +181,10 @@ sub handlePath {
$query = $aConnection->prepare(qq(select id, privileges from users where name=?;));
$query->execute($frontend_session::sessions{$aRequest->{"cookies"}{"session"}}{"username"});
my @row = $query->fetchrow_array();
+ if(scalar(@row)==0) {
+ frontend::redirect($aClient, "/");
+ return 1;
+ }
my $id = $row[0];
my $privileges = $row[1];
if($privileges>0) {
@@ -273,6 +277,10 @@ sub handlePath {
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
$query->execute($session->{"username"});
my @row = $query->fetchrow_array();
+ if(scalar(@row)==0) {
+ frontend::redirect($aClient, "/");
+ return 1;
+ }
my $privileges = $row[0];
my $manageChannelAccess = "";
@@ -407,6 +415,35 @@ sub handlePath {
return 1;
}
+ when("/delete_account_action") {
+ if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
+ frontend::redirect($aClient, "/");
+ return 1;
+ }
+ my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
+ my %parameters = frontend::parsePathParameters($aRequest->{"content"});
+ if(!defined($parameters{"password"})) {
+ frontend::sendBadRequest($aClient, "Password parameter required");
+ return 1;
+ }
+ my $query = $aConnection->prepare(qq(select id, password from users where name=?;));
+ $query->execute($session->{"username"});
+ my @row = $query->fetchrow_array();
+ my $id = $row[0];
+ my $password = $row[1];
+ if($id==0) {
+ frontend::sendBadRequest($aClient, "Cannot delete user with ID 0 (admin)");
+ return 1;
+ }
+ if($password ne Digest::SHA::sha256_hex($parameters{"password"})) {
+ frontend::sendBadRequest($aClient, "Wrong password");
+ return 1;
+ }
+ frontend::deleteUser($id, $aConnection);
+ frontend_session::deleteSession($aRequest->{"cookies"}{"session"});
+ frontend::redirect($aClient, "/account_deleted.html");
+ return 1;
+ }
when("/manage_access_action") {
if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
return 1;
@@ -537,10 +574,7 @@ sub handlePath {
$query->execute(defined($parameters{"operator"})?1:0, $parameters{"user"});
}
elsif(defined($parameters{"delete"})) {
- $query = $aConnection->prepare(qq(delete from users where id=?;));
- $query->execute($parameters{"user"});
- $query = $aConnection->prepare(qq(delete from accessors where user_id=?;));
- $query->execute($parameters{"user"});
+ frontend::deleteUser($parameters{"user"}, $aConnection);
}
else {
frontend::sendBadRequest($aClient, "Action (update or delete) required");
diff --git a/static/account_deleted.html b/static/account_deleted.html
new file mode 100644
index 0000000..8d19d51
--- /dev/null
+++ b/static/account_deleted.html
@@ -0,0 +1,10 @@
+
+
+
+ Account deleted
+
+
+ Your account successfully deleted
+ Return to index
+
+
diff --git a/static/user_updated.html b/static/user_updated.html
new file mode 100644
index 0000000..01ea3d2
--- /dev/null
+++ b/static/user_updated.html
@@ -0,0 +1,10 @@
+
+
+
+ User updated
+
+
+ User successfully updated
+ Return to user panel
+
+
diff --git a/templates/panel.html b/templates/panel.html
index a620f04..c3605eb 100644
--- a/templates/panel.html
+++ b/templates/panel.html
@@ -12,6 +12,11 @@
+ Delete this account
+
{{manageChannelAccess}}
{{addUser}}
{{updateUser}}