Check that account still exists when doing something

This commit is contained in:
Miraty 2022-11-30 23:38:02 +01:00
parent f15681999b
commit 9173336714
4 changed files with 21 additions and 11 deletions

View file

@ -55,6 +55,15 @@ function changePassword($id, $password) {
$stmt->execute(); $stmt->execute();
} }
function logout() {
if (session_status() === PHP_SESSION_ACTIVE)
session_destroy();
header('Clear-Site-Data: "*"');
redir();
}
function rateLimit() { function rateLimit() {
if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0) if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0)
rateLimitAccount(PAGE_METADATA['tokens_account_cost']); rateLimitAccount(PAGE_METADATA['tokens_account_cost']);

View file

@ -20,12 +20,17 @@ function output($code, $msg = '', $logs = ['']) {
function processForm($requireLogin = true) { function processForm($requireLogin = true) {
if (http_response_code() !== 200) if (http_response_code() !== 200)
return false; return false;
if (empty($_POST) AND $requireLogin AND !isset($_SESSION['id'])) if ($_POST === []) {
echo '<p>Ce formulaire ne sera pas accepté car il faut <a class="auth" href="' . redirUrl('auth/login') . '">se connecter</a> avant.</p>'; if ($requireLogin AND !isset($_SESSION['id']))
if (empty($_POST)) echo '<p>Ce formulaire ne sera pas accepté car il faut <a class="auth" href="' . redirUrl('auth/login') . '">se connecter</a> avant.</p>';
return false; return false;
if ($requireLogin AND !isset($_SESSION['id'])) }
output(403, 'Vous devez être connecté·e pour effectuer cette action.'); if ($requireLogin) {
if (isset($_SESSION['id']) !== true)
output(403, 'Vous devez être connecté·e à un compte pour effectuer cette action.');
if (isset(query('select', 'users', ['id' => $_SESSION['id']], 'id')[0]) !== true)
output(403, 'Ce compte n\'existe plus. Déconnectez-vous pour terminer cette session fantôme.');
}
return true; return true;
} }

View file

@ -1,7 +1,3 @@
<?php <?php
if (session_status() === PHP_SESSION_ACTIVE) logout();
session_destroy();
header('Clear-Site-Data: "*"');
redir();

View file

@ -36,7 +36,7 @@ if (processForm()) {
query('delete', 'users', ['id' => $_SESSION['id']]); query('delete', 'users', ['id' => $_SESSION['id']]);
require 'logout.php'; logout();
output(200, 'Compte supprimé.'); output(200, 'Compte supprimé.');
} }