Check that account still exists when doing something
This commit is contained in:
parent
f15681999b
commit
9173336714
4 changed files with 21 additions and 11 deletions
|
@ -55,6 +55,15 @@ function changePassword($id, $password) {
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function logout() {
|
||||||
|
if (session_status() === PHP_SESSION_ACTIVE)
|
||||||
|
session_destroy();
|
||||||
|
|
||||||
|
header('Clear-Site-Data: "*"');
|
||||||
|
|
||||||
|
redir();
|
||||||
|
}
|
||||||
|
|
||||||
function rateLimit() {
|
function rateLimit() {
|
||||||
if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0)
|
if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0)
|
||||||
rateLimitAccount(PAGE_METADATA['tokens_account_cost']);
|
rateLimitAccount(PAGE_METADATA['tokens_account_cost']);
|
||||||
|
|
|
@ -20,12 +20,17 @@ function output($code, $msg = '', $logs = ['']) {
|
||||||
function processForm($requireLogin = true) {
|
function processForm($requireLogin = true) {
|
||||||
if (http_response_code() !== 200)
|
if (http_response_code() !== 200)
|
||||||
return false;
|
return false;
|
||||||
if (empty($_POST) AND $requireLogin AND !isset($_SESSION['id']))
|
if ($_POST === []) {
|
||||||
echo '<p>Ce formulaire ne sera pas accepté car il faut <a class="auth" href="' . redirUrl('auth/login') . '">se connecter</a> avant.</p>';
|
if ($requireLogin AND !isset($_SESSION['id']))
|
||||||
if (empty($_POST))
|
echo '<p>Ce formulaire ne sera pas accepté car il faut <a class="auth" href="' . redirUrl('auth/login') . '">se connecter</a> avant.</p>';
|
||||||
return false;
|
return false;
|
||||||
if ($requireLogin AND !isset($_SESSION['id']))
|
}
|
||||||
output(403, 'Vous devez être connecté·e pour effectuer cette action.');
|
if ($requireLogin) {
|
||||||
|
if (isset($_SESSION['id']) !== true)
|
||||||
|
output(403, 'Vous devez être connecté·e à un compte pour effectuer cette action.');
|
||||||
|
if (isset(query('select', 'users', ['id' => $_SESSION['id']], 'id')[0]) !== true)
|
||||||
|
output(403, 'Ce compte n\'existe plus. Déconnectez-vous pour terminer cette session fantôme.');
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,3 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (session_status() === PHP_SESSION_ACTIVE)
|
logout();
|
||||||
session_destroy();
|
|
||||||
|
|
||||||
header('Clear-Site-Data: "*"');
|
|
||||||
redir();
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ if (processForm()) {
|
||||||
|
|
||||||
query('delete', 'users', ['id' => $_SESSION['id']]);
|
query('delete', 'users', ['id' => $_SESSION['id']]);
|
||||||
|
|
||||||
require 'logout.php';
|
logout();
|
||||||
|
|
||||||
output(200, 'Compte supprimé.');
|
output(200, 'Compte supprimé.');
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue