failed-galleries/php-gallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2024-12-26 17:36:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Password confirmation on account deletion

Browse source
This commit is contained in:
Michał 2022-09-20 13:06:41 +00:00
parent 722f9b7fd6
commit 771799ba18
5 changed files with 137 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Flyout/flyout.css
View file

@ -10,7 +10,7 @@
position: fixed; z-index: 999;
background-color: var(--bg);
backdrop-filter: blur(8px);
backdrop-filter: blur(15px);
opacity: 0;
@ -67,3 +67,9 @@
.flyout-actionbox * * * {
width: auto;
}
.flyout-actionbox > button {
margin-bottom: 0.5rem;
}
.flyout-actionbox > button > * {
width: auto;
}

10
Sniffle/sniffle.css
View file

@ -15,7 +15,7 @@
.sniffle {
margin: 0; padding: 0 1rem;
max-width: 621px; width: calc(100% - 1rem);
max-width: 569px; width: calc(100% - 1rem);
top: 0.5rem; left: 50%;
transform: translateX(-50%);
@ -31,7 +31,7 @@
and a text div .sniffle-content
*/
.sniffle-notification {
margin-bottom: 0.5rem; padding: 0.5rem;
margin-bottom: 0.5rem; padding: 0;
max-width: calc(100% - 1rem); min-height: 2.5rem;
@ -97,7 +97,7 @@
And to prevent text from overflowing the notification
*/
.sniffle-content {
margin: 0 auto;
margin: 0 auto; padding: 0.5rem;
width: calc(100% - 3.5rem);
flex-direction: column; flex-wrap: wrap;
@ -109,12 +109,14 @@
Notification icon/image
*/
.sniffle-img {
margin-right: 1rem;
padding: 0 0.5rem;
max-width: 2.5rem; width: auto;
height: auto;
object-fit: contain;
background-color: #15151533;
}
/*
Notification header

63
account.php
View file

@ -26,40 +26,63 @@
<p>Resetting your password regularly is a good way of keeping your account safe</p>
<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>
<br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
<br>
<p>Be carefull!</p>
<button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button>
<br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
</div>
<script>
function deleteAccount() {
var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
var actionBox = "<form id='userDelete' method='POST'>\
var description = "This CANNOT be undone, be very carefull with your decition!!!";
var actionBox = "<button class='btn btn-bad' onclick='deleteAccountConfirm()'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
<button class='btn btn-bad' onclick='deleteAccountConfirmFull()'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>";
flyoutShow(header, description, actionBox);
}
function deleteAccountConfirm () {
var header = "Deleting just your account!";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDelete' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
</form>\
<form id='userDeleteFull' method='POST'>\
</form>";
flyoutShow(header, description, actionBox);
$("#accountDelete").submit(function(event) {
event.preventDefault();
var accountDeletePassword = $("#accountDeletePassword").val();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: 'false',
account_password: accountDeletePassword,
account_delete_submit: accountDeleteSubmit
});
});
}
function deleteAccountConfirmFull () {
var header = "Deleting EVERYTHINGGGGG";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDeleteFull' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#userDelete").submit(function(event) {
$("#accountDeleteFull").submit(function(event) {
event.preventDefault();
var accountDeletePassword = $("#accountDeletePassword").val();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: false,
account_delete_submit: accountDeleteSubmit
});
});
$("#userDeleteFull").submit(function(event) {
event.preventDefault();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: true,
full: 'true',
account_password: accountDeletePassword,
account_delete_submit: accountDeleteSubmit
});
});
@ -227,6 +250,7 @@
});
});
}
function userDelete(id, username) {
var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
@ -260,6 +284,7 @@
});
});
}
function userToggleAdmin(id, username) {
var header = "With great power comes great responsibility...";
var description = "Do you trust this user? With admin permitions they can cause a whole lot of damage to this place, so make sure you're very very sure";

90
app/account/account.php
View file

@ -624,8 +624,67 @@ if (isset($_POST['account_delete_submit'])) {
</script>
<?php
$error += 1;
} elseif ($_POST['delete_id'] == $_SESSION['id']) {
$delete_id = $_SESSION['id'];
} elseif ($_POST['delete_id'] == $_SESSION['id'] && $_POST['delete_id'] != 1) {
if (isset($_POST['account_password']) && !empty($_POST['account_password'])) {
$sql = "SELECT id, username, password FROM users WHERE username = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind dis shit
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $_SESSION['username'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $_SESSION['username'], $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($_POST['account_password'], $hashed_password)) {
$delete_id = $_SESSION['id'];
} else {
?>
<script>
sniffleAdd('Sus', 'Try again! ;3', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
}
} else {
?>
<script>
sniffleAdd('Sus', 'Try again! ;3', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
} else {
?>
<script>
sniffleAdd('AAA', 'Something went wrong on our end, sowwy', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
}
} else {
?>
<script>
sniffleAdd('oof', 'You did not enter a password!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
} elseif ($_POST['delete_id'] != $_SESSION['id'] && $_SESSION['id'] == 1) {
$delete_id = $_POST['delete_id'];
} else {
@ -658,7 +717,7 @@ if (isset($_POST['account_delete_submit'])) {
}
if ($error <= 0) {
if ($_POST['full']) {
if ($_POST['full'] == "true") {
$image_request = mysqli_query($conn, "SELECT id, imagename FROM images WHERE author = '$delete_id'");
while ($image = mysqli_fetch_array($image_request)) {
@ -685,17 +744,28 @@ if (isset($_POST['account_delete_submit'])) {
mysqli_query($conn, "DELETE FROM users WHERE id = ".$delete_id);
if ($_POST['full']) {
if ($_POST['full'] == "true") {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account and all their posts')");
} else {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account')");
}
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted the user!', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
if ($_POST['delete_id'] == $_SESSION['id']) {
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted your account! You will be redirected in a few seconds...', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
setTimeout(function(){window.location.href = "app/account/logout.php";}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted the user!', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
}
}
}

1
ui/header.php
View file

@ -1,6 +1,5 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php echo $user_settings['website']['name']; ?></title>
<!-- Stylesheets -->
<link rel="stylesheet" href="css/main.css">