Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-06-29 12:56:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Password confirmation on account deletion

Browse source
This commit is contained in:
Michał Gdula 2022-09-20 13:06:41 +00:00
parent 722f9b7fd6
commit 771799ba18
5 changed files with 137 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Flyout/flyout.css
View file

@ -10,7 +10,7 @@
position: fixed; z-index: 999; position: fixed; z-index: 999;
background-color: var(--bg); background-color: var(--bg);
backdrop-filter: blur(8px); backdrop-filter: blur(15px);
opacity: 0; opacity: 0;
@ -67,3 +67,9 @@
.flyout-actionbox * * * { .flyout-actionbox * * * {
width: auto; width: auto;
} }
.flyout-actionbox > button {
margin-bottom: 0.5rem;
}
.flyout-actionbox > button > * {
width: auto;
}

10
Sniffle/sniffle.css
View file

@ -15,7 +15,7 @@
.sniffle { .sniffle {
margin: 0; padding: 0 1rem; margin: 0; padding: 0 1rem;
max-width: 621px; width: calc(100% - 1rem); max-width: 569px; width: calc(100% - 1rem);
top: 0.5rem; left: 50%; top: 0.5rem; left: 50%;
transform: translateX(-50%); transform: translateX(-50%);
@ -31,7 +31,7 @@
and a text div .sniffle-content and a text div .sniffle-content
*/ */
.sniffle-notification { .sniffle-notification {
margin-bottom: 0.5rem; padding: 0.5rem; margin-bottom: 0.5rem; padding: 0;
max-width: calc(100% - 1rem); min-height: 2.5rem; max-width: calc(100% - 1rem); min-height: 2.5rem;
@ -97,7 +97,7 @@
And to prevent text from overflowing the notification And to prevent text from overflowing the notification
*/ */
.sniffle-content { .sniffle-content {
margin: 0 auto; margin: 0 auto; padding: 0.5rem;
width: calc(100% - 3.5rem); width: calc(100% - 3.5rem);
flex-direction: column; flex-wrap: wrap; flex-direction: column; flex-wrap: wrap;
@ -109,12 +109,14 @@
Notification icon/image Notification icon/image
*/ */
.sniffle-img { .sniffle-img {
margin-right: 1rem; padding: 0 0.5rem;
max-width: 2.5rem; width: auto; max-width: 2.5rem; width: auto;
height: auto; height: auto;
object-fit: contain; object-fit: contain;
background-color: #15151533;
} }
/* /*
Notification header Notification header

61
account.php
View file

@ -26,40 +26,63 @@
<p>Resetting your password regularly is a good way of keeping your account safe</p> <p>Resetting your password regularly is a good way of keeping your account safe</p>
<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a> <a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>
<br> <br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
<br>
<p>Be carefull!</p> <p>Be carefull!</p>
<button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button> <button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button>
<br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
</div> </div>
<script> <script>
function deleteAccount() { function deleteAccount() {
var header = "Are you very very sure?"; var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!"; var description = "This CANNOT be undone, be very carefull with your decition!!!";
var actionBox = "<form id='userDelete' method='POST'>\ var actionBox = "<button class='btn btn-bad' onclick='deleteAccountConfirm()'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
<button class='btn btn-bad' onclick='deleteAccountConfirmFull()'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>";
flyoutShow(header, description, actionBox);
}
function deleteAccountConfirm () {
var header = "Deleting just your account!";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDelete' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\ <button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
</form>\ </form>";
<form id='userDeleteFull' method='POST'>\
flyoutShow(header, description, actionBox);
$("#accountDelete").submit(function(event) {
event.preventDefault();
var accountDeletePassword = $("#accountDeletePassword").val();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: 'false',
account_password: accountDeletePassword,
account_delete_submit: accountDeleteSubmit
});
});
}
function deleteAccountConfirmFull () {
var header = "Deleting EVERYTHINGGGGG";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDeleteFull' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>\ <button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>\
</form>"; </form>";
flyoutShow(header, description, actionBox); flyoutShow(header, description, actionBox);
$("#userDelete").submit(function(event) { $("#accountDeleteFull").submit(function(event) {
event.preventDefault(); event.preventDefault();
var accountDeletePassword = $("#accountDeletePassword").val();
var accountDeleteSubmit = $("#accountDeleteSubmit").val(); var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", { $("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>, delete_id: <?php echo $_SESSION['id']; ?>,
full: false, full: 'true',
account_delete_submit: accountDeleteSubmit account_password: accountDeletePassword,
});
});
$("#userDeleteFull").submit(function(event) {
event.preventDefault();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: true,
account_delete_submit: accountDeleteSubmit account_delete_submit: accountDeleteSubmit
}); });
}); });
@ -227,6 +250,7 @@
}); });
}); });
} }
function userDelete(id, username) { function userDelete(id, username) {
var header = "Are you very very sure?"; var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!"; var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
@ -260,6 +284,7 @@
}); });
}); });
} }
function userToggleAdmin(id, username) { function userToggleAdmin(id, username) {
var header = "With great power comes great responsibility..."; var header = "With great power comes great responsibility...";
var description = "Do you trust this user? With admin permitions they can cause a whole lot of damage to this place, so make sure you're very very sure"; var description = "Do you trust this user? With admin permitions they can cause a whole lot of damage to this place, so make sure you're very very sure";

90
app/account/account.php
View file

@ -624,8 +624,67 @@ if (isset($_POST['account_delete_submit'])) {
</script> </script>
<?php <?php
$error += 1; $error += 1;
} elseif ($_POST['delete_id'] == $_SESSION['id']) { } elseif ($_POST['delete_id'] == $_SESSION['id'] && $_POST['delete_id'] != 1) {
$delete_id = $_SESSION['id']; if (isset($_POST['account_password']) && !empty($_POST['account_password'])) {
$sql = "SELECT id, username, password FROM users WHERE username = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind dis shit
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $_SESSION['username'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $_SESSION['username'], $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($_POST['account_password'], $hashed_password)) {
$delete_id = $_SESSION['id'];
} else {
?>
<script>
sniffleAdd('Sus', 'Try again! ;3', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
}
} else {
?>
<script>
sniffleAdd('Sus', 'Try again! ;3', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
} else {
?>
<script>
sniffleAdd('AAA', 'Something went wrong on our end, sowwy', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
}
} else {
?>
<script>
sniffleAdd('oof', 'You did not enter a password!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
} elseif ($_POST['delete_id'] != $_SESSION['id'] && $_SESSION['id'] == 1) { } elseif ($_POST['delete_id'] != $_SESSION['id'] && $_SESSION['id'] == 1) {
$delete_id = $_POST['delete_id']; $delete_id = $_POST['delete_id'];
} else { } else {
@ -658,7 +717,7 @@ if (isset($_POST['account_delete_submit'])) {
} }
if ($error <= 0) { if ($error <= 0) {
if ($_POST['full']) { if ($_POST['full'] == "true") {
$image_request = mysqli_query($conn, "SELECT id, imagename FROM images WHERE author = '$delete_id'"); $image_request = mysqli_query($conn, "SELECT id, imagename FROM images WHERE author = '$delete_id'");
while ($image = mysqli_fetch_array($image_request)) { while ($image = mysqli_fetch_array($image_request)) {
@ -685,17 +744,28 @@ if (isset($_POST['account_delete_submit'])) {
mysqli_query($conn, "DELETE FROM users WHERE id = ".$delete_id); mysqli_query($conn, "DELETE FROM users WHERE id = ".$delete_id);
if ($_POST['full']) { if ($_POST['full'] == "true") {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account and all their posts')"); mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account and all their posts')");
} else { } else {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account')"); mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account')");
} }
?> if ($_POST['delete_id'] == $_SESSION['id']) {
<script> ?>
sniffleAdd('Goodbye!', 'Successfully deleted the user!', 'var(--green)', 'assets/icons/check.svg'); <script>
flyoutClose(); sniffleAdd('Goodbye!', 'Successfully deleted your account! You will be redirected in a few seconds...', 'var(--green)', 'assets/icons/check.svg');
</script> flyoutClose();
<?php
setTimeout(function(){window.location.href = "app/account/logout.php";}, 2000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted the user!', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
}
} }
} }

1
ui/header.php
View file

@ -1,6 +1,5 @@
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php echo $user_settings['website']['name']; ?></title>
<!-- Stylesheets --> <!-- Stylesheets -->
<link rel="stylesheet" href="css/main.css"> <link rel="stylesheet" href="css/main.css">