summaryrefslogtreecommitdiffstats
path: root/web/html
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2020-01-30 11:52:32 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2020-01-30 13:25:15 +0100
commit8fc8898fef39af20a24c9928464fd8420481d819 (patch)
tree34cf8f9eeeb9b642e074d2a5b1186ecbf6b8b3a1 /web/html
parent7aa420d24da7e8c2c214ab421d44b4684d42e73e (diff)
downloadaur-8fc8898fef39af20a24c9928464fd8420481d819.tar.gz
aur-8fc8898fef39af20a24c9928464fd8420481d819.tar.xz
Require password when deleting an account
Further reduce the attack surface in case of a stolen session ID. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/account.php17
1 files changed, 13 insertions, 4 deletions
diff --git a/web/html/account.php b/web/html/account.php
index 7c6c424a..03af8d43 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -120,12 +120,21 @@ if (isset($_COOKIE["AURSID"])) {
} elseif ($action == "DeleteAccount") {
/* Details for account being deleted. */
if (can_edit_account($row)) {
- $UID = $row['ID'];
+ $uid_removal = $row['ID'];
+ $uid_session = uid_from_sid($_COOKIE['AURSID']);
+ $username = $row['Username'];
+
if (in_request('confirm') && check_token()) {
- user_delete($UID);
- header('Location: /');
+ if (check_passwd($uid_session, $_REQUEST['passwd']) == 1) {
+ user_delete($uid_removal);
+ header('Location: /');
+ } else {
+ echo "<ul class='errorlist'><li>";
+ echo __("Invalid password.");
+ echo "</li></ul>";
+ include("account_delete.php");
+ }
} else {
- $username = $row['Username'];
include("account_delete.php");
}
} else {