From 8fc8898fef39af20a24c9928464fd8420481d819 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Thu, 30 Jan 2020 11:52:32 +0100 Subject: Require password when deleting an account Further reduce the attack surface in case of a stolen session ID. Signed-off-by: Lukas Fleischer --- web/html/account.php | 17 +++++++++++++---- web/template/account_delete.php | 11 +++++++++-- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index 7c6c424a..03af8d43 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -120,12 +120,21 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($action == "DeleteAccount") { /* Details for account being deleted. */ if (can_edit_account($row)) { - $UID = $row['ID']; + $uid_removal = $row['ID']; + $uid_session = uid_from_sid($_COOKIE['AURSID']); + $username = $row['Username']; + if (in_request('confirm') && check_token()) { - user_delete($UID); - header('Location: /'); + if (check_passwd($uid_session, $_REQUEST['passwd']) == 1) { + user_delete($uid_removal); + header('Location: /'); + } else { + echo ""; + include("account_delete.php"); + } } else { - $username = $row['Username']; include("account_delete.php"); } } else { diff --git a/web/template/account_delete.php b/web/template/account_delete.php index 718b172f..d0c6e74d 100644 --- a/web/template/account_delete.php +++ b/web/template/account_delete.php @@ -12,8 +12,15 @@
-

+

+ + +

+ +

+ +

" /> -- cgit v1.2.3-24-g4f1b