demand a valid password for account deletion

author: Daniel Friesel <derf@finalrewind.org> 2019-03-18 18:55:39 +0100
committer: Daniel Friesel <derf@finalrewind.org> 2019-03-18 18:55:39 +0100
commit: 56342f21d27295e98327be4b49e54205b7a02e13 (patch)
tree: 0566f1fddeea4451194042bef651e565da538fed /index.pl
parent: 07b3ea19a6ee820da9bf3b9ee5f9504e05f54356 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/index.pl b/index.pl
index 1af79a4..06318fa 100755
--- a/index.pl
+++ b/index.pl
@@ -1479,8 +1479,14 @@ post '/delete' => sub {
 		$self->render( 'account', invalid => 'csrf' );
 		return;
 	}
+
 	my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch;
+
 	if ( $self->param('action') eq 'delete' ) {
+		if (not $self->authenticate($self->current_user->{name}, $self->param('password'))) {
+			$self->render( 'account', invalid => 'password' );
+			return;
+		}
 		$self->app->mark_for_deletion_query->execute( $now,
 			$self->current_user->{id} );
 	}
author	Daniel Friesel <derf@finalrewind.org>	2019-03-18 18:55:39 +0100
committer	Daniel Friesel <derf@finalrewind.org>	2019-03-18 18:55:39 +0100
commit	56342f21d27295e98327be4b49e54205b7a02e13 (patch)
tree	0566f1fddeea4451194042bef651e565da538fed /index.pl
parent	07b3ea19a6ee820da9bf3b9ee5f9504e05f54356 (diff)