You can now change your password.
This commit is contained in:
parent
d77606506c
commit
7a1a468f93
@ -26,6 +26,7 @@ var login_stmt *sql.Stmt
|
||||
var update_session_stmt *sql.Stmt
|
||||
var logout_stmt *sql.Stmt
|
||||
var set_password_stmt *sql.Stmt
|
||||
var get_password_stmt *sql.Stmt
|
||||
var register_stmt *sql.Stmt
|
||||
var username_exists_stmt *sql.Stmt
|
||||
var custom_pages map[string]string = make(map[string]string)
|
||||
@ -65,7 +66,7 @@ func init_database(err error) {
|
||||
}
|
||||
|
||||
log.Print("Preparing edit_topic statement.")
|
||||
edit_topic_stmt, err = db.Prepare("UPDATE topics SET title = ? WHERE tid = ?")
|
||||
edit_topic_stmt, err = db.Prepare("UPDATE topics SET title = ?, content = ?, is_closed = ? WHERE tid = ?")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
@ -106,6 +107,12 @@ func init_database(err error) {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
log.Print("Preparing get_password statement.")
|
||||
get_password_stmt, err = db.Prepare("SELECT `password`, `salt` FROM `users` WHERE `uid` = ?")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
// Add an admin version of register_stmt with more flexibility
|
||||
// create_account_stmt, err = db.Prepare("INSERT INTO
|
||||
|
||||
|
@ -1 +1 @@
|
||||
Testing
|
||||
<div class="rowitem">Testing</div>
|
@ -63,7 +63,6 @@ $(document).ready(function(){
|
||||
event.preventDefault();
|
||||
var block_parent = $(this).closest('.editable_parent');
|
||||
var block = block_parent.find('.editable_block').eq(0);
|
||||
//block.html("<textarea style='width: 100%;' name='edit_" +
|
||||
block.html("<textarea style='width: 100%;' name='edit_item'>" + block.html() + "</textarea><br /><a href='" + $(this).closest('a').attr("href") + "'><button class='submit_edit' type='submit'>Update</button></a>");
|
||||
|
||||
$(".submit_edit").click(function(event)
|
||||
|
113
src/routes.go
113
src/routes.go
@ -7,7 +7,6 @@ import "bytes"
|
||||
import "time"
|
||||
import "net/http"
|
||||
import "html"
|
||||
//import "html/template"
|
||||
import "database/sql"
|
||||
import _ "github.com/go-sql-driver/mysql"
|
||||
import "golang.org/x/crypto/bcrypt"
|
||||
@ -202,10 +201,10 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
success := 1
|
||||
|
||||
res, err := create_topic_stmt.Exec(html.EscapeString(r.PostFormValue("topic-name")),html.EscapeString(r.PostFormValue("topic-content")),int32(time.Now().Unix()),user.ID)
|
||||
@ -244,10 +243,10 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
success := 1
|
||||
tid, err = strconv.Atoi(r.PostFormValue("tid"))
|
||||
@ -288,10 +287,10 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
|
||||
func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
user := SessionCheck(w,r)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
is_js := r.PostFormValue("js")
|
||||
if is_js == "" {
|
||||
is_js = "0"
|
||||
@ -311,8 +310,14 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
topic_name := r.PostFormValue("topic_name")
|
||||
topic_status := r.PostFormValue("topic_status")
|
||||
var is_closed bool
|
||||
if topic_status == "closed" {
|
||||
is_closed = true
|
||||
} else {
|
||||
is_closed = false
|
||||
}
|
||||
topic_content := html.EscapeString(r.PostFormValue("topic_content"))
|
||||
_, err = edit_topic_stmt.Exec(topic_name, topic_status, topic_content, tid)
|
||||
_, err = edit_topic_stmt.Exec(topic_name, topic_content, is_closed, tid)
|
||||
if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
return
|
||||
@ -328,10 +333,10 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
user := SessionCheck(w,r)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
is_js := r.PostFormValue("js")
|
||||
if is_js == "" {
|
||||
@ -374,10 +379,10 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
user := SessionCheck(w,r)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
is_js := r.PostFormValue("is_js")
|
||||
if is_js == "" {
|
||||
@ -450,19 +455,65 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
//current_password, err := strconv.Atoi(r.PostFormValue("account-current-password"))
|
||||
//new_password, err := strconv.Atoi(r.PostFormValue("account-new-password"))
|
||||
//confirm_password, err := strconv.Atoi(r.PostFormValue("account-confirm-password"))
|
||||
var real_password string
|
||||
var salt string
|
||||
current_password := r.PostFormValue("account-current-password")
|
||||
new_password := r.PostFormValue("account-new-password")
|
||||
confirm_password := r.PostFormValue("account-confirm-password")
|
||||
|
||||
err = get_password_stmt.QueryRow(user.ID).Scan(&real_password, &salt)
|
||||
if err == sql.ErrNoRows {
|
||||
pi := Page{"Error","error",user,tList,"Your account doesn't exist."}
|
||||
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||
errpage := b.String()
|
||||
http.Error(w,errpage,500)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
current_password = current_password + salt
|
||||
err = bcrypt.CompareHashAndPassword([]byte(real_password), []byte(current_password))
|
||||
if err == bcrypt.ErrMismatchedHashAndPassword {
|
||||
pi := Page{"Error","error",user,tList,"That's not the correct password."}
|
||||
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||
errpage := b.String()
|
||||
http.Error(w,errpage,500)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
return
|
||||
}
|
||||
if new_password != confirm_password {
|
||||
pi := Page{"Error","error",user,tList,"The two passwords don't match."}
|
||||
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||
errpage := b.String()
|
||||
http.Error(w,errpage,500)
|
||||
return
|
||||
}
|
||||
SetPassword(user.ID, new_password)
|
||||
|
||||
pi := Page{"Edit Password","account-own-edit",user,tList,0}
|
||||
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
|
||||
// Log the user out as a safety precaution
|
||||
_, err = logout_stmt.Exec(user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
pi := Page{"Edit Password","account-own-edit-success",user,tList,0}
|
||||
templates.ExecuteTemplate(w,"account-own-edit-success.html", pi)
|
||||
}
|
||||
|
||||
func route_logout(w http.ResponseWriter, r *http.Request) {
|
||||
@ -517,10 +568,10 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
var uid int
|
||||
var real_password string
|
||||
@ -629,10 +680,10 @@ func route_register(w http.ResponseWriter, r *http.Request) {
|
||||
func route_register_submit(w http.ResponseWriter, r *http.Request) {
|
||||
user := SessionCheck(w,r)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
username := html.EscapeString(r.PostFormValue("username"))
|
||||
password := r.PostFormValue("password")
|
||||
|
Loading…
Reference in New Issue
Block a user