You can now change your password.
This commit is contained in:
Azareal
parent
d77606506c
commit
7a1a468f93
|
|
@ -26,6 +26,7 @@ var login_stmt *sql.Stmt
|
||||||
var update_session_stmt *sql.Stmt
|
var update_session_stmt *sql.Stmt
|
||||||
var logout_stmt *sql.Stmt
|
var logout_stmt *sql.Stmt
|
||||||
var set_password_stmt *sql.Stmt
|
var set_password_stmt *sql.Stmt
|
||||||
|
var get_password_stmt *sql.Stmt
|
||||||
var register_stmt *sql.Stmt
|
var register_stmt *sql.Stmt
|
||||||
var username_exists_stmt *sql.Stmt
|
var username_exists_stmt *sql.Stmt
|
||||||
var custom_pages map[string]string = make(map[string]string)
|
var custom_pages map[string]string = make(map[string]string)
|
||||||
|
|
@ -65,7 +66,7 @@ func init_database(err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Print("Preparing edit_topic statement.")
|
log.Print("Preparing edit_topic statement.")
|
||||||
edit_topic_stmt, err = db.Prepare("UPDATE topics SET title = ? WHERE tid = ?")
|
edit_topic_stmt, err = db.Prepare("UPDATE topics SET title = ?, content = ?, is_closed = ? WHERE tid = ?")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
@ -106,6 +107,12 @@ func init_database(err error) {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Print("Preparing get_password statement.")
|
||||||
|
get_password_stmt, err = db.Prepare("SELECT `password`, `salt` FROM `users` WHERE `uid` = ?")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
// Add an admin version of register_stmt with more flexibility
|
// Add an admin version of register_stmt with more flexibility
|
||||||
// create_account_stmt, err = db.Prepare("INSERT INTO
|
// create_account_stmt, err = db.Prepare("INSERT INTO
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
Testing
|
<div class="rowitem">Testing</div>
|
||||||
|
|
@ -63,7 +63,6 @@ $(document).ready(function(){
|
||||||
event.preventDefault();
|
event.preventDefault();
|
||||||
var block_parent = $(this).closest('.editable_parent');
|
var block_parent = $(this).closest('.editable_parent');
|
||||||
var block = block_parent.find('.editable_block').eq(0);
|
var block = block_parent.find('.editable_block').eq(0);
|
||||||
//block.html("<textarea style='width: 100%;' name='edit_" +
|
|
||||||
block.html("<textarea style='width: 100%;' name='edit_item'>" + block.html() + "</textarea><br /><a href='" + $(this).closest('a').attr("href") + "'><button class='submit_edit' type='submit'>Update</button></a>");
|
block.html("<textarea style='width: 100%;' name='edit_item'>" + block.html() + "</textarea><br /><a href='" + $(this).closest('a').attr("href") + "'><button class='submit_edit' type='submit'>Update</button></a>");
|
||||||
|
|
||||||
$(".submit_edit").click(function(event)
|
$(".submit_edit").click(function(event)
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,6 @@ import "bytes"
|
||||||
import "time"
|
import "time"
|
||||||
import "net/http"
|
import "net/http"
|
||||||
import "html"
|
import "html"
|
||||||
//import "html/template"
|
|
||||||
import "database/sql"
|
import "database/sql"
|
||||||
import _ "github.com/go-sql-driver/mysql"
|
import _ "github.com/go-sql-driver/mysql"
|
||||||
import "golang.org/x/crypto/bcrypt"
|
import "golang.org/x/crypto/bcrypt"
|
||||||
|
|
@ -311,8 +310,14 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
topic_name := r.PostFormValue("topic_name")
|
topic_name := r.PostFormValue("topic_name")
|
||||||
topic_status := r.PostFormValue("topic_status")
|
topic_status := r.PostFormValue("topic_status")
|
||||||
|
var is_closed bool
|
||||||
|
if topic_status == "closed" {
|
||||||
|
is_closed = true
|
||||||
|
} else {
|
||||||
|
is_closed = false
|
||||||
|
}
|
||||||
topic_content := html.EscapeString(r.PostFormValue("topic_content"))
|
topic_content := html.EscapeString(r.PostFormValue("topic_content"))
|
||||||
_, err = edit_topic_stmt.Exec(topic_name, topic_status, topic_content, tid)
|
_, err = edit_topic_stmt.Exec(topic_name, topic_content, is_closed, tid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
InternalErrorJSQ(err,w,r,user,is_js)
|
InternalErrorJSQ(err,w,r,user,is_js)
|
||||||
return
|
return
|
||||||
|
|
@ -455,14 +460,60 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
//current_password, err := strconv.Atoi(r.PostFormValue("account-current-password"))
|
var real_password string
|
||||||
//new_password, err := strconv.Atoi(r.PostFormValue("account-new-password"))
|
var salt string
|
||||||
//confirm_password, err := strconv.Atoi(r.PostFormValue("account-confirm-password"))
|
current_password := r.PostFormValue("account-current-password")
|
||||||
|
new_password := r.PostFormValue("account-new-password")
|
||||||
|
confirm_password := r.PostFormValue("account-confirm-password")
|
||||||
|
|
||||||
|
err = get_password_stmt.QueryRow(user.ID).Scan(&real_password, &salt)
|
||||||
|
if err == sql.ErrNoRows {
|
||||||
|
pi := Page{"Error","error",user,tList,"Your account doesn't exist."}
|
||||||
|
|
||||||
|
var b bytes.Buffer
|
||||||
|
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||||
|
errpage := b.String()
|
||||||
|
http.Error(w,errpage,500)
|
||||||
|
return
|
||||||
|
} else if err != nil {
|
||||||
|
InternalError(err,w,r,user)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
pi := Page{"Edit Password","account-own-edit",user,tList,0}
|
current_password = current_password + salt
|
||||||
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
|
err = bcrypt.CompareHashAndPassword([]byte(real_password), []byte(current_password))
|
||||||
|
if err == bcrypt.ErrMismatchedHashAndPassword {
|
||||||
|
pi := Page{"Error","error",user,tList,"That's not the correct password."}
|
||||||
|
|
||||||
|
var b bytes.Buffer
|
||||||
|
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||||
|
errpage := b.String()
|
||||||
|
http.Error(w,errpage,500)
|
||||||
|
return
|
||||||
|
} else if err != nil {
|
||||||
|
InternalError(err,w,r,user)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if new_password != confirm_password {
|
||||||
|
pi := Page{"Error","error",user,tList,"The two passwords don't match."}
|
||||||
|
|
||||||
|
var b bytes.Buffer
|
||||||
|
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||||
|
errpage := b.String()
|
||||||
|
http.Error(w,errpage,500)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
SetPassword(user.ID, new_password)
|
||||||
|
|
||||||
|
// Log the user out as a safety precaution
|
||||||
|
_, err = logout_stmt.Exec(user.ID)
|
||||||
|
if err != nil {
|
||||||
|
InternalError(err,w,r,user)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
pi := Page{"Edit Password","account-own-edit-success",user,tList,0}
|
||||||
|
templates.ExecuteTemplate(w,"account-own-edit-success.html", pi)
|
||||||
}
|
}
|
||||||
|
|
||||||
func route_logout(w http.ResponseWriter, r *http.Request) {
|
func route_logout(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue