Per-Forum Permissions work everywhere now.
Removed some unnecessary user parameters from the error handlers. Added a PreError type for when the user data isn't available yet.
This commit is contained in:
parent
df5f70ee6b
commit
dca8670eed
32
errors.go
32
errors.go
@ -26,12 +26,12 @@ func init_errors() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func InternalError(err error, w http.ResponseWriter, r *http.Request, user User) {
|
||||
func InternalError(err error, w http.ResponseWriter, r *http.Request) {
|
||||
w.Write(error_internal)
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user User, is_js string) {
|
||||
func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, is_js string) {
|
||||
w.WriteHeader(500)
|
||||
if is_js == "0" {
|
||||
w.Write(error_internal)
|
||||
@ -41,11 +41,20 @@ func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user Us
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
func PreError(errmsg string, w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(500)
|
||||
user := User{ID:0,Group:6,Perms:GuestPerms,}
|
||||
pi := Page{"Error",user,nList,tList,errmsg}
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html",pi)
|
||||
fmt.Fprintln(w,b.String())
|
||||
}
|
||||
|
||||
func LocalError(errmsg string, w http.ResponseWriter, r *http.Request, user User) {
|
||||
w.WriteHeader(500)
|
||||
pi := Page{"Local Error",user,nList,tList,errmsg}
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||
templates.ExecuteTemplate(&b,"error.html",pi)
|
||||
fmt.Fprintln(w,b.String())
|
||||
}
|
||||
|
||||
@ -53,10 +62,23 @@ func LoginRequired(w http.ResponseWriter, r *http.Request, user User) {
|
||||
w.WriteHeader(401)
|
||||
pi := Page{"Local Error",user,nList,tList,"You need to login to do that."}
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||
templates.ExecuteTemplate(&b,"error.html",pi)
|
||||
fmt.Fprintln(w,b.String())
|
||||
}
|
||||
|
||||
func PreErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, is_js string) {
|
||||
w.WriteHeader(500)
|
||||
if is_js == "0" {
|
||||
user := User{ID:0,Group:6,Perms:GuestPerms,}
|
||||
pi := Page{"Local Error",user,nList,tList,errmsg}
|
||||
var b bytes.Buffer
|
||||
templates.ExecuteTemplate(&b,"error.html", pi)
|
||||
fmt.Fprintln(w,b.String())
|
||||
} else {
|
||||
w.Write([]byte(`{'errmsg': '` + errmsg + `'}`))
|
||||
}
|
||||
}
|
||||
|
||||
func LocalErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, user User, is_js string) {
|
||||
w.WriteHeader(500)
|
||||
if is_js == "0" {
|
||||
@ -130,7 +152,7 @@ func SecurityError(w http.ResponseWriter, r *http.Request, user User) {
|
||||
fmt.Fprintln(w,b.String())
|
||||
}
|
||||
|
||||
func NotFound(w http.ResponseWriter, r *http.Request, user User) {
|
||||
func NotFound(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(404)
|
||||
w.Write(error_notfound)
|
||||
}
|
||||
|
266
mod_routes.go
266
mod_routes.go
@ -10,14 +10,9 @@ import "database/sql"
|
||||
import _ "github.com/go-sql-driver/mysql"
|
||||
|
||||
func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form",w,r,user)
|
||||
PreError("Bad Form",w,r)
|
||||
return
|
||||
}
|
||||
is_js := r.PostFormValue("js")
|
||||
@ -29,30 +24,24 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
var fid int
|
||||
tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
|
||||
if err != nil {
|
||||
LocalErrorJSQ("The provided TopicID is not a valid number.",w,r,user,is_js)
|
||||
PreErrorJSQ("The provided TopicID is not a valid number.",w,r,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The topic you tried to edit doesn't exist.",w,r,user)
|
||||
PreError("The topic you tried to edit doesn't exist.",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditTopic {
|
||||
NoPermissionsJSQ(w,r,user,is_js)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic || !user.Perms.EditTopic {
|
||||
if !user.Perms.ViewTopic || !user.Perms.EditTopic {
|
||||
NoPermissionsJSQ(w,r,user,is_js)
|
||||
return
|
||||
}
|
||||
@ -64,7 +53,7 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
topic_content := html.EscapeString(r.PostFormValue("topic_content"))
|
||||
_, err = edit_topic_stmt.Exec(topic_name, preparse_message(topic_content), parse_message(html.EscapeString(preparse_message(topic_content))), is_closed, tid)
|
||||
if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
InternalErrorJSQ(err,w,r,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
@ -76,14 +65,9 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func route_delete_topic(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided TopicID is not a valid number.",w,r,user)
|
||||
PreError("The provided TopicID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -92,46 +76,40 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
|
||||
var fid int
|
||||
err = db.QueryRow("select content, createdBy, parentID from topics where tid = ?", tid).Scan(&content, &createdBy, &fid)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The topic you tried to delete doesn't exist.",w,r,user)
|
||||
PreError("The topic you tried to delete doesn't exist.",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
|
||||
if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = delete_topic_stmt.Exec(tid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
log.Print("The topic '" + strconv.Itoa(tid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
|
||||
http.Redirect(w,r,"/",http.StatusSeeOther)
|
||||
|
||||
wcount := word_count(content)
|
||||
err = decrease_post_user_stats(wcount, createdBy, true, user)
|
||||
err = decrease_post_user_stats(wcount,createdBy,true,user)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = remove_topics_from_forum_stmt.Exec(1, fid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -139,104 +117,77 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func route_stick_topic(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided TopicID is not a valid number.",w,r,user)
|
||||
PreError("The provided TopicID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
var fid int
|
||||
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The topic you tried to pin doesn't exist.",w,r,user)
|
||||
PreError("The topic you tried to pin doesn't exist.",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
||||
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = stick_topic_stmt.Exec(tid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func route_unstick_topic(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided TopicID is not a valid number.",w,r,user)
|
||||
PreError("The provided TopicID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
var fid int
|
||||
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The topic you tried to unpin doesn't exist.",w,r,user)
|
||||
PreError("The topic you tried to unpin doesn't exist.",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
||||
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = unstick_topic_stmt.Exec(tid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
PreError("Bad Form",w,r)
|
||||
return
|
||||
}
|
||||
is_js := r.PostFormValue("js")
|
||||
@ -246,14 +197,14 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided Reply ID is not a valid number.",w,r,user)
|
||||
PreError("The provided Reply ID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
|
||||
_, err = edit_reply_stmt.Exec(content, parse_message(content), rid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -261,31 +212,25 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
var tid int
|
||||
err = db.QueryRow("select tid from replies where rid = ?", rid).Scan(&tid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
var fid int
|
||||
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The parent topic doesn't exist.",w,r,user)
|
||||
PreError("The parent topic doesn't exist.",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditReply {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic || !user.Perms.EditReply {
|
||||
if !user.Perms.ViewTopic || !user.Perms.EditReply {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
@ -298,14 +243,9 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
PreError("Bad Form",w,r)
|
||||
return
|
||||
}
|
||||
is_js := r.PostFormValue("is_js")
|
||||
@ -313,14 +253,9 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
is_js = "0"
|
||||
}
|
||||
|
||||
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
|
||||
NoPermissionsJSQ(w,r,user,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
|
||||
if err != nil {
|
||||
LocalErrorJSQ("The provided Reply ID is not a valid number.",w,r,user,is_js)
|
||||
PreErrorJSQ("The provided Reply ID is not a valid number.",w,r,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
@ -329,41 +264,35 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
var createdBy int
|
||||
err = db.QueryRow("select tid, content, createdBy from replies where rid = ?", rid).Scan(&tid, &content, &createdBy)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
|
||||
PreErrorJSQ("The reply you tried to delete doesn't exist.",w,r,is_js)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
InternalErrorJSQ(err,w,r,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
var fid int
|
||||
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The parent topic doesn't exist.",w,r,user)
|
||||
PreError("The parent topic doesn't exist.",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteReply {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
|
||||
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = delete_reply_stmt.Exec(rid)
|
||||
if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
InternalErrorJSQ(err,w,r,is_js)
|
||||
return
|
||||
}
|
||||
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
|
||||
@ -376,13 +305,12 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
wcount := word_count(content)
|
||||
err = decrease_post_user_stats(wcount, createdBy, false, user)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
_, err = remove_replies_from_topic_stmt.Exec(1,tid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
return
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
|
||||
@ -394,7 +322,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
is_js := r.PostFormValue("js")
|
||||
@ -412,7 +340,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
var uid int
|
||||
err = db.QueryRow("select uid from users_replies where rid = ?", rid).Scan(&uid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -424,7 +352,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
|
||||
_, err = edit_profile_reply_stmt.Exec(content, parse_message(content), rid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -443,7 +371,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
@ -464,7 +392,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
InternalErrorJSQ(err,w,r,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
@ -475,7 +403,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = delete_profile_reply_stmt.Exec(rid)
|
||||
if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
InternalErrorJSQ(err,w,r,is_js)
|
||||
return
|
||||
}
|
||||
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
|
||||
@ -492,7 +420,6 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if !user.Perms.BanUsers {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
@ -510,7 +437,7 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("The user you're trying to ban no longer exists.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -526,7 +453,6 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if !user.Perms.BanUsers {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
@ -549,7 +475,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("The user you're trying to ban no longer exists.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -573,7 +499,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = change_group_stmt.Exec(4, uid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
|
||||
@ -588,7 +514,6 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
if r.FormValue("session") != user.Session {
|
||||
SecurityError(w,r,user)
|
||||
return
|
||||
@ -607,7 +532,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("The user you're trying to unban no longer exists.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -618,7 +543,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = change_group_stmt.Exec(default_group, uid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
|
||||
@ -646,12 +571,12 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
var uname string
|
||||
var active bool
|
||||
err = db.QueryRow("select `name`, `active` from users where `uid` = ?", uid).Scan(&uname, &active)
|
||||
err = db.QueryRow("select `name`,`active` from users where `uid` = ?", uid).Scan(&uname, &active)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("The account you're trying to activate no longer exists.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -661,13 +586,13 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
_, err = activate_user_stmt.Exec(uid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = change_group_stmt.Exec(default_group, uid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
|
||||
@ -740,7 +665,7 @@ func route_panel_forums_create_submit(w http.ResponseWriter, r *http.Request){
|
||||
|
||||
fid, err := create_forum(fname,active,fpreset)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -757,11 +682,11 @@ func route_panel_forums_delete(w http.ResponseWriter, r *http.Request){
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
if r.FormValue("session") != user.Session {
|
||||
SecurityError(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
fid, err := strconv.Atoi(r.URL.Path[len("/panel/forums/delete/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided Forum ID is not a valid number.",w,r,user)
|
||||
@ -806,7 +731,7 @@ func route_panel_forums_delete_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
err = delete_forum(fid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r,"/panel/forums/",http.StatusSeeOther)
|
||||
@ -894,7 +819,7 @@ func route_panel_forums_edit_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = update_forum_stmt.Exec(forum_name,active,forum_preset,fid)
|
||||
if err != nil {
|
||||
InternalErrorJSQ(err,w,r,user,is_js)
|
||||
InternalErrorJSQ(err,w,r,is_js)
|
||||
return
|
||||
}
|
||||
|
||||
@ -930,7 +855,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
|
||||
var settingList map[string]interface{} = make(map[string]interface{})
|
||||
rows, err := db.Query("select name, content, type from settings")
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
defer rows.Close()
|
||||
@ -941,7 +866,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
|
||||
for rows.Next() {
|
||||
err := rows.Scan(&sname,&scontent,&stype)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -965,7 +890,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -991,7 +916,7 @@ func route_panel_setting(w http.ResponseWriter, r *http.Request){
|
||||
LocalError("The setting you want to edit doesn't exist.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1053,7 +978,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("The setting you want to edit doesn't exist.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1067,7 +992,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = update_setting_stmt.Exec(scontent,sname)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1122,7 +1047,7 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
|
||||
var active bool
|
||||
err := db.QueryRow("select active from plugins where uname = ?", uname).Scan(&active)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1142,13 +1067,13 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
_, err = update_plugin_stmt.Exec(1,uname)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
_, err := add_plugin_stmt.Exec(uname,1)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -1188,7 +1113,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
|
||||
LocalError("The plugin you're trying to deactivate isn't active",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1198,7 +1123,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
_, err = update_plugin_stmt.Exec(0,uname)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1222,7 +1147,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
|
||||
var userList []interface{}
|
||||
rows, err := db.Query("select `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` from users")
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
defer rows.Close()
|
||||
@ -1231,7 +1156,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
|
||||
puser := User{ID: 0,}
|
||||
err := rows.Scan(&puser.ID, &puser.Name, &puser.Group, &puser.Active, &puser.Is_Super_Admin, &puser.Avatar)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1260,14 +1185,14 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
pi := Page{"User Manager",user,noticeList,userList,nil}
|
||||
err = templates.ExecuteTemplate(w,"panel-users.html",pi)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
|
||||
@ -1296,7 +1221,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
|
||||
LocalError("The user you're trying to edit doesn't exist.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1321,7 +1246,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
|
||||
pi := Page{"User Editor",user,noticeList,groupList,targetUser}
|
||||
err = templates.ExecuteTemplate(w,"panel-user-edit.html",pi)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
|
||||
@ -1334,7 +1259,6 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
if r.FormValue("session") != user.Session {
|
||||
SecurityError(w,r,user)
|
||||
return
|
||||
@ -1353,7 +1277,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
|
||||
LocalError("The user you're trying to edit doesn't exist.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1408,7 +1332,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
|
||||
|
||||
_, err = update_user_stmt.Exec(newname,newemail,newgroup,targetUser.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1488,7 +1412,7 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
|
||||
var isDefault bool
|
||||
err := db.QueryRow("select `default` from `themes` where `uname` = ?", uname).Scan(&isDefault)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1500,20 +1424,20 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
_, err = update_theme_stmt.Exec(1, uname)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
_, err := add_theme_stmt.Exec(uname,1)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
_, err = update_theme_stmt.Exec(0, defaultTheme)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -42,8 +42,7 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
if req.URL.Path[len(req.URL.Path) - 1] == '/' {
|
||||
w.WriteHeader(404)
|
||||
w.Write(error_notfound)
|
||||
NotFound(w,req)
|
||||
return
|
||||
}
|
||||
|
||||
@ -60,7 +59,6 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(404)
|
||||
w.Write(error_notfound)
|
||||
NotFound(w,req)
|
||||
return
|
||||
}
|
307
routes.go
307
routes.go
@ -65,7 +65,7 @@ func route_overview(w http.ResponseWriter, r *http.Request){
|
||||
pi := Page{"Overview",user,noticeList,tList,nil}
|
||||
err := templates.ExecuteTemplate(w,"overview.html",pi)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
|
||||
@ -76,13 +76,13 @@ func route_custom_page(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
name := r.URL.Path[len("/pages/"):]
|
||||
if templates.Lookup("page_" + name) == nil {
|
||||
NotFound(w,r,user)
|
||||
NotFound(w,r)
|
||||
return
|
||||
}
|
||||
|
||||
err := templates.ExecuteTemplate(w,"page_" + name,Page{"Page",user,noticeList,tList,nil})
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
|
||||
@ -104,7 +104,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
|
||||
rows, err := db.Query("select topics.tid, topics.title, topics.content, topics.createdBy, topics.is_closed, topics.sticky, topics.createdAt, topics.parentID, users.name, users.avatar from topics left join users ON topics.createdBy = users.uid where parentID in("+strings.Join(fidList,",")+") order by topics.sticky DESC, topics.lastReplyAt DESC, topics.createdBy DESC")
|
||||
//rows, err := get_topic_list_stmt.Query()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -112,7 +112,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
|
||||
for rows.Next() {
|
||||
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -131,7 +131,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
rows.Close()
|
||||
@ -142,36 +142,25 @@ func route_topics(w http.ResponseWriter, r *http.Request){
|
||||
} else {
|
||||
err = templates.ExecuteTemplate(w,"topics.html",pi)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func route_forum(w http.ResponseWriter, r *http.Request){
|
||||
user, noticeList, ok := SessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
page, _ := strconv.Atoi(r.FormValue("page"))
|
||||
fid, err := strconv.Atoi(r.URL.Path[len("/forum/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided ForumID is not a valid number.",w,r,user)
|
||||
PreError("The provided ForumID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
NotFound(w,r,user)
|
||||
user, noticeList, ok := ForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
//fmt.Printf("%+v\n", groups[user.Group].Forums)
|
||||
if groups[user.Group].Forums[fid].Overrides {
|
||||
if !groups[user.Group].Forums[fid].ViewTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic {
|
||||
if !user.Perms.ViewTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
@ -189,7 +178,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
rows, err := get_forum_topics_offset_stmt.Query(fid,offset)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -198,7 +187,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
|
||||
for rows.Next() {
|
||||
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -217,7 +206,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
rows.Close()
|
||||
@ -228,7 +217,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
|
||||
} else {
|
||||
err = templates.ExecuteTemplate(w,"forum.html",pi)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -255,16 +244,12 @@ func route_forums(w http.ResponseWriter, r *http.Request){
|
||||
} else {
|
||||
err := templates.ExecuteTemplate(w,"forums.html",pi)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func route_topic_id(w http.ResponseWriter, r *http.Request){
|
||||
user, noticeList, ok := SessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
var(
|
||||
err error
|
||||
content string
|
||||
@ -278,31 +263,25 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
|
||||
topic := TopicUser{Css: no_css_tmpl}
|
||||
topic.ID, err = strconv.Atoi(r.URL.Path[len("/topic/"):])
|
||||
if err != nil {
|
||||
LocalError("The provided TopicID is not a valid number.",w,r,user)
|
||||
PreError("The provided TopicID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
// Get the topic..
|
||||
err = get_topic_user_stmt.QueryRow(topic.ID).Scan(&topic.Title, &content, &topic.CreatedBy, &topic.CreatedAt, &topic.Is_Closed, &topic.Sticky, &topic.ParentID, &topic.IpAddress, &topic.PostCount, &topic.CreatedByName, &topic.Avatar, &group, &topic.URLPrefix, &topic.URLName, &topic.Level)
|
||||
if err == sql.ErrNoRows {
|
||||
NotFound(w,r,user)
|
||||
NotFound(w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
if (topic.ParentID > forumCapCount) || (topic.ParentID < 0) || forums[topic.ParentID].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
user, noticeList, ok := ForumSessionCheck(w,r,topic.ParentID)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if groups[user.Group].Forums[topic.ParentID].Overrides {
|
||||
if !groups[user.Group].Forums[topic.ParentID].ViewTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
} else if !user.Perms.ViewTopic {
|
||||
if !user.Perms.ViewTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
@ -361,7 +340,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
|
||||
LocalError("Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -369,7 +348,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
|
||||
for rows.Next() {
|
||||
err := rows.Scan(&replyItem.ID, &replyItem.Content, &replyItem.CreatedBy, &replyItem.CreatedAt, &replyItem.LastEdit, &replyItem.LastEditBy, &replyItem.Avatar, &replyItem.CreatedByName, &group, &replyItem.URLPrefix, &replyItem.URLName, &replyItem.Level, &replyItem.IpAddress)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -410,7 +389,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
rows.Close()
|
||||
@ -421,7 +400,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
|
||||
} else {
|
||||
err = templates.ExecuteTemplate(w,"topic.html", tpage)
|
||||
if err != nil {
|
||||
InternalError(err, w, r, user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -464,10 +443,10 @@ func route_profile(w http.ResponseWriter, r *http.Request){
|
||||
// Fetch the user data
|
||||
err = db.QueryRow("select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?", puser.ID).Scan(&puser.Name, &puser.Group, &puser.Is_Super_Admin, &puser.Avatar, &puser.Message, &puser.URLPrefix, &puser.URLName, &puser.Level)
|
||||
if err == sql.ErrNoRows {
|
||||
NotFound(w,r,user)
|
||||
NotFound(w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -493,7 +472,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
|
||||
// Get the replies..
|
||||
rows, err := db.Query("select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?", puser.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
defer rows.Close()
|
||||
@ -501,7 +480,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
|
||||
for rows.Next() {
|
||||
err := rows.Scan(&rid, &replyContent, &replyCreatedBy, &replyCreatedAt, &replyLastEdit, &replyLastEditBy, &replyAvatar, &replyCreatedByName, &group)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -530,7 +509,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
|
||||
}
|
||||
err = rows.Err()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -540,32 +519,32 @@ func route_profile(w http.ResponseWriter, r *http.Request){
|
||||
} else {
|
||||
err = templates.ExecuteTemplate(w,"profile.html",ppage)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func route_topic_create(w http.ResponseWriter, r *http.Request){
|
||||
user, noticeList, ok := SessionCheck(w,r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if !user.Loggedin || !user.Perms.CreateTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
var fid int
|
||||
var err error
|
||||
sfid := r.URL.Path[len("/topics/create/"):]
|
||||
if sfid != "" {
|
||||
fid, err = strconv.Atoi(sfid)
|
||||
if err != nil {
|
||||
LocalError("The provided ForumID is not a valid number.",w,r,user)
|
||||
PreError("The provided ForumID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
user, noticeList, ok := ForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if !user.Loggedin || !user.Perms.CreateTopic {
|
||||
NoPermissions(w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
var forumList []Forum
|
||||
group := groups[user.Group]
|
||||
for _, fid := range group.CanSee {
|
||||
@ -580,14 +559,26 @@ func route_topic_create(w http.ResponseWriter, r *http.Request){
|
||||
} else {
|
||||
err = templates.ExecuteTemplate(w,"create-topic.html",ctpage)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// POST functions. Authorised users only.
|
||||
func route_create_topic(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
PreError("Bad Form",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
|
||||
if err != nil {
|
||||
PreError("The provided ForumID is not a valid number.",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
@ -596,17 +587,6 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
|
||||
if err != nil {
|
||||
LocalError("The provided ForumID is not a valid number.",w,r,user)
|
||||
return
|
||||
}
|
||||
topic_name := html.EscapeString(r.PostFormValue("topic-name"))
|
||||
content := html.EscapeString(preparse_message(r.PostFormValue("topic-content")))
|
||||
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
@ -615,33 +595,27 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
LocalError("The topic's parent forum doesn't exist.",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
res, err := create_topic_stmt.Exec(fid,topic_name,content,parse_message(content),ipaddress,user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
lastId, err := res.LastInsertId()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = add_topics_to_forum_stmt.Exec(1,fid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
forums[fid].TopicCount -= 1
|
||||
|
||||
_, err = update_forum_cache_stmt.Exec(topic_name,lastId,user.Name,user.ID,fid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
forums[fid].LastTopic = topic_name
|
||||
@ -654,13 +628,35 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
|
||||
wcount := word_count(content)
|
||||
err = increase_post_user_stats(wcount,user.ID,true,user)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func route_create_reply(w http.ResponseWriter, r *http.Request) {
|
||||
user, ok := SimpleSessionCheck(w,r)
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
PreError("Bad Form",w,r)
|
||||
return
|
||||
}
|
||||
tid, err := strconv.Atoi(r.PostFormValue("tid"))
|
||||
if err != nil {
|
||||
PreError("Failed to convert the TopicID",w,r)
|
||||
return
|
||||
}
|
||||
|
||||
var topic_name string
|
||||
var fid int
|
||||
err = db.QueryRow("select title, parentID from topics where tid = ?",tid).Scan(&topic_name,&fid)
|
||||
if err == sql.ErrNoRows {
|
||||
PreError("Couldn't find the parent topic",w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
user, ok := SimpleForumSessionCheck(w,r,fid)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
@ -669,17 +665,6 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
return
|
||||
}
|
||||
tid, err := strconv.Atoi(r.PostFormValue("tid"))
|
||||
if err != nil {
|
||||
LocalError("Failed to convert the TopicID", w, r, user)
|
||||
return
|
||||
}
|
||||
|
||||
content := preparse_message(html.EscapeString(r.PostFormValue("reply-content")))
|
||||
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
if err != nil {
|
||||
@ -689,36 +674,26 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = create_reply_stmt.Exec(tid,content,parse_message(content),ipaddress,user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
var topic_name string
|
||||
err = db.QueryRow("select title from topics where tid = ?", tid).Scan(&topic_name)
|
||||
if err == sql.ErrNoRows {
|
||||
LocalError("Couldn't find the parent topic", w, r, user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = add_replies_to_topic_stmt.Exec(1, tid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
_, err = update_forum_cache_stmt.Exec(topic_name, tid, user.Name, user.ID, 1)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
|
||||
http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
|
||||
wcount := word_count(content)
|
||||
err = increase_post_user_stats(wcount, user.ID, false, user)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -735,7 +710,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
uid, err := strconv.Atoi(r.PostFormValue("uid"))
|
||||
@ -746,7 +721,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err = create_profile_reply_stmt.Exec(uid,html.EscapeString(preparse_message(r.PostFormValue("reply-content"))),parse_message(html.EscapeString(preparse_message(r.PostFormValue("reply-content")))),user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -756,7 +731,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("The profile you're trying to post on doesn't exist.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -806,7 +781,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("We were unable to find the reported post",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -815,7 +790,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("We were unable to find the topic which the reported post is supposed to be in",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(tid) + "'>" + title + "</a>"
|
||||
@ -825,7 +800,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("We were unable to find the reported post",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -834,17 +809,17 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("We were unable to find the profile which the reported post is supposed to be on",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
content = content + "<br><br>Original Post: <a href='/user/" + strconv.Itoa(tid) + "'>" + title + "</a>"
|
||||
} else if item_type == "topic" {
|
||||
err = db.QueryRow("select title, content from topics where tid = ?", item_id).Scan(&title,&content)
|
||||
if err == sql.ErrNoRows {
|
||||
NotFound(w,r,user)
|
||||
NotFound(w,r)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(item_id) + "'>" + title + "</a>"
|
||||
@ -861,14 +836,14 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
|
||||
var count int
|
||||
rows, err := db.Query("select count(*) as count from topics where data = ? and data != '' and parentID = 1", item_type + "_" + strconv.Itoa(item_id))
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
for rows.Next() {
|
||||
err = rows.Scan(&count)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -880,24 +855,24 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
|
||||
title = "Report: " + title
|
||||
res, err := create_report_stmt.Exec(title,content,content,user.ID,item_type + "_" + strconv.Itoa(item_id))
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
lastId, err := res.LastInsertId()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = add_topics_to_forum_stmt.Exec(1, fid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
_, err = update_forum_cache_stmt.Exec(title, lastId, user.Name, user.ID, fid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -913,7 +888,7 @@ func route_account_own_edit_critical(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("You need to login to edit your account.",w,r,user)
|
||||
return
|
||||
}
|
||||
pi := Page{"Edit Password",user,noticeList,tList,0}
|
||||
pi := Page{"Edit Password",user,noticeList,tList,nil}
|
||||
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
|
||||
}
|
||||
|
||||
@ -929,7 +904,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
@ -944,7 +919,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
|
||||
LocalError("Your account no longer exists.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -954,7 +929,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
|
||||
LocalError("That's not the correct password.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
if new_password != confirm_password {
|
||||
@ -966,12 +941,12 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
|
||||
// Log the user out as a safety precaution
|
||||
_, err = logout_stmt.Exec(user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
noticeList[len(noticeList)] = "Your password was successfully updated"
|
||||
pi := Page{"Edit Password",user,noticeList,tList,0}
|
||||
noticeList = append(noticeList,"Your password was successfully updated")
|
||||
pi := Page{"Edit Password",user,noticeList,tList,nil}
|
||||
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
|
||||
}
|
||||
|
||||
@ -984,13 +959,13 @@ func route_account_own_edit_avatar(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("You need to login to edit your account.",w,r,user)
|
||||
return
|
||||
}
|
||||
pi := Page{"Edit Avatar",user,noticeList,tList,0}
|
||||
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
|
||||
pi := Page{"Edit Avatar",user,noticeList,tList,nil}
|
||||
templates.ExecuteTemplate(w,"account-own-edit-avatar.html",pi)
|
||||
}
|
||||
|
||||
func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request) {
|
||||
if r.ContentLength > int64(max_request_size) {
|
||||
http.Error(w, "request too large", http.StatusExpectationFailed)
|
||||
http.Error(w,"Request too large",http.StatusExpectationFailed)
|
||||
return
|
||||
}
|
||||
r.Body = http.MaxBytesReader(w, r.Body, int64(max_request_size))
|
||||
@ -1006,7 +981,7 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
|
||||
|
||||
err := r.ParseMultipartForm(int64(max_request_size))
|
||||
if err != nil {
|
||||
LocalError("Upload failed", w, r, user)
|
||||
LocalError("Upload failed",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1051,14 +1026,14 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
|
||||
|
||||
outfile, err := os.Create("./uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext);
|
||||
if err != nil {
|
||||
LocalError("Upload failed [File Creation Failed]", w, r, user)
|
||||
LocalError("Upload failed [File Creation Failed]",w,r,user)
|
||||
return
|
||||
}
|
||||
defer outfile.Close()
|
||||
|
||||
_, err = io.Copy(outfile, infile);
|
||||
if err != nil {
|
||||
LocalError("Upload failed [Copy Failed]", w, r, user)
|
||||
LocalError("Upload failed [Copy Failed]",w,r,user)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -1066,13 +1041,13 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
|
||||
|
||||
_, err = set_avatar_stmt.Exec("." + ext, strconv.Itoa(user.ID))
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext
|
||||
noticeList = append(noticeList, "Your avatar was successfully updated")
|
||||
|
||||
pi := Page{"Edit Avatar",user,noticeList,tList,0}
|
||||
pi := Page{"Edit Avatar",user,noticeList,tList,nil}
|
||||
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
|
||||
}
|
||||
|
||||
@ -1085,9 +1060,8 @@ func route_account_own_edit_username(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("You need to login to edit your account.",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
pi := Page{"Edit Username",user,noticeList,tList,user.Name}
|
||||
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
|
||||
templates.ExecuteTemplate(w,"account-own-edit-username.html",pi)
|
||||
}
|
||||
|
||||
func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Request) {
|
||||
@ -1101,7 +1075,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
|
||||
}
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1114,7 +1088,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
|
||||
user.Name = new_username
|
||||
|
||||
noticeList = append(noticeList,"Your username was successfully updated")
|
||||
pi := Page{"Edit Username",user,noticeList,tList,0}
|
||||
pi := Page{"Edit Username",user,noticeList,tList,nil}
|
||||
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
|
||||
}
|
||||
|
||||
@ -1217,7 +1191,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
|
||||
|
||||
_, err = verify_email_stmt.Exec(user.Email)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1225,7 +1199,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
|
||||
if settings["activation_type"] == 2 {
|
||||
_, err = activate_user_stmt.Exec(user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
@ -1250,7 +1224,7 @@ func route_logout(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
_, err := logout_stmt.Exec(user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w,r, "/", http.StatusSeeOther)
|
||||
@ -1265,7 +1239,7 @@ func route_login(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("You're already logged in.",w,r,user)
|
||||
return
|
||||
}
|
||||
pi := Page{"Login",user,noticeList,tList,0}
|
||||
pi := Page{"Login",user,noticeList,tList,nil}
|
||||
templates.ExecuteTemplate(w,"login.html", pi)
|
||||
}
|
||||
|
||||
@ -1278,10 +1252,9 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("You're already logged in.",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
LocalError("Bad Form", w, r, user)
|
||||
LocalError("Bad Form",w,r,user)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1297,7 +1270,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("That username doesn't exist.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1313,7 +1286,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
|
||||
} else { // Normal login..
|
||||
password = password + salt
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1322,20 +1295,20 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
|
||||
LocalError("That's not the correct password.",w,r,user)
|
||||
return
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
session, err = GenerateSafeString(sessionLength)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
_, err = update_session_stmt.Exec(session, uid)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1402,7 +1375,7 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
|
||||
// Is this username already taken..?
|
||||
err = username_exists_stmt.QueryRow(username).Scan(&username)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
} else if err != sql.ErrNoRows {
|
||||
LocalError("This username isn't available. Try another.",w,r,user)
|
||||
@ -1411,19 +1384,19 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
salt, err := GenerateSafeString(saltLength)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
session, err := GenerateSafeString(sessionLength)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
password = password + salt
|
||||
hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1439,12 +1412,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
res, err := register_stmt.Exec(username,email,string(hashed_password),salt,group,session,active)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
lastId, err := res.LastInsertId()
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -1452,12 +1425,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
|
||||
if enable_emails {
|
||||
token, err := GenerateSafeString(80)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
_, err = add_email_stmt.Exec(email, lastId, 0, token)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
|
||||
package main
|
||||
import "strconv"
|
||||
import "io"
|
||||
import "strconv"
|
||||
|
||||
func init() {
|
||||
template_forum_handle = template_forum
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
|
||||
package main
|
||||
import "strconv"
|
||||
import "io"
|
||||
import "strconv"
|
||||
|
||||
func init() {
|
||||
template_profile_handle = template_profile
|
||||
|
110
user.go
110
user.go
@ -73,76 +73,57 @@ func SendValidationEmail(username string, email string, token string) bool {
|
||||
return SendEmail(email, subject, msg)
|
||||
}
|
||||
|
||||
func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
|
||||
// Are there any session cookies..?
|
||||
cookie, err := r.Cookie("uid")
|
||||
if err != nil {
|
||||
user.Group = 6
|
||||
user.Perms = GuestPerms
|
||||
return user, noticeList, true
|
||||
func SimpleForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, success bool) {
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
PreError("The target forum doesn't exist.",w,r)
|
||||
return user, false
|
||||
}
|
||||
user.ID, err = strconv.Atoi(cookie.Value)
|
||||
if err != nil {
|
||||
user.Group = 6
|
||||
user.Perms = GuestPerms
|
||||
return user, noticeList, true
|
||||
user, success = SimpleSessionCheck(w,r)
|
||||
fperms := groups[user.Group].Forums[fid]
|
||||
if fperms.Overrides && !user.Is_Super_Admin {
|
||||
user.Perms.ViewTopic = fperms.ViewTopic
|
||||
user.Perms.CreateTopic = fperms.CreateTopic
|
||||
user.Perms.EditTopic = fperms.EditTopic
|
||||
user.Perms.DeleteTopic = fperms.DeleteTopic
|
||||
user.Perms.CreateReply = fperms.CreateReply
|
||||
user.Perms.EditReply = fperms.EditReply
|
||||
user.Perms.DeleteReply = fperms.DeleteReply
|
||||
user.Perms.PinTopic = fperms.PinTopic
|
||||
user.Perms.CloseTopic = fperms.CloseTopic
|
||||
}
|
||||
cookie, err = r.Cookie("session")
|
||||
if err != nil {
|
||||
user.Group = 6
|
||||
user.Perms = GuestPerms
|
||||
return user, noticeList, true
|
||||
}
|
||||
|
||||
// Is this session valid..?
|
||||
err = get_session_stmt.QueryRow(user.ID,cookie.Value).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName, &user.Level, &user.Score, &user.Last_IP)
|
||||
if err == sql.ErrNoRows {
|
||||
user.ID = 0
|
||||
user.Session = ""
|
||||
user.Group = 6
|
||||
user.Perms = GuestPerms
|
||||
return user, noticeList, true
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
return user, success
|
||||
}
|
||||
|
||||
func ForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, noticeList []string, success bool) {
|
||||
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
|
||||
NotFound(w,r)
|
||||
return user, noticeList, false
|
||||
}
|
||||
|
||||
user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin
|
||||
user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin
|
||||
user.Is_Mod = user.Is_Super_Mod
|
||||
user.Is_Banned = groups[user.Group].Is_Banned
|
||||
user.Loggedin = !user.Is_Banned || user.Is_Super_Mod
|
||||
if user.Is_Banned && user.Is_Super_Mod {
|
||||
user.Is_Banned = false
|
||||
user, success = SimpleSessionCheck(w,r)
|
||||
fperms := groups[user.Group].Forums[fid]
|
||||
if fperms.Overrides && !user.Is_Super_Admin {
|
||||
user.Perms.ViewTopic = fperms.ViewTopic
|
||||
user.Perms.CreateTopic = fperms.CreateTopic
|
||||
user.Perms.EditTopic = fperms.EditTopic
|
||||
user.Perms.DeleteTopic = fperms.DeleteTopic
|
||||
user.Perms.CreateReply = fperms.CreateReply
|
||||
user.Perms.EditReply = fperms.EditReply
|
||||
user.Perms.DeleteReply = fperms.DeleteReply
|
||||
user.Perms.PinTopic = fperms.PinTopic
|
||||
user.Perms.CloseTopic = fperms.CloseTopic
|
||||
}
|
||||
|
||||
if user.Is_Super_Admin {
|
||||
user.Perms = AllPerms
|
||||
} else {
|
||||
user.Perms = groups[user.Group].Perms
|
||||
}
|
||||
|
||||
if user.Is_Banned {
|
||||
noticeList = append(noticeList, "Your account has been suspended. Some of your permissions may have been revoked.")
|
||||
noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
|
||||
}
|
||||
|
||||
if user.Avatar != "" {
|
||||
if user.Avatar[0] == '.' {
|
||||
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar
|
||||
}
|
||||
} else {
|
||||
user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
|
||||
return user, noticeList, success
|
||||
}
|
||||
|
||||
func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
|
||||
user, success = SimpleSessionCheck(w,r)
|
||||
if user.Is_Banned {
|
||||
noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
|
||||
}
|
||||
|
||||
host, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
if err != nil {
|
||||
LocalError("Bad IP",w,r,user)
|
||||
return user, noticeList, false
|
||||
}
|
||||
if host != user.Last_IP {
|
||||
go update_last_ip_stmt.Exec(host, user.ID)
|
||||
}
|
||||
return user, noticeList, true
|
||||
return user, noticeList, success
|
||||
}
|
||||
|
||||
func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) {
|
||||
@ -175,7 +156,7 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
|
||||
user.Perms = GuestPerms
|
||||
return user, true
|
||||
} else if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return user, false
|
||||
}
|
||||
|
||||
@ -208,10 +189,9 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
|
||||
return user, false
|
||||
}
|
||||
if host != user.Last_IP {
|
||||
//fmt.Println("Update")
|
||||
_, err = update_last_ip_stmt.Exec(host, user.ID)
|
||||
if err != nil {
|
||||
InternalError(err,w,r,user)
|
||||
InternalError(err,w,r)
|
||||
return user, false
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user