func SettingsPost(w http.ResponseWriter, r *http.Request) {
// /settings POST method handler.
// Validates the form,
db := database.GetConnection()
sessionid := cookies.GetCookieVal(r, "sessionid")
username := cookies.UsernameFromCookie(sessionid)
if username != "" {
pass, _ := database.GetPassword(db, username)
newPassword := r.FormValue("new")
repeat := r.FormValue("repeat")
oldPassword := r.FormValue("old")
if password.Authenticate(oldPassword, pass) && len(newPassword) > 5 && newPassword == repeat {
hashed := password.NewPassword(newPassword)
database.ChangePassword(db, username, hashed)
log.Printf("USER (%s) CHANGED PASSWORD\n", username)
}
}
http.Redirect(w, r, "/login", http.StatusFound)
}
func RegisterPost(w http.ResponseWriter, r *http.Request) {
// /register POST method handler.
// Validates the form,
// check's if username is availible,
// and then creates a user and redirects to
// /login .
db := database.GetConnection()
var user models.User
// Model out of form data.
user.Email = r.FormValue("email")
user.Email = strings.ToLower(user.Email)
user.Password = r.FormValue("password")
user.Firstname = r.FormValue("firstname")
if len(user.Firstname) > 0 {
user.Firstname = strings.ToUpper(user.Firstname[0:1]) + strings.ToLower(user.Firstname[1:])
}
user.Lastname = r.FormValue("lastname")
if len(user.Lastname) > 0 {
user.Lastname = strings.ToUpper(user.Lastname[0:1]) + strings.ToLower(user.Lastname[1:])
}
repeat := r.FormValue("repeat")
var old models.RegisterContext
// Model for return form.
// In case there the data wasn't valid
old.Firstname = user.Firstname
old.Lastname = user.Lastname
old.Email = user.Email
old.Flag = user.UserValidate(repeat)
if old.Flag != "" {
templates.Render(w, "register", old)
return
}
pass, _ := database.GetPassword(db, user.Email)
// Checks if user exists.
if pass != "" {
old.Flag = "Vartotojas su šiuo el. pašto adresu jau egzistuoja."
templates.Render(w, "register", old)
return
}
user.Password = password.NewPassword(user.Password)
database.CreateUser(db, &user)
// Creates a user in the db.
http.Redirect(w, r, "/login", http.StatusFound)
log.Printf("USER CREATED (%s)\n", user.Email)
}
func ForgotPost(w http.ResponseWriter, r *http.Request) {
forgotKey := r.URL.RawQuery
db := database.GetConnection()
if forgotKey == "" {
// Initial forgot submit.
email := r.FormValue("email")
pk, _ := database.GetPkAdmin(db, email)
if pk != -1 {
if !database.RecoveryExists(db, pk) {
// Send out an email.
key := utils.GenRecoveryKey()
msg := utils.Message{email,
"Slaptažodio atkūrimas",
fmt.Sprintf("Norėdami atkurti slaptažodį eikite į:\n\nhttp://futbolas.aivaras.in/forgot/?%s\n\nŠi nuoroda galios dvi dienas.", key)}
go recovery(db, msg, pk, key)
log.Printf("An email was sent to %s\n", email)
templates.Render(w, "forgot", nil)
} else {
// The recovery already exists.
templates.Render(w, "forgot", nil)
}
} else {
// User non existing.
templates.Render(w, "forgot", nil)
}
} else {
// Actual recovery.
newPassword := r.FormValue("new")
repeat := r.FormValue("repeat")
if len(newPassword) < 6 || newPassword != repeat {
// Bad password
templates.Render(w, "recover", forgotKey)
} else {
hashed := password.NewPassword(newPassword)
database.DoRecover(db, forgotKey, hashed)
http.Redirect(w, r, "/login", http.StatusFound)
log.Printf("KEY (%s) RESET PASSWORD\n", forgotKey)
}
}
}