func settings(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) { if user == nil { return &settingsTpldata{Error: "You need to be logged in to do that.", Fatal: true}, nil } outdata := &settingsTpldata{Timezones: make(map[string]bool)} tznow := user.Location().String() for _, tz := range timeLocs { outdata.Timezones[tz] = (tz == tznow) } if req.Method != "POST" { return outdata, user } if err := req.ParseForm(); err != nil { outdata.Error = "Could not parse form" return outdata, user } switch req.FormValue("M") { case "setpasswd": if req.FormValue("Password") == "" { outdata.Error = "Password must not be empty." return outdata, user } if req.FormValue("Password") != req.FormValue("RepeatPassword") { outdata.Error = "Passwords must be equal." return outdata, user } hash, err := bcrypt.GenerateFromPassword([]byte(req.FormValue("Password")), bcrypt.DefaultCost) if err != nil { log.Printf("Error hashing password: %s", err) outdata.Error = "Error while saving password." return outdata.Error, user } if err := user.SetPWHash(hash); err != nil { log.Printf("Error setting pwhash: %s", err) outdata.Error = "Could not save new password." } else { outdata.Success = "Password changed" } case "settimezone": loc, err := time.LoadLocation(req.FormValue("Timezone")) if err != nil { outdata.Error = "Unknown Timezone" return outdata, user } if err := user.SetLocation(loc); err != nil { log.Printf("Error setting location: %s", err) outdata.Error = "Could not save new timezone." } else { outdata.Success = "New timezone saved." } } return outdata, user }
func pwreset(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) { if err := req.ParseForm(); err != nil { return &pwresetTpldata{Error: "Form data corrupted."}, user } code := req.FormValue("Code") _uid := req.FormValue("U") pw1 := req.FormValue("Password") pw2 := req.FormValue("PasswordAgain") if code == "" { return &pwresetTpldata{Error: "Wrong password reset code"}, user } uid, err := db.ParseDBID(_uid) if err != nil { return &pwresetTpldata{Error: "Invalid user ID"}, user } if user, err = dbcon.UserByID(uid); err != nil { return &pwresetTpldata{Error: "User not found"}, user } if user.ActivationCode() != code { return &pwresetTpldata{Error: "Wrong activation code"}, user } outdata := &pwresetTpldata{UID: _uid, Code: code} if req.Method != "POST" { return outdata, user } if pw1 == "" { outdata.Error = "Password must not be empty." return outdata, user } if pw1 != pw2 { outdata.Error = "Passwords are not identical." return outdata, user } hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost) if err != nil { log.Printf("Could not has password: %s", err) outdata.Error = "Could not save password." return outdata, user } if err := user.SetPWHash(hash); err != nil { log.Printf("Error while hashing password: %s", err) outdata.Error = "Could not save password." return outdata, user } if err := user.SetActivationCode(""); err != nil { log.Printf("Error resetting acCode: %s", err) } outdata.Success = "Password was changed" return outdata, user }