func ChangePasswordToken(w http.ResponseWriter, req *http.Request, ctx *models.Context) error {
go models.RemoveOldPasswordTokens()
// should not be logged in
if ctx.User != nil {
ctx.Session.AddFlash(models.F(models.SUCCESS, trans("You can change password normally!", ctx)))
http.Redirect(w, req, reverse("index"), http.StatusSeeOther)
return nil
}
uuid := req.URL.Query().Get(":uuid")
if uuid == "" {
return perform_status(w, req, http.StatusForbidden)
}
pt := &models.PasswordToken{}
if err := ctx.C(PT).FindId(uuid).One(&pt); err != nil {
ctx.Session.AddFlash(models.F(models.SUCCESS, trans("Password token expired!", ctx)))
http.Redirect(w, req, reverse("index"), http.StatusSeeOther)
return nil
}
if req.FormValue("csrf_token") != ctx.Session.Values["csrf_token"] {
return perform_status(w, req, http.StatusForbidden)
}
new_pass := req.FormValue("password1")
if len(new_pass) < 5 {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Passwords too short (5 chars or more)", ctx)))
return ChangePasswordForm(w, req, ctx)
}
vfy_pass := req.FormValue("password2")
if new_pass != vfy_pass {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Password did not match", ctx)))
return ChangePasswordForm(w, req, ctx)
}
hpass, err := models.EncryptPassword(new_pass)
if err != nil {
return internal_error(w, req, err.Error())
}
// set new password to database
if err := ctx.C(U).UpdateId(pt.User, bson.M{"$set": bson.M{"password": hpass}}); err != nil {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Problem changing password:"******"user"] = pt.User
// delete password token
if err := ctx.C(PT).RemoveId(pt.Uuid); err != nil {
models.Log("error deleting password token: ", err.Error())
}
ctx.Session.AddFlash(models.F(models.SUCCESS, trans("Password changed succesfully!", ctx)))
http.Redirect(w, req, reverse("index"), http.StatusSeeOther)
return nil
}
func ChangePassword(w http.ResponseWriter, req *http.Request, ctx *models.Context) error {
if ctx.User == nil {
http.Redirect(w, req, reverse("login"), http.StatusSeeOther)
return nil
}
if req.FormValue("csrf_token") != ctx.Session.Values["csrf_token"] {
return perform_status(w, req, http.StatusForbidden)
}
old_pass := req.FormValue("password")
u := models.User{}
if err := ctx.C(U).Find(bson.M{"email": ctx.User.Email}).One(&u); err != nil {
return perform_status(w, req, http.StatusNotFound)
}
if len(u.Password) > 0 { // if the account was not created with social auth
err := bcrypt.CompareHashAndPassword(u.Password, []byte(old_pass))
if err != nil {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Invalid Old Password", ctx)))
return ChangePasswordForm(w, req, ctx)
}
}
new_pass := req.FormValue("password1")
if len(new_pass) < 5 {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Passwords too short (5 chars or more)", ctx)))
return ChangePasswordForm(w, req, ctx)
}
vfy_pass := req.FormValue("password2")
if new_pass != vfy_pass {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Password did not match", ctx)))
return ChangePasswordForm(w, req, ctx)
}
hpass, err := models.EncryptPassword(new_pass)
if err != nil {
return internal_error(w, req, err.Error())
}
// set new password to database
if err := ctx.C(U).UpdateId(ctx.User.Id, bson.M{"$set": bson.M{"password": hpass}}); err != nil {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Problem changing password:"******"Password changed succesfully!", ctx)))
http.Redirect(w, req, reverse("index"), http.StatusSeeOther)
return nil
}
func Register(w http.ResponseWriter, req *http.Request, ctx *models.Context) error {
if ctx.User != nil {
http.Redirect(w, req, reverse("logout"), http.StatusSeeOther)
return nil
}
if req.FormValue("csrf_token") != ctx.Session.Values["csrf_token"] {
return perform_status(w, req, http.StatusForbidden)
}
ctx.Data["title"] = "Register"
r := (&models.UserForm).Load(req)
ctx.Data["result"] = r
if len(r.Errors) != 0 {
return RegisterForm(w, req, ctx)
}
u := r.Value.(map[string]interface{})
password1 := u["password1"].(string)
if len(password1) < 5 {
r.Errors["password1"] = errors.New("Passwords too short (5 chars or more)")
}
password2 := u["password2"].(string)
if password2 != password1 {
r.Errors["password2"] = errors.New("Passwords do not match")
}
gender := u["gender"].(string)
if gender != "m" && gender != "f" {
r.Errors["gender"] = errors.New("Please select Male or Female")
}
now := time.Now()
oldest := time.Date(now.Year()-120, 1, 1, 0, 0, 0, 0, time.UTC)
bDate := u["birthdate"].(time.Time)
if bDate.Before(oldest) || bDate.After(now) {
r.Errors["birthdate"] = errors.New("Invalid birth date")
}
if len(r.Errors) != 0 {
return RegisterForm(w, req, ctx)
}
if r.Err != nil {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Problem registering user:"******"captchaId"), req.FormValue("captchaSolution")) {
ctx.Session.AddFlash(models.F(models.ERROR, trans("The control numbers do not match!", ctx)))
return RegisterForm(w, req, ctx)
}
pass, err := models.EncryptPassword(u["password1"].(string))
if err != nil {
return internal_error(w, req, err.Error()) // bcrypt errors on invalid costs
}
u["password"] = pass
delete(u, "password1")
delete(u, "password2")
u["_id"] = bson.NewObjectId()
u["avatar"] = gravatar.UrlSize(u["email"].(string), 80)
if err := ctx.C("users").Insert(u); err != nil {
ctx.Session.AddFlash(models.F(models.ERROR, trans("Problem registering user:"******"user"] = u["_id"]
ctx.Session.AddFlash(models.F(models.SUCCESS, trans("Welcome to lov3ly.me!", ctx)))
http.Redirect(w, req, reverse("index"), http.StatusSeeOther)
return nil
}