コード例 #1
0
func (this *RegistrationController) Register(login, password, email, role string) (result string, regId int) {
	result = "ok"
	salt := strconv.Itoa(int(time.Now().Unix()))
	pass := utils.GetMD5Hash(password + salt)

	passHasInvalidChars := false
	for i := 0; i < len(password); i++ {
		if strconv.IsPrint(rune(password[i])) == false {
			passHasInvalidChars = true
			break
		}
	}

	if db.IsExists("users", []string{"login"}, []interface{}{login}) == true {
		result = "loginExists"

	} else if !utils.MatchRegexp("^[a-zA-Z0-9]{2,36}$", login) {
		result = "badLogin"

	} else if !utils.MatchRegexp("^.{6,36}$", password) || passHasInvalidChars {
		result = "badPassword"

		// } else if bad email {

	} else {
		token := utils.GetRandSeq(HASH_SIZE)

		if !mailer.SendConfirmEmail(login, email, token) {
			return "badEmail", -1
		}

		var userId int
		this.GetModel("users").
			LoadModelData(map[string]interface{}{
				"login":   login,
				"pass":    pass,
				"salt":    salt,
				"role":    role,
				"token":   token,
				"enabled": false}).
			QueryInsert("RETURNING id").
			Scan(&userId)

		var faceId int
		this.GetModel("faces").
			LoadModelData(map[string]interface{}{"user_id": userId}).
			QueryInsert("RETURNING id").
			Scan(&faceId)

		this.GetModel("registrations").
			LoadModelData(map[string]interface{}{"face_id": faceId, "event_id": 1, "status": false}).
			QueryInsert("RETURNING id").
			Scan(&regId)

		return result, regId
	}

	return result, -1
}
コード例 #2
0
func (this *RegistrationController) InsertUserParams(userId, regId int, data []interface{}) (err error) {
	var paramValueIds []string

	date := time.Now().Format("2006-01-02T15:04:05Z00:00")

	for _, element := range data {
		paramId, err := strconv.Atoi(element.(map[string]interface{})["id"].(string))
		if err != nil {
			continue
		}

		if paramId == 1 || paramId == 2 || paramId == 3 {
			continue
		}

		query := `SELECT params.name, params.required, params.editable
            FROM params
            WHERE params.id = $1;`
		result := db.Query(query, []interface{}{paramId})

		name := result[0].(map[string]interface{})["name"].(string)
		required := result[0].(map[string]interface{})["required"].(bool)
		editable := result[0].(map[string]interface{})["editable"].(bool)
		value := element.(map[string]interface{})["value"].(string)

		if required && utils.MatchRegexp("^[ \t\v\r\n\f]{0,}$", value) {
			db.QueryDeleteByIds("param_vals", strings.Join(paramValueIds, ", "))
			db.QueryDeleteByIds("registrations", strconv.Itoa(regId))

			return errors.New("Заполните параметр '" + name + "'.")
		}

		if !editable {
			value = " "
		}

		var paramValId int
		err = this.GetModel("param_values").
			LoadModelData(map[string]interface{}{
				"param_id": paramId,
				"value":    value,
				"date":     date,
				"user_id":  userId,
				"reg_id":   regId}).
			QueryInsert("RETURNING id").
			Scan(&paramValId)
		if err, ok := err.(*pq.Error); ok {
			log.Println(err.Code.Name())
		}

		paramValueIds = append(paramValueIds, strconv.Itoa(paramValId))
	}

	return nil
}
コード例 #3
0
ファイル: blank_controller.go プロジェクト: FooBarrior/orc
//-----------------------------------------------------------------------------
func (this *BlankController) EditParams() {
	userId, err := this.CheckSid()
	if err != nil {
		http.Redirect(this.Response, this.Request, "/", http.StatusUnauthorized)
		return
	}

	request, err := utils.ParseJS(this.Request, this.Response)
	if err != nil {
		utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)
		return
	}

	date := time.Now().Format("2006-01-02T15:04:05Z00:00")

	for _, v := range request["data"].([]interface{}) {
		paramValId, err := strconv.Atoi(v.(map[string]interface{})["param_val_id"].(string))
		if err != nil {
			utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)
			return
		}

		query := `SELECT params.name, params.required, params.editable
            FROM params
            INNER JOIN param_values ON param_values.param_id = params.id
            WHERE param_values.id = $1;`
		result := db.Query(query, []interface{}{paramValId})

		name := result[0].(map[string]interface{})["name"].(string)
		required := result[0].(map[string]interface{})["required"].(bool)
		editable := result[0].(map[string]interface{})["editable"].(bool)
		value := v.(map[string]interface{})["value"].(string)

		if required && utils.MatchRegexp("^[ \t\v\r\n\f]{0,}$", value) {
			utils.SendJSReply(map[string]interface{}{"result": "Заполните параметр '" + name + "'"}, this.Response)
			return
		}

		if !this.isAdmin() && !editable {
			continue
		}

		if value == "" {
			value = " "
		}

		params := map[string]interface{}{"value": value, "date": date, "user_id": userId}
		where := map[string]interface{}{"id": paramValId}
		this.GetModel("param_values").Update(this.isAdmin(), userId, params, where)
	}

	utils.SendJSReply(map[string]interface{}{"result": "Изменения сохранены"}, this.Response)
}
コード例 #4
0
ファイル: user_controller.go プロジェクト: FooBarrior/orc
func (this *UserController) ResetPassword() {
	userId, err := this.CheckSid()
	if err != nil {
		http.Redirect(this.Response, this.Request, "/", http.StatusUnauthorized)
		return
	}

	request, err := utils.ParseJS(this.Request, this.Response)
	if err != nil {
		utils.SendJSReply(err.Error(), this.Response)
		return
	}

	pass := request["pass"].(string)
	if !utils.MatchRegexp("^.{6,36}$", pass) {
		utils.SendJSReply(map[string]interface{}{"result": "badPassword"}, this.Response)
		return
	}

	var id int
	if request["id"] == nil {
		id = userId

	} else {
		id, err = strconv.Atoi(request["id"].(string))
		if utils.HandleErr("[UserController::ResetPassword] strconv.Atoi: ", err, this.Response) {
			utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)
			return
		}
	}

	var enabled bool
	salt := strconv.Itoa(int(time.Now().Unix()))
	where := map[string]interface{}{"id": id}

	user := this.GetModel("users")
	user.LoadWherePart(where).
		SelectRow([]string{"enabled"}).
		Scan(&enabled)

	params := map[string]interface{}{"enabled": enabled, "salt": salt, "pass": utils.GetMD5Hash(pass + salt)}
	user.Update(this.isAdmin(), id, params, where)

	utils.SendJSReply(map[string]interface{}{"result": "ok"}, this.Response)
}
コード例 #5
0
func (this *RegistrationController) EventRegisterAction() {
	var result string
	var regId int

	data, err := utils.ParseJS(this.Request, this.Response)
	if err != nil {
		utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)

		return
	}

	eventId := int(data["event_id"].(float64))

	if eventId == 1 && sessions.CheckSession(this.Response, this.Request) {
		utils.SendJSReply(map[string]interface{}{"result": "authorized"}, this.Response)

		return
	}

	if sessions.CheckSession(this.Response, this.Request) {
		userId, err := this.CheckSid()
		if err != nil {
			utils.SendJSReply(map[string]interface{}{"result": "Unauthorized"}, this.Response)

			return
		}

		var faceId int
		query := `SELECT faces.id FROM faces
            INNER JOIN registrations ON registrations.face_id = faces.id
            INNER JOIN events ON events.id = registrations.event_id
            INNER JOIN users ON users.id = faces.user_id
            WHERE users.id = $1 AND events.id = 1;`
		err = db.QueryRow(query, []interface{}{userId}).Scan(&faceId)

		if err != nil {
			utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)

			return
		}

		this.GetModel("registrations").
			LoadModelData(map[string]interface{}{"face_id": faceId, "event_id": eventId, "status": false}).
			QueryInsert("RETURNING id").
			Scan(&regId)

		if err = this.InsertUserParams(userId, regId, data["data"].([]interface{})); err != nil {
			utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)

			return
		}

	} else if eventId == 1 {
		userLogin, userPass, email, flag := "", "", "", 0

		for _, element := range data["data"].([]interface{}) {
			paramId, err := strconv.Atoi(element.(map[string]interface{})["id"].(string))
			if err != nil {
				continue
			}

			value := element.(map[string]interface{})["value"].(string)

			if paramId == 1 {
				if utils.MatchRegexp("^[ \t\v\r\n\f]{0,}$", value) {
					utils.SendJSReply(map[string]interface{}{"result": "Заполните параметр 'Логин'."}, this.Response)

					return
				}
				userLogin = value
				flag += 1
				continue

			} else if paramId == 2 || paramId == 3 {
				if utils.MatchRegexp("^[ \t\v\r\n\f]{0,}$", value) {
					utils.SendJSReply(map[string]interface{}{"result": "Заполните параметр 'Пароль/Подтвердите пароль'."}, this.Response)

					return
				}
				userPass = value
				flag += 1
				continue

			} else if paramId == 4 {
				if utils.MatchRegexp("^[ \t\v\r\n\f]{0,}$", value) {
					utils.SendJSReply(map[string]interface{}{"result": "Заполните параметр 'Email'."}, this.Response)

					return
				}
				email = value
				flag += 1
				continue

			} else if flag > 3 {
				break
			}
		}

		result, regId = this.Register(userLogin, userPass, email, "user")
		if result != "ok" && regId == -1 {
			utils.SendJSReply(map[string]interface{}{"result": result}, this.Response)

			return
		}

		query := `SELECT users.id
            FROM users
            INNER JOIN faces ON faces.user_id = users.id
            INNER JOIN registrations ON registrations.face_id = faces.id
            WHERE registrations.id = $1;`
		userId := db.Query(query, []interface{}{regId})[0].(map[string]interface{})["id"].(int)

		err = this.InsertUserParams(userId, regId, data["data"].([]interface{}))
		if err != nil {
			db.QueryDeleteByIds("users", strconv.Itoa(userId))
			utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)

			return
		}

	} else {
		utils.SendJSReply(map[string]interface{}{"result": "Unauthorized"}, this.Response)

		return
	}

	utils.SendJSReply(map[string]interface{}{"result": "ok"}, this.Response)
}
コード例 #6
0
ファイル: group_controller.go プロジェクト: FooBarrior/orc
func (this *GroupController) AddPerson() {
	userId, err := this.CheckSid()
	if err != nil {
		utils.SendJSReply(map[string]interface{}{"result": "Unauthorized"}, this.Response)
		return
	}

	request, err := utils.ParseJS(this.Request, this.Response)
	if err != nil {
		utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)
		return
	}

	groupId, err := strconv.Atoi(request["group_id"].(string))
	if err != nil {
		utils.SendJSReply(map[string]interface{}{"result": err.Error()}, this.Response)
		return
	}

	var groupName string
	db.QueryRow("SELECT name FROM groups WHERE id = $1;", []interface{}{groupId}).Scan(&groupName)

	date := time.Now().Format("2006-01-02T15:04:05Z00:00")
	token := utils.GetRandSeq(HASH_SIZE)
	to, address, headName := "", "", ""

	query := `SELECT param_values.value
        FROM param_values
        INNER JOIN registrations ON registrations.id = param_values.reg_id
        INNER JOIN params ON params.id = param_values.param_id
        INNER JOIN events ON events.id = registrations.event_id
        INNER JOIN faces ON faces.id = registrations.face_id
        INNER JOIN users ON users.id = faces.user_id
        WHERE params.id in (5, 6, 7) AND users.id = $1 AND events.id = 1 ORDER BY params.id;`
	data := db.Query(query, []interface{}{userId})

	if len(data) < 3 {
		utils.SendJSReply(map[string]interface{}{"result": "Данные о руководителе группы отсутсвуют"}, this.Response)
		return

	} else {
		headName = data[0].(map[string]interface{})["value"].(string)
		headName += " " + data[1].(map[string]interface{})["value"].(string)
		headName += " " + data[2].(map[string]interface{})["value"].(string)
	}

	var faceId int
	this.GetModel("faces").QueryInsert("RETURNING id").Scan(&faceId)

	this.GetModel("persons").
		LoadModelData(map[string]interface{}{"face_id": faceId, "group_id": groupId, "status": false, "token": token}).
		QueryInsert("").
		Scan()

	var regId int
	this.GetModel("registrations").
		LoadModelData(map[string]interface{}{"face_id": faceId, "event_id": 1, "status": false}).
		QueryInsert("RETURNING id").
		Scan(&regId)

	var paramValueIds []string

	for _, element := range request["data"].([]interface{}) {
		paramId, err := strconv.Atoi(element.(map[string]interface{})["id"].(string))
		if err != nil {
			log.Println(err.Error())
			continue
		}

		query := `SELECT params.name FROM params WHERE params.id = $1;`
		res := db.Query(query, []interface{}{paramId})

		name := res[0].(map[string]interface{})["name"].(string)
		value := element.(map[string]interface{})["value"].(string)

		if utils.MatchRegexp("^[ \t\v\r\n\f]{0,}$", value) {
			db.QueryDeleteByIds("param_vals", strings.Join(paramValueIds, ", "))
			db.QueryDeleteByIds("registrations", strconv.Itoa(regId))
			db.QueryDeleteByIds("faces", strconv.Itoa(faceId))
			utils.SendJSReply(map[string]interface{}{"result": "Заполните параметр '" + name + "'."}, this.Response)
			return
		}

		var paramValId int
		paramValues := this.GetModel("param_values")
		err = paramValues.LoadModelData(map[string]interface{}{
			"param_id": paramId,
			"value":    value,
			"date":     date,
			"user_id":  userId,
			"reg_id":   regId}).
			QueryInsert("RETURNING id").
			Scan(&paramValId)
		if err, ok := err.(*pq.Error); ok {
			log.Println(err.Code.Name())
		}

		paramValueIds = append(paramValueIds, strconv.Itoa(paramValId))

		if paramId == 4 {
			address = value
		} else if paramId == 5 || paramId == 6 || paramId == 7 {
			to += value + " "
		}
	}

	if !mailer.InviteToGroup(to, address, token, headName, groupName) {
		utils.SendJSReply(
			map[string]interface{}{
				"result": "Вы указали неправильный email, отправить письмо-приглашенине невозможно"},
			this.Response)
		return
	}

	utils.SendJSReply(map[string]interface{}{"result": "ok"}, this.Response)
}