func activate(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) { outdata := &msgTpldata{Title: "Activate Account", Class: "error"} req.ParseForm() _userid := req.FormValue("U") code := req.FormValue("Code") if (_userid == "") || (code == "") { outdata.Msg = "User or code invalid. Check, if the activation link was correctly copied from the mail." return outdata, nil } userid, err := db.ParseDBID(_userid) if err != nil { outdata.Msg = "User or code invalid. Check, if the activation link was correctly copied from the mail." return outdata, nil } switch user, err = dbcon.UserByID(userid); err { case nil: case model.NotFound: outdata.Msg = "User not found." return outdata, nil default: log.Printf("Error while getting user by ID <%s>: %s", userid, err) outdata.Msg = "An unknown error occurred while loading user data." return outdata, nil } if user.ActivationCode() != code { outdata.Msg = "Wrong activation code." return outdata, nil } if err := user.SetActivationCode(""); err != nil { log.Printf("Error while resetting activation code: %s", err) outdata.Msg = "An unknown error occurred while activating the user." return outdata, nil } if err := user.SetActive(true); err != nil { log.Printf("Error while resetting activation code: %s", err) outdata.Msg = "An unknown error occurred while activating the user." return outdata, nil } outdata.Class = "success" outdata.Msg = "Account activated!" return outdata, nil }
func pwreset(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) { if err := req.ParseForm(); err != nil { return &pwresetTpldata{Error: "Form data corrupted."}, user } code := req.FormValue("Code") _uid := req.FormValue("U") pw1 := req.FormValue("Password") pw2 := req.FormValue("PasswordAgain") if code == "" { return &pwresetTpldata{Error: "Wrong password reset code"}, user } uid, err := db.ParseDBID(_uid) if err != nil { return &pwresetTpldata{Error: "Invalid user ID"}, user } if user, err = dbcon.UserByID(uid); err != nil { return &pwresetTpldata{Error: "User not found"}, user } if user.ActivationCode() != code { return &pwresetTpldata{Error: "Wrong activation code"}, user } outdata := &pwresetTpldata{UID: _uid, Code: code} if req.Method != "POST" { return outdata, user } if pw1 == "" { outdata.Error = "Password must not be empty." return outdata, user } if pw1 != pw2 { outdata.Error = "Passwords are not identical." return outdata, user } hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost) if err != nil { log.Printf("Could not has password: %s", err) outdata.Error = "Could not save password." return outdata, user } if err := user.SetPWHash(hash); err != nil { log.Printf("Error while hashing password: %s", err) outdata.Error = "Could not save password." return outdata, user } if err := user.SetActivationCode(""); err != nil { log.Printf("Error resetting acCode: %s", err) } outdata.Success = "Password was changed" return outdata, user }