func CharacterEditorPost(ctx *web.Context, val string) string { if util.SignedIn(ctx) { char := NewCharacter() char.Owner = util.ReadUsername(ctx) char.ID = ctx.Params["CharacterID"] char.Game = ctx.Params["Game"] char.Name = ctx.Params["Name"] char.World = ctx.Params["World"] char.Alligiance = ctx.Params["Alligiance"] char.Bio = ctx.Params["Bio"] if db, err := util.GetDB(); err == nil { blog := util.NewBlogData() db.Retrieve("BlogData_"+char.Owner, &blog) dummy := NewCharacter() rev, err := db.Retrieve(char.ID, &dummy) if err == nil { if dummy.Owner != char.Owner { return util.MessagePage("You are not authorized to edit this charater.", ctx) } char.Rev = rev db.Edit(&char) return util.MessagePage("Character updated.", ctx) } else { char.ID = "Character_" + strconv.Itoa(blog.CharacterIndex) + "_" + char.Owner db.Insert(&char) blog.CharacterIndex++ blog.Characters = append(blog.Characters, char.ID) db.Edit(&blog) return util.MessagePage("Character created.", ctx) } } } return util.MessagePage("Operation failed, try again later.", ctx) }
//The HTTP post method for editing posts. func PostEditPost(ctx *web.Context, val string) string { db, err := util.GetDB() if err != nil { return util.FileNotFound } post := NewPost() post.ID = ctx.Params["PostID"] newPost := post.ID == "NewPost" if !newPost { db.Retrieve(post.ID, &post) } pleaseSignIn := "You must sign in to post." username := "" //authenticate the user if userkey, ok := util.ReadUserKey(ctx); !ok { //is the user signed in? return util.MessagePage(pleaseSignIn, ctx) } else if username = util.GetUserKey(userkey); username == "" { return util.MessagePage(pleaseSignIn, ctx) } else if post.ID != "NewPost" { //if it is not a new post, make sure the user has the right to edit it db.Retrieve(post.ID, &post) if ok && post.Owner != username { return util.MessagePage("You do not have permission to edit this post.", ctx) } } //save the post post.Title = ctx.Params["Title"] post.Author = ctx.Params["Author"] post.Content = ctx.Params["Content"] post.Owner = username if newPost { //manage the BlogData blogData := util.NewBlogData() db.Retrieve("BlogData_"+username, &blogData) blogData.PostIndex++ post.ID = "Post_" + strconv.Itoa(blogData.PostIndex) + "_" + username blogData.Posts = append(blogData.Posts, post.ID) db.Edit(&blogData) db.Insert(&post) } else { db.Edit(&post) } return util.MessagePage("Post saved.", ctx) }
func SigninPost(ctx *web.Context, val string) string { username := ctx.Params["Username"] password := ctx.Params["Password"] user := NewUser() if db, err := util.GetDB(); err == nil { if _, err = db.Retrieve("User_"+username, &user); err == nil { if string(util.PasswordHash(password, user.Password.Version).Hash) == string(user.Password.Hash) { num := rand.Int63() key := username + "_" + strconv.Itoa64(num) util.SetUserKey(key, username) ctx.SetSecureCookie("UserKey", key, 6000000) return util.MessagePage("You are now signed in.", ctx) } return util.MessagePage("Invalid username and password combination.", ctx) } return util.MessagePage("Error: Username may not exist.", ctx) } return util.MessagePage("Could not access the database.", ctx) }
func AddCharacterPost(ctx *web.Context, val string) string { game, ok := ctx.Params["Game"] if ok { if !util.SignedIn(ctx) { return util.MessagePage("Please sign in.", ctx) } file, err := util.LoadTemplate("Add"+game+"Character", "CharacterEditor.html", ctx) if err == nil { file = strings.Replace(file, "{{Game}}", game, -1) file = strings.Replace(file, "{{CharacterID}}", "", -1) file = strings.Replace(file, "{{Name}}", "", -1) file = strings.Replace(file, "{{World}}", "", -1) file = strings.Replace(file, "{{Alligiance}}", "", -1) file = strings.Replace(file, "{{Bio}}", "", -1) return file } } return util.MessagePage("Operation failed, try again later.", ctx) }
//The HTTP get method for getting the page for editing posts. func GetEditPost(ctx *web.Context, val string) string { db, err := util.GetDB() if err != nil { return util.FileNotFound } post := NewPost() postID, ok := ctx.Params["PostID"] var newPost bool if ok && postID != "NewPost" { db.Retrieve(postID, &post) if userKey, ok := util.ReadUserKey(ctx); !(ok && util.GetUserKey(userKey) == post.Owner) { return util.MessagePage("You do not have permission to edit this post.", ctx) } newPost = false } else { postID = "NewPost" newPost = true } if file, err := util.LoadTemplate("", "EditPost.html", ctx); err == nil { if newPost { file = strings.Replace(file, "{{Message}}", "<h3>Writing New Post</h3>", 1) } else { file = strings.Replace(file, "{{Message}}", "<h3>Editing Existing Post</h3>", 1) } file = strings.Replace(file, "{{PostID}}", postID, 1) file = strings.Replace(file, "{{Title}}", post.Title, 1) file = strings.Replace(file, "{{Author}}", post.Author, 1) file = strings.Replace(file, "{{Content}}", post.Content, 1) authors := "" defaultAuthor := post.Author if defaultAuthor != "" { char := char.NewCharacter() db.Retrieve(defaultAuthor, &char) authors += "\t\t<option value=\"" + defaultAuthor + "\">" + char.Name + " (" + char.Game + " - " + char.World + ")</option>\n" } authors += "\t\t<option value=\"\">Me</option>\n" blog := util.NewBlogData() db.Retrieve("BlogData_"+util.ReadUsername(ctx), &blog) for i := 0; i < len(blog.Characters); i++ { if blog.Characters[i] != defaultAuthor { char := char.NewCharacter() db.Retrieve(blog.Characters[i], &char) authors += "\t\t<option value=\"" + blog.Characters[i] + "\">" + char.Name + " (" + char.Game + " - " + char.World + ")</option>\n" } } file = strings.Replace(file, "{{AuthorOptions}}", authors, 1) return file } return util.FileNotFound }
func get(ctx *web.Context, val string) string { switch val { case "Account.html": return users.AccountManagementGet(ctx, val) case "Character.html": return char.ViewCharacterGet(ctx, val) case "EditCharacter.html": return char.EditCharacterGet(ctx, val) case "EditPost.html": return posts.GetEditPost(ctx, val) case "", "index.html", "index.htm": db, err := util.GetDB() if err != nil { return util.MessagePage("Cannot access database.", ctx) } data, err := util.LoadTemplate("", "index.html", ctx) if err != nil { break } list := "" if users, err := db.QueryIds("_design/users/_view/all", nil); err == nil { list = "<ul>\n" size := len(users) for i := 0; i < size; i++ { user := strings.SplitAfter(users[i], "User_", 2)[1] list += "\t<il><a href=\"" + "view?user="******"\">" + user + "</a></il><br>\n" } list += "</ul>" } data = strings.Replace(data, "{{UserList}}", list, -1) if postList, err := db.QueryIds("_design/posts/_view/all", nil); err == nil { list = "<ul>\n" start := 10 if start >= len(postList) { start = len(postList) - 1 } for i := start; i > -1; i-- { var post posts.Post _, err := db.Retrieve(postList[i], &post) if err == nil { list += "\t<il>" + post.HTML(ctx) + "</il><br>\n" } } list += "</ul>" } data = strings.Replace(data, "{{Posts}}", list, -1) return data case "signout.html": if value, ok := util.ReadUserKey(ctx); ok { ctx.SetSecureCookie("UserKey", value, -6000000) util.DeleteUserKey(value) } if username, ok := util.ReadCookie("Username", ctx); ok { ctx.SetSecureCookie("Username", username, -6000000) } return util.MessagePage("You're signed out.", ctx) break case "signin.html": if util.SignedIn(ctx) { return util.MessagePage("You're already signed in.", ctx) } retval, err := util.LoadTemplate("", val, ctx) if err != nil { break } return retval case "view/", "view": return posts.ViewPost(ctx, val) default: if strings.HasSuffix(val, ".html") { retval, err := util.LoadTemplate("", val, ctx) if err != nil { break } return retval } retval, err := util.LoadFile(val) if err != nil { break } if strings.HasSuffix(val, ".html") { } else if strings.HasSuffix(val, ".wgt") { topbar, _ := util.TopBar(ctx) retval = strings.Replace(retval, "{{TopBar}}", topbar, -1) } return retval } return util.FileNotFound }