func SettingsPost(w http.ResponseWriter, r *http.Request) { // /settings POST method handler. // Validates the form, db := database.GetConnection() sessionid := cookies.GetCookieVal(r, "sessionid") username := cookies.UsernameFromCookie(sessionid) if username != "" { pass, _ := database.GetPassword(db, username) newPassword := r.FormValue("new") repeat := r.FormValue("repeat") oldPassword := r.FormValue("old") if password.Authenticate(oldPassword, pass) && len(newPassword) > 5 && newPassword == repeat { hashed := password.NewPassword(newPassword) database.ChangePassword(db, username, hashed) log.Printf("USER (%s) CHANGED PASSWORD\n", username) } } http.Redirect(w, r, "/login", http.StatusFound) }
func HomeGet(w http.ResponseWriter, r *http.Request) { // / handler for GET method request. // Renders a page only for users with valid sessionid cookie. // All the rest are redirected to /login . db := database.GetConnection() sessionid := cookies.GetCookieVal(r, "sessionid") username := cookies.UsernameFromCookie(sessionid) tablesize := cookies.GetCookieVal(r, "tablesize") pk, is_admin := database.GetPkAdmin(db, username) if username == "" || pk == -1 { // Gorilla failed to decode it. // Or user is not in the db. http.Redirect(w, r, "/login/", http.StatusFound) } else if is_admin { // Admin needs to be redirected to // administration site. http.Redirect(w, r, "/admin/", http.StatusFound) } else { // Render home. if tablesize == "small" { drawSmall(w, db, pk) } else { drawFull(w, db, pk) } } }
func GuessesGet(w http.ResponseWriter, r *http.Request) { // /guesses handler for GET method request. // Renders a page only for users with valid sessionid cookie. // All the rest are redirected to /login . db := database.GetConnection() sessionid := cookies.GetCookieVal(r, "sessionid") username := cookies.UsernameFromCookie(sessionid) pk, is_admin := database.GetPkAdmin(db, username) if username == "" || pk == -1 { // Gorilla failed to decode it. // Or encoded username does not exist in db. http.Redirect(w, r, "/login/", http.StatusFound) } else if is_admin { http.Redirect(w, r, "/admin/", http.StatusFound) } else { // Fetches users guesses from the db and gets data for // result submit dropbox. var F models.GuessContext F.OpenGames = database.GamesList(db, "open") F.Guesses = database.UsersGuesses(db, pk) F.Error = false templates.Render(w, "guesses", F) } }
func LoginPost(w http.ResponseWriter, r *http.Request) { // /login handler for POST request. // Tries to validate user. // If email / password is OK, // new sessionid cookie is set and user is redirected to / . db := database.GetConnection() username := r.FormValue("username") username = strings.ToLower(username) pass := r.FormValue("password") remember := r.FormValue("remember") == "1" hashed, _ := database.GetPassword(db, username) if password.Authenticate(pass, hashed) { // Valid password. sessionid := cookies.GenerateSessionId(username) cookies.SetSessionId(w, sessionid, remember) http.Redirect(w, r, "/", http.StatusFound) log.Printf("LOGGED IN (%s)\n", username) } else { context := loginContext{username, config.Config.Register, true} templates.Render(w, "login", context) } }
func AutoGameClose() { db := database.GetConnection() toClose := database.GamesToClose(db) if len(toClose) > 0 { for _, pk := range toClose { database.CloseGame(db, pk) log.Printf("AUTO CLOSED %s\n", pk) } } }
func GuessesPost(w http.ResponseWriter, r *http.Request) { // /guesses POST method. // Checks if user trying to submit is in valid. db := database.GetConnection() sessionid := cookies.GetCookieVal(r, "sessionid") username := cookies.UsernameFromCookie(sessionid) var guess models.Guess guess.Userpk, _ = database.GetPkAdmin(db, username) var F models.GuessContext F.OpenGames = database.GamesList(db, "open") F.Guesses = database.UsersGuesses(db, guess.Userpk) F.Error = false if username == "" || guess.Userpk < 0 { // Gorilla failed to decode it. http.Redirect(w, r, "/login/", http.StatusFound) } else { var nr int var err error //Extract data from request and check if form is valid. if utils.ExtractResult(r.FormValue("result_2"), &guess.Result1, &guess.Result2) || utils.ExtractResult(r.FormValue("result_1"), &guess.Result1, &guess.Result2) { if guess.Result1 < 0 || guess.Result2 < 0 { F.Error = true } } else { nr, err = fmt.Sscanf(r.FormValue("result_1"), "%d", &guess.Result1) if nr != 1 || err != nil || guess.Result1 < 0 { F.Error = true } nr, err = fmt.Sscanf(r.FormValue("result_2"), "%d", &guess.Result2) if nr != 1 || err != nil || guess.Result2 < 0 { F.Error = true } } nr, err = fmt.Sscanf(r.FormValue("game-id"), "%d", &guess.Gamepk) if nr != 1 || err != nil { F.Error = true } if F.Error { templates.Render(w, "guesses", F) } else { // Submit a guess. database.GiveResult(db, &guess) http.Redirect(w, r, "/guesses/", http.StatusFound) log.Printf("GUESS BY (%d). GAME (%d)\n", guess.Userpk, guess.Gamepk) } } }
func RegisterPost(w http.ResponseWriter, r *http.Request) { // /register POST method handler. // Validates the form, // check's if username is availible, // and then creates a user and redirects to // /login . db := database.GetConnection() var user models.User // Model out of form data. user.Email = r.FormValue("email") user.Email = strings.ToLower(user.Email) user.Password = r.FormValue("password") user.Firstname = r.FormValue("firstname") if len(user.Firstname) > 0 { user.Firstname = strings.ToUpper(user.Firstname[0:1]) + strings.ToLower(user.Firstname[1:]) } user.Lastname = r.FormValue("lastname") if len(user.Lastname) > 0 { user.Lastname = strings.ToUpper(user.Lastname[0:1]) + strings.ToLower(user.Lastname[1:]) } repeat := r.FormValue("repeat") var old models.RegisterContext // Model for return form. // In case there the data wasn't valid old.Firstname = user.Firstname old.Lastname = user.Lastname old.Email = user.Email old.Flag = user.UserValidate(repeat) if old.Flag != "" { templates.Render(w, "register", old) return } pass, _ := database.GetPassword(db, user.Email) // Checks if user exists. if pass != "" { old.Flag = "Vartotojas su šiuo el. pašto adresu jau egzistuoja." templates.Render(w, "register", old) return } user.Password = password.NewPassword(user.Password) database.CreateUser(db, &user) // Creates a user in the db. http.Redirect(w, r, "/login", http.StatusFound) log.Printf("USER CREATED (%s)\n", user.Email) }
func ForgotGet(w http.ResponseWriter, r *http.Request) { forgotKey := r.URL.RawQuery db := database.GetConnection() if forgotKey == "" { // A simple GET for the form. templates.Render(w, "forgot", nil) } else if database.CheckRecovery(db, forgotKey) { // Render recover page. templates.Render(w, "recover", forgotKey) } else { // Redirect to login. http.Redirect(w, r, "/login/", http.StatusFound) } }
func AdminGet(w http.ResponseWriter, r *http.Request) { // /admin GET method handler. // Just render's the form. db := database.GetConnection() sessionid := cookies.GetCookieVal(r, "sessionid") username := cookies.UsernameFromCookie(sessionid) _, is_admin := database.GetPassword(db, username) if !is_admin { http.Redirect(w, r, "/login/", http.StatusFound) } else { var F models.AdminContext F.OpenGames = database.GamesList(db, "open") F.NotFinish = database.GamesList(db, "finish") templates.Render(w, "admin", F) } }
func ForgotPost(w http.ResponseWriter, r *http.Request) { forgotKey := r.URL.RawQuery db := database.GetConnection() if forgotKey == "" { // Initial forgot submit. email := r.FormValue("email") pk, _ := database.GetPkAdmin(db, email) if pk != -1 { if !database.RecoveryExists(db, pk) { // Send out an email. key := utils.GenRecoveryKey() msg := utils.Message{email, "Slaptažodio atkūrimas", fmt.Sprintf("Norėdami atkurti slaptažodį eikite į:\n\nhttp://futbolas.aivaras.in/forgot/?%s\n\nŠi nuoroda galios dvi dienas.", key)} go recovery(db, msg, pk, key) log.Printf("An email was sent to %s\n", email) templates.Render(w, "forgot", nil) } else { // The recovery already exists. templates.Render(w, "forgot", nil) } } else { // User non existing. templates.Render(w, "forgot", nil) } } else { // Actual recovery. newPassword := r.FormValue("new") repeat := r.FormValue("repeat") if len(newPassword) < 6 || newPassword != repeat { // Bad password templates.Render(w, "recover", forgotKey) } else { hashed := password.NewPassword(newPassword) database.DoRecover(db, forgotKey, hashed) http.Redirect(w, r, "/login", http.StatusFound) log.Printf("KEY (%s) RESET PASSWORD\n", forgotKey) } } }
func AdminPost(w http.ResponseWriter, r *http.Request) { // /admin POST method handler. db := database.GetConnection() sessionid := cookies.GetCookieVal(r, "sessionid") username := cookies.UsernameFromCookie(sessionid) _, is_admin := database.GetPassword(db, username) option := r.FormValue("sending") // Each html form has a hidden input which // is sent only when a specific form is submited. var F models.AdminContext F.CloseF = false F.EndF = false if is_admin { switch option { case "addGame": // Creating a game and sending it into db. var game models.Game var err error game.Team1 = r.FormValue("team1") game.Team2 = r.FormValue("team2") game.Starts, err = time.Parse("2006-01-02 15:04", r.FormValue("starts")) // Need to parse a string from request. if err != nil || !utils.HasShortName(game.Team1) || !utils.HasShortName(game.Team2) { // Checks if teams names are valid. http.Redirect(w, r, "/error", http.StatusFound) } else { database.CreateGame(db, &game) http.Redirect(w, r, "/admin", http.StatusFound) log.Printf("GAME [%s - %s] ADDED\n", game.Team1, game.Team2) } break case "close": // Closes a game. Nothing to check. pk := r.FormValue("close-game-id") database.CloseGame(db, pk) http.Redirect(w, r, "/admin", http.StatusFound) log.Printf("GAME (%s) CLOSED\n", pk) break case "rollback": confirm := r.FormValue("confirm") == "1" if confirm { database.RollBack(db) } http.Redirect(w, r, "/admin", http.StatusFound) break case "end": // Finishes a game. t1 := r.FormValue("team1") t2 := r.FormValue("team2") pk := r.FormValue("finish-game-id") n1, er1 := strconv.Atoi(t1) n2, er2 := strconv.Atoi(t2) intPk, er3 := strconv.Atoi(pk) if er1 != nil || er2 != nil || er3 != nil { // Checks form data. http.Redirect(w, r, "/error", http.StatusFound) } else { database.FinishGame(db, pk, n1, n2) database.CalcPoints(db, intPk, n1, n2) http.Redirect(w, r, "/admin", http.StatusFound) log.Printf("GAME (%s) FINISHED\n", pk) } break } } else { // Not an admin tried subminting data. http.Redirect(w, r, "/login/", http.StatusFound) } }