diff options
-rw-r--r-- | charakterin.go | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/charakterin.go b/charakterin.go index 67ee40d..ff3d5c6 100644 --- a/charakterin.go +++ b/charakterin.go | |||
@@ -208,6 +208,78 @@ func (c *Charakterin) DisplayRegistrationWithData(w http.ResponseWriter, r *http | |||
208 | c.renderer.RenderRegistrationPage(w, data) | 208 | c.renderer.RenderRegistrationPage(w, data) |
209 | } | 209 | } |
210 | 210 | ||
211 | // SaveUser handlet die neuen Benutzerdaten und speichert sie | ||
212 | func (c *Charakterin) SaveUserRoute(w http.ResponseWriter, r *http.Request) { | ||
213 | user, err := c.GetUserFromRequest(r) | ||
214 | if err != nil { | ||
215 | http.Error(w, "403", http.StatusForbidden) | ||
216 | return | ||
217 | } | ||
218 | |||
219 | values, err := readBody(r) | ||
220 | if err != nil { | ||
221 | http.Error(w, "400", http.StatusBadRequest) | ||
222 | return | ||
223 | } | ||
224 | |||
225 | displayName := values.Get("display_name") | ||
226 | curPass := values.Get("current_password") | ||
227 | newPass := values.Get("new_password") | ||
228 | |||
229 | if len(curPass) > 0 && len(newPass) > 0 { | ||
230 | var success bool | ||
231 | err = c.Database.QueryRow("SELECT login.compare_passwords($1, $2)", user.Password, curPass).Scan(&success) | ||
232 | if err != nil { | ||
233 | http.Error(w, "500", http.StatusInternalServerError) | ||
234 | log.Println(err) | ||
235 | return | ||
236 | } | ||
237 | |||
238 | if !success { | ||
239 | http.Error(w, "Ungueltiges Passwort.", 400) | ||
240 | return | ||
241 | } | ||
242 | |||
243 | res, err := c.Database.Exec("UPDATE login.users SET password = login.hash_password($1) WHERE id = $2", newPass, user.ID) | ||
244 | if err != nil { | ||
245 | http.Error(w, "500", http.StatusInternalServerError) | ||
246 | log.Println(err) | ||
247 | return | ||
248 | } | ||
249 | |||
250 | if n, _ := res.RowsAffected(); n == 0 { | ||
251 | log.Println("could not change password, no rows affected") | ||
252 | } | ||
253 | } | ||
254 | |||
255 | curDsp, err := user.DisplayName.Value() | ||
256 | if len(displayName) > 0 || err == nil { | ||
257 | var res sql.Result | ||
258 | if err == nil && displayName == curDsp { | ||
259 | http.Error(w, "name unchanged", 400) | ||
260 | return | ||
261 | } | ||
262 | |||
263 | if len(displayName) == 0 || displayName == user.Name { | ||
264 | res, err = c.Database.Exec("UPDATE login.users SET display_name = NULL WHERE id = $1", user.ID) | ||
265 | } else { | ||
266 | res, err = c.Database.Exec("UPDATE login.users SET display_name = $1 WHERE id = $2", displayName, user.ID) | ||
267 | } | ||
268 | if err != nil { | ||
269 | http.Error(w, "500", http.StatusInternalServerError) | ||
270 | log.Println(err) | ||
271 | return | ||
272 | } | ||
273 | |||
274 | if n, _ := res.RowsAffected(); n == 0 { | ||
275 | log.Println("could not change display name, no rows affected") | ||
276 | } | ||
277 | } | ||
278 | |||
279 | w.WriteHeader(200) | ||
280 | w.Write([]byte("1")) | ||
281 | } | ||
282 | |||
211 | // DisplayRegistration zeigt die Route für die Registration an, wenn der User nicht bereits eingeloggt ist. | 283 | // DisplayRegistration zeigt die Route für die Registration an, wenn der User nicht bereits eingeloggt ist. |
212 | func (c *Charakterin) DisplayRegistration(w http.ResponseWriter, r *http.Request) { | 284 | func (c *Charakterin) DisplayRegistration(w http.ResponseWriter, r *http.Request) { |
213 | c.DisplayRegistrationWithData(w, r, make(map[string]interface{})) | 285 | c.DisplayRegistrationWithData(w, r, make(map[string]interface{})) |