diff options
Diffstat (limited to 'charakterin.go')
| -rw-r--r-- | charakterin.go | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/charakterin.go b/charakterin.go index 67ee40d..ff3d5c6 100644 --- a/charakterin.go +++ b/charakterin.go | |||
| @@ -208,6 +208,78 @@ func (c *Charakterin) DisplayRegistrationWithData(w http.ResponseWriter, r *http | |||
| 208 | c.renderer.RenderRegistrationPage(w, data) | 208 | c.renderer.RenderRegistrationPage(w, data) |
| 209 | } | 209 | } |
| 210 | 210 | ||
| 211 | // SaveUser handlet die neuen Benutzerdaten und speichert sie | ||
| 212 | func (c *Charakterin) SaveUserRoute(w http.ResponseWriter, r *http.Request) { | ||
| 213 | user, err := c.GetUserFromRequest(r) | ||
| 214 | if err != nil { | ||
| 215 | http.Error(w, "403", http.StatusForbidden) | ||
| 216 | return | ||
| 217 | } | ||
| 218 | |||
| 219 | values, err := readBody(r) | ||
| 220 | if err != nil { | ||
| 221 | http.Error(w, "400", http.StatusBadRequest) | ||
| 222 | return | ||
| 223 | } | ||
| 224 | |||
| 225 | displayName := values.Get("display_name") | ||
| 226 | curPass := values.Get("current_password") | ||
| 227 | newPass := values.Get("new_password") | ||
| 228 | |||
| 229 | if len(curPass) > 0 && len(newPass) > 0 { | ||
| 230 | var success bool | ||
| 231 | err = c.Database.QueryRow("SELECT login.compare_passwords($1, $2)", user.Password, curPass).Scan(&success) | ||
| 232 | if err != nil { | ||
| 233 | http.Error(w, "500", http.StatusInternalServerError) | ||
| 234 | log.Println(err) | ||
| 235 | return | ||
| 236 | } | ||
| 237 | |||
| 238 | if !success { | ||
| 239 | http.Error(w, "Ungueltiges Passwort.", 400) | ||
| 240 | return | ||
| 241 | } | ||
| 242 | |||
| 243 | res, err := c.Database.Exec("UPDATE login.users SET password = login.hash_password($1) WHERE id = $2", newPass, user.ID) | ||
| 244 | if err != nil { | ||
| 245 | http.Error(w, "500", http.StatusInternalServerError) | ||
| 246 | log.Println(err) | ||
| 247 | return | ||
| 248 | } | ||
| 249 | |||
| 250 | if n, _ := res.RowsAffected(); n == 0 { | ||
| 251 | log.Println("could not change password, no rows affected") | ||
| 252 | } | ||
| 253 | } | ||
| 254 | |||
| 255 | curDsp, err := user.DisplayName.Value() | ||
| 256 | if len(displayName) > 0 || err == nil { | ||
| 257 | var res sql.Result | ||
| 258 | if err == nil && displayName == curDsp { | ||
| 259 | http.Error(w, "name unchanged", 400) | ||
| 260 | return | ||
| 261 | } | ||
| 262 | |||
| 263 | if len(displayName) == 0 || displayName == user.Name { | ||
| 264 | res, err = c.Database.Exec("UPDATE login.users SET display_name = NULL WHERE id = $1", user.ID) | ||
| 265 | } else { | ||
| 266 | res, err = c.Database.Exec("UPDATE login.users SET display_name = $1 WHERE id = $2", displayName, user.ID) | ||
| 267 | } | ||
| 268 | if err != nil { | ||
| 269 | http.Error(w, "500", http.StatusInternalServerError) | ||
| 270 | log.Println(err) | ||
| 271 | return | ||
| 272 | } | ||
| 273 | |||
| 274 | if n, _ := res.RowsAffected(); n == 0 { | ||
| 275 | log.Println("could not change display name, no rows affected") | ||
| 276 | } | ||
| 277 | } | ||
| 278 | |||
| 279 | w.WriteHeader(200) | ||
| 280 | w.Write([]byte("1")) | ||
| 281 | } | ||
| 282 | |||
| 211 | // DisplayRegistration zeigt die Route für die Registration an, wenn der User nicht bereits eingeloggt ist. | 283 | // DisplayRegistration zeigt die Route für die Registration an, wenn der User nicht bereits eingeloggt ist. |
| 212 | func (c *Charakterin) DisplayRegistration(w http.ResponseWriter, r *http.Request) { | 284 | func (c *Charakterin) DisplayRegistration(w http.ResponseWriter, r *http.Request) { |
| 213 | c.DisplayRegistrationWithData(w, r, make(map[string]interface{})) | 285 | c.DisplayRegistrationWithData(w, r, make(map[string]interface{})) |