From de7c862a42f50307f40266127415a73c90ca73e4 Mon Sep 17 00:00:00 2001
From: jan <jan@ruken.pw>
Date: Sat, 20 Feb 2016 22:03:08 +0100
Subject: user settings speichern


diff --git a/charakterin.go b/charakterin.go
index 67ee40d..ff3d5c6 100644
--- a/charakterin.go
+++ b/charakterin.go
@@ -208,6 +208,78 @@ func (c *Charakterin) DisplayRegistrationWithData(w http.ResponseWriter, r *http
 	c.renderer.RenderRegistrationPage(w, data)
 }
 
+// SaveUser handlet die neuen Benutzerdaten und speichert sie
+func (c *Charakterin) SaveUserRoute(w http.ResponseWriter, r *http.Request) {
+	user, err := c.GetUserFromRequest(r)
+	if err != nil {
+		http.Error(w, "403", http.StatusForbidden)
+		return
+	}
+
+	values, err := readBody(r)
+	if err != nil {
+		http.Error(w, "400", http.StatusBadRequest)
+		return
+	}
+
+	displayName := values.Get("display_name")
+	curPass := values.Get("current_password")
+	newPass := values.Get("new_password")
+
+	if len(curPass) > 0 && len(newPass) > 0 {
+		var success bool
+		err = c.Database.QueryRow("SELECT login.compare_passwords($1, $2)", user.Password, curPass).Scan(&success)
+		if err != nil {
+			http.Error(w, "500", http.StatusInternalServerError)
+			log.Println(err)
+			return
+		}
+
+		if !success {
+			http.Error(w, "Ungueltiges Passwort.", 400)
+			return
+		}
+
+		res, err := c.Database.Exec("UPDATE login.users SET password = login.hash_password($1) WHERE id = $2", newPass, user.ID)
+		if err != nil {
+			http.Error(w, "500", http.StatusInternalServerError)
+			log.Println(err)
+			return
+		}
+
+		if n, _ := res.RowsAffected(); n == 0 {
+			log.Println("could not change password, no rows affected")
+		}
+	}
+
+	curDsp, err := user.DisplayName.Value()
+	if len(displayName) > 0 || err == nil {
+		var res sql.Result
+		if err == nil && displayName == curDsp {
+			http.Error(w, "name unchanged", 400)
+			return
+		}
+
+		if len(displayName) == 0 || displayName == user.Name {
+			res, err = c.Database.Exec("UPDATE login.users SET display_name = NULL WHERE id = $1", user.ID)
+		} else {
+			res, err = c.Database.Exec("UPDATE login.users SET display_name = $1 WHERE id = $2", displayName, user.ID)
+		}
+		if err != nil {
+			http.Error(w, "500", http.StatusInternalServerError)
+			log.Println(err)
+			return
+		}
+
+		if n, _ := res.RowsAffected(); n == 0 {
+			log.Println("could not change display name, no rows affected")
+		}
+	}
+
+	w.WriteHeader(200)
+	w.Write([]byte("1"))
+}
+
 // DisplayRegistration zeigt die Route für die Registration an, wenn der User nicht bereits eingeloggt ist.
 func (c *Charakterin) DisplayRegistration(w http.ResponseWriter, r *http.Request) {
 	c.DisplayRegistrationWithData(w, r, make(map[string]interface{}))
-- 
cgit v0.10.1