Add account control panel

2017-07-18 13:40:48 +01:00 · 2017-07-18 13:40:48 +01:00 · cdab16e9db
parent d3c977a5f3
commit cdab16e9db
4 changed files with 193 additions and 0 deletions
--- a/lib/cyberman/Account.pm
+++ b/lib/cyberman/Account.pm
@ -2,4 +2,114 @@ package cyberman::Account;
 use Dancer2 appname => "cyberman";
 use Dancer2::Plugin::Database;

+use cyberman::Helper;
+
+get '/account' => sub {
+  return auth_test() if auth_test();
+
+  my $user = database->quick_select(
+    "user",
+    {
+      "id" => vars->{"auth"},
+    },
+  );
+
+  template 'account' => {
+    "user" => $user,
+  };
+};
+
+post '/account' => sub {
+  return auth_test() if auth_test();
+
+  my %errs;
+  my $new_pass = 0;
+
+  my $user = database->quick_select (
+    "user",
+    {
+      "id" => vars->{"auth"},
+    }
+  );
+
+  if (!param("email")) {
+    $errs{"e_no_email"} = 1;
+  }
+
+  if (param("password") || param("npassword") || param("npassword2")) {
+    $new_pass = 1;
+
+    my ($o_hash, $o_salt) = hash_password(param("password"), $user->{"salt"});
+    if ($o_hash ne $user->{"password"}) {
+      $errs{"e_wrong_pass"} = 1;
+    }
+
+    if (param "npassword" ne param "npassword2") {
+      $errs{"e_pass_mismatch"} = 1;
+    } elsif (length(param "npassword") < 8) {
+      $errs{"e_pass_len"} = 1;
+    }
+  }
+
+  if (scalar(keys %errs) != 0) {
+    return template 'account' => {
+      "user" => $user,
+      error => 1,
+      %errs,
+    };
+  }
+
+  if (param("email") ne $user->{"email"}) {
+
+    # TODO: verify email address here
+
+    database->quick_update (
+      "user",
+      {
+        "id" => vars->{"auth"},
+      },
+      {
+        "email" => param "email",
+      },
+    );
+  }
+
+  if ($new_pass) {
+    my ($hash, $salt) = hash_password(param "npassword");
+    database->quick_update (
+      "user",
+      {
+        "id" => vars->{"auth"},
+      },
+      {
+        "password" => $hash,
+        "salt" => $salt,
+      },
+    );
+
+    database->quick_delete (
+      "session",
+      {
+        "uid" => vars->{"auth"},
+      },
+    );
+
+    return template 'redir' => {
+      "redir" => "login?pwchange=1",
+    };
+  }
+
+  $user = database->quick_select (
+    "user",
+    {
+      "id" => vars->{"auth"},
+    },
+  );
+
+  template 'account' => {
+    updated => 1,
+    user => $user,
+  };
+};
+
 true;
--- a/views/account.tt
+++ b/views/account.tt
@ -0,0 +1,75 @@
+<center>
+  <br />
+  <h1>Your Account</h1>
+  <br />
+  <% IF updated %>
+  <div class="msgBox">
+    Your account details were updated successfully.
+  </div>
+  <br /><br />
+  <% END %>
+</center>
+
+<% IF error %>
+<div style="text-align:center">
+  <div class="msgBox" style="text-align:left">
+    There were some problems with your submission:
+    <br />
+    <ul>
+      <% IF e_no_email %>
+      <li>You need too enter a valid email address.</li>
+      <% END %>
+      <% IF e_wrong_pass %>
+      <li>The password you entered is incorrect.</li>
+      <% END %>
+      <% IF e_pass_mismatch %>
+      <li>The two passwords you entered do not match.</li>
+      <% END %>
+      <% IF e_pass_len %>
+      <li>Your password must be at least 8 characters long.</li>
+      <% END %>
+    </ul>
+  </div>
+</div>
+<% END %>
+
+<div class="body">
+  <form method="POST">
+    <table class="domains">
+      <tr>
+        <td>
+          <label for="email">Email address:</label>
+        </td>
+        <td>
+          <input type="email" name="email" id="email" value="<% user.email | html_entity %>" />
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <label for="password">Old password:</label>
+        </td>
+        <td>
+          <input type="password" name="password" id="password" />
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <label for="npassword">New password:</label>
+        </td>
+        <td>
+          <input type="password" name="npassword" id="npassword" />
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <label for="npassword2">New password (confirm):</label>
+        </td>
+        <td>
+          <input type="password" name="npassword2" id="npassword2" />
+        </td>
+      </tr>
+    </table>
+    <br />
+    [&nbsp;<button class="textButton" action="submit">update</button>&nbsp;]
+  </form>
+</div>
--- a/views/layouts/main.tt
+++ b/views/layouts/main.tt
@ -18,6 +18,7 @@
        </span>
        <span style="float:right;">
          <form action="/logout" method="POST">
+            [&nbsp;<a href="/account" class="bracketButton">account</a>&nbsp;]
            [&nbsp;<button class="textButton" action="submit">log&nbsp;out</button>&nbsp;]
          </form>
        </span>
--- a/views/login.tt
+++ b/views/login.tt
@ -10,6 +10,13 @@
  <br /><br />
  <% END %>
  
+  <% IF params.pwchange %>
+  <div class="msgBox">
+    Your password has been changed and all browsers logged out. Please log in again here.
+  </div>
+  <br /><br />
+  <% END %>
+
  <% IF error %>
  <div class="msgBox">
    <% IF e_no_user %>