2016-12-02 07:38:54 +00:00
package main
2016-12-07 09:34:09 +00:00
import "strings"
2016-12-02 07:38:54 +00:00
import "strconv"
import "net/http"
import "golang.org/x/crypto/bcrypt"
import "database/sql"
import _ "github.com/go-sql-driver/mysql"
type User struct
{
ID int
Name string
2016-12-23 12:35:22 +00:00
Email string
2016-12-02 07:38:54 +00:00
Group int
2016-12-13 02:14:14 +00:00
Active bool
2016-12-07 13:46:14 +00:00
Is_Mod bool
Is_Super_Mod bool
2016-12-02 07:38:54 +00:00
Is_Admin bool
2016-12-02 08:07:56 +00:00
Is_Super_Admin bool
2016-12-04 10:44:28 +00:00
Is_Banned bool
2016-12-21 02:30:32 +00:00
Perms Perms
2016-12-02 07:38:54 +00:00
Session string
Loggedin bool
2016-12-02 15:03:31 +00:00
Avatar string
2016-12-09 13:46:29 +00:00
Message string
URLPrefix string
URLName string
2016-12-13 02:14:14 +00:00
Tag string
2016-12-02 07:38:54 +00:00
}
2017-01-03 07:47:31 +00:00
type Email struct
{
UserID int
Email string
Validated bool
Primary bool
Token string
}
2016-12-02 07:38:54 +00:00
func SetPassword ( uid int , password string ) ( error ) {
salt , err := GenerateSafeString ( saltLength )
if err != nil {
return err
}
password = password + salt
hashed_password , err := bcrypt . GenerateFromPassword ( [ ] byte ( password ) , bcrypt . DefaultCost )
if err != nil {
return err
}
_ , err = set_password_stmt . Exec ( string ( hashed_password ) , salt , uid )
if err != nil {
return err
}
return nil
}
2017-01-03 07:47:31 +00:00
func SendValidationEmail ( username string , email string , token string ) bool {
var schema string
if enable_ssl {
schema = "s"
}
subject := "Validate Your Email @ " + site_name
msg := "Dear " + username + ", following your registration on our forums, we ask you to validate your email, so that we can confirm that this email actually belongs to you.\nClick on the following link to do so. http" + schema + "://" + site_url + "/user/edit/token/" + token + "\nIf you haven't created an account here, then please feel free to ignore this email.\nWe're sorry for the inconvenience this may have caused."
return SendEmail ( email , subject , msg )
}
2016-12-16 10:37:42 +00:00
func SessionCheck ( w http . ResponseWriter , r * http . Request ) ( user User , noticeList map [ int ] string , success bool ) {
2016-12-18 12:56:06 +00:00
noticeList = make ( map [ int ] string )
2016-12-16 10:37:42 +00:00
// Are there any session cookies..?
// Assign it to user.name to avoid having to create a temporary variable for the type conversion
cookie , err := r . Cookie ( "uid" )
if err != nil {
2016-12-21 02:30:32 +00:00
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , noticeList , true
}
user . Name = cookie . Value
user . ID , err = strconv . Atoi ( user . Name )
if err != nil {
2016-12-21 02:30:32 +00:00
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , noticeList , true
}
cookie , err = r . Cookie ( "session" )
if err != nil {
2016-12-21 02:30:32 +00:00
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , noticeList , true
}
user . Session = cookie . Value
// Is this session valid..?
2017-01-03 07:47:31 +00:00
err = get_session_stmt . QueryRow ( user . ID , user . Session ) . Scan ( & user . ID , & user . Name , & user . Group , & user . Is_Super_Admin , & user . Session , & user . Email , & user . Avatar , & user . Message , & user . URLPrefix , & user . URLName )
2016-12-16 10:37:42 +00:00
if err == sql . ErrNoRows {
2016-12-23 12:35:22 +00:00
user . ID = 0
user . Session = ""
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , noticeList , true
} else if err != nil {
InternalError ( err , w , r , user )
return user , noticeList , false
}
user . Is_Admin = user . Is_Super_Admin || groups [ user . Group ] . Is_Admin
user . Is_Super_Mod = groups [ user . Group ] . Is_Mod || user . Is_Admin
user . Is_Mod = user . Is_Super_Mod
user . Is_Banned = groups [ user . Group ] . Is_Banned
user . Loggedin = ! user . Is_Banned || user . Is_Super_Mod
if user . Is_Banned && user . Is_Super_Mod {
user . Is_Banned = false
}
2016-12-21 02:30:32 +00:00
if user . Is_Super_Admin {
user . Perms = AllPerms
} else {
user . Perms = groups [ user . Group ] . Perms
}
2016-12-16 10:37:42 +00:00
if user . Is_Banned {
2016-12-18 12:56:06 +00:00
noticeList [ 0 ] = "Your account has been suspended. Some of your permissions may have been revoked."
2016-12-16 10:37:42 +00:00
}
2016-12-02 07:38:54 +00:00
2016-12-16 10:37:42 +00:00
if user . Avatar != "" {
if user . Avatar [ 0 ] == '.' {
user . Avatar = "/uploads/avatar_" + strconv . Itoa ( user . ID ) + user . Avatar
}
} else {
user . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( user . ID ) , 1 )
}
return user , noticeList , true
}
func SimpleSessionCheck ( w http . ResponseWriter , r * http . Request ) ( user User , success bool ) {
2016-12-02 07:38:54 +00:00
// Are there any session cookies..?
// Assign it to user.name to avoid having to create a temporary variable for the type conversion
2016-12-16 10:37:42 +00:00
cookie , err := r . Cookie ( "uid" )
2016-12-02 07:38:54 +00:00
if err != nil {
2016-12-21 02:30:32 +00:00
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , true
2016-12-02 07:38:54 +00:00
}
user . Name = cookie . Value
user . ID , err = strconv . Atoi ( user . Name )
if err != nil {
2016-12-21 02:30:32 +00:00
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , true
2016-12-02 07:38:54 +00:00
}
cookie , err = r . Cookie ( "session" )
if err != nil {
2016-12-21 02:30:32 +00:00
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , true
2016-12-02 07:38:54 +00:00
}
user . Session = cookie . Value
// Is this session valid..?
2017-01-05 14:41:14 +00:00
err = get_session_stmt . QueryRow ( user . ID , user . Session ) . Scan ( & user . ID , & user . Name , & user . Group , & user . Is_Super_Admin , & user . Session , & user . Email , & user . Avatar , & user . Message , & user . URLPrefix , & user . URLName )
2016-12-02 07:38:54 +00:00
if err == sql . ErrNoRows {
2016-12-23 12:35:22 +00:00
user . ID = 0
user . Session = ""
user . Perms = GuestPerms
2016-12-16 10:37:42 +00:00
return user , true
2016-12-02 07:38:54 +00:00
} else if err != nil {
2016-12-16 10:37:42 +00:00
InternalError ( err , w , r , user )
return user , false
2016-12-02 07:38:54 +00:00
}
2016-12-08 14:11:18 +00:00
2016-12-07 13:46:14 +00:00
user . Is_Admin = user . Is_Super_Admin || groups [ user . Group ] . Is_Admin
user . Is_Super_Mod = groups [ user . Group ] . Is_Mod || user . Is_Admin
user . Is_Mod = user . Is_Super_Mod
2016-12-04 10:44:28 +00:00
user . Is_Banned = groups [ user . Group ] . Is_Banned
2016-12-09 13:46:29 +00:00
user . Loggedin = ! user . Is_Banned || user . Is_Super_Mod
2016-12-08 14:11:18 +00:00
if user . Is_Banned && user . Is_Super_Mod {
user . Is_Banned = false
}
2016-12-21 02:30:32 +00:00
if user . Is_Super_Admin {
user . Perms = AllPerms
} else {
user . Perms = groups [ user . Group ] . Perms
}
2016-12-07 09:34:09 +00:00
if user . Avatar != "" {
if user . Avatar [ 0 ] == '.' {
user . Avatar = "/uploads/avatar_" + strconv . Itoa ( user . ID ) + user . Avatar
}
} else {
user . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( user . ID ) , 1 )
2016-12-02 15:03:31 +00:00
}
2016-12-16 10:37:42 +00:00
return user , true
2016-12-02 07:38:54 +00:00
}