2016-12-11 16:06:17 +00:00
/* Copyright Azareal 2016 - 2017 */
2016-12-02 07:38:54 +00:00
package main
import "log"
2017-01-26 13:37:50 +00:00
//import "fmt"
2016-12-02 07:38:54 +00:00
import "strconv"
import "bytes"
2016-12-02 15:03:31 +00:00
import "regexp"
import "strings"
2016-12-05 07:21:17 +00:00
import "time"
2016-12-02 15:03:31 +00:00
import "io"
import "os"
2017-01-17 07:55:46 +00:00
import "net"
2016-12-02 07:38:54 +00:00
import "net/http"
import "html"
2016-12-03 04:50:35 +00:00
import "html/template"
2016-12-02 07:38:54 +00:00
import "database/sql"
import _ "github.com/go-sql-driver/mysql"
import "golang.org/x/crypto/bcrypt"
// A blank list to fill out that parameter in Page for routes which don't use it
2016-12-18 12:56:06 +00:00
var tList [ ] interface { }
2017-01-17 07:55:46 +00:00
var nList [ ] string
2016-12-02 07:38:54 +00:00
// GET functions
2016-12-05 07:21:17 +00:00
func route_static ( w http . ResponseWriter , r * http . Request ) {
//name := r.URL.Path[len("/static/"):]
2017-01-01 15:45:43 +00:00
//log.Print("Outputting static file '" + r.URL.Path + "'")
file , ok := static_files [ r . URL . Path ]
if ! ok {
w . WriteHeader ( http . StatusNotFound )
return
}
// Surely, there's a more efficient way of doing this?
if t , err := time . Parse ( http . TimeFormat , r . Header . Get ( "If-Modified-Since" ) ) ; err == nil && file . Info . ModTime ( ) . Before ( t . Add ( 1 * time . Second ) ) {
2016-12-05 07:21:17 +00:00
w . WriteHeader ( http . StatusNotModified )
return
}
h := w . Header ( )
2017-01-01 15:45:43 +00:00
h . Set ( "Last-Modified" , file . FormattedModTime )
h . Set ( "Content-Type" , file . Mimetype )
h . Set ( "Content-Length" , strconv . FormatInt ( file . Length , 10 ) ) // Avoid doing a type conversion every time?
//http.ServeContent(w,r,r.URL.Path,file.Info.ModTime(),file)
//w.Write(file.Data)
io . Copy ( w , bytes . NewReader ( file . Data ) ) // Use w.Write instead?
//io.CopyN(w, bytes.NewReader(file.Data), static_files[r.URL.Path].Length)
2016-12-05 07:21:17 +00:00
}
2017-01-17 07:55:46 +00:00
/ * func route_exit ( w http . ResponseWriter , r * http . Request ) {
db . Close ( )
os . Exit ( 0 )
} * /
2016-12-05 07:21:17 +00:00
func route_fstatic ( w http . ResponseWriter , r * http . Request ) {
2017-01-31 05:13:38 +00:00
http . ServeFile ( w , r , r . URL . Path )
2016-12-05 07:21:17 +00:00
}
2016-12-02 07:38:54 +00:00
func route_overview ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Overview" , user , noticeList , tList , nil }
2017-02-04 06:19:55 +00:00
err := templates . ExecuteTemplate ( w , "overview.html" , pi )
2016-12-02 07:38:54 +00:00
if err != nil {
2017-01-31 05:13:38 +00:00
InternalError ( err , w , r , user )
2016-12-02 07:38:54 +00:00
}
}
func route_custom_page ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
2016-12-09 13:46:29 +00:00
name := r . URL . Path [ len ( "/pages/" ) : ]
2016-12-16 10:37:42 +00:00
if templates . Lookup ( "page_" + name ) == nil {
2016-12-13 02:14:14 +00:00
NotFound ( w , r , user )
2017-01-17 07:55:46 +00:00
return
2016-12-13 02:14:14 +00:00
}
2017-02-04 06:19:55 +00:00
err := templates . ExecuteTemplate ( w , "page_" + name , Page { "Page" , user , noticeList , tList , nil } )
2016-12-08 14:11:18 +00:00
if err != nil {
2017-01-31 05:13:38 +00:00
InternalError ( err , w , r , user )
2016-12-02 07:38:54 +00:00
}
}
func route_topics ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2017-01-01 15:45:43 +00:00
var topicList [ ] TopicUser
2016-12-23 12:35:22 +00:00
rows , err := get_topic_list_stmt . Query ( )
2016-12-02 07:38:54 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-01 15:45:43 +00:00
topicItem := TopicUser { ID : 0 , }
2016-12-02 07:38:54 +00:00
for rows . Next ( ) {
2017-01-01 15:45:43 +00:00
err := rows . Scan ( & topicItem . ID , & topicItem . Title , & topicItem . Content , & topicItem . CreatedBy , & topicItem . Is_Closed , & topicItem . Sticky , & topicItem . CreatedAt , & topicItem . ParentID , & topicItem . CreatedByName , & topicItem . Avatar )
2016-12-02 07:38:54 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-01 15:45:43 +00:00
if topicItem . Avatar != "" {
if topicItem . Avatar [ 0 ] == '.' {
topicItem . Avatar = "/uploads/avatar_" + strconv . Itoa ( topicItem . CreatedBy ) + topicItem . Avatar
2016-12-07 09:34:09 +00:00
}
} else {
2017-01-01 15:45:43 +00:00
topicItem . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( topicItem . CreatedBy ) , 1 )
2016-12-03 08:09:40 +00:00
}
2016-12-11 16:06:17 +00:00
if hooks [ "trow_assign" ] != nil {
2016-12-21 02:30:32 +00:00
topicItem = run_hook ( "trow_assign" , topicItem ) . ( TopicUser )
2016-12-11 16:06:17 +00:00
}
2016-12-21 02:30:32 +00:00
topicList = append ( topicList , topicItem )
2016-12-02 07:38:54 +00:00
}
err = rows . Err ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-17 07:55:46 +00:00
rows . Close ( )
2016-12-07 13:46:14 +00:00
2017-01-17 07:55:46 +00:00
pi := TopicsPage { "Topic List" , user , noticeList , topicList , nil }
2016-12-21 02:30:32 +00:00
if template_topics_handle != nil {
template_topics_handle ( pi , w )
2016-12-18 12:56:06 +00:00
} else {
2017-02-04 06:19:55 +00:00
err = templates . ExecuteTemplate ( w , "topics.html" , pi )
2016-12-18 12:56:06 +00:00
if err != nil {
2017-01-31 05:13:38 +00:00
InternalError ( err , w , r , user )
2016-12-18 12:56:06 +00:00
}
}
2016-12-02 07:38:54 +00:00
}
2016-12-03 13:45:08 +00:00
func route_forum ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2017-01-26 13:37:50 +00:00
page , _ := strconv . Atoi ( r . FormValue ( "page" ) )
2016-12-03 13:45:08 +00:00
fid , err := strconv . Atoi ( r . URL . Path [ len ( "/forum/" ) : ] )
if err != nil {
LocalError ( "The provided ForumID is not a valid number." , w , r , user )
return
}
2017-01-26 13:37:50 +00:00
if ( fid > forumCapCount ) || ( fid < 0 ) || forums [ fid ] . Name == "" {
2016-12-06 10:26:48 +00:00
NotFound ( w , r , user )
2016-12-03 13:45:08 +00:00
return
}
2017-01-31 05:13:38 +00:00
//fmt.Printf("%+v\n", groups[user.Group].Forums)
if groups [ user . Group ] . Forums [ fid ] . Overrides {
if ! groups [ user . Group ] . Forums [ fid ] . ViewTopic {
NoPermissions ( w , r , user )
return
}
} else if ! user . Perms . ViewTopic {
2016-12-21 02:30:32 +00:00
NoPermissions ( w , r , user )
return
}
2016-12-03 13:45:08 +00:00
2017-01-26 13:37:50 +00:00
// Calculate the offset
var offset int
last_page := int ( forums [ fid ] . TopicCount / items_per_page ) + 1
if page > 1 {
offset = ( items_per_page * page ) - items_per_page
} else if page == - 1 {
page = last_page
offset = ( items_per_page * page ) - items_per_page
} else {
page = 1
}
2017-02-04 06:19:55 +00:00
rows , err := get_forum_topics_offset_stmt . Query ( fid , offset )
2016-12-03 13:45:08 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-26 13:37:50 +00:00
var topicList [ ] TopicUser
2017-01-01 15:45:43 +00:00
topicItem := TopicUser { ID : 0 }
2016-12-03 13:45:08 +00:00
for rows . Next ( ) {
2017-01-01 15:45:43 +00:00
err := rows . Scan ( & topicItem . ID , & topicItem . Title , & topicItem . Content , & topicItem . CreatedBy , & topicItem . Is_Closed , & topicItem . Sticky , & topicItem . CreatedAt , & topicItem . ParentID , & topicItem . CreatedByName , & topicItem . Avatar )
2016-12-03 13:45:08 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-01 15:45:43 +00:00
if topicItem . Avatar != "" {
if topicItem . Avatar [ 0 ] == '.' {
topicItem . Avatar = "/uploads/avatar_" + strconv . Itoa ( topicItem . CreatedBy ) + topicItem . Avatar
2016-12-07 09:34:09 +00:00
}
} else {
2017-01-01 15:45:43 +00:00
topicItem . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( topicItem . CreatedBy ) , 1 )
2016-12-03 13:45:08 +00:00
}
2016-12-11 16:06:17 +00:00
if hooks [ "trow_assign" ] != nil {
2016-12-21 02:30:32 +00:00
topicItem = run_hook ( "trow_assign" , topicItem ) . ( TopicUser )
2016-12-11 16:06:17 +00:00
}
2016-12-21 02:30:32 +00:00
topicList = append ( topicList , topicItem )
2016-12-03 13:45:08 +00:00
}
err = rows . Err ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-17 07:55:46 +00:00
rows . Close ( )
2016-12-07 13:46:14 +00:00
2017-01-26 13:37:50 +00:00
pi := ForumPage { forums [ fid ] . Name , user , noticeList , topicList , forums [ fid ] , page , last_page , nil }
2016-12-21 02:30:32 +00:00
if template_forum_handle != nil {
template_forum_handle ( pi , w )
2016-12-18 12:56:06 +00:00
} else {
2017-02-04 06:19:55 +00:00
err = templates . ExecuteTemplate ( w , "forum.html" , pi )
2016-12-18 12:56:06 +00:00
if err != nil {
2017-01-31 05:13:38 +00:00
InternalError ( err , w , r , user )
2016-12-18 12:56:06 +00:00
}
}
2016-12-03 13:45:08 +00:00
}
func route_forums ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2017-01-01 15:45:43 +00:00
var forumList [ ] Forum
2017-01-31 05:13:38 +00:00
group := groups [ user . Group ]
2017-02-04 06:19:55 +00:00
//fmt.Println(group.CanSee)
for _ , fid := range group . CanSee {
//fmt.Println(forums[fid])
2017-01-31 05:13:38 +00:00
if forums [ fid ] . Active && forums [ fid ] . Name != "" {
forumList = append ( forumList , forums [ fid ] )
2016-12-03 13:45:08 +00:00
}
}
2016-12-06 10:26:48 +00:00
2017-01-17 07:55:46 +00:00
pi := ForumsPage { "Forum List" , user , noticeList , forumList , nil }
2016-12-21 02:30:32 +00:00
if template_forums_handle != nil {
template_forums_handle ( pi , w )
2016-12-18 12:56:06 +00:00
} else {
2017-01-17 07:55:46 +00:00
err := templates . ExecuteTemplate ( w , "forums.html" , pi )
2016-12-18 12:56:06 +00:00
if err != nil {
2017-01-17 07:55:46 +00:00
InternalError ( err , w , r , user )
2016-12-18 12:56:06 +00:00
}
}
2016-12-03 13:45:08 +00:00
}
2016-12-02 07:38:54 +00:00
func route_topic_id ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
var (
2016-12-03 04:50:35 +00:00
err error
2016-12-02 07:38:54 +00:00
content string
2016-12-04 06:16:59 +00:00
group int
2017-01-21 18:16:27 +00:00
page int
offset int
2016-12-21 02:30:32 +00:00
replyList [ ] Reply
2016-12-02 07:38:54 +00:00
)
2017-01-21 18:16:27 +00:00
page , _ = strconv . Atoi ( r . FormValue ( "page" ) )
2017-01-12 02:55:08 +00:00
topic := TopicUser { Css : no_css_tmpl }
2016-12-03 04:50:35 +00:00
topic . ID , err = strconv . Atoi ( r . URL . Path [ len ( "/topic/" ) : ] )
2016-12-02 07:38:54 +00:00
if err != nil {
LocalError ( "The provided TopicID is not a valid number." , w , r , user )
return
}
// Get the topic..
2017-01-21 18:16:27 +00:00
err = get_topic_user_stmt . QueryRow ( topic . ID ) . Scan ( & topic . Title , & content , & topic . CreatedBy , & topic . CreatedAt , & topic . Is_Closed , & topic . Sticky , & topic . ParentID , & topic . IpAddress , & topic . PostCount , & topic . CreatedByName , & topic . Avatar , & group , & topic . URLPrefix , & topic . URLName , & topic . Level )
2016-12-02 07:38:54 +00:00
if err == sql . ErrNoRows {
2016-12-06 10:26:48 +00:00
NotFound ( w , r , user )
2016-12-02 07:38:54 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-31 05:13:38 +00:00
if ( topic . ParentID > forumCapCount ) || ( topic . ParentID < 0 ) || forums [ topic . ParentID ] . Name == "" {
LocalError ( "The topic's parent forum doesn't exist." , w , r , user )
return
}
if groups [ user . Group ] . Forums [ topic . ParentID ] . Overrides {
if ! groups [ user . Group ] . Forums [ topic . ParentID ] . ViewTopic {
NoPermissions ( w , r , user )
return
}
} else if ! user . Perms . ViewTopic {
NoPermissions ( w , r , user )
return
}
2016-12-04 06:16:59 +00:00
topic . Content = template . HTML ( parse_message ( content ) )
2016-12-07 09:34:09 +00:00
topic . ContentLines = strings . Count ( content , "\n" )
2017-01-10 06:51:28 +00:00
// We don't want users posting in locked topics...
if topic . Is_Closed && ! user . Is_Mod {
user . Perms . CreateReply = false
2016-12-03 04:50:35 +00:00
}
2017-01-10 06:51:28 +00:00
2016-12-07 09:34:09 +00:00
if topic . Avatar != "" {
if topic . Avatar [ 0 ] == '.' {
topic . Avatar = "/uploads/avatar_" + strconv . Itoa ( topic . CreatedBy ) + topic . Avatar
}
} else {
topic . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( topic . CreatedBy ) , 1 )
2016-12-02 07:38:54 +00:00
}
2017-01-21 18:16:27 +00:00
if groups [ group ] . Is_Mod || groups [ group ] . Is_Admin {
2016-12-04 06:16:59 +00:00
topic . Css = staff_css_tmpl
2017-01-12 02:55:08 +00:00
topic . Level = - 1
2016-12-04 06:16:59 +00:00
}
2017-01-17 07:55:46 +00:00
topic . Tag = groups [ group ] . Tag
2016-12-09 13:46:29 +00:00
if settings [ "url_tags" ] == false {
topic . URLName = ""
} else {
topic . URL , ok = external_sites [ topic . URLPrefix ]
if ! ok {
topic . URL = topic . URLName
} else {
2017-01-17 07:55:46 +00:00
topic . URL = topic . URL + topic . URLName
2016-12-09 13:46:29 +00:00
}
}
2016-12-02 07:38:54 +00:00
2017-01-21 18:16:27 +00:00
// Calculate the offset
last_page := int ( topic . PostCount / items_per_page ) + 1
if page > 1 {
offset = ( items_per_page * page ) - items_per_page
} else if page == - 1 {
page = last_page
offset = ( items_per_page * page ) - items_per_page
//fmt.Println(topic.PostCount)
//fmt.Println((topic.PostCount / items_per_page) + 1)
//fmt.Println(page)
//fmt.Println(offset)
} else {
page = 1
}
2016-12-02 07:38:54 +00:00
// Get the replies..
2017-01-21 18:16:27 +00:00
rows , err := get_topic_replies_offset_stmt . Query ( topic . ID , offset )
if err == sql . ErrNoRows {
LocalError ( "Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number." , w , r , user )
return
} else if err != nil {
2016-12-02 07:38:54 +00:00
InternalError ( err , w , r , user )
return
}
2017-01-17 07:55:46 +00:00
replyItem := Reply { Css : no_css_tmpl }
2016-12-02 07:38:54 +00:00
for rows . Next ( ) {
2017-01-21 18:16:27 +00:00
err := rows . Scan ( & replyItem . ID , & replyItem . Content , & replyItem . CreatedBy , & replyItem . CreatedAt , & replyItem . LastEdit , & replyItem . LastEditBy , & replyItem . Avatar , & replyItem . CreatedByName , & group , & replyItem . URLPrefix , & replyItem . URLName , & replyItem . Level , & replyItem . IpAddress )
2016-12-02 07:38:54 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-02 15:03:31 +00:00
2017-01-17 07:55:46 +00:00
replyItem . ParentID = topic . ID
replyItem . ContentHtml = template . HTML ( parse_message ( replyItem . Content ) )
replyItem . ContentLines = strings . Count ( replyItem . Content , "\n" )
2017-01-21 18:16:27 +00:00
if groups [ group ] . Is_Mod || groups [ group ] . Is_Admin {
2017-01-17 07:55:46 +00:00
replyItem . Css = staff_css_tmpl
replyItem . Level = - 1
2016-12-04 06:16:59 +00:00
} else {
2017-01-17 07:55:46 +00:00
replyItem . Css = no_css_tmpl
2016-12-04 06:16:59 +00:00
}
2017-01-17 07:55:46 +00:00
if replyItem . Avatar != "" {
if replyItem . Avatar [ 0 ] == '.' {
replyItem . Avatar = "/uploads/avatar_" + strconv . Itoa ( replyItem . CreatedBy ) + replyItem . Avatar
2016-12-07 09:34:09 +00:00
}
} else {
2017-01-17 07:55:46 +00:00
replyItem . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( replyItem . CreatedBy ) , 1 )
2016-12-07 09:34:09 +00:00
}
2017-01-17 07:55:46 +00:00
replyItem . Tag = groups [ group ] . Tag
2016-12-09 13:46:29 +00:00
if settings [ "url_tags" ] == false {
2017-01-17 07:55:46 +00:00
replyItem . URLName = ""
2016-12-09 13:46:29 +00:00
} else {
2017-01-17 07:55:46 +00:00
replyItem . URL , ok = external_sites [ replyItem . URLPrefix ]
2016-12-09 13:46:29 +00:00
if ! ok {
2017-01-17 07:55:46 +00:00
replyItem . URL = replyItem . URLName
2016-12-09 13:46:29 +00:00
} else {
2017-01-17 07:55:46 +00:00
replyItem . URL = replyItem . URL + replyItem . URLName
2016-12-09 13:46:29 +00:00
}
}
2016-12-02 15:03:31 +00:00
2016-12-11 16:06:17 +00:00
if hooks [ "rrow_assign" ] != nil {
2016-12-18 12:56:06 +00:00
replyItem = run_hook ( "rrow_assign" , replyItem ) . ( Reply )
2016-12-11 16:06:17 +00:00
}
2016-12-18 12:56:06 +00:00
replyList = append ( replyList , replyItem )
2016-12-02 07:38:54 +00:00
}
err = rows . Err ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-17 07:55:46 +00:00
rows . Close ( )
2016-12-02 07:38:54 +00:00
2017-01-21 18:16:27 +00:00
tpage := TopicPage { topic . Title , user , noticeList , replyList , topic , page , last_page , nil }
2017-01-01 15:45:43 +00:00
if template_topic_handle != nil {
template_topic_handle ( tpage , w )
2016-12-16 10:37:42 +00:00
} else {
2016-12-21 02:30:32 +00:00
err = templates . ExecuteTemplate ( w , "topic.html" , tpage )
2016-12-16 10:37:42 +00:00
if err != nil {
InternalError ( err , w , r , user )
}
}
2016-12-02 07:38:54 +00:00
}
2016-12-07 09:34:09 +00:00
func route_profile ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-07 09:34:09 +00:00
var (
err error
rid int
replyContent string
replyCreatedBy int
replyCreatedByName string
replyCreatedAt string
replyLastEdit int
replyLastEditBy int
replyAvatar string
replyCss template . CSS
replyLines int
replyTag string
group int
2016-12-26 04:44:07 +00:00
replyList [ ] Reply
2016-12-07 09:34:09 +00:00
)
2016-12-21 02:30:32 +00:00
puser := User { ID : 0 , }
2016-12-07 09:34:09 +00:00
puser . ID , err = strconv . Atoi ( r . URL . Path [ len ( "/user/" ) : ] )
if err != nil {
LocalError ( "The provided TopicID is not a valid number." , w , r , user )
return
}
2016-12-07 13:46:14 +00:00
if puser . ID == user . ID {
user . Is_Mod = true
puser = user
} else {
// Fetch the user data
2017-01-17 07:55:46 +00:00
err = db . QueryRow ( "select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?" , puser . ID ) . Scan ( & puser . Name , & puser . Group , & puser . Is_Super_Admin , & puser . Avatar , & puser . Message , & puser . URLPrefix , & puser . URLName , & puser . Level )
2016-12-07 13:46:14 +00:00
if err == sql . ErrNoRows {
NotFound ( w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
puser . Is_Admin = puser . Is_Super_Admin || groups [ puser . Group ] . Is_Admin
puser . Is_Super_Mod = puser . Is_Admin || groups [ puser . Group ] . Is_Mod
puser . Is_Mod = puser . Is_Super_Mod
2016-12-08 14:11:18 +00:00
puser . Is_Banned = groups [ puser . Group ] . Is_Banned
if puser . Is_Banned && puser . Is_Super_Mod {
puser . Is_Banned = false
}
2016-12-07 09:34:09 +00:00
}
2017-01-17 07:55:46 +00:00
puser . Tag = groups [ puser . Group ] . Tag
2016-12-13 02:14:14 +00:00
2016-12-07 09:34:09 +00:00
if puser . Avatar != "" {
if puser . Avatar [ 0 ] == '.' {
puser . Avatar = "/uploads/avatar_" + strconv . Itoa ( puser . ID ) + puser . Avatar
}
} else {
puser . Avatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( puser . ID ) , 1 )
}
// Get the replies..
2017-01-21 18:16:27 +00:00
rows , err := db . Query ( "select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?" , puser . ID )
2016-12-07 09:34:09 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
defer rows . Close ( )
for rows . Next ( ) {
2017-01-21 18:16:27 +00:00
err := rows . Scan ( & rid , & replyContent , & replyCreatedBy , & replyCreatedAt , & replyLastEdit , & replyLastEditBy , & replyAvatar , & replyCreatedByName , & group )
2016-12-07 09:34:09 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
replyLines = strings . Count ( replyContent , "\n" )
2017-01-21 18:16:27 +00:00
if groups [ group ] . Is_Mod || groups [ group ] . Is_Admin {
2016-12-07 09:34:09 +00:00
replyCss = staff_css_tmpl
} else {
replyCss = no_css_tmpl
}
if replyAvatar != "" {
if replyAvatar [ 0 ] == '.' {
replyAvatar = "/uploads/avatar_" + strconv . Itoa ( replyCreatedBy ) + replyAvatar
}
} else {
replyAvatar = strings . Replace ( noavatar , "{id}" , strconv . Itoa ( replyCreatedBy ) , 1 )
}
if groups [ group ] . Tag != "" {
replyTag = groups [ group ] . Tag
} else if puser . ID == replyCreatedBy {
replyTag = "Profile Owner"
} else {
replyTag = ""
}
2017-01-17 07:55:46 +00:00
replyList = append ( replyList , Reply { rid , puser . ID , replyContent , template . HTML ( parse_message ( replyContent ) ) , replyCreatedBy , replyCreatedByName , replyCreatedAt , replyLastEdit , replyLastEditBy , replyAvatar , replyCss , replyLines , replyTag , "" , "" , "" , 0 , "" } )
2016-12-07 09:34:09 +00:00
}
err = rows . Err ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-02 07:38:54 +00:00
2016-12-26 04:44:07 +00:00
ppage := ProfilePage { puser . Name + "'s Profile" , user , noticeList , replyList , puser , false }
2016-12-21 02:30:32 +00:00
if template_profile_handle != nil {
2016-12-26 04:44:07 +00:00
template_profile_handle ( ppage , w )
2016-12-18 12:56:06 +00:00
} else {
2016-12-26 04:44:07 +00:00
err = templates . ExecuteTemplate ( w , "profile.html" , ppage )
2016-12-18 12:56:06 +00:00
if err != nil {
InternalError ( err , w , r , user )
}
}
2016-12-07 09:34:09 +00:00
}
2016-12-02 07:38:54 +00:00
func route_topic_create ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Loggedin || ! user . Perms . CreateTopic {
NoPermissions ( w , r , user )
2016-12-04 10:44:28 +00:00
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Create Topic" , user , noticeList , tList , 0 }
2016-12-02 07:38:54 +00:00
templates . ExecuteTemplate ( w , "create-topic.html" , pi )
}
// POST functions. Authorised users only.
func route_create_topic ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Loggedin || ! user . Perms . CreateTopic {
NoPermissions ( w , r , user )
2016-12-04 10:44:28 +00:00
return
}
2016-12-02 07:38:54 +00:00
err := r . ParseForm ( )
2016-12-02 11:00:07 +00:00
if err != nil {
LocalError ( "Bad Form" , w , r , user )
2016-12-02 07:38:54 +00:00
return
2016-12-02 11:00:07 +00:00
}
2017-01-26 13:37:50 +00:00
fid := 2
2016-12-03 13:45:08 +00:00
topic_name := html . EscapeString ( r . PostFormValue ( "topic-name" ) )
2017-01-12 02:55:08 +00:00
content := html . EscapeString ( preparse_message ( r . PostFormValue ( "topic-content" ) ) )
2017-01-17 07:55:46 +00:00
ipaddress , _ , err := net . SplitHostPort ( r . RemoteAddr )
if err != nil {
LocalError ( "Bad IP" , w , r , user )
return
}
2016-12-02 07:38:54 +00:00
2017-01-26 13:37:50 +00:00
if ( fid > forumCapCount ) || ( fid < 0 ) || forums [ fid ] . Name == "" {
LocalError ( "The topic's parent forum doesn't exist." , w , r , user )
return
}
2017-01-17 07:55:46 +00:00
res , err := create_topic_stmt . Exec ( topic_name , content , parse_message ( content ) , ipaddress , user . ID )
2016-12-02 07:38:54 +00:00
if err != nil {
2017-01-12 02:55:08 +00:00
InternalError ( err , w , r , user )
return
2016-12-02 07:38:54 +00:00
}
lastId , err := res . LastInsertId ( )
if err != nil {
2017-01-12 02:55:08 +00:00
InternalError ( err , w , r , user )
return
2016-12-02 07:38:54 +00:00
}
2017-01-26 13:37:50 +00:00
_ , err = add_topics_to_forum_stmt . Exec ( 1 , fid )
if err != nil {
InternalError ( err , w , r , user )
return
}
forums [ fid ] . TopicCount -= 1
_ , err = update_forum_cache_stmt . Exec ( topic_name , lastId , user . Name , user . ID , fid )
2016-12-03 13:45:08 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-12 02:55:08 +00:00
http . Redirect ( w , r , "/topic/" + strconv . FormatInt ( lastId , 10 ) , http . StatusSeeOther )
wcount := word_count ( content )
err = increase_post_user_stats ( wcount , user . ID , true , user )
if err != nil {
InternalError ( err , w , r , user )
return
2016-12-02 07:38:54 +00:00
}
}
func route_create_reply ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Loggedin || ! user . Perms . CreateReply {
NoPermissions ( w , r , user )
2016-12-04 10:44:28 +00:00
return
}
2016-12-02 07:38:54 +00:00
err := r . ParseForm ( )
2016-12-02 11:00:07 +00:00
if err != nil {
LocalError ( "Bad Form" , w , r , user )
2016-12-02 07:38:54 +00:00
return
2016-12-02 11:00:07 +00:00
}
2016-12-03 13:45:08 +00:00
tid , err := strconv . Atoi ( r . PostFormValue ( "tid" ) )
2016-12-02 07:38:54 +00:00
if err != nil {
2017-01-05 14:41:14 +00:00
LocalError ( "Failed to convert the TopicID" , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
2016-12-08 14:11:18 +00:00
content := preparse_message ( html . EscapeString ( r . PostFormValue ( "reply-content" ) ) )
2017-01-17 07:55:46 +00:00
ipaddress , _ , err := net . SplitHostPort ( r . RemoteAddr )
if err != nil {
LocalError ( "Bad IP" , w , r , user )
return
}
_ , err = create_reply_stmt . Exec ( tid , content , parse_message ( content ) , ipaddress , user . ID )
2016-12-02 07:38:54 +00:00
if err != nil {
2017-01-05 14:41:14 +00:00
InternalError ( err , w , r , user )
return
2016-12-02 07:38:54 +00:00
}
2016-12-03 13:45:08 +00:00
var topic_name string
err = db . QueryRow ( "select title from topics where tid = ?" , tid ) . Scan ( & topic_name )
if err == sql . ErrNoRows {
2017-01-05 14:41:14 +00:00
LocalError ( "Couldn't find the parent topic" , w , r , user )
return
2016-12-03 13:45:08 +00:00
} else if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-21 18:16:27 +00:00
_ , err = add_replies_to_topic_stmt . Exec ( 1 , tid )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-03 13:45:08 +00:00
_ , err = update_forum_cache_stmt . Exec ( topic_name , tid , user . Name , user . ID , 1 )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-05 14:41:14 +00:00
http . Redirect ( w , r , "/topic/" + strconv . Itoa ( tid ) , http . StatusSeeOther )
2017-01-12 02:55:08 +00:00
wcount := word_count ( content )
err = increase_post_user_stats ( wcount , user . ID , false , user )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-02 07:38:54 +00:00
}
2016-12-07 09:34:09 +00:00
func route_profile_reply_create ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-21 02:30:32 +00:00
if ! user . Loggedin || ! user . Perms . CreateReply {
NoPermissions ( w , r , user )
2016-12-03 10:25:39 +00:00
return
}
2016-12-02 07:38:54 +00:00
err := r . ParseForm ( )
2016-12-02 11:00:07 +00:00
if err != nil {
LocalError ( "Bad Form" , w , r , user )
2016-12-02 07:38:54 +00:00
return
2016-12-02 11:00:07 +00:00
}
2016-12-07 09:34:09 +00:00
uid , err := strconv . Atoi ( r . PostFormValue ( "uid" ) )
2016-12-02 11:00:07 +00:00
if err != nil {
2017-01-12 02:55:08 +00:00
LocalError ( "Invalid UID" , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
2016-12-08 14:11:18 +00:00
_ , err = create_profile_reply_stmt . Exec ( uid , html . EscapeString ( preparse_message ( r . PostFormValue ( "reply-content" ) ) ) , parse_message ( html . EscapeString ( preparse_message ( r . PostFormValue ( "reply-content" ) ) ) ) , user . ID )
2016-12-02 07:38:54 +00:00
if err != nil {
2017-01-12 02:55:08 +00:00
InternalError ( err , w , r , user )
return
2016-12-02 07:38:54 +00:00
}
2016-12-07 09:34:09 +00:00
var user_name string
err = db . QueryRow ( "select name from users where uid = ?" , uid ) . Scan ( & user_name )
2016-12-02 07:38:54 +00:00
if err == sql . ErrNoRows {
2017-01-12 02:55:08 +00:00
LocalError ( "The profile you're trying to post on doesn't exist." , w , r , user )
return
2016-12-02 07:38:54 +00:00
} else if err != nil {
2016-12-07 09:34:09 +00:00
InternalError ( err , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
2017-01-12 02:55:08 +00:00
http . Redirect ( w , r , "/user/" + strconv . Itoa ( uid ) , http . StatusSeeOther )
2016-12-02 07:38:54 +00:00
}
2016-12-11 16:06:17 +00:00
func route_report_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-11 16:06:17 +00:00
if ! user . Loggedin {
LoginRequired ( w , r , user )
return
}
if user . Is_Banned {
Banned ( w , r , user )
return
}
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
if r . FormValue ( "session" ) != user . Session {
SecurityError ( w , r , user )
return
}
2016-12-13 02:14:14 +00:00
2016-12-11 16:06:17 +00:00
item_id , err := strconv . Atoi ( r . URL . Path [ len ( "/report/submit/" ) : ] )
if err != nil {
LocalError ( "Bad ID" , w , r , user )
return
}
item_type := r . FormValue ( "type" )
2017-01-26 13:37:50 +00:00
fid := 1
2016-12-11 16:06:17 +00:00
var tid int
var title string
var content string
var data string
if item_type == "reply" {
err = db . QueryRow ( "select tid, content from replies where rid = ?" , item_id ) . Scan ( & tid , & content )
if err == sql . ErrNoRows {
2017-01-26 13:37:50 +00:00
LocalError ( "We were unable to find the reported post" , w , r , user )
2016-12-11 16:06:17 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-26 13:37:50 +00:00
err = db . QueryRow ( "select title, data from topics where tid = ?" , tid ) . Scan ( & title , & data )
2016-12-11 16:06:17 +00:00
if err == sql . ErrNoRows {
2017-01-26 13:37:50 +00:00
LocalError ( "We were unable to find the topic which the reported post is supposed to be in" , w , r , user )
2016-12-11 16:06:17 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
content = content + "<br><br>Original Post: <a href='/topic/" + strconv . Itoa ( tid ) + "'>" + title + "</a>"
2016-12-13 02:14:14 +00:00
} else if item_type == "user-reply" {
err = db . QueryRow ( "select uid, content from users_replies where rid = ?" , item_id ) . Scan ( & tid , & content )
if err == sql . ErrNoRows {
2017-01-26 13:37:50 +00:00
LocalError ( "We were unable to find the reported post" , w , r , user )
2016-12-13 02:14:14 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
err = db . QueryRow ( "select name from users where uid = ?" , tid ) . Scan ( & title )
if err == sql . ErrNoRows {
2017-01-26 13:37:50 +00:00
LocalError ( "We were unable to find the profile which the reported post is supposed to be on" , w , r , user )
2016-12-13 02:14:14 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
content = content + "<br><br>Original Post: <a href='/user/" + strconv . Itoa ( tid ) + "'>" + title + "</a>"
2016-12-11 16:06:17 +00:00
} else if item_type == "topic" {
err = db . QueryRow ( "select title, content from topics where tid = ?" , item_id ) . Scan ( & title , & content )
if err == sql . ErrNoRows {
NotFound ( w , r , user )
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
content = content + "<br><br>Original Post: <a href='/topic/" + strconv . Itoa ( item_id ) + "'>" + title + "</a>"
} else {
2016-12-13 02:14:14 +00:00
if vhooks [ "report_preassign" ] != nil {
2016-12-16 10:37:42 +00:00
run_vhook_noreturn ( "report_preassign" , & item_id , & item_type )
2016-12-13 02:14:14 +00:00
return
}
2016-12-11 16:06:17 +00:00
// Don't try to guess the type
2017-01-26 13:37:50 +00:00
LocalError ( "Unknown type" , w , r , user )
2016-12-11 16:06:17 +00:00
return
}
var count int
2017-01-26 13:37:50 +00:00
rows , err := db . Query ( "select count(*) as count from topics where data = ? and data != '' and parentID = 1" , item_type + "_" + strconv . Itoa ( item_id ) )
2016-12-11 16:06:17 +00:00
if err != nil && err != sql . ErrNoRows {
InternalError ( err , w , r , user )
return
}
2016-12-16 10:37:42 +00:00
2016-12-11 16:06:17 +00:00
for rows . Next ( ) {
err = rows . Scan ( & count )
if err != nil {
InternalError ( err , w , r , user )
return
}
}
if count != 0 {
LocalError ( "Someone has already reported this!" , w , r , user )
return
}
title = "Report: " + title
res , err := create_report_stmt . Exec ( title , content , content , user . ID , item_type + "_" + strconv . Itoa ( item_id ) )
if err != nil {
2017-01-26 13:37:50 +00:00
InternalError ( err , w , r , user )
return
2016-12-11 16:06:17 +00:00
}
lastId , err := res . LastInsertId ( )
if err != nil {
2017-01-26 13:37:50 +00:00
InternalError ( err , w , r , user )
return
2016-12-11 16:06:17 +00:00
}
2017-01-26 13:37:50 +00:00
_ , err = add_topics_to_forum_stmt . Exec ( 1 , fid )
2016-12-11 16:06:17 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-26 13:37:50 +00:00
_ , err = update_forum_cache_stmt . Exec ( title , lastId , user . Name , user . ID , fid )
if err != nil {
InternalError ( err , w , r , user )
return
2016-12-11 16:06:17 +00:00
}
2017-01-26 13:37:50 +00:00
http . Redirect ( w , r , "/topic/" + strconv . FormatInt ( lastId , 10 ) , http . StatusSeeOther )
2016-12-11 16:06:17 +00:00
}
2016-12-02 07:38:54 +00:00
func route_account_own_edit_critical ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
if ! user . Loggedin {
2017-01-03 07:47:31 +00:00
LocalError ( "You need to login to edit your account." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Edit Password" , user , noticeList , tList , 0 }
2016-12-02 07:38:54 +00:00
templates . ExecuteTemplate ( w , "account-own-edit.html" , pi )
}
func route_account_own_edit_critical_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
if ! user . Loggedin {
2017-01-03 07:47:31 +00:00
LocalError ( "You need to login to edit your account." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
err := r . ParseForm ( )
2016-12-02 11:00:07 +00:00
if err != nil {
LocalError ( "Bad Form" , w , r , user )
2016-12-02 07:38:54 +00:00
return
2016-12-02 11:00:07 +00:00
}
2016-12-02 07:38:54 +00:00
2016-12-02 11:00:07 +00:00
var real_password string
var salt string
current_password := r . PostFormValue ( "account-current-password" )
new_password := r . PostFormValue ( "account-new-password" )
confirm_password := r . PostFormValue ( "account-confirm-password" )
2016-12-02 07:38:54 +00:00
2016-12-02 11:00:07 +00:00
err = get_password_stmt . QueryRow ( user . ID ) . Scan ( & real_password , & salt )
if err == sql . ErrNoRows {
2017-01-12 02:55:08 +00:00
LocalError ( "Your account no longer exists." , w , r , user )
2016-12-02 11:00:07 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-02 07:38:54 +00:00
2016-12-02 11:00:07 +00:00
current_password = current_password + salt
err = bcrypt . CompareHashAndPassword ( [ ] byte ( real_password ) , [ ] byte ( current_password ) )
if err == bcrypt . ErrMismatchedHashAndPassword {
2017-01-12 02:55:08 +00:00
LocalError ( "That's not the correct password." , w , r , user )
2016-12-02 11:00:07 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
if new_password != confirm_password {
2017-01-12 02:55:08 +00:00
LocalError ( "The two passwords don't match." , w , r , user )
2016-12-02 11:00:07 +00:00
return
}
SetPassword ( user . ID , new_password )
2016-12-02 07:38:54 +00:00
2016-12-02 11:00:07 +00:00
// Log the user out as a safety precaution
_ , err = logout_stmt . Exec ( user . ID )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-03 07:47:31 +00:00
noticeList [ len ( noticeList ) ] = "Your password was successfully updated"
2017-01-17 07:55:46 +00:00
pi := Page { "Edit Password" , user , noticeList , tList , 0 }
2017-01-03 07:47:31 +00:00
templates . ExecuteTemplate ( w , "account-own-edit.html" , pi )
2016-12-02 07:38:54 +00:00
}
2016-12-02 15:03:31 +00:00
func route_account_own_edit_avatar ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 15:03:31 +00:00
if ! user . Loggedin {
2017-01-03 07:47:31 +00:00
LocalError ( "You need to login to edit your account." , w , r , user )
2016-12-02 15:03:31 +00:00
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Edit Avatar" , user , noticeList , tList , 0 }
2016-12-02 15:03:31 +00:00
templates . ExecuteTemplate ( w , "account-own-edit-avatar.html" , pi )
}
func route_account_own_edit_avatar_submit ( w http . ResponseWriter , r * http . Request ) {
if r . ContentLength > int64 ( max_request_size ) {
http . Error ( w , "request too large" , http . StatusExpectationFailed )
return
}
r . Body = http . MaxBytesReader ( w , r . Body , int64 ( max_request_size ) )
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 15:03:31 +00:00
if ! user . Loggedin {
2017-01-03 07:47:31 +00:00
LocalError ( "You need to login to edit your account." , w , r , user )
2016-12-02 15:03:31 +00:00
return
}
2016-12-02 07:38:54 +00:00
2016-12-02 15:03:31 +00:00
err := r . ParseMultipartForm ( int64 ( max_request_size ) )
if err != nil {
LocalError ( "Upload failed" , w , r , user )
return
}
2017-01-03 07:47:31 +00:00
var filename string
2016-12-02 15:03:31 +00:00
var ext string
for _ , fheaders := range r . MultipartForm . File {
for _ , hdr := range fheaders {
infile , err := hdr . Open ( ) ;
if err != nil {
LocalError ( "Upload failed" , w , r , user )
return
}
defer infile . Close ( )
// We don't want multiple files
if filename != "" {
if filename != hdr . Filename {
os . Remove ( "./uploads/avatar_" + strconv . Itoa ( user . ID ) + "." + ext )
LocalError ( "You may only upload one avatar" , w , r , user )
return
}
} else {
filename = hdr . Filename
}
if ext == "" {
extarr := strings . Split ( hdr . Filename , "." )
if len ( extarr ) < 2 {
LocalError ( "Bad file" , w , r , user )
return
}
ext = extarr [ len ( extarr ) - 1 ]
reg , err := regexp . Compile ( "[^A-Za-z0-9]+" )
if err != nil {
LocalError ( "Bad file extension" , w , r , user )
return
}
ext = reg . ReplaceAllString ( ext , "" )
ext = strings . ToLower ( ext )
}
outfile , err := os . Create ( "./uploads/avatar_" + strconv . Itoa ( user . ID ) + "." + ext ) ;
if err != nil {
LocalError ( "Upload failed [File Creation Failed]" , w , r , user )
return
}
defer outfile . Close ( )
_ , err = io . Copy ( outfile , infile ) ;
if err != nil {
LocalError ( "Upload failed [Copy Failed]" , w , r , user )
return
}
}
}
_ , err = set_avatar_stmt . Exec ( "." + ext , strconv . Itoa ( user . ID ) )
if err != nil {
InternalError ( err , w , r , user )
return
}
user . Avatar = "/uploads/avatar_" + strconv . Itoa ( user . ID ) + "." + ext
2017-01-17 07:55:46 +00:00
noticeList = append ( noticeList , "Your avatar was successfully updated" )
2016-12-02 15:03:31 +00:00
2017-01-17 07:55:46 +00:00
pi := Page { "Edit Avatar" , user , noticeList , tList , 0 }
2016-12-16 10:37:42 +00:00
templates . ExecuteTemplate ( w , "account-own-edit-avatar.html" , pi )
2016-12-02 15:03:31 +00:00
}
2016-12-03 08:09:40 +00:00
func route_account_own_edit_username ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-03 08:09:40 +00:00
if ! user . Loggedin {
2017-01-03 07:47:31 +00:00
LocalError ( "You need to login to edit your account." , w , r , user )
2016-12-03 08:09:40 +00:00
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Edit Username" , user , noticeList , tList , user . Name }
2016-12-03 08:09:40 +00:00
templates . ExecuteTemplate ( w , "account-own-edit-username.html" , pi )
}
func route_account_own_edit_username_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-03 08:09:40 +00:00
if ! user . Loggedin {
2017-01-03 07:47:31 +00:00
LocalError ( "You need to login to edit your account." , w , r , user )
2016-12-03 08:09:40 +00:00
return
}
err := r . ParseForm ( )
if err != nil {
LocalError ( "Bad Form" , w , r , user )
return
}
new_username := html . EscapeString ( r . PostFormValue ( "account-new-username" ) )
_ , err = set_username_stmt . Exec ( new_username , strconv . Itoa ( user . ID ) )
if err != nil {
2016-12-09 13:46:29 +00:00
LocalError ( "Unable to change the username. Does someone else already have this name?" , w , r , user )
2016-12-03 08:09:40 +00:00
return
}
user . Name = new_username
2017-01-17 07:55:46 +00:00
noticeList = append ( noticeList , "Your username was successfully updated" )
pi := Page { "Edit Username" , user , noticeList , tList , 0 }
2016-12-03 08:09:40 +00:00
templates . ExecuteTemplate ( w , "account-own-edit-username.html" , pi )
}
2017-01-03 07:47:31 +00:00
func route_account_own_edit_email ( w http . ResponseWriter , r * http . Request ) {
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
if ! user . Loggedin {
LocalError ( "You need to login to edit your account." , w , r , user )
return
}
email := Email { UserID : user . ID }
var emailList [ ] interface { }
2017-01-17 07:55:46 +00:00
rows , err := db . Query ( "select email, validated from emails where uid = ?" , user . ID )
2017-01-03 07:47:31 +00:00
if err != nil {
log . Fatal ( err )
}
defer rows . Close ( )
for rows . Next ( ) {
err := rows . Scan ( & email . Email , & email . Validated )
if err != nil {
log . Fatal ( err )
}
if email . Email == user . Email {
email . Primary = true
}
emailList = append ( emailList , email )
}
err = rows . Err ( )
if err != nil {
log . Fatal ( err )
}
// Was this site migrated from another forum software? Most of them don't have multiple emails for a single user. This also applies when the admin switches enable_emails on after having it off for a while
if len ( emailList ) == 0 {
email . Email = user . Email
email . Validated = false
email . Primary = true
emailList = append ( emailList , email )
}
if ! enable_emails {
2017-01-17 07:55:46 +00:00
noticeList = append ( noticeList , "The email system has been turned off. All features involving sending emails have been disabled." )
2017-01-03 07:47:31 +00:00
}
2017-01-17 07:55:46 +00:00
pi := Page { "Email Manager" , user , noticeList , emailList , 0 }
2017-01-03 07:47:31 +00:00
templates . ExecuteTemplate ( w , "account-own-edit-email.html" , pi )
}
func route_account_own_edit_email_token_submit ( w http . ResponseWriter , r * http . Request ) {
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
if ! user . Loggedin {
LocalError ( "You need to login to edit your account." , w , r , user )
return
}
token := r . URL . Path [ len ( "/user/edit/email/token/" ) : ]
email := Email { UserID : user . ID }
targetEmail := Email { UserID : user . ID }
var emailList [ ] interface { }
2017-01-17 07:55:46 +00:00
rows , err := db . Query ( "select email, validated, token from emails where uid = ?" , user . ID )
2017-01-03 07:47:31 +00:00
if err != nil {
log . Fatal ( err )
}
defer rows . Close ( )
for rows . Next ( ) {
err := rows . Scan ( & email . Email , & email . Validated , & email . Token )
if err != nil {
log . Fatal ( err )
}
if email . Email == user . Email {
email . Primary = true
}
if email . Token == token {
targetEmail = email
}
emailList = append ( emailList , email )
}
err = rows . Err ( )
if err != nil {
log . Fatal ( err )
}
if len ( emailList ) == 0 {
LocalError ( "A verification email was never sent for you!" , w , r , user )
return
}
if targetEmail . Token == "" {
LocalError ( "That's not a valid token!" , w , r , user )
return
}
_ , err = verify_email_stmt . Exec ( user . Email )
if err != nil {
InternalError ( err , w , r , user )
return
}
// If Email Activation is on, then activate the account while we're here
if settings [ "activation_type" ] == 2 {
_ , err = activate_user_stmt . Exec ( user . ID )
if err != nil {
InternalError ( err , w , r , user )
return
}
}
if ! enable_emails {
2017-01-17 07:55:46 +00:00
noticeList = append ( noticeList , "The email system has been turned off. All features involving sending emails have been disabled." )
2017-01-03 07:47:31 +00:00
}
2017-01-17 07:55:46 +00:00
noticeList = append ( noticeList , "Your email was successfully verified" )
pi := Page { "Email Manager" , user , noticeList , emailList , 0 }
2017-01-03 07:47:31 +00:00
templates . ExecuteTemplate ( w , "account-own-edit-email.html" , pi )
}
2016-12-02 07:38:54 +00:00
func route_logout ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
if ! user . Loggedin {
2017-01-12 02:55:08 +00:00
LocalError ( "You can't logout without logging in first." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
_ , err := logout_stmt . Exec ( user . ID )
if err != nil {
InternalError ( err , w , r , user )
return
}
http . Redirect ( w , r , "/" , http . StatusSeeOther )
}
func route_login ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
if user . Loggedin {
2017-01-12 02:55:08 +00:00
LocalError ( "You're already logged in." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
2017-01-17 07:55:46 +00:00
pi := Page { "Login" , user , noticeList , tList , 0 }
2016-12-02 07:38:54 +00:00
templates . ExecuteTemplate ( w , "login.html" , pi )
}
func route_login_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
if user . Loggedin {
2017-01-12 02:55:08 +00:00
LocalError ( "You're already logged in." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
err := r . ParseForm ( )
2016-12-02 11:00:07 +00:00
if err != nil {
LocalError ( "Bad Form" , w , r , user )
2016-12-02 07:38:54 +00:00
return
2016-12-02 11:00:07 +00:00
}
2016-12-02 07:38:54 +00:00
var uid int
var real_password string
var salt string
var session string
username := html . EscapeString ( r . PostFormValue ( "username" ) )
password := r . PostFormValue ( "password" )
err = login_stmt . QueryRow ( username ) . Scan ( & uid , & username , & real_password , & salt )
if err == sql . ErrNoRows {
2017-01-12 02:55:08 +00:00
LocalError ( "That username doesn't exist." , w , r , user )
2016-12-02 07:38:54 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
// Emergency password reset mechanism..
if salt == "" {
if password != real_password {
2017-01-12 02:55:08 +00:00
LocalError ( "That's not the correct password." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
// Re-encrypt the password
SetPassword ( uid , password )
} else { // Normal login..
password = password + salt
if err != nil {
InternalError ( err , w , r , user )
return
}
err := bcrypt . CompareHashAndPassword ( [ ] byte ( real_password ) , [ ] byte ( password ) )
if err == bcrypt . ErrMismatchedHashAndPassword {
2017-01-12 02:55:08 +00:00
LocalError ( "That's not the correct password." , w , r , user )
2016-12-02 07:38:54 +00:00
return
} else if err != nil {
InternalError ( err , w , r , user )
return
}
}
session , err = GenerateSafeString ( sessionLength )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-02 09:29:45 +00:00
_ , err = update_session_stmt . Exec ( session , uid )
2016-12-02 07:38:54 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-02 09:29:45 +00:00
cookie := http . Cookie { Name : "uid" , Value : strconv . Itoa ( uid ) , Path : "/" , MaxAge : year }
2016-12-02 07:38:54 +00:00
http . SetCookie ( w , & cookie )
2016-12-02 09:29:45 +00:00
cookie = http . Cookie { Name : "session" , Value : session , Path : "/" , MaxAge : year }
2016-12-02 07:38:54 +00:00
http . SetCookie ( w , & cookie )
http . Redirect ( w , r , "/" , http . StatusSeeOther )
}
func route_register ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , noticeList , ok := SessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
if user . Loggedin {
2017-01-12 02:55:08 +00:00
LocalError ( "You're already logged in." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
2017-02-04 06:19:55 +00:00
templates . ExecuteTemplate ( w , "register.html" , Page { "Registration" , user , noticeList , tList , nil } )
2016-12-02 07:38:54 +00:00
}
func route_register_submit ( w http . ResponseWriter , r * http . Request ) {
2016-12-16 10:37:42 +00:00
user , ok := SimpleSessionCheck ( w , r )
if ! ok {
return
}
2016-12-02 07:38:54 +00:00
err := r . ParseForm ( )
2016-12-02 11:00:07 +00:00
if err != nil {
2017-02-04 06:19:55 +00:00
LocalError ( "Bad Form" , w , r , user )
2016-12-02 07:38:54 +00:00
return
2016-12-02 11:00:07 +00:00
}
2016-12-02 07:38:54 +00:00
username := html . EscapeString ( r . PostFormValue ( "username" ) )
2016-12-16 10:37:42 +00:00
if username == "" {
2017-02-04 06:19:55 +00:00
LocalError ( "You didn't put in a username." , w , r , user )
2016-12-16 10:37:42 +00:00
return
}
email := html . EscapeString ( r . PostFormValue ( "email" ) )
if email == "" {
2017-02-04 06:19:55 +00:00
LocalError ( "You didn't put in an email." , w , r , user )
2016-12-16 10:37:42 +00:00
return
}
2017-01-03 07:47:31 +00:00
2016-12-02 07:38:54 +00:00
password := r . PostFormValue ( "password" )
2016-12-16 10:37:42 +00:00
if password == "" {
2017-02-04 06:19:55 +00:00
LocalError ( "You didn't put in a password." , w , r , user )
2016-12-16 10:37:42 +00:00
return
}
if password == "test" || password == "123456" || password == "123" || password == "password" {
2017-02-04 06:19:55 +00:00
LocalError ( "Your password is too weak." , w , r , user )
2016-12-16 10:37:42 +00:00
return
}
2016-12-02 07:38:54 +00:00
confirm_password := r . PostFormValue ( "confirm_password" )
log . Print ( "Registration Attempt! Username: " + username )
// Do the two inputted passwords match..?
if password != confirm_password {
2017-01-12 02:55:08 +00:00
LocalError ( "The two passwords don't match." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
// Is this username already taken..?
err = username_exists_stmt . QueryRow ( username ) . Scan ( & username )
if err != nil && err != sql . ErrNoRows {
InternalError ( err , w , r , user )
return
} else if err != sql . ErrNoRows {
2017-01-12 02:55:08 +00:00
LocalError ( "This username isn't available. Try another." , w , r , user )
2016-12-02 07:38:54 +00:00
return
}
salt , err := GenerateSafeString ( saltLength )
if err != nil {
InternalError ( err , w , r , user )
return
}
session , err := GenerateSafeString ( sessionLength )
if err != nil {
InternalError ( err , w , r , user )
return
}
password = password + salt
hashed_password , err := bcrypt . GenerateFromPassword ( [ ] byte ( password ) , bcrypt . DefaultCost )
if err != nil {
InternalError ( err , w , r , user )
return
}
2016-12-21 02:30:32 +00:00
var active int
var group int
2017-01-03 07:47:31 +00:00
switch settings [ "activation_type" ] {
case 1 : // Activate All
active = 1
group = default_group
default : // Anything else. E.g. Admin Activation or Email Activation.
group = activation_group
2016-12-21 02:30:32 +00:00
}
res , err := register_stmt . Exec ( username , email , string ( hashed_password ) , salt , group , session , active )
2016-12-02 07:38:54 +00:00
if err != nil {
InternalError ( err , w , r , user )
return
}
lastId , err := res . LastInsertId ( )
if err != nil {
InternalError ( err , w , r , user )
return
}
2017-01-03 07:47:31 +00:00
// Check if this user actually owns this email, if email activation is on, automatically flip their account to active when the email is validated. Validation is also useful for determining whether this user should receive any alerts, etc. via email
if enable_emails {
token , err := GenerateSafeString ( 80 )
if err != nil {
InternalError ( err , w , r , user )
return
}
_ , err = add_email_stmt . Exec ( email , lastId , 0 , token )
if err != nil {
InternalError ( err , w , r , user )
return
}
if ! SendValidationEmail ( username , email , token ) {
LocalError ( "We were unable to send the email for you to confirm that this email address belongs to you. You may not have access to some functionality until you do so. Please ask an administrator for assistance." , w , r , user )
return
}
}
2016-12-02 09:29:45 +00:00
cookie := http . Cookie { Name : "uid" , Value : strconv . FormatInt ( lastId , 10 ) , Path : "/" , MaxAge : year }
2016-12-02 07:38:54 +00:00
http . SetCookie ( w , & cookie )
2016-12-02 09:29:45 +00:00
cookie = http . Cookie { Name : "session" , Value : session , Path : "/" , MaxAge : year }
2016-12-02 07:38:54 +00:00
http . SetCookie ( w , & cookie )
http . Redirect ( w , r , "/" , http . StatusSeeOther )
}