You can now change your password.

src/main.go

@@ -26,6 +26,7 @@ var login_stmt *sql.Stmt
 var update_session_stmt *sql.Stmt
 var logout_stmt *sql.Stmt
 var set_password_stmt *sql.Stmt
+var get_password_stmt *sql.Stmt
 var register_stmt *sql.Stmt
 var username_exists_stmt *sql.Stmt
 var custom_pages map[string]string = make(map[string]string)
@@ -65,7 +66,7 @@ func init_database(err error) {
 	}
 	
 	log.Print("Preparing edit_topic statement.")
-	edit_topic_stmt, err = db.Prepare("UPDATE topics SET title = ? WHERE tid = ?")
+	edit_topic_stmt, err = db.Prepare("UPDATE topics SET title = ?, content = ?, is_closed = ? WHERE tid = ?")
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -106,6 +107,12 @@ func init_database(err error) {
 		log.Fatal(err)
 	}
 	
+	log.Print("Preparing get_password statement.")
+	get_password_stmt, err = db.Prepare("SELECT `password`, `salt` FROM `users` WHERE `uid` = ?")
+	if err != nil {
+		log.Fatal(err)
+	}
+	
 	// Add an admin version of register_stmt with more flexibility
 	// create_account_stmt, err = db.Prepare("INSERT INTO 
 	

src/pages/test.html

@@ -1 +1 @@
-Testing
+<div class="rowitem">Testing</div>

src/public/global.js

@@ -63,7 +63,6 @@ $(document).ready(function(){
 		event.preventDefault();
 		var block_parent = $(this).closest('.editable_parent');
 		var block = block_parent.find('.editable_block').eq(0);
-		//block.html("<textarea style='width: 100%;' name='edit_" +
 		block.html("<textarea style='width: 100%;' name='edit_item'>" + block.html() + "</textarea><br /><a href='" + $(this).closest('a').attr("href") + "'><button class='submit_edit' type='submit'>Update</button></a>");
 		
 		$(".submit_edit").click(function(event)

src/routes.go

@@ -7,7 +7,6 @@ import "bytes"
 import "time"
 import "net/http"
 import "html"
-//import "html/template"
 import "database/sql"
 import _ "github.com/go-sql-driver/mysql"
 import "golang.org/x/crypto/bcrypt"
@@ -202,10 +201,10 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
 	}
 	
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	success := 1
 	
 	res, err := create_topic_stmt.Exec(html.EscapeString(r.PostFormValue("topic-name")),html.EscapeString(r.PostFormValue("topic-content")),int32(time.Now().Unix()),user.ID)
@@ -244,10 +243,10 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
 	}
 	
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	
 	success := 1
 	tid, err = strconv.Atoi(r.PostFormValue("tid"))
@@ -288,10 +287,10 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
 func route_edit_topic(w http.ResponseWriter, r *http.Request) {
 	user := SessionCheck(w,r)
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	is_js := r.PostFormValue("js")
 	if is_js == "" {
 		is_js = "0"
@@ -311,8 +310,14 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
 	
 	topic_name := r.PostFormValue("topic_name")
 	topic_status := r.PostFormValue("topic_status")
+	var is_closed bool
+	if topic_status == "closed" {
+		is_closed = true
+	} else {
+		is_closed = false
+	}
 	topic_content := html.EscapeString(r.PostFormValue("topic_content"))
-	_, err = edit_topic_stmt.Exec(topic_name, topic_status, topic_content, tid)
+	_, err = edit_topic_stmt.Exec(topic_name, topic_content, is_closed, tid)
 	if err != nil {
 		InternalErrorJSQ(err,w,r,user,is_js)
 		return
@@ -328,10 +333,10 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
 func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 	user := SessionCheck(w,r)
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	
 	is_js := r.PostFormValue("js")
 	if is_js == "" {
@@ -374,10 +379,10 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 	user := SessionCheck(w,r)
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	
 	is_js := r.PostFormValue("is_js")
 	if is_js == "" {
@@ -450,19 +455,65 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
 	}
 	
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	
-	//current_password, err := strconv.Atoi(r.PostFormValue("account-current-password"))
-	//new_password, err := strconv.Atoi(r.PostFormValue("account-new-password"))
-	//confirm_password, err := strconv.Atoi(r.PostFormValue("account-confirm-password"))
+	var real_password string
+	var salt string
+	current_password := r.PostFormValue("account-current-password")
+	new_password := r.PostFormValue("account-new-password")
+	confirm_password := r.PostFormValue("account-confirm-password")
 	
+	err = get_password_stmt.QueryRow(user.ID).Scan(&real_password, &salt)
+	if err == sql.ErrNoRows {
+		pi := Page{"Error","error",user,tList,"Your account doesn't exist."}
+		
+		var b bytes.Buffer
+		templates.ExecuteTemplate(&b,"error.html", pi)
+		errpage := b.String()
+		http.Error(w,errpage,500)
+		return
+	} else if err != nil {
+		InternalError(err,w,r,user)
+		return
+	}
 	
+	current_password = current_password + salt
+	err = bcrypt.CompareHashAndPassword([]byte(real_password), []byte(current_password))
+	if err == bcrypt.ErrMismatchedHashAndPassword {
+		pi := Page{"Error","error",user,tList,"That's not the correct password."}
+		
+		var b bytes.Buffer
+		templates.ExecuteTemplate(&b,"error.html", pi)
+		errpage := b.String()
+		http.Error(w,errpage,500)
+		return
+	} else if err != nil {
+		InternalError(err,w,r,user)
+		return
+	}
+	if new_password != confirm_password {
+		pi := Page{"Error","error",user,tList,"The two passwords don't match."}
+		
+		var b bytes.Buffer
+		templates.ExecuteTemplate(&b,"error.html", pi)
+		errpage := b.String()
+		http.Error(w,errpage,500)
+		return
+	}
+	SetPassword(user.ID, new_password)
 	
-	pi := Page{"Edit Password","account-own-edit",user,tList,0}
-	templates.ExecuteTemplate(w,"account-own-edit.html", pi)
+	// Log the user out as a safety precaution
+	_, err = logout_stmt.Exec(user.ID)
+	if err != nil {
+		InternalError(err,w,r,user)
+		return
+	}
+	
+	pi := Page{"Edit Password","account-own-edit-success",user,tList,0}
+	templates.ExecuteTemplate(w,"account-own-edit-success.html", pi)
 }
 	
 func route_logout(w http.ResponseWriter, r *http.Request) {
@@ -517,10 +568,10 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
 	}
 	
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	
 	var uid int
 	var real_password string
@@ -629,10 +680,10 @@ func route_register(w http.ResponseWriter, r *http.Request) {
 func route_register_submit(w http.ResponseWriter, r *http.Request) {
 	user := SessionCheck(w,r)
 	err := r.ParseForm()
-    if err != nil {
-        LocalError("Bad Form", w, r, user)
+	if err != nil {
+		LocalError("Bad Form", w, r, user)
 		return          
-    }
+	}
 	
 	username := html.EscapeString(r.PostFormValue("username"))
 	password := r.PostFormValue("password")