Per-Forum Permissions work everywhere now.

Removed some unnecessary user parameters from the error handlers.
Added a PreError type for when the user data isn't available yet.
This commit is contained in:
Azareal 2017-02-05 16:36:54 +00:00
parent df5f70ee6b
commit dca8670eed
7 changed files with 311 additions and 414 deletions

View File

@ -26,12 +26,12 @@ func init_errors() error {
return nil
}
func InternalError(err error, w http.ResponseWriter, r *http.Request, user User) {
func InternalError(err error, w http.ResponseWriter, r *http.Request) {
w.Write(error_internal)
log.Fatal(err)
}
func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user User, is_js string) {
func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, is_js string) {
w.WriteHeader(500)
if is_js == "0" {
w.Write(error_internal)
@ -41,11 +41,20 @@ func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user Us
log.Fatal(err)
}
func PreError(errmsg string, w http.ResponseWriter, r *http.Request) {
w.WriteHeader(500)
user := User{ID:0,Group:6,Perms:GuestPerms,}
pi := Page{"Error",user,nList,tList,errmsg}
var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String())
}
func LocalError(errmsg string, w http.ResponseWriter, r *http.Request, user User) {
w.WriteHeader(500)
pi := Page{"Local Error",user,nList,tList,errmsg}
var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html", pi)
templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String())
}
@ -53,10 +62,23 @@ func LoginRequired(w http.ResponseWriter, r *http.Request, user User) {
w.WriteHeader(401)
pi := Page{"Local Error",user,nList,tList,"You need to login to do that."}
var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html", pi)
templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String())
}
func PreErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, is_js string) {
w.WriteHeader(500)
if is_js == "0" {
user := User{ID:0,Group:6,Perms:GuestPerms,}
pi := Page{"Local Error",user,nList,tList,errmsg}
var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html", pi)
fmt.Fprintln(w,b.String())
} else {
w.Write([]byte(`{'errmsg': '` + errmsg + `'}`))
}
}
func LocalErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, user User, is_js string) {
w.WriteHeader(500)
if is_js == "0" {
@ -130,7 +152,7 @@ func SecurityError(w http.ResponseWriter, r *http.Request, user User) {
fmt.Fprintln(w,b.String())
}
func NotFound(w http.ResponseWriter, r *http.Request, user User) {
func NotFound(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(404)
w.Write(error_notfound)
}

View File

@ -10,14 +10,9 @@ import "database/sql"
import _ "github.com/go-sql-driver/mysql"
func route_edit_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form",w,r,user)
PreError("Bad Form",w,r)
return
}
is_js := r.PostFormValue("js")
@ -29,30 +24,24 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
var fid int
tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
if err != nil {
LocalErrorJSQ("The provided TopicID is not a valid number.",w,r,user,is_js)
PreErrorJSQ("The provided TopicID is not a valid number.",w,r,is_js)
return
}
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
LocalError("The topic you tried to edit doesn't exist.",w,r,user)
PreError("The topic you tried to edit doesn't exist.",w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditTopic {
NoPermissionsJSQ(w,r,user,is_js)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.EditTopic {
if !user.Perms.ViewTopic || !user.Perms.EditTopic {
NoPermissionsJSQ(w,r,user,is_js)
return
}
@ -64,7 +53,7 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
topic_content := html.EscapeString(r.PostFormValue("topic_content"))
_, err = edit_topic_stmt.Exec(topic_name, preparse_message(topic_content), parse_message(html.EscapeString(preparse_message(topic_content))), is_closed, tid)
if err != nil {
InternalErrorJSQ(err,w,r,user,is_js)
InternalErrorJSQ(err,w,r,is_js)
return
}
@ -76,14 +65,9 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
}
func route_delete_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user)
PreError("The provided TopicID is not a valid number.",w,r)
return
}
@ -92,46 +76,40 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
var fid int
err = db.QueryRow("select content, createdBy, parentID from topics where tid = ?", tid).Scan(&content, &createdBy, &fid)
if err == sql.ErrNoRows {
LocalError("The topic you tried to delete doesn't exist.",w,r,user)
PreError("The topic you tried to delete doesn't exist.",w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
NoPermissions(w,r,user)
return
}
_, err = delete_topic_stmt.Exec(tid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
log.Print("The topic '" + strconv.Itoa(tid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
http.Redirect(w,r,"/",http.StatusSeeOther)
wcount := word_count(content)
err = decrease_post_user_stats(wcount, createdBy, true, user)
err = decrease_post_user_stats(wcount,createdBy,true,user)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = remove_topics_from_forum_stmt.Exec(1, fid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -139,104 +117,77 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
}
func route_stick_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user)
PreError("The provided TopicID is not a valid number.",w,r)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
LocalError("The topic you tried to pin doesn't exist.",w,r,user)
PreError("The topic you tried to pin doesn't exist.",w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
NoPermissions(w,r,user)
return
}
_, err = stick_topic_stmt.Exec(tid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
}
func route_unstick_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user)
PreError("The provided TopicID is not a valid number.",w,r)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
LocalError("The topic you tried to unpin doesn't exist.",w,r,user)
PreError("The topic you tried to unpin doesn't exist.",w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
NoPermissions(w,r,user)
return
}
_, err = unstick_topic_stmt.Exec(tid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
}
func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
PreError("Bad Form",w,r)
return
}
is_js := r.PostFormValue("js")
@ -246,14 +197,14 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
if err != nil {
LocalError("The provided Reply ID is not a valid number.",w,r,user)
PreError("The provided Reply ID is not a valid number.",w,r)
return
}
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
_, err = edit_reply_stmt.Exec(content, parse_message(content), rid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -261,31 +212,25 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
var tid int
err = db.QueryRow("select tid from replies where rid = ?", rid).Scan(&tid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
LocalError("The parent topic doesn't exist.",w,r,user)
PreError("The parent topic doesn't exist.",w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditReply {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.EditReply {
if !user.Perms.ViewTopic || !user.Perms.EditReply {
NoPermissions(w,r,user)
return
}
@ -298,14 +243,9 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
}
func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
PreError("Bad Form",w,r)
return
}
is_js := r.PostFormValue("is_js")
@ -313,14 +253,9 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
is_js = "0"
}
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
NoPermissionsJSQ(w,r,user,is_js)
return
}
rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
if err != nil {
LocalErrorJSQ("The provided Reply ID is not a valid number.",w,r,user,is_js)
PreErrorJSQ("The provided Reply ID is not a valid number.",w,r,is_js)
return
}
@ -329,41 +264,35 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
var createdBy int
err = db.QueryRow("select tid, content, createdBy from replies where rid = ?", rid).Scan(&tid, &content, &createdBy)
if err == sql.ErrNoRows {
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
PreErrorJSQ("The reply you tried to delete doesn't exist.",w,r,is_js)
return
} else if err != nil {
InternalErrorJSQ(err,w,r,user,is_js)
InternalErrorJSQ(err,w,r,is_js)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
LocalError("The parent topic doesn't exist.",w,r,user)
PreError("The parent topic doesn't exist.",w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteReply {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
NoPermissions(w,r,user)
return
}
_, err = delete_reply_stmt.Exec(rid)
if err != nil {
InternalErrorJSQ(err,w,r,user,is_js)
InternalErrorJSQ(err,w,r,is_js)
return
}
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@ -376,13 +305,12 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
wcount := word_count(content)
err = decrease_post_user_stats(wcount, createdBy, false, user)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = remove_replies_from_topic_stmt.Exec(1,tid)
if err != nil {
InternalError(err,w,r,user)
return
InternalError(err,w,r)
}
}
@ -394,7 +322,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
LocalError("Bad Form",w,r,user)
return
}
is_js := r.PostFormValue("js")
@ -412,7 +340,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
var uid int
err = db.QueryRow("select uid from users_replies where rid = ?", rid).Scan(&uid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -424,7 +352,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
_, err = edit_profile_reply_stmt.Exec(content, parse_message(content), rid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -443,7 +371,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
LocalError("Bad Form",w,r,user)
return
}
@ -464,7 +392,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
return
} else if err != nil {
InternalErrorJSQ(err,w,r,user,is_js)
InternalErrorJSQ(err,w,r,is_js)
return
}
@ -475,7 +403,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
_, err = delete_profile_reply_stmt.Exec(rid)
if err != nil {
InternalErrorJSQ(err,w,r,user,is_js)
InternalErrorJSQ(err,w,r,is_js)
return
}
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@ -492,7 +420,6 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
if !ok {
return
}
if !user.Perms.BanUsers {
NoPermissions(w,r,user)
return
@ -510,7 +437,7 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to ban no longer exists.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -526,7 +453,6 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
if !ok {
return
}
if !user.Perms.BanUsers {
NoPermissions(w,r,user)
return
@ -549,7 +475,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to ban no longer exists.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -573,7 +499,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
_, err = change_group_stmt.Exec(4, uid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@ -588,7 +514,6 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
NoPermissions(w,r,user)
return
}
if r.FormValue("session") != user.Session {
SecurityError(w,r,user)
return
@ -607,7 +532,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to unban no longer exists.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -618,7 +543,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
_, err = change_group_stmt.Exec(default_group, uid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@ -646,12 +571,12 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
var uname string
var active bool
err = db.QueryRow("select `name`, `active` from users where `uid` = ?", uid).Scan(&uname, &active)
err = db.QueryRow("select `name`,`active` from users where `uid` = ?", uid).Scan(&uname, &active)
if err == sql.ErrNoRows {
LocalError("The account you're trying to activate no longer exists.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -661,13 +586,13 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
}
_, err = activate_user_stmt.Exec(uid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = change_group_stmt.Exec(default_group, uid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@ -740,7 +665,7 @@ func route_panel_forums_create_submit(w http.ResponseWriter, r *http.Request){
fid, err := create_forum(fname,active,fpreset)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -757,11 +682,11 @@ func route_panel_forums_delete(w http.ResponseWriter, r *http.Request){
NoPermissions(w,r,user)
return
}
if r.FormValue("session") != user.Session {
SecurityError(w,r,user)
return
}
fid, err := strconv.Atoi(r.URL.Path[len("/panel/forums/delete/"):])
if err != nil {
LocalError("The provided Forum ID is not a valid number.",w,r,user)
@ -806,7 +731,7 @@ func route_panel_forums_delete_submit(w http.ResponseWriter, r *http.Request) {
err = delete_forum(fid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r,"/panel/forums/",http.StatusSeeOther)
@ -894,7 +819,7 @@ func route_panel_forums_edit_submit(w http.ResponseWriter, r *http.Request) {
_, err = update_forum_stmt.Exec(forum_name,active,forum_preset,fid)
if err != nil {
InternalErrorJSQ(err,w,r,user,is_js)
InternalErrorJSQ(err,w,r,is_js)
return
}
@ -930,7 +855,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
var settingList map[string]interface{} = make(map[string]interface{})
rows, err := db.Query("select name, content, type from settings")
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
defer rows.Close()
@ -941,7 +866,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&sname,&scontent,&stype)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -965,7 +890,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -991,7 +916,7 @@ func route_panel_setting(w http.ResponseWriter, r *http.Request){
LocalError("The setting you want to edit doesn't exist.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1053,7 +978,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
LocalError("The setting you want to edit doesn't exist.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1067,7 +992,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
_, err = update_setting_stmt.Exec(scontent,sname)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1122,7 +1047,7 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
var active bool
err := db.QueryRow("select active from plugins where uname = ?", uname).Scan(&active)
if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1142,13 +1067,13 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
}
_, err = update_plugin_stmt.Exec(1,uname)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
} else {
_, err := add_plugin_stmt.Exec(uname,1)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
@ -1188,7 +1113,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
LocalError("The plugin you're trying to deactivate isn't active",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1198,7 +1123,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
}
_, err = update_plugin_stmt.Exec(0,uname)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1222,7 +1147,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
var userList []interface{}
rows, err := db.Query("select `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` from users")
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
defer rows.Close()
@ -1231,7 +1156,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
puser := User{ID: 0,}
err := rows.Scan(&puser.ID, &puser.Name, &puser.Group, &puser.Active, &puser.Is_Super_Admin, &puser.Avatar)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1260,14 +1185,14 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
pi := Page{"User Manager",user,noticeList,userList,nil}
err = templates.ExecuteTemplate(w,"panel-users.html",pi)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
@ -1296,7 +1221,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
LocalError("The user you're trying to edit doesn't exist.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1321,7 +1246,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
pi := Page{"User Editor",user,noticeList,groupList,targetUser}
err = templates.ExecuteTemplate(w,"panel-user-edit.html",pi)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
@ -1334,7 +1259,6 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
NoPermissions(w,r,user)
return
}
if r.FormValue("session") != user.Session {
SecurityError(w,r,user)
return
@ -1353,7 +1277,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
LocalError("The user you're trying to edit doesn't exist.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1408,7 +1332,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
_, err = update_user_stmt.Exec(newname,newemail,newgroup,targetUser.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1488,7 +1412,7 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
var isDefault bool
err := db.QueryRow("select `default` from `themes` where `uname` = ?", uname).Scan(&isDefault)
if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1500,20 +1424,20 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
}
_, err = update_theme_stmt.Exec(1, uname)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
} else {
_, err := add_theme_stmt.Exec(uname,1)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
_, err = update_theme_stmt.Exec(0, defaultTheme)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}

View File

@ -42,8 +42,7 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
if req.URL.Path[len(req.URL.Path) - 1] == '/' {
w.WriteHeader(404)
w.Write(error_notfound)
NotFound(w,req)
return
}
@ -60,7 +59,6 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return
}
w.WriteHeader(404)
w.Write(error_notfound)
NotFound(w,req)
return
}

307
routes.go
View File

@ -65,7 +65,7 @@ func route_overview(w http.ResponseWriter, r *http.Request){
pi := Page{"Overview",user,noticeList,tList,nil}
err := templates.ExecuteTemplate(w,"overview.html",pi)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
@ -76,13 +76,13 @@ func route_custom_page(w http.ResponseWriter, r *http.Request){
}
name := r.URL.Path[len("/pages/"):]
if templates.Lookup("page_" + name) == nil {
NotFound(w,r,user)
NotFound(w,r)
return
}
err := templates.ExecuteTemplate(w,"page_" + name,Page{"Page",user,noticeList,tList,nil})
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
@ -104,7 +104,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
rows, err := db.Query("select topics.tid, topics.title, topics.content, topics.createdBy, topics.is_closed, topics.sticky, topics.createdAt, topics.parentID, users.name, users.avatar from topics left join users ON topics.createdBy = users.uid where parentID in("+strings.Join(fidList,",")+") order by topics.sticky DESC, topics.lastReplyAt DESC, topics.createdBy DESC")
//rows, err := get_topic_list_stmt.Query()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -112,7 +112,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -131,7 +131,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
rows.Close()
@ -142,36 +142,25 @@ func route_topics(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"topics.html",pi)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
}
func route_forum(w http.ResponseWriter, r *http.Request){
user, noticeList, ok := SessionCheck(w,r)
if !ok {
return
}
page, _ := strconv.Atoi(r.FormValue("page"))
fid, err := strconv.Atoi(r.URL.Path[len("/forum/"):])
if err != nil {
LocalError("The provided ForumID is not a valid number.",w,r,user)
PreError("The provided ForumID is not a valid number.",w,r)
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
NotFound(w,r,user)
user, noticeList, ok := ForumSessionCheck(w,r,fid)
if !ok {
return
}
//fmt.Printf("%+v\n", groups[user.Group].Forums)
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic {
if !user.Perms.ViewTopic {
NoPermissions(w,r,user)
return
}
@ -189,7 +178,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
}
rows, err := get_forum_topics_offset_stmt.Query(fid,offset)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -198,7 +187,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -217,7 +206,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
rows.Close()
@ -228,7 +217,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"forum.html",pi)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
}
@ -255,16 +244,12 @@ func route_forums(w http.ResponseWriter, r *http.Request){
} else {
err := templates.ExecuteTemplate(w,"forums.html",pi)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
}
func route_topic_id(w http.ResponseWriter, r *http.Request){
user, noticeList, ok := SessionCheck(w,r)
if !ok {
return
}
var(
err error
content string
@ -278,31 +263,25 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
topic := TopicUser{Css: no_css_tmpl}
topic.ID, err = strconv.Atoi(r.URL.Path[len("/topic/"):])
if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user)
PreError("The provided TopicID is not a valid number.",w,r)
return
}
// Get the topic..
err = get_topic_user_stmt.QueryRow(topic.ID).Scan(&topic.Title, &content, &topic.CreatedBy, &topic.CreatedAt, &topic.Is_Closed, &topic.Sticky, &topic.ParentID, &topic.IpAddress, &topic.PostCount, &topic.CreatedByName, &topic.Avatar, &group, &topic.URLPrefix, &topic.URLName, &topic.Level)
if err == sql.ErrNoRows {
NotFound(w,r,user)
NotFound(w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if (topic.ParentID > forumCapCount) || (topic.ParentID < 0) || forums[topic.ParentID].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
user, noticeList, ok := ForumSessionCheck(w,r,topic.ParentID)
if !ok {
return
}
if groups[user.Group].Forums[topic.ParentID].Overrides {
if !groups[user.Group].Forums[topic.ParentID].ViewTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic {
if !user.Perms.ViewTopic {
NoPermissions(w,r,user)
return
}
@ -361,7 +340,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
LocalError("Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -369,7 +348,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&replyItem.ID, &replyItem.Content, &replyItem.CreatedBy, &replyItem.CreatedAt, &replyItem.LastEdit, &replyItem.LastEditBy, &replyItem.Avatar, &replyItem.CreatedByName, &group, &replyItem.URLPrefix, &replyItem.URLName, &replyItem.Level, &replyItem.IpAddress)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -410,7 +389,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
rows.Close()
@ -421,7 +400,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"topic.html", tpage)
if err != nil {
InternalError(err, w, r, user)
InternalError(err,w,r)
}
}
}
@ -464,10 +443,10 @@ func route_profile(w http.ResponseWriter, r *http.Request){
// Fetch the user data
err = db.QueryRow("select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?", puser.ID).Scan(&puser.Name, &puser.Group, &puser.Is_Super_Admin, &puser.Avatar, &puser.Message, &puser.URLPrefix, &puser.URLName, &puser.Level)
if err == sql.ErrNoRows {
NotFound(w,r,user)
NotFound(w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -493,7 +472,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
// Get the replies..
rows, err := db.Query("select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?", puser.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
defer rows.Close()
@ -501,7 +480,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&rid, &replyContent, &replyCreatedBy, &replyCreatedAt, &replyLastEdit, &replyLastEditBy, &replyAvatar, &replyCreatedByName, &group)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -530,7 +509,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -540,32 +519,32 @@ func route_profile(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"profile.html",ppage)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
}
func route_topic_create(w http.ResponseWriter, r *http.Request){
user, noticeList, ok := SessionCheck(w,r)
if !ok {
return
}
if !user.Loggedin || !user.Perms.CreateTopic {
NoPermissions(w,r,user)
return
}
var fid int
var err error
sfid := r.URL.Path[len("/topics/create/"):]
if sfid != "" {
fid, err = strconv.Atoi(sfid)
if err != nil {
LocalError("The provided ForumID is not a valid number.",w,r,user)
PreError("The provided ForumID is not a valid number.",w,r)
return
}
}
user, noticeList, ok := ForumSessionCheck(w,r,fid)
if !ok {
return
}
if !user.Loggedin || !user.Perms.CreateTopic {
NoPermissions(w,r,user)
return
}
var forumList []Forum
group := groups[user.Group]
for _, fid := range group.CanSee {
@ -580,14 +559,26 @@ func route_topic_create(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"create-topic.html",ctpage)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
}
}
}
// POST functions. Authorised users only.
func route_create_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
err := r.ParseForm()
if err != nil {
PreError("Bad Form",w,r)
return
}
fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
if err != nil {
PreError("The provided ForumID is not a valid number.",w,r)
return
}
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
@ -596,17 +587,6 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
return
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form",w,r,user)
return
}
fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
if err != nil {
LocalError("The provided ForumID is not a valid number.",w,r,user)
return
}
topic_name := html.EscapeString(r.PostFormValue("topic-name"))
content := html.EscapeString(preparse_message(r.PostFormValue("topic-content")))
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
@ -615,33 +595,27 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
return
}
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
return
}
res, err := create_topic_stmt.Exec(fid,topic_name,content,parse_message(content),ipaddress,user.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
lastId, err := res.LastInsertId()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = add_topics_to_forum_stmt.Exec(1,fid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
forums[fid].TopicCount -= 1
_, err = update_forum_cache_stmt.Exec(topic_name,lastId,user.Name,user.ID,fid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
forums[fid].LastTopic = topic_name
@ -654,13 +628,35 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
wcount := word_count(content)
err = increase_post_user_stats(wcount,user.ID,true,user)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
func route_create_reply(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
err := r.ParseForm()
if err != nil {
PreError("Bad Form",w,r)
return
}
tid, err := strconv.Atoi(r.PostFormValue("tid"))
if err != nil {
PreError("Failed to convert the TopicID",w,r)
return
}
var topic_name string
var fid int
err = db.QueryRow("select title, parentID from topics where tid = ?",tid).Scan(&topic_name,&fid)
if err == sql.ErrNoRows {
PreError("Couldn't find the parent topic",w,r)
return
} else if err != nil {
InternalError(err,w,r)
return
}
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
@ -669,17 +665,6 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
return
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
return
}
tid, err := strconv.Atoi(r.PostFormValue("tid"))
if err != nil {
LocalError("Failed to convert the TopicID", w, r, user)
return
}
content := preparse_message(html.EscapeString(r.PostFormValue("reply-content")))
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
@ -689,36 +674,26 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
_, err = create_reply_stmt.Exec(tid,content,parse_message(content),ipaddress,user.ID)
if err != nil {
InternalError(err,w,r,user)
return
}
var topic_name string
err = db.QueryRow("select title from topics where tid = ?", tid).Scan(&topic_name)
if err == sql.ErrNoRows {
LocalError("Couldn't find the parent topic", w, r, user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = add_replies_to_topic_stmt.Exec(1, tid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = update_forum_cache_stmt.Exec(topic_name, tid, user.Name, user.ID, 1)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w, r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
wcount := word_count(content)
err = increase_post_user_stats(wcount, user.ID, false, user)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
@ -735,7 +710,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
LocalError("Bad Form",w,r,user)
return
}
uid, err := strconv.Atoi(r.PostFormValue("uid"))
@ -746,7 +721,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
_, err = create_profile_reply_stmt.Exec(uid,html.EscapeString(preparse_message(r.PostFormValue("reply-content"))),parse_message(html.EscapeString(preparse_message(r.PostFormValue("reply-content")))),user.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -756,7 +731,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
LocalError("The profile you're trying to post on doesn't exist.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -806,7 +781,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the reported post",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -815,7 +790,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the topic which the reported post is supposed to be in",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(tid) + "'>" + title + "</a>"
@ -825,7 +800,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the reported post",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -834,17 +809,17 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the profile which the reported post is supposed to be on",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
content = content + "<br><br>Original Post: <a href='/user/" + strconv.Itoa(tid) + "'>" + title + "</a>"
} else if item_type == "topic" {
err = db.QueryRow("select title, content from topics where tid = ?", item_id).Scan(&title,&content)
if err == sql.ErrNoRows {
NotFound(w,r,user)
NotFound(w,r)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(item_id) + "'>" + title + "</a>"
@ -861,14 +836,14 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
var count int
rows, err := db.Query("select count(*) as count from topics where data = ? and data != '' and parentID = 1", item_type + "_" + strconv.Itoa(item_id))
if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
for rows.Next() {
err = rows.Scan(&count)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
@ -880,24 +855,24 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
title = "Report: " + title
res, err := create_report_stmt.Exec(title,content,content,user.ID,item_type + "_" + strconv.Itoa(item_id))
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
lastId, err := res.LastInsertId()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = add_topics_to_forum_stmt.Exec(1, fid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = update_forum_cache_stmt.Exec(title, lastId, user.Name, user.ID, fid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -913,7 +888,7 @@ func route_account_own_edit_critical(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user)
return
}
pi := Page{"Edit Password",user,noticeList,tList,0}
pi := Page{"Edit Password",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
}
@ -929,7 +904,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
LocalError("Bad Form",w,r,user)
return
}
@ -944,7 +919,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
LocalError("Your account no longer exists.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -954,7 +929,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
LocalError("That's not the correct password.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
if new_password != confirm_password {
@ -966,12 +941,12 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
// Log the user out as a safety precaution
_, err = logout_stmt.Exec(user.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
noticeList[len(noticeList)] = "Your password was successfully updated"
pi := Page{"Edit Password",user,noticeList,tList,0}
noticeList = append(noticeList,"Your password was successfully updated")
pi := Page{"Edit Password",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
}
@ -984,13 +959,13 @@ func route_account_own_edit_avatar(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user)
return
}
pi := Page{"Edit Avatar",user,noticeList,tList,0}
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
pi := Page{"Edit Avatar",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-avatar.html",pi)
}
func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request) {
if r.ContentLength > int64(max_request_size) {
http.Error(w, "request too large", http.StatusExpectationFailed)
http.Error(w,"Request too large",http.StatusExpectationFailed)
return
}
r.Body = http.MaxBytesReader(w, r.Body, int64(max_request_size))
@ -1006,7 +981,7 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
err := r.ParseMultipartForm(int64(max_request_size))
if err != nil {
LocalError("Upload failed", w, r, user)
LocalError("Upload failed",w,r,user)
return
}
@ -1051,14 +1026,14 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
outfile, err := os.Create("./uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext);
if err != nil {
LocalError("Upload failed [File Creation Failed]", w, r, user)
LocalError("Upload failed [File Creation Failed]",w,r,user)
return
}
defer outfile.Close()
_, err = io.Copy(outfile, infile);
if err != nil {
LocalError("Upload failed [Copy Failed]", w, r, user)
LocalError("Upload failed [Copy Failed]",w,r,user)
return
}
}
@ -1066,13 +1041,13 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
_, err = set_avatar_stmt.Exec("." + ext, strconv.Itoa(user.ID))
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext
noticeList = append(noticeList, "Your avatar was successfully updated")
pi := Page{"Edit Avatar",user,noticeList,tList,0}
pi := Page{"Edit Avatar",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
}
@ -1085,9 +1060,8 @@ func route_account_own_edit_username(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user)
return
}
pi := Page{"Edit Username",user,noticeList,tList,user.Name}
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
templates.ExecuteTemplate(w,"account-own-edit-username.html",pi)
}
func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Request) {
@ -1101,7 +1075,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
LocalError("Bad Form",w,r,user)
return
}
@ -1114,7 +1088,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
user.Name = new_username
noticeList = append(noticeList,"Your username was successfully updated")
pi := Page{"Edit Username",user,noticeList,tList,0}
pi := Page{"Edit Username",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
}
@ -1217,7 +1191,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
_, err = verify_email_stmt.Exec(user.Email)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1225,7 +1199,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
if settings["activation_type"] == 2 {
_, err = activate_user_stmt.Exec(user.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
@ -1250,7 +1224,7 @@ func route_logout(w http.ResponseWriter, r *http.Request) {
_, err := logout_stmt.Exec(user.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
http.Redirect(w,r, "/", http.StatusSeeOther)
@ -1265,7 +1239,7 @@ func route_login(w http.ResponseWriter, r *http.Request) {
LocalError("You're already logged in.",w,r,user)
return
}
pi := Page{"Login",user,noticeList,tList,0}
pi := Page{"Login",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"login.html", pi)
}
@ -1278,10 +1252,9 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("You're already logged in.",w,r,user)
return
}
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
LocalError("Bad Form",w,r,user)
return
}
@ -1297,7 +1270,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("That username doesn't exist.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1313,7 +1286,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
} else { // Normal login..
password = password + salt
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1322,20 +1295,20 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("That's not the correct password.",w,r,user)
return
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
}
session, err = GenerateSafeString(sessionLength)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = update_session_stmt.Exec(session, uid)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1402,7 +1375,7 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
// Is this username already taken..?
err = username_exists_stmt.QueryRow(username).Scan(&username)
if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
} else if err != sql.ErrNoRows {
LocalError("This username isn't available. Try another.",w,r,user)
@ -1411,19 +1384,19 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
salt, err := GenerateSafeString(saltLength)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
session, err := GenerateSafeString(sessionLength)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
password = password + salt
hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1439,12 +1412,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
res, err := register_stmt.Exec(username,email,string(hashed_password),salt,group,session,active)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
lastId, err := res.LastInsertId()
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
@ -1452,12 +1425,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
if enable_emails {
token, err := GenerateSafeString(80)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}
_, err = add_email_stmt.Exec(email, lastId, 0, token)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return
}

View File

@ -1,7 +1,7 @@
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
package main
import "strconv"
import "io"
import "strconv"
func init() {
template_forum_handle = template_forum

View File

@ -1,7 +1,7 @@
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
package main
import "strconv"
import "io"
import "strconv"
func init() {
template_profile_handle = template_profile

110
user.go
View File

@ -73,76 +73,57 @@ func SendValidationEmail(username string, email string, token string) bool {
return SendEmail(email, subject, msg)
}
func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
// Are there any session cookies..?
cookie, err := r.Cookie("uid")
if err != nil {
user.Group = 6
user.Perms = GuestPerms
return user, noticeList, true
func SimpleForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, success bool) {
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
PreError("The target forum doesn't exist.",w,r)
return user, false
}
user.ID, err = strconv.Atoi(cookie.Value)
if err != nil {
user.Group = 6
user.Perms = GuestPerms
return user, noticeList, true
user, success = SimpleSessionCheck(w,r)
fperms := groups[user.Group].Forums[fid]
if fperms.Overrides && !user.Is_Super_Admin {
user.Perms.ViewTopic = fperms.ViewTopic
user.Perms.CreateTopic = fperms.CreateTopic
user.Perms.EditTopic = fperms.EditTopic
user.Perms.DeleteTopic = fperms.DeleteTopic
user.Perms.CreateReply = fperms.CreateReply
user.Perms.EditReply = fperms.EditReply
user.Perms.DeleteReply = fperms.DeleteReply
user.Perms.PinTopic = fperms.PinTopic
user.Perms.CloseTopic = fperms.CloseTopic
}
cookie, err = r.Cookie("session")
if err != nil {
user.Group = 6
user.Perms = GuestPerms
return user, noticeList, true
}
// Is this session valid..?
err = get_session_stmt.QueryRow(user.ID,cookie.Value).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName, &user.Level, &user.Score, &user.Last_IP)
if err == sql.ErrNoRows {
user.ID = 0
user.Session = ""
user.Group = 6
user.Perms = GuestPerms
return user, noticeList, true
} else if err != nil {
InternalError(err,w,r,user)
return user, success
}
func ForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, noticeList []string, success bool) {
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
NotFound(w,r)
return user, noticeList, false
}
user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin
user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin
user.Is_Mod = user.Is_Super_Mod
user.Is_Banned = groups[user.Group].Is_Banned
user.Loggedin = !user.Is_Banned || user.Is_Super_Mod
if user.Is_Banned && user.Is_Super_Mod {
user.Is_Banned = false
user, success = SimpleSessionCheck(w,r)
fperms := groups[user.Group].Forums[fid]
if fperms.Overrides && !user.Is_Super_Admin {
user.Perms.ViewTopic = fperms.ViewTopic
user.Perms.CreateTopic = fperms.CreateTopic
user.Perms.EditTopic = fperms.EditTopic
user.Perms.DeleteTopic = fperms.DeleteTopic
user.Perms.CreateReply = fperms.CreateReply
user.Perms.EditReply = fperms.EditReply
user.Perms.DeleteReply = fperms.DeleteReply
user.Perms.PinTopic = fperms.PinTopic
user.Perms.CloseTopic = fperms.CloseTopic
}
if user.Is_Super_Admin {
user.Perms = AllPerms
} else {
user.Perms = groups[user.Group].Perms
}
if user.Is_Banned {
noticeList = append(noticeList, "Your account has been suspended. Some of your permissions may have been revoked.")
noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
}
if user.Avatar != "" {
if user.Avatar[0] == '.' {
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar
}
} else {
user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
return user, noticeList, success
}
func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
user, success = SimpleSessionCheck(w,r)
if user.Is_Banned {
noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
}
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
LocalError("Bad IP",w,r,user)
return user, noticeList, false
}
if host != user.Last_IP {
go update_last_ip_stmt.Exec(host, user.ID)
}
return user, noticeList, true
return user, noticeList, success
}
func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) {
@ -175,7 +156,7 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
user.Perms = GuestPerms
return user, true
} else if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return user, false
}
@ -208,10 +189,9 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
return user, false
}
if host != user.Last_IP {
//fmt.Println("Update")
_, err = update_last_ip_stmt.Exec(host, user.ID)
if err != nil {
InternalError(err,w,r,user)
InternalError(err,w,r)
return user, false
}
}