diff --git a/errors.go b/errors.go
index fe25aaab..5748b37e 100644
--- a/errors.go
+++ b/errors.go
@@ -26,12 +26,12 @@ func init_errors() error {
return nil
}
-func InternalError(err error, w http.ResponseWriter, r *http.Request, user User) {
+func InternalError(err error, w http.ResponseWriter, r *http.Request) {
w.Write(error_internal)
log.Fatal(err)
}
-func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user User, is_js string) {
+func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, is_js string) {
w.WriteHeader(500)
if is_js == "0" {
w.Write(error_internal)
@@ -41,11 +41,20 @@ func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user Us
log.Fatal(err)
}
+func PreError(errmsg string, w http.ResponseWriter, r *http.Request) {
+ w.WriteHeader(500)
+ user := User{ID:0,Group:6,Perms:GuestPerms,}
+ pi := Page{"Error",user,nList,tList,errmsg}
+ var b bytes.Buffer
+ templates.ExecuteTemplate(&b,"error.html",pi)
+ fmt.Fprintln(w,b.String())
+}
+
func LocalError(errmsg string, w http.ResponseWriter, r *http.Request, user User) {
w.WriteHeader(500)
pi := Page{"Local Error",user,nList,tList,errmsg}
var b bytes.Buffer
- templates.ExecuteTemplate(&b,"error.html", pi)
+ templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String())
}
@@ -53,10 +62,23 @@ func LoginRequired(w http.ResponseWriter, r *http.Request, user User) {
w.WriteHeader(401)
pi := Page{"Local Error",user,nList,tList,"You need to login to do that."}
var b bytes.Buffer
- templates.ExecuteTemplate(&b,"error.html", pi)
+ templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String())
}
+func PreErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, is_js string) {
+ w.WriteHeader(500)
+ if is_js == "0" {
+ user := User{ID:0,Group:6,Perms:GuestPerms,}
+ pi := Page{"Local Error",user,nList,tList,errmsg}
+ var b bytes.Buffer
+ templates.ExecuteTemplate(&b,"error.html", pi)
+ fmt.Fprintln(w,b.String())
+ } else {
+ w.Write([]byte(`{'errmsg': '` + errmsg + `'}`))
+ }
+}
+
func LocalErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, user User, is_js string) {
w.WriteHeader(500)
if is_js == "0" {
@@ -130,7 +152,7 @@ func SecurityError(w http.ResponseWriter, r *http.Request, user User) {
fmt.Fprintln(w,b.String())
}
-func NotFound(w http.ResponseWriter, r *http.Request, user User) {
+func NotFound(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(404)
w.Write(error_notfound)
}
diff --git a/mod_routes.go b/mod_routes.go
index db9b0787..4639379b 100644
--- a/mod_routes.go
+++ b/mod_routes.go
@@ -10,14 +10,9 @@ import "database/sql"
import _ "github.com/go-sql-driver/mysql"
func route_edit_topic(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
- if !ok {
- return
- }
-
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form",w,r,user)
+ PreError("Bad Form",w,r)
return
}
is_js := r.PostFormValue("js")
@@ -29,30 +24,24 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
var fid int
tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
if err != nil {
- LocalErrorJSQ("The provided TopicID is not a valid number.",w,r,user,is_js)
+ PreErrorJSQ("The provided TopicID is not a valid number.",w,r,is_js)
return
}
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
- LocalError("The topic you tried to edit doesn't exist.",w,r,user)
+ PreError("The topic you tried to edit doesn't exist.",w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, ok := SimpleForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditTopic {
- NoPermissionsJSQ(w,r,user,is_js)
- return
- }
- } else if !user.Perms.ViewTopic || !user.Perms.EditTopic {
+ if !user.Perms.ViewTopic || !user.Perms.EditTopic {
NoPermissionsJSQ(w,r,user,is_js)
return
}
@@ -64,7 +53,7 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
topic_content := html.EscapeString(r.PostFormValue("topic_content"))
_, err = edit_topic_stmt.Exec(topic_name, preparse_message(topic_content), parse_message(html.EscapeString(preparse_message(topic_content))), is_closed, tid)
if err != nil {
- InternalErrorJSQ(err,w,r,user,is_js)
+ InternalErrorJSQ(err,w,r,is_js)
return
}
@@ -76,14 +65,9 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
}
func route_delete_topic(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
- if !ok {
- return
- }
-
tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
if err != nil {
- LocalError("The provided TopicID is not a valid number.",w,r,user)
+ PreError("The provided TopicID is not a valid number.",w,r)
return
}
@@ -92,46 +76,40 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
var fid int
err = db.QueryRow("select content, createdBy, parentID from topics where tid = ?", tid).Scan(&content, &createdBy, &fid)
if err == sql.ErrNoRows {
- LocalError("The topic you tried to delete doesn't exist.",w,r,user)
+ PreError("The topic you tried to delete doesn't exist.",w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, ok := SimpleForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteTopic {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
+ if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
NoPermissions(w,r,user)
return
}
_, err = delete_topic_stmt.Exec(tid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
log.Print("The topic '" + strconv.Itoa(tid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
http.Redirect(w,r,"/",http.StatusSeeOther)
wcount := word_count(content)
- err = decrease_post_user_stats(wcount, createdBy, true, user)
+ err = decrease_post_user_stats(wcount,createdBy,true,user)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = remove_topics_from_forum_stmt.Exec(1, fid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -139,104 +117,77 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
}
func route_stick_topic(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
- if !ok {
- return
- }
-
tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
if err != nil {
- LocalError("The provided TopicID is not a valid number.",w,r,user)
+ PreError("The provided TopicID is not a valid number.",w,r)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
- LocalError("The topic you tried to pin doesn't exist.",w,r,user)
+ PreError("The topic you tried to pin doesn't exist.",w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, ok := SimpleForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
+ if !user.Perms.ViewTopic || !user.Perms.PinTopic {
NoPermissions(w,r,user)
return
}
_, err = stick_topic_stmt.Exec(tid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
}
func route_unstick_topic(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
- if !ok {
- return
- }
-
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
if err != nil {
- LocalError("The provided TopicID is not a valid number.",w,r,user)
+ PreError("The provided TopicID is not a valid number.",w,r)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
- LocalError("The topic you tried to unpin doesn't exist.",w,r,user)
+ PreError("The topic you tried to unpin doesn't exist.",w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, ok := SimpleForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
+ if !user.Perms.ViewTopic || !user.Perms.PinTopic {
NoPermissions(w,r,user)
return
}
_, err = unstick_topic_stmt.Exec(tid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
}
func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
- if !ok {
- return
- }
-
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ PreError("Bad Form",w,r)
return
}
is_js := r.PostFormValue("js")
@@ -246,14 +197,14 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
if err != nil {
- LocalError("The provided Reply ID is not a valid number.",w,r,user)
+ PreError("The provided Reply ID is not a valid number.",w,r)
return
}
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
_, err = edit_reply_stmt.Exec(content, parse_message(content), rid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -261,31 +212,25 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
var tid int
err = db.QueryRow("select tid from replies where rid = ?", rid).Scan(&tid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
- LocalError("The parent topic doesn't exist.",w,r,user)
+ PreError("The parent topic doesn't exist.",w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, ok := SimpleForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditReply {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic || !user.Perms.EditReply {
+ if !user.Perms.ViewTopic || !user.Perms.EditReply {
NoPermissions(w,r,user)
return
}
@@ -298,14 +243,9 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
}
func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
- if !ok {
- return
- }
-
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ PreError("Bad Form",w,r)
return
}
is_js := r.PostFormValue("is_js")
@@ -313,14 +253,9 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
is_js = "0"
}
- if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
- NoPermissionsJSQ(w,r,user,is_js)
- return
- }
-
rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
if err != nil {
- LocalErrorJSQ("The provided Reply ID is not a valid number.",w,r,user,is_js)
+ PreErrorJSQ("The provided Reply ID is not a valid number.",w,r,is_js)
return
}
@@ -329,41 +264,35 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
var createdBy int
err = db.QueryRow("select tid, content, createdBy from replies where rid = ?", rid).Scan(&tid, &content, &createdBy)
if err == sql.ErrNoRows {
- LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
+ PreErrorJSQ("The reply you tried to delete doesn't exist.",w,r,is_js)
return
} else if err != nil {
- InternalErrorJSQ(err,w,r,user,is_js)
+ InternalErrorJSQ(err,w,r,is_js)
return
}
var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows {
- LocalError("The parent topic doesn't exist.",w,r,user)
+ PreError("The parent topic doesn't exist.",w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, ok := SimpleForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteReply {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
+ if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
NoPermissions(w,r,user)
return
}
_, err = delete_reply_stmt.Exec(rid)
if err != nil {
- InternalErrorJSQ(err,w,r,user,is_js)
+ InternalErrorJSQ(err,w,r,is_js)
return
}
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@@ -376,13 +305,12 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
wcount := word_count(content)
err = decrease_post_user_stats(wcount, createdBy, false, user)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = remove_replies_from_topic_stmt.Exec(1,tid)
if err != nil {
- InternalError(err,w,r,user)
- return
+ InternalError(err,w,r)
}
}
@@ -394,7 +322,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ LocalError("Bad Form",w,r,user)
return
}
is_js := r.PostFormValue("js")
@@ -412,7 +340,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
var uid int
err = db.QueryRow("select uid from users_replies where rid = ?", rid).Scan(&uid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -424,7 +352,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
_, err = edit_profile_reply_stmt.Exec(content, parse_message(content), rid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -443,7 +371,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ LocalError("Bad Form",w,r,user)
return
}
@@ -464,7 +392,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
return
} else if err != nil {
- InternalErrorJSQ(err,w,r,user,is_js)
+ InternalErrorJSQ(err,w,r,is_js)
return
}
@@ -475,7 +403,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
_, err = delete_profile_reply_stmt.Exec(rid)
if err != nil {
- InternalErrorJSQ(err,w,r,user,is_js)
+ InternalErrorJSQ(err,w,r,is_js)
return
}
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@@ -492,7 +420,6 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
if !ok {
return
}
-
if !user.Perms.BanUsers {
NoPermissions(w,r,user)
return
@@ -510,7 +437,7 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to ban no longer exists.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -526,7 +453,6 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
if !ok {
return
}
-
if !user.Perms.BanUsers {
NoPermissions(w,r,user)
return
@@ -549,7 +475,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to ban no longer exists.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -573,7 +499,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
_, err = change_group_stmt.Exec(4, uid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@@ -588,7 +514,6 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
NoPermissions(w,r,user)
return
}
-
if r.FormValue("session") != user.Session {
SecurityError(w,r,user)
return
@@ -607,7 +532,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to unban no longer exists.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -618,7 +543,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
_, err = change_group_stmt.Exec(default_group, uid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@@ -646,12 +571,12 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
var uname string
var active bool
- err = db.QueryRow("select `name`, `active` from users where `uid` = ?", uid).Scan(&uname, &active)
+ err = db.QueryRow("select `name`,`active` from users where `uid` = ?", uid).Scan(&uname, &active)
if err == sql.ErrNoRows {
LocalError("The account you're trying to activate no longer exists.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -661,13 +586,13 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
}
_, err = activate_user_stmt.Exec(uid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = change_group_stmt.Exec(default_group, uid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@@ -740,7 +665,7 @@ func route_panel_forums_create_submit(w http.ResponseWriter, r *http.Request){
fid, err := create_forum(fname,active,fpreset)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -757,11 +682,11 @@ func route_panel_forums_delete(w http.ResponseWriter, r *http.Request){
NoPermissions(w,r,user)
return
}
-
if r.FormValue("session") != user.Session {
SecurityError(w,r,user)
return
}
+
fid, err := strconv.Atoi(r.URL.Path[len("/panel/forums/delete/"):])
if err != nil {
LocalError("The provided Forum ID is not a valid number.",w,r,user)
@@ -806,7 +731,7 @@ func route_panel_forums_delete_submit(w http.ResponseWriter, r *http.Request) {
err = delete_forum(fid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r,"/panel/forums/",http.StatusSeeOther)
@@ -894,7 +819,7 @@ func route_panel_forums_edit_submit(w http.ResponseWriter, r *http.Request) {
_, err = update_forum_stmt.Exec(forum_name,active,forum_preset,fid)
if err != nil {
- InternalErrorJSQ(err,w,r,user,is_js)
+ InternalErrorJSQ(err,w,r,is_js)
return
}
@@ -930,7 +855,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
var settingList map[string]interface{} = make(map[string]interface{})
rows, err := db.Query("select name, content, type from settings")
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
defer rows.Close()
@@ -941,7 +866,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&sname,&scontent,&stype)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -965,7 +890,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -991,7 +916,7 @@ func route_panel_setting(w http.ResponseWriter, r *http.Request){
LocalError("The setting you want to edit doesn't exist.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1053,7 +978,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
LocalError("The setting you want to edit doesn't exist.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1067,7 +992,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
_, err = update_setting_stmt.Exec(scontent,sname)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1122,7 +1047,7 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
var active bool
err := db.QueryRow("select active from plugins where uname = ?", uname).Scan(&active)
if err != nil && err != sql.ErrNoRows {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1142,13 +1067,13 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
}
_, err = update_plugin_stmt.Exec(1,uname)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
} else {
_, err := add_plugin_stmt.Exec(uname,1)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
@@ -1188,7 +1113,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
LocalError("The plugin you're trying to deactivate isn't active",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1198,7 +1123,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
}
_, err = update_plugin_stmt.Exec(0,uname)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1222,7 +1147,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
var userList []interface{}
rows, err := db.Query("select `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` from users")
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
defer rows.Close()
@@ -1231,7 +1156,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
puser := User{ID: 0,}
err := rows.Scan(&puser.ID, &puser.Name, &puser.Group, &puser.Active, &puser.Is_Super_Admin, &puser.Avatar)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1260,14 +1185,14 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
pi := Page{"User Manager",user,noticeList,userList,nil}
err = templates.ExecuteTemplate(w,"panel-users.html",pi)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
@@ -1296,7 +1221,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
LocalError("The user you're trying to edit doesn't exist.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1321,7 +1246,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
pi := Page{"User Editor",user,noticeList,groupList,targetUser}
err = templates.ExecuteTemplate(w,"panel-user-edit.html",pi)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
@@ -1334,7 +1259,6 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
NoPermissions(w,r,user)
return
}
-
if r.FormValue("session") != user.Session {
SecurityError(w,r,user)
return
@@ -1353,7 +1277,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
LocalError("The user you're trying to edit doesn't exist.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1408,7 +1332,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
_, err = update_user_stmt.Exec(newname,newemail,newgroup,targetUser.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1488,7 +1412,7 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
var isDefault bool
err := db.QueryRow("select `default` from `themes` where `uname` = ?", uname).Scan(&isDefault)
if err != nil && err != sql.ErrNoRows {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1500,20 +1424,20 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
}
_, err = update_theme_stmt.Exec(1, uname)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
} else {
_, err := add_theme_stmt.Exec(uname,1)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
_, err = update_theme_stmt.Exec(0, defaultTheme)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
diff --git a/router.go b/router.go
index cd6c0edc..6253c7d0 100644
--- a/router.go
+++ b/router.go
@@ -42,8 +42,7 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
if req.URL.Path[len(req.URL.Path) - 1] == '/' {
- w.WriteHeader(404)
- w.Write(error_notfound)
+ NotFound(w,req)
return
}
@@ -60,7 +59,6 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return
}
- w.WriteHeader(404)
- w.Write(error_notfound)
+ NotFound(w,req)
return
}
\ No newline at end of file
diff --git a/routes.go b/routes.go
index 2074481e..08dfe094 100644
--- a/routes.go
+++ b/routes.go
@@ -65,7 +65,7 @@ func route_overview(w http.ResponseWriter, r *http.Request){
pi := Page{"Overview",user,noticeList,tList,nil}
err := templates.ExecuteTemplate(w,"overview.html",pi)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
@@ -76,13 +76,13 @@ func route_custom_page(w http.ResponseWriter, r *http.Request){
}
name := r.URL.Path[len("/pages/"):]
if templates.Lookup("page_" + name) == nil {
- NotFound(w,r,user)
+ NotFound(w,r)
return
}
err := templates.ExecuteTemplate(w,"page_" + name,Page{"Page",user,noticeList,tList,nil})
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
@@ -104,7 +104,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
rows, err := db.Query("select topics.tid, topics.title, topics.content, topics.createdBy, topics.is_closed, topics.sticky, topics.createdAt, topics.parentID, users.name, users.avatar from topics left join users ON topics.createdBy = users.uid where parentID in("+strings.Join(fidList,",")+") order by topics.sticky DESC, topics.lastReplyAt DESC, topics.createdBy DESC")
//rows, err := get_topic_list_stmt.Query()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -112,7 +112,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -131,7 +131,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
rows.Close()
@@ -142,36 +142,25 @@ func route_topics(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"topics.html",pi)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
}
func route_forum(w http.ResponseWriter, r *http.Request){
- user, noticeList, ok := SessionCheck(w,r)
- if !ok {
- return
- }
-
page, _ := strconv.Atoi(r.FormValue("page"))
fid, err := strconv.Atoi(r.URL.Path[len("/forum/"):])
if err != nil {
- LocalError("The provided ForumID is not a valid number.",w,r,user)
+ PreError("The provided ForumID is not a valid number.",w,r)
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- NotFound(w,r,user)
+ user, noticeList, ok := ForumSessionCheck(w,r,fid)
+ if !ok {
return
}
-
//fmt.Printf("%+v\n", groups[user.Group].Forums)
- if groups[user.Group].Forums[fid].Overrides {
- if !groups[user.Group].Forums[fid].ViewTopic {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic {
+ if !user.Perms.ViewTopic {
NoPermissions(w,r,user)
return
}
@@ -189,7 +178,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
}
rows, err := get_forum_topics_offset_stmt.Query(fid,offset)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -198,7 +187,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -217,7 +206,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
rows.Close()
@@ -228,7 +217,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"forum.html",pi)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
}
@@ -255,16 +244,12 @@ func route_forums(w http.ResponseWriter, r *http.Request){
} else {
err := templates.ExecuteTemplate(w,"forums.html",pi)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
}
func route_topic_id(w http.ResponseWriter, r *http.Request){
- user, noticeList, ok := SessionCheck(w,r)
- if !ok {
- return
- }
var(
err error
content string
@@ -278,31 +263,25 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
topic := TopicUser{Css: no_css_tmpl}
topic.ID, err = strconv.Atoi(r.URL.Path[len("/topic/"):])
if err != nil {
- LocalError("The provided TopicID is not a valid number.",w,r,user)
+ PreError("The provided TopicID is not a valid number.",w,r)
return
}
// Get the topic..
err = get_topic_user_stmt.QueryRow(topic.ID).Scan(&topic.Title, &content, &topic.CreatedBy, &topic.CreatedAt, &topic.Is_Closed, &topic.Sticky, &topic.ParentID, &topic.IpAddress, &topic.PostCount, &topic.CreatedByName, &topic.Avatar, &group, &topic.URLPrefix, &topic.URLName, &topic.Level)
if err == sql.ErrNoRows {
- NotFound(w,r,user)
+ NotFound(w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- if (topic.ParentID > forumCapCount) || (topic.ParentID < 0) || forums[topic.ParentID].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
+ user, noticeList, ok := ForumSessionCheck(w,r,topic.ParentID)
+ if !ok {
return
}
-
- if groups[user.Group].Forums[topic.ParentID].Overrides {
- if !groups[user.Group].Forums[topic.ParentID].ViewTopic {
- NoPermissions(w,r,user)
- return
- }
- } else if !user.Perms.ViewTopic {
+ if !user.Perms.ViewTopic {
NoPermissions(w,r,user)
return
}
@@ -361,7 +340,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
LocalError("Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -369,7 +348,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&replyItem.ID, &replyItem.Content, &replyItem.CreatedBy, &replyItem.CreatedAt, &replyItem.LastEdit, &replyItem.LastEditBy, &replyItem.Avatar, &replyItem.CreatedByName, &group, &replyItem.URLPrefix, &replyItem.URLName, &replyItem.Level, &replyItem.IpAddress)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -410,7 +389,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
rows.Close()
@@ -421,7 +400,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"topic.html", tpage)
if err != nil {
- InternalError(err, w, r, user)
+ InternalError(err,w,r)
}
}
}
@@ -464,10 +443,10 @@ func route_profile(w http.ResponseWriter, r *http.Request){
// Fetch the user data
err = db.QueryRow("select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?", puser.ID).Scan(&puser.Name, &puser.Group, &puser.Is_Super_Admin, &puser.Avatar, &puser.Message, &puser.URLPrefix, &puser.URLName, &puser.Level)
if err == sql.ErrNoRows {
- NotFound(w,r,user)
+ NotFound(w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -493,7 +472,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
// Get the replies..
rows, err := db.Query("select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?", puser.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
defer rows.Close()
@@ -501,7 +480,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
for rows.Next() {
err := rows.Scan(&rid, &replyContent, &replyCreatedBy, &replyCreatedAt, &replyLastEdit, &replyLastEditBy, &replyAvatar, &replyCreatedByName, &group)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -530,7 +509,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
}
err = rows.Err()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -540,32 +519,32 @@ func route_profile(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"profile.html",ppage)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
}
func route_topic_create(w http.ResponseWriter, r *http.Request){
- user, noticeList, ok := SessionCheck(w,r)
- if !ok {
- return
- }
- if !user.Loggedin || !user.Perms.CreateTopic {
- NoPermissions(w,r,user)
- return
- }
-
var fid int
var err error
sfid := r.URL.Path[len("/topics/create/"):]
if sfid != "" {
fid, err = strconv.Atoi(sfid)
if err != nil {
- LocalError("The provided ForumID is not a valid number.",w,r,user)
+ PreError("The provided ForumID is not a valid number.",w,r)
return
}
}
+ user, noticeList, ok := ForumSessionCheck(w,r,fid)
+ if !ok {
+ return
+ }
+ if !user.Loggedin || !user.Perms.CreateTopic {
+ NoPermissions(w,r,user)
+ return
+ }
+
var forumList []Forum
group := groups[user.Group]
for _, fid := range group.CanSee {
@@ -580,14 +559,26 @@ func route_topic_create(w http.ResponseWriter, r *http.Request){
} else {
err = templates.ExecuteTemplate(w,"create-topic.html",ctpage)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
}
}
}
// POST functions. Authorised users only.
func route_create_topic(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
+ err := r.ParseForm()
+ if err != nil {
+ PreError("Bad Form",w,r)
+ return
+ }
+
+ fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
+ if err != nil {
+ PreError("The provided ForumID is not a valid number.",w,r)
+ return
+ }
+
+ user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
@@ -596,17 +587,6 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
return
}
- err := r.ParseForm()
- if err != nil {
- LocalError("Bad Form",w,r,user)
- return
- }
-
- fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
- if err != nil {
- LocalError("The provided ForumID is not a valid number.",w,r,user)
- return
- }
topic_name := html.EscapeString(r.PostFormValue("topic-name"))
content := html.EscapeString(preparse_message(r.PostFormValue("topic-content")))
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
@@ -615,33 +595,27 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
return
}
- if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
- LocalError("The topic's parent forum doesn't exist.",w,r,user)
- return
- }
-
res, err := create_topic_stmt.Exec(fid,topic_name,content,parse_message(content),ipaddress,user.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
-
lastId, err := res.LastInsertId()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = add_topics_to_forum_stmt.Exec(1,fid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
forums[fid].TopicCount -= 1
_, err = update_forum_cache_stmt.Exec(topic_name,lastId,user.Name,user.ID,fid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
forums[fid].LastTopic = topic_name
@@ -654,13 +628,35 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
wcount := word_count(content)
err = increase_post_user_stats(wcount,user.ID,true,user)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
func route_create_reply(w http.ResponseWriter, r *http.Request) {
- user, ok := SimpleSessionCheck(w,r)
+ err := r.ParseForm()
+ if err != nil {
+ PreError("Bad Form",w,r)
+ return
+ }
+ tid, err := strconv.Atoi(r.PostFormValue("tid"))
+ if err != nil {
+ PreError("Failed to convert the TopicID",w,r)
+ return
+ }
+
+ var topic_name string
+ var fid int
+ err = db.QueryRow("select title, parentID from topics where tid = ?",tid).Scan(&topic_name,&fid)
+ if err == sql.ErrNoRows {
+ PreError("Couldn't find the parent topic",w,r)
+ return
+ } else if err != nil {
+ InternalError(err,w,r)
+ return
+ }
+
+ user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok {
return
}
@@ -669,17 +665,6 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
return
}
- err := r.ParseForm()
- if err != nil {
- LocalError("Bad Form", w, r, user)
- return
- }
- tid, err := strconv.Atoi(r.PostFormValue("tid"))
- if err != nil {
- LocalError("Failed to convert the TopicID", w, r, user)
- return
- }
-
content := preparse_message(html.EscapeString(r.PostFormValue("reply-content")))
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
@@ -689,36 +674,26 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
_, err = create_reply_stmt.Exec(tid,content,parse_message(content),ipaddress,user.ID)
if err != nil {
- InternalError(err,w,r,user)
- return
- }
-
- var topic_name string
- err = db.QueryRow("select title from topics where tid = ?", tid).Scan(&topic_name)
- if err == sql.ErrNoRows {
- LocalError("Couldn't find the parent topic", w, r, user)
- return
- } else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = add_replies_to_topic_stmt.Exec(1, tid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = update_forum_cache_stmt.Exec(topic_name, tid, user.Name, user.ID, 1)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- http.Redirect(w, r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
+ http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
wcount := word_count(content)
err = increase_post_user_stats(wcount, user.ID, false, user)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
@@ -735,7 +710,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ LocalError("Bad Form",w,r,user)
return
}
uid, err := strconv.Atoi(r.PostFormValue("uid"))
@@ -746,7 +721,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
_, err = create_profile_reply_stmt.Exec(uid,html.EscapeString(preparse_message(r.PostFormValue("reply-content"))),parse_message(html.EscapeString(preparse_message(r.PostFormValue("reply-content")))),user.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -756,7 +731,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
LocalError("The profile you're trying to post on doesn't exist.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -806,7 +781,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the reported post",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -815,7 +790,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the topic which the reported post is supposed to be in",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
content = content + "
Original Post: " + title + ""
@@ -825,7 +800,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the reported post",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -834,17 +809,17 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the profile which the reported post is supposed to be on",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
content = content + "
Original Post: " + title + ""
} else if item_type == "topic" {
err = db.QueryRow("select title, content from topics where tid = ?", item_id).Scan(&title,&content)
if err == sql.ErrNoRows {
- NotFound(w,r,user)
+ NotFound(w,r)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
content = content + "
Original Post: " + title + ""
@@ -861,14 +836,14 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
var count int
rows, err := db.Query("select count(*) as count from topics where data = ? and data != '' and parentID = 1", item_type + "_" + strconv.Itoa(item_id))
if err != nil && err != sql.ErrNoRows {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
for rows.Next() {
err = rows.Scan(&count)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
@@ -880,24 +855,24 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
title = "Report: " + title
res, err := create_report_stmt.Exec(title,content,content,user.ID,item_type + "_" + strconv.Itoa(item_id))
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
lastId, err := res.LastInsertId()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = add_topics_to_forum_stmt.Exec(1, fid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = update_forum_cache_stmt.Exec(title, lastId, user.Name, user.ID, fid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -913,7 +888,7 @@ func route_account_own_edit_critical(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user)
return
}
- pi := Page{"Edit Password",user,noticeList,tList,0}
+ pi := Page{"Edit Password",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
}
@@ -929,7 +904,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ LocalError("Bad Form",w,r,user)
return
}
@@ -944,7 +919,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
LocalError("Your account no longer exists.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -954,7 +929,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
LocalError("That's not the correct password.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
if new_password != confirm_password {
@@ -966,12 +941,12 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
// Log the user out as a safety precaution
_, err = logout_stmt.Exec(user.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
- noticeList[len(noticeList)] = "Your password was successfully updated"
- pi := Page{"Edit Password",user,noticeList,tList,0}
+ noticeList = append(noticeList,"Your password was successfully updated")
+ pi := Page{"Edit Password",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit.html", pi)
}
@@ -984,13 +959,13 @@ func route_account_own_edit_avatar(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user)
return
}
- pi := Page{"Edit Avatar",user,noticeList,tList,0}
- templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
+ pi := Page{"Edit Avatar",user,noticeList,tList,nil}
+ templates.ExecuteTemplate(w,"account-own-edit-avatar.html",pi)
}
func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request) {
if r.ContentLength > int64(max_request_size) {
- http.Error(w, "request too large", http.StatusExpectationFailed)
+ http.Error(w,"Request too large",http.StatusExpectationFailed)
return
}
r.Body = http.MaxBytesReader(w, r.Body, int64(max_request_size))
@@ -1006,7 +981,7 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
err := r.ParseMultipartForm(int64(max_request_size))
if err != nil {
- LocalError("Upload failed", w, r, user)
+ LocalError("Upload failed",w,r,user)
return
}
@@ -1051,14 +1026,14 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
outfile, err := os.Create("./uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext);
if err != nil {
- LocalError("Upload failed [File Creation Failed]", w, r, user)
+ LocalError("Upload failed [File Creation Failed]",w,r,user)
return
}
defer outfile.Close()
_, err = io.Copy(outfile, infile);
if err != nil {
- LocalError("Upload failed [Copy Failed]", w, r, user)
+ LocalError("Upload failed [Copy Failed]",w,r,user)
return
}
}
@@ -1066,13 +1041,13 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
_, err = set_avatar_stmt.Exec("." + ext, strconv.Itoa(user.ID))
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext
noticeList = append(noticeList, "Your avatar was successfully updated")
- pi := Page{"Edit Avatar",user,noticeList,tList,0}
+ pi := Page{"Edit Avatar",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
}
@@ -1085,9 +1060,8 @@ func route_account_own_edit_username(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user)
return
}
-
pi := Page{"Edit Username",user,noticeList,tList,user.Name}
- templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
+ templates.ExecuteTemplate(w,"account-own-edit-username.html",pi)
}
func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Request) {
@@ -1101,7 +1075,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
}
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ LocalError("Bad Form",w,r,user)
return
}
@@ -1114,7 +1088,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
user.Name = new_username
noticeList = append(noticeList,"Your username was successfully updated")
- pi := Page{"Edit Username",user,noticeList,tList,0}
+ pi := Page{"Edit Username",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
}
@@ -1217,7 +1191,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
_, err = verify_email_stmt.Exec(user.Email)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1225,7 +1199,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
if settings["activation_type"] == 2 {
_, err = activate_user_stmt.Exec(user.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
@@ -1250,7 +1224,7 @@ func route_logout(w http.ResponseWriter, r *http.Request) {
_, err := logout_stmt.Exec(user.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
http.Redirect(w,r, "/", http.StatusSeeOther)
@@ -1265,7 +1239,7 @@ func route_login(w http.ResponseWriter, r *http.Request) {
LocalError("You're already logged in.",w,r,user)
return
}
- pi := Page{"Login",user,noticeList,tList,0}
+ pi := Page{"Login",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"login.html", pi)
}
@@ -1278,10 +1252,9 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("You're already logged in.",w,r,user)
return
}
-
err := r.ParseForm()
if err != nil {
- LocalError("Bad Form", w, r, user)
+ LocalError("Bad Form",w,r,user)
return
}
@@ -1297,7 +1270,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("That username doesn't exist.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1313,7 +1286,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
} else { // Normal login..
password = password + salt
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1322,20 +1295,20 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("That's not the correct password.",w,r,user)
return
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
}
session, err = GenerateSafeString(sessionLength)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = update_session_stmt.Exec(session, uid)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1402,7 +1375,7 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
// Is this username already taken..?
err = username_exists_stmt.QueryRow(username).Scan(&username)
if err != nil && err != sql.ErrNoRows {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
} else if err != sql.ErrNoRows {
LocalError("This username isn't available. Try another.",w,r,user)
@@ -1411,19 +1384,19 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
salt, err := GenerateSafeString(saltLength)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
session, err := GenerateSafeString(sessionLength)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
password = password + salt
hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1439,12 +1412,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
res, err := register_stmt.Exec(username,email,string(hashed_password),salt,group,session,active)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
lastId, err := res.LastInsertId()
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
@@ -1452,12 +1425,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
if enable_emails {
token, err := GenerateSafeString(80)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
_, err = add_email_stmt.Exec(email, lastId, 0, token)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return
}
diff --git a/template_forum.go b/template_forum.go
index ffb4f55c..aae49de0 100644
--- a/template_forum.go
+++ b/template_forum.go
@@ -1,7 +1,7 @@
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
package main
-import "strconv"
import "io"
+import "strconv"
func init() {
template_forum_handle = template_forum
diff --git a/template_profile.go b/template_profile.go
index e71179bf..609431b3 100644
--- a/template_profile.go
+++ b/template_profile.go
@@ -1,7 +1,7 @@
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
package main
-import "strconv"
import "io"
+import "strconv"
func init() {
template_profile_handle = template_profile
diff --git a/user.go b/user.go
index c979d440..d914efa8 100644
--- a/user.go
+++ b/user.go
@@ -73,76 +73,57 @@ func SendValidationEmail(username string, email string, token string) bool {
return SendEmail(email, subject, msg)
}
-func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
- // Are there any session cookies..?
- cookie, err := r.Cookie("uid")
- if err != nil {
- user.Group = 6
- user.Perms = GuestPerms
- return user, noticeList, true
+func SimpleForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, success bool) {
+ if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+ PreError("The target forum doesn't exist.",w,r)
+ return user, false
}
- user.ID, err = strconv.Atoi(cookie.Value)
- if err != nil {
- user.Group = 6
- user.Perms = GuestPerms
- return user, noticeList, true
+ user, success = SimpleSessionCheck(w,r)
+ fperms := groups[user.Group].Forums[fid]
+ if fperms.Overrides && !user.Is_Super_Admin {
+ user.Perms.ViewTopic = fperms.ViewTopic
+ user.Perms.CreateTopic = fperms.CreateTopic
+ user.Perms.EditTopic = fperms.EditTopic
+ user.Perms.DeleteTopic = fperms.DeleteTopic
+ user.Perms.CreateReply = fperms.CreateReply
+ user.Perms.EditReply = fperms.EditReply
+ user.Perms.DeleteReply = fperms.DeleteReply
+ user.Perms.PinTopic = fperms.PinTopic
+ user.Perms.CloseTopic = fperms.CloseTopic
}
- cookie, err = r.Cookie("session")
- if err != nil {
- user.Group = 6
- user.Perms = GuestPerms
- return user, noticeList, true
- }
-
- // Is this session valid..?
- err = get_session_stmt.QueryRow(user.ID,cookie.Value).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName, &user.Level, &user.Score, &user.Last_IP)
- if err == sql.ErrNoRows {
- user.ID = 0
- user.Session = ""
- user.Group = 6
- user.Perms = GuestPerms
- return user, noticeList, true
- } else if err != nil {
- InternalError(err,w,r,user)
+ return user, success
+}
+
+func ForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, noticeList []string, success bool) {
+ if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+ NotFound(w,r)
return user, noticeList, false
}
-
- user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin
- user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin
- user.Is_Mod = user.Is_Super_Mod
- user.Is_Banned = groups[user.Group].Is_Banned
- user.Loggedin = !user.Is_Banned || user.Is_Super_Mod
- if user.Is_Banned && user.Is_Super_Mod {
- user.Is_Banned = false
+ user, success = SimpleSessionCheck(w,r)
+ fperms := groups[user.Group].Forums[fid]
+ if fperms.Overrides && !user.Is_Super_Admin {
+ user.Perms.ViewTopic = fperms.ViewTopic
+ user.Perms.CreateTopic = fperms.CreateTopic
+ user.Perms.EditTopic = fperms.EditTopic
+ user.Perms.DeleteTopic = fperms.DeleteTopic
+ user.Perms.CreateReply = fperms.CreateReply
+ user.Perms.EditReply = fperms.EditReply
+ user.Perms.DeleteReply = fperms.DeleteReply
+ user.Perms.PinTopic = fperms.PinTopic
+ user.Perms.CloseTopic = fperms.CloseTopic
}
-
- if user.Is_Super_Admin {
- user.Perms = AllPerms
- } else {
- user.Perms = groups[user.Group].Perms
- }
-
if user.Is_Banned {
- noticeList = append(noticeList, "Your account has been suspended. Some of your permissions may have been revoked.")
+ noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
}
-
- if user.Avatar != "" {
- if user.Avatar[0] == '.' {
- user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar
- }
- } else {
- user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
+ return user, noticeList, success
+}
+
+func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
+ user, success = SimpleSessionCheck(w,r)
+ if user.Is_Banned {
+ noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
}
-
- host, _, err := net.SplitHostPort(r.RemoteAddr)
- if err != nil {
- LocalError("Bad IP",w,r,user)
- return user, noticeList, false
- }
- if host != user.Last_IP {
- go update_last_ip_stmt.Exec(host, user.ID)
- }
- return user, noticeList, true
+ return user, noticeList, success
}
func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) {
@@ -175,7 +156,7 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
user.Perms = GuestPerms
return user, true
} else if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return user, false
}
@@ -208,10 +189,9 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
return user, false
}
if host != user.Last_IP {
- //fmt.Println("Update")
_, err = update_last_ip_stmt.Exec(host, user.ID)
if err != nil {
- InternalError(err,w,r,user)
+ InternalError(err,w,r)
return user, false
}
}