Per-Forum Permissions work everywhere now.

Removed some unnecessary user parameters from the error handlers.
Added a PreError type for when the user data isn't available yet.
This commit is contained in:
Azareal 2017-02-05 16:36:54 +00:00
parent df5f70ee6b
commit dca8670eed
7 changed files with 311 additions and 414 deletions

View File

@ -26,12 +26,12 @@ func init_errors() error {
return nil return nil
} }
func InternalError(err error, w http.ResponseWriter, r *http.Request, user User) { func InternalError(err error, w http.ResponseWriter, r *http.Request) {
w.Write(error_internal) w.Write(error_internal)
log.Fatal(err) log.Fatal(err)
} }
func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user User, is_js string) { func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, is_js string) {
w.WriteHeader(500) w.WriteHeader(500)
if is_js == "0" { if is_js == "0" {
w.Write(error_internal) w.Write(error_internal)
@ -41,11 +41,20 @@ func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user Us
log.Fatal(err) log.Fatal(err)
} }
func PreError(errmsg string, w http.ResponseWriter, r *http.Request) {
w.WriteHeader(500)
user := User{ID:0,Group:6,Perms:GuestPerms,}
pi := Page{"Error",user,nList,tList,errmsg}
var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String())
}
func LocalError(errmsg string, w http.ResponseWriter, r *http.Request, user User) { func LocalError(errmsg string, w http.ResponseWriter, r *http.Request, user User) {
w.WriteHeader(500) w.WriteHeader(500)
pi := Page{"Local Error",user,nList,tList,errmsg} pi := Page{"Local Error",user,nList,tList,errmsg}
var b bytes.Buffer var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html", pi) templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String()) fmt.Fprintln(w,b.String())
} }
@ -53,10 +62,23 @@ func LoginRequired(w http.ResponseWriter, r *http.Request, user User) {
w.WriteHeader(401) w.WriteHeader(401)
pi := Page{"Local Error",user,nList,tList,"You need to login to do that."} pi := Page{"Local Error",user,nList,tList,"You need to login to do that."}
var b bytes.Buffer var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html", pi) templates.ExecuteTemplate(&b,"error.html",pi)
fmt.Fprintln(w,b.String()) fmt.Fprintln(w,b.String())
} }
func PreErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, is_js string) {
w.WriteHeader(500)
if is_js == "0" {
user := User{ID:0,Group:6,Perms:GuestPerms,}
pi := Page{"Local Error",user,nList,tList,errmsg}
var b bytes.Buffer
templates.ExecuteTemplate(&b,"error.html", pi)
fmt.Fprintln(w,b.String())
} else {
w.Write([]byte(`{'errmsg': '` + errmsg + `'}`))
}
}
func LocalErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, user User, is_js string) { func LocalErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, user User, is_js string) {
w.WriteHeader(500) w.WriteHeader(500)
if is_js == "0" { if is_js == "0" {
@ -130,7 +152,7 @@ func SecurityError(w http.ResponseWriter, r *http.Request, user User) {
fmt.Fprintln(w,b.String()) fmt.Fprintln(w,b.String())
} }
func NotFound(w http.ResponseWriter, r *http.Request, user User) { func NotFound(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(404) w.WriteHeader(404)
w.Write(error_notfound) w.Write(error_notfound)
} }

View File

@ -10,14 +10,9 @@ import "database/sql"
import _ "github.com/go-sql-driver/mysql" import _ "github.com/go-sql-driver/mysql"
func route_edit_topic(w http.ResponseWriter, r *http.Request) { func route_edit_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form",w,r,user) PreError("Bad Form",w,r)
return return
} }
is_js := r.PostFormValue("js") is_js := r.PostFormValue("js")
@ -29,30 +24,24 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
var fid int var fid int
tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):]) tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
if err != nil { if err != nil {
LocalErrorJSQ("The provided TopicID is not a valid number.",w,r,user,is_js) PreErrorJSQ("The provided TopicID is not a valid number.",w,r,is_js)
return return
} }
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid) err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The topic you tried to edit doesn't exist.",w,r,user) PreError("The topic you tried to edit doesn't exist.",w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, ok := SimpleForumSessionCheck(w,r,fid)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic || !user.Perms.EditTopic {
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditTopic {
NoPermissionsJSQ(w,r,user,is_js)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.EditTopic {
NoPermissionsJSQ(w,r,user,is_js) NoPermissionsJSQ(w,r,user,is_js)
return return
} }
@ -64,7 +53,7 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
topic_content := html.EscapeString(r.PostFormValue("topic_content")) topic_content := html.EscapeString(r.PostFormValue("topic_content"))
_, err = edit_topic_stmt.Exec(topic_name, preparse_message(topic_content), parse_message(html.EscapeString(preparse_message(topic_content))), is_closed, tid) _, err = edit_topic_stmt.Exec(topic_name, preparse_message(topic_content), parse_message(html.EscapeString(preparse_message(topic_content))), is_closed, tid)
if err != nil { if err != nil {
InternalErrorJSQ(err,w,r,user,is_js) InternalErrorJSQ(err,w,r,is_js)
return return
} }
@ -76,14 +65,9 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
} }
func route_delete_topic(w http.ResponseWriter, r *http.Request) { func route_delete_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):]) tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
if err != nil { if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user) PreError("The provided TopicID is not a valid number.",w,r)
return return
} }
@ -92,46 +76,40 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
var fid int var fid int
err = db.QueryRow("select content, createdBy, parentID from topics where tid = ?", tid).Scan(&content, &createdBy, &fid) err = db.QueryRow("select content, createdBy, parentID from topics where tid = ?", tid).Scan(&content, &createdBy, &fid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The topic you tried to delete doesn't exist.",w,r,user) PreError("The topic you tried to delete doesn't exist.",w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, ok := SimpleForumSessionCheck(w,r,fid)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
_, err = delete_topic_stmt.Exec(tid) _, err = delete_topic_stmt.Exec(tid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
log.Print("The topic '" + strconv.Itoa(tid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".") log.Print("The topic '" + strconv.Itoa(tid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
http.Redirect(w,r,"/",http.StatusSeeOther) http.Redirect(w,r,"/",http.StatusSeeOther)
wcount := word_count(content) wcount := word_count(content)
err = decrease_post_user_stats(wcount, createdBy, true, user) err = decrease_post_user_stats(wcount,createdBy,true,user)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = remove_topics_from_forum_stmt.Exec(1, fid) _, err = remove_topics_from_forum_stmt.Exec(1, fid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -139,104 +117,77 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
} }
func route_stick_topic(w http.ResponseWriter, r *http.Request) { func route_stick_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):]) tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
if err != nil { if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user) PreError("The provided TopicID is not a valid number.",w,r)
return return
} }
var fid int var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid) err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The topic you tried to pin doesn't exist.",w,r,user) PreError("The topic you tried to pin doesn't exist.",w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, ok := SimpleForumSessionCheck(w,r,fid)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
_, err = stick_topic_stmt.Exec(tid) _, err = stick_topic_stmt.Exec(tid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther) http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
} }
func route_unstick_topic(w http.ResponseWriter, r *http.Request) { func route_unstick_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):]) tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
if err != nil { if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user) PreError("The provided TopicID is not a valid number.",w,r)
return return
} }
var fid int var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid) err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The topic you tried to unpin doesn't exist.",w,r,user) PreError("The topic you tried to unpin doesn't exist.",w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, ok := SimpleForumSessionCheck(w,r,fid)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic || !user.Perms.PinTopic {
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
_, err = unstick_topic_stmt.Exec(tid) _, err = unstick_topic_stmt.Exec(tid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther) http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
} }
func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) { func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) PreError("Bad Form",w,r)
return return
} }
is_js := r.PostFormValue("js") is_js := r.PostFormValue("js")
@ -246,14 +197,14 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):]) rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
if err != nil { if err != nil {
LocalError("The provided Reply ID is not a valid number.",w,r,user) PreError("The provided Reply ID is not a valid number.",w,r)
return return
} }
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item"))) content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
_, err = edit_reply_stmt.Exec(content, parse_message(content), rid) _, err = edit_reply_stmt.Exec(content, parse_message(content), rid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -261,31 +212,25 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
var tid int var tid int
err = db.QueryRow("select tid from replies where rid = ?", rid).Scan(&tid) err = db.QueryRow("select tid from replies where rid = ?", rid).Scan(&tid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
var fid int var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid) err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The parent topic doesn't exist.",w,r,user) PreError("The parent topic doesn't exist.",w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, ok := SimpleForumSessionCheck(w,r,fid)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic || !user.Perms.EditReply {
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditReply {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.EditReply {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
@ -298,14 +243,9 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
} }
func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) { func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r)
if !ok {
return
}
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) PreError("Bad Form",w,r)
return return
} }
is_js := r.PostFormValue("is_js") is_js := r.PostFormValue("is_js")
@ -313,14 +253,9 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
is_js = "0" is_js = "0"
} }
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
NoPermissionsJSQ(w,r,user,is_js)
return
}
rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):]) rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
if err != nil { if err != nil {
LocalErrorJSQ("The provided Reply ID is not a valid number.",w,r,user,is_js) PreErrorJSQ("The provided Reply ID is not a valid number.",w,r,is_js)
return return
} }
@ -329,41 +264,35 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
var createdBy int var createdBy int
err = db.QueryRow("select tid, content, createdBy from replies where rid = ?", rid).Scan(&tid, &content, &createdBy) err = db.QueryRow("select tid, content, createdBy from replies where rid = ?", rid).Scan(&tid, &content, &createdBy)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js) PreErrorJSQ("The reply you tried to delete doesn't exist.",w,r,is_js)
return return
} else if err != nil { } else if err != nil {
InternalErrorJSQ(err,w,r,user,is_js) InternalErrorJSQ(err,w,r,is_js)
return return
} }
var fid int var fid int
err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid) err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The parent topic doesn't exist.",w,r,user) PreError("The parent topic doesn't exist.",w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, ok := SimpleForumSessionCheck(w,r,fid)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
if groups[user.Group].Forums[fid].Overrides {
if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteReply {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
_, err = delete_reply_stmt.Exec(rid) _, err = delete_reply_stmt.Exec(rid)
if err != nil { if err != nil {
InternalErrorJSQ(err,w,r,user,is_js) InternalErrorJSQ(err,w,r,is_js)
return return
} }
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".") log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@ -376,13 +305,12 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
wcount := word_count(content) wcount := word_count(content)
err = decrease_post_user_stats(wcount, createdBy, false, user) err = decrease_post_user_stats(wcount, createdBy, false, user)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = remove_replies_from_topic_stmt.Exec(1,tid) _, err = remove_replies_from_topic_stmt.Exec(1,tid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return
} }
} }
@ -394,7 +322,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) LocalError("Bad Form",w,r,user)
return return
} }
is_js := r.PostFormValue("js") is_js := r.PostFormValue("js")
@ -412,7 +340,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
var uid int var uid int
err = db.QueryRow("select uid from users_replies where rid = ?", rid).Scan(&uid) err = db.QueryRow("select uid from users_replies where rid = ?", rid).Scan(&uid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -424,7 +352,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
content := html.EscapeString(preparse_message(r.PostFormValue("edit_item"))) content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
_, err = edit_profile_reply_stmt.Exec(content, parse_message(content), rid) _, err = edit_profile_reply_stmt.Exec(content, parse_message(content), rid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -443,7 +371,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) LocalError("Bad Form",w,r,user)
return return
} }
@ -464,7 +392,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js) LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
return return
} else if err != nil { } else if err != nil {
InternalErrorJSQ(err,w,r,user,is_js) InternalErrorJSQ(err,w,r,is_js)
return return
} }
@ -475,7 +403,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
_, err = delete_profile_reply_stmt.Exec(rid) _, err = delete_profile_reply_stmt.Exec(rid)
if err != nil { if err != nil {
InternalErrorJSQ(err,w,r,user,is_js) InternalErrorJSQ(err,w,r,is_js)
return return
} }
log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".") log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@ -492,7 +420,6 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
if !ok { if !ok {
return return
} }
if !user.Perms.BanUsers { if !user.Perms.BanUsers {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
@ -510,7 +437,7 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to ban no longer exists.",w,r,user) LocalError("The user you're trying to ban no longer exists.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -526,7 +453,6 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
if !ok { if !ok {
return return
} }
if !user.Perms.BanUsers { if !user.Perms.BanUsers {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
@ -549,7 +475,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to ban no longer exists.",w,r,user) LocalError("The user you're trying to ban no longer exists.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -573,7 +499,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
_, err = change_group_stmt.Exec(4, uid) _, err = change_group_stmt.Exec(4, uid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther) http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@ -588,7 +514,6 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
if r.FormValue("session") != user.Session { if r.FormValue("session") != user.Session {
SecurityError(w,r,user) SecurityError(w,r,user)
return return
@ -607,7 +532,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
LocalError("The user you're trying to unban no longer exists.",w,r,user) LocalError("The user you're trying to unban no longer exists.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -618,7 +543,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
_, err = change_group_stmt.Exec(default_group, uid) _, err = change_group_stmt.Exec(default_group, uid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther) http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@ -646,12 +571,12 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
var uname string var uname string
var active bool var active bool
err = db.QueryRow("select `name`, `active` from users where `uid` = ?", uid).Scan(&uname, &active) err = db.QueryRow("select `name`,`active` from users where `uid` = ?", uid).Scan(&uname, &active)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
LocalError("The account you're trying to activate no longer exists.",w,r,user) LocalError("The account you're trying to activate no longer exists.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -661,13 +586,13 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
} }
_, err = activate_user_stmt.Exec(uid) _, err = activate_user_stmt.Exec(uid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = change_group_stmt.Exec(default_group, uid) _, err = change_group_stmt.Exec(default_group, uid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther) http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@ -740,7 +665,7 @@ func route_panel_forums_create_submit(w http.ResponseWriter, r *http.Request){
fid, err := create_forum(fname,active,fpreset) fid, err := create_forum(fname,active,fpreset)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -757,11 +682,11 @@ func route_panel_forums_delete(w http.ResponseWriter, r *http.Request){
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
if r.FormValue("session") != user.Session { if r.FormValue("session") != user.Session {
SecurityError(w,r,user) SecurityError(w,r,user)
return return
} }
fid, err := strconv.Atoi(r.URL.Path[len("/panel/forums/delete/"):]) fid, err := strconv.Atoi(r.URL.Path[len("/panel/forums/delete/"):])
if err != nil { if err != nil {
LocalError("The provided Forum ID is not a valid number.",w,r,user) LocalError("The provided Forum ID is not a valid number.",w,r,user)
@ -806,7 +731,7 @@ func route_panel_forums_delete_submit(w http.ResponseWriter, r *http.Request) {
err = delete_forum(fid) err = delete_forum(fid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r,"/panel/forums/",http.StatusSeeOther) http.Redirect(w,r,"/panel/forums/",http.StatusSeeOther)
@ -894,7 +819,7 @@ func route_panel_forums_edit_submit(w http.ResponseWriter, r *http.Request) {
_, err = update_forum_stmt.Exec(forum_name,active,forum_preset,fid) _, err = update_forum_stmt.Exec(forum_name,active,forum_preset,fid)
if err != nil { if err != nil {
InternalErrorJSQ(err,w,r,user,is_js) InternalErrorJSQ(err,w,r,is_js)
return return
} }
@ -930,7 +855,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
var settingList map[string]interface{} = make(map[string]interface{}) var settingList map[string]interface{} = make(map[string]interface{})
rows, err := db.Query("select name, content, type from settings") rows, err := db.Query("select name, content, type from settings")
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
defer rows.Close() defer rows.Close()
@ -941,7 +866,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
for rows.Next() { for rows.Next() {
err := rows.Scan(&sname,&scontent,&stype) err := rows.Scan(&sname,&scontent,&stype)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -965,7 +890,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
} }
err = rows.Err() err = rows.Err()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -991,7 +916,7 @@ func route_panel_setting(w http.ResponseWriter, r *http.Request){
LocalError("The setting you want to edit doesn't exist.",w,r,user) LocalError("The setting you want to edit doesn't exist.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1053,7 +978,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
LocalError("The setting you want to edit doesn't exist.",w,r,user) LocalError("The setting you want to edit doesn't exist.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1067,7 +992,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
_, err = update_setting_stmt.Exec(scontent,sname) _, err = update_setting_stmt.Exec(scontent,sname)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1122,7 +1047,7 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
var active bool var active bool
err := db.QueryRow("select active from plugins where uname = ?", uname).Scan(&active) err := db.QueryRow("select active from plugins where uname = ?", uname).Scan(&active)
if err != nil && err != sql.ErrNoRows { if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1142,13 +1067,13 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
} }
_, err = update_plugin_stmt.Exec(1,uname) _, err = update_plugin_stmt.Exec(1,uname)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} else { } else {
_, err := add_plugin_stmt.Exec(uname,1) _, err := add_plugin_stmt.Exec(uname,1)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
@ -1188,7 +1113,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
LocalError("The plugin you're trying to deactivate isn't active",w,r,user) LocalError("The plugin you're trying to deactivate isn't active",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1198,7 +1123,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
} }
_, err = update_plugin_stmt.Exec(0,uname) _, err = update_plugin_stmt.Exec(0,uname)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1222,7 +1147,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
var userList []interface{} var userList []interface{}
rows, err := db.Query("select `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` from users") rows, err := db.Query("select `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` from users")
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
defer rows.Close() defer rows.Close()
@ -1231,7 +1156,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
puser := User{ID: 0,} puser := User{ID: 0,}
err := rows.Scan(&puser.ID, &puser.Name, &puser.Group, &puser.Active, &puser.Is_Super_Admin, &puser.Avatar) err := rows.Scan(&puser.ID, &puser.Name, &puser.Group, &puser.Active, &puser.Is_Super_Admin, &puser.Avatar)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1260,14 +1185,14 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
} }
err = rows.Err() err = rows.Err()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
pi := Page{"User Manager",user,noticeList,userList,nil} pi := Page{"User Manager",user,noticeList,userList,nil}
err = templates.ExecuteTemplate(w,"panel-users.html",pi) err = templates.ExecuteTemplate(w,"panel-users.html",pi)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
@ -1296,7 +1221,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
LocalError("The user you're trying to edit doesn't exist.",w,r,user) LocalError("The user you're trying to edit doesn't exist.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1321,7 +1246,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
pi := Page{"User Editor",user,noticeList,groupList,targetUser} pi := Page{"User Editor",user,noticeList,groupList,targetUser}
err = templates.ExecuteTemplate(w,"panel-user-edit.html",pi) err = templates.ExecuteTemplate(w,"panel-user-edit.html",pi)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
@ -1334,7 +1259,6 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
if r.FormValue("session") != user.Session { if r.FormValue("session") != user.Session {
SecurityError(w,r,user) SecurityError(w,r,user)
return return
@ -1353,7 +1277,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
LocalError("The user you're trying to edit doesn't exist.",w,r,user) LocalError("The user you're trying to edit doesn't exist.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1408,7 +1332,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
_, err = update_user_stmt.Exec(newname,newemail,newgroup,targetUser.ID) _, err = update_user_stmt.Exec(newname,newemail,newgroup,targetUser.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1488,7 +1412,7 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
var isDefault bool var isDefault bool
err := db.QueryRow("select `default` from `themes` where `uname` = ?", uname).Scan(&isDefault) err := db.QueryRow("select `default` from `themes` where `uname` = ?", uname).Scan(&isDefault)
if err != nil && err != sql.ErrNoRows { if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1500,20 +1424,20 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
} }
_, err = update_theme_stmt.Exec(1, uname) _, err = update_theme_stmt.Exec(1, uname)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} else { } else {
_, err := add_theme_stmt.Exec(uname,1) _, err := add_theme_stmt.Exec(uname,1)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
_, err = update_theme_stmt.Exec(0, defaultTheme) _, err = update_theme_stmt.Exec(0, defaultTheme)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }

View File

@ -42,8 +42,7 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
} }
if req.URL.Path[len(req.URL.Path) - 1] == '/' { if req.URL.Path[len(req.URL.Path) - 1] == '/' {
w.WriteHeader(404) NotFound(w,req)
w.Write(error_notfound)
return return
} }
@ -60,7 +59,6 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
return return
} }
w.WriteHeader(404) NotFound(w,req)
w.Write(error_notfound)
return return
} }

307
routes.go
View File

@ -65,7 +65,7 @@ func route_overview(w http.ResponseWriter, r *http.Request){
pi := Page{"Overview",user,noticeList,tList,nil} pi := Page{"Overview",user,noticeList,tList,nil}
err := templates.ExecuteTemplate(w,"overview.html",pi) err := templates.ExecuteTemplate(w,"overview.html",pi)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
@ -76,13 +76,13 @@ func route_custom_page(w http.ResponseWriter, r *http.Request){
} }
name := r.URL.Path[len("/pages/"):] name := r.URL.Path[len("/pages/"):]
if templates.Lookup("page_" + name) == nil { if templates.Lookup("page_" + name) == nil {
NotFound(w,r,user) NotFound(w,r)
return return
} }
err := templates.ExecuteTemplate(w,"page_" + name,Page{"Page",user,noticeList,tList,nil}) err := templates.ExecuteTemplate(w,"page_" + name,Page{"Page",user,noticeList,tList,nil})
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
@ -104,7 +104,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
rows, err := db.Query("select topics.tid, topics.title, topics.content, topics.createdBy, topics.is_closed, topics.sticky, topics.createdAt, topics.parentID, users.name, users.avatar from topics left join users ON topics.createdBy = users.uid where parentID in("+strings.Join(fidList,",")+") order by topics.sticky DESC, topics.lastReplyAt DESC, topics.createdBy DESC") rows, err := db.Query("select topics.tid, topics.title, topics.content, topics.createdBy, topics.is_closed, topics.sticky, topics.createdAt, topics.parentID, users.name, users.avatar from topics left join users ON topics.createdBy = users.uid where parentID in("+strings.Join(fidList,",")+") order by topics.sticky DESC, topics.lastReplyAt DESC, topics.createdBy DESC")
//rows, err := get_topic_list_stmt.Query() //rows, err := get_topic_list_stmt.Query()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -112,7 +112,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
for rows.Next() { for rows.Next() {
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar) err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -131,7 +131,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
} }
err = rows.Err() err = rows.Err()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
rows.Close() rows.Close()
@ -142,36 +142,25 @@ func route_topics(w http.ResponseWriter, r *http.Request){
} else { } else {
err = templates.ExecuteTemplate(w,"topics.html",pi) err = templates.ExecuteTemplate(w,"topics.html",pi)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
} }
func route_forum(w http.ResponseWriter, r *http.Request){ func route_forum(w http.ResponseWriter, r *http.Request){
user, noticeList, ok := SessionCheck(w,r)
if !ok {
return
}
page, _ := strconv.Atoi(r.FormValue("page")) page, _ := strconv.Atoi(r.FormValue("page"))
fid, err := strconv.Atoi(r.URL.Path[len("/forum/"):]) fid, err := strconv.Atoi(r.URL.Path[len("/forum/"):])
if err != nil { if err != nil {
LocalError("The provided ForumID is not a valid number.",w,r,user) PreError("The provided ForumID is not a valid number.",w,r)
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" { user, noticeList, ok := ForumSessionCheck(w,r,fid)
NotFound(w,r,user) if !ok {
return return
} }
//fmt.Printf("%+v\n", groups[user.Group].Forums) //fmt.Printf("%+v\n", groups[user.Group].Forums)
if groups[user.Group].Forums[fid].Overrides { if !user.Perms.ViewTopic {
if !groups[user.Group].Forums[fid].ViewTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
@ -189,7 +178,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
} }
rows, err := get_forum_topics_offset_stmt.Query(fid,offset) rows, err := get_forum_topics_offset_stmt.Query(fid,offset)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -198,7 +187,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
for rows.Next() { for rows.Next() {
err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar) err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -217,7 +206,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
} }
err = rows.Err() err = rows.Err()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
rows.Close() rows.Close()
@ -228,7 +217,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
} else { } else {
err = templates.ExecuteTemplate(w,"forum.html",pi) err = templates.ExecuteTemplate(w,"forum.html",pi)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
} }
@ -255,16 +244,12 @@ func route_forums(w http.ResponseWriter, r *http.Request){
} else { } else {
err := templates.ExecuteTemplate(w,"forums.html",pi) err := templates.ExecuteTemplate(w,"forums.html",pi)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
} }
func route_topic_id(w http.ResponseWriter, r *http.Request){ func route_topic_id(w http.ResponseWriter, r *http.Request){
user, noticeList, ok := SessionCheck(w,r)
if !ok {
return
}
var( var(
err error err error
content string content string
@ -278,31 +263,25 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
topic := TopicUser{Css: no_css_tmpl} topic := TopicUser{Css: no_css_tmpl}
topic.ID, err = strconv.Atoi(r.URL.Path[len("/topic/"):]) topic.ID, err = strconv.Atoi(r.URL.Path[len("/topic/"):])
if err != nil { if err != nil {
LocalError("The provided TopicID is not a valid number.",w,r,user) PreError("The provided TopicID is not a valid number.",w,r)
return return
} }
// Get the topic.. // Get the topic..
err = get_topic_user_stmt.QueryRow(topic.ID).Scan(&topic.Title, &content, &topic.CreatedBy, &topic.CreatedAt, &topic.Is_Closed, &topic.Sticky, &topic.ParentID, &topic.IpAddress, &topic.PostCount, &topic.CreatedByName, &topic.Avatar, &group, &topic.URLPrefix, &topic.URLName, &topic.Level) err = get_topic_user_stmt.QueryRow(topic.ID).Scan(&topic.Title, &content, &topic.CreatedBy, &topic.CreatedAt, &topic.Is_Closed, &topic.Sticky, &topic.ParentID, &topic.IpAddress, &topic.PostCount, &topic.CreatedByName, &topic.Avatar, &group, &topic.URLPrefix, &topic.URLName, &topic.Level)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
NotFound(w,r,user) NotFound(w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if (topic.ParentID > forumCapCount) || (topic.ParentID < 0) || forums[topic.ParentID].Name=="" { user, noticeList, ok := ForumSessionCheck(w,r,topic.ParentID)
LocalError("The topic's parent forum doesn't exist.",w,r,user) if !ok {
return return
} }
if !user.Perms.ViewTopic {
if groups[user.Group].Forums[topic.ParentID].Overrides {
if !groups[user.Group].Forums[topic.ParentID].ViewTopic {
NoPermissions(w,r,user)
return
}
} else if !user.Perms.ViewTopic {
NoPermissions(w,r,user) NoPermissions(w,r,user)
return return
} }
@ -361,7 +340,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
LocalError("Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number.",w,r,user) LocalError("Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -369,7 +348,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
for rows.Next() { for rows.Next() {
err := rows.Scan(&replyItem.ID, &replyItem.Content, &replyItem.CreatedBy, &replyItem.CreatedAt, &replyItem.LastEdit, &replyItem.LastEditBy, &replyItem.Avatar, &replyItem.CreatedByName, &group, &replyItem.URLPrefix, &replyItem.URLName, &replyItem.Level, &replyItem.IpAddress) err := rows.Scan(&replyItem.ID, &replyItem.Content, &replyItem.CreatedBy, &replyItem.CreatedAt, &replyItem.LastEdit, &replyItem.LastEditBy, &replyItem.Avatar, &replyItem.CreatedByName, &group, &replyItem.URLPrefix, &replyItem.URLName, &replyItem.Level, &replyItem.IpAddress)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -410,7 +389,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
} }
err = rows.Err() err = rows.Err()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
rows.Close() rows.Close()
@ -421,7 +400,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
} else { } else {
err = templates.ExecuteTemplate(w,"topic.html", tpage) err = templates.ExecuteTemplate(w,"topic.html", tpage)
if err != nil { if err != nil {
InternalError(err, w, r, user) InternalError(err,w,r)
} }
} }
} }
@ -464,10 +443,10 @@ func route_profile(w http.ResponseWriter, r *http.Request){
// Fetch the user data // Fetch the user data
err = db.QueryRow("select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?", puser.ID).Scan(&puser.Name, &puser.Group, &puser.Is_Super_Admin, &puser.Avatar, &puser.Message, &puser.URLPrefix, &puser.URLName, &puser.Level) err = db.QueryRow("select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?", puser.ID).Scan(&puser.Name, &puser.Group, &puser.Is_Super_Admin, &puser.Avatar, &puser.Message, &puser.URLPrefix, &puser.URLName, &puser.Level)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
NotFound(w,r,user) NotFound(w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -493,7 +472,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
// Get the replies.. // Get the replies..
rows, err := db.Query("select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?", puser.ID) rows, err := db.Query("select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?", puser.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
defer rows.Close() defer rows.Close()
@ -501,7 +480,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
for rows.Next() { for rows.Next() {
err := rows.Scan(&rid, &replyContent, &replyCreatedBy, &replyCreatedAt, &replyLastEdit, &replyLastEditBy, &replyAvatar, &replyCreatedByName, &group) err := rows.Scan(&rid, &replyContent, &replyCreatedBy, &replyCreatedAt, &replyLastEdit, &replyLastEditBy, &replyAvatar, &replyCreatedByName, &group)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -530,7 +509,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
} }
err = rows.Err() err = rows.Err()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -540,32 +519,32 @@ func route_profile(w http.ResponseWriter, r *http.Request){
} else { } else {
err = templates.ExecuteTemplate(w,"profile.html",ppage) err = templates.ExecuteTemplate(w,"profile.html",ppage)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
} }
func route_topic_create(w http.ResponseWriter, r *http.Request){ func route_topic_create(w http.ResponseWriter, r *http.Request){
user, noticeList, ok := SessionCheck(w,r)
if !ok {
return
}
if !user.Loggedin || !user.Perms.CreateTopic {
NoPermissions(w,r,user)
return
}
var fid int var fid int
var err error var err error
sfid := r.URL.Path[len("/topics/create/"):] sfid := r.URL.Path[len("/topics/create/"):]
if sfid != "" { if sfid != "" {
fid, err = strconv.Atoi(sfid) fid, err = strconv.Atoi(sfid)
if err != nil { if err != nil {
LocalError("The provided ForumID is not a valid number.",w,r,user) PreError("The provided ForumID is not a valid number.",w,r)
return return
} }
} }
user, noticeList, ok := ForumSessionCheck(w,r,fid)
if !ok {
return
}
if !user.Loggedin || !user.Perms.CreateTopic {
NoPermissions(w,r,user)
return
}
var forumList []Forum var forumList []Forum
group := groups[user.Group] group := groups[user.Group]
for _, fid := range group.CanSee { for _, fid := range group.CanSee {
@ -580,14 +559,26 @@ func route_topic_create(w http.ResponseWriter, r *http.Request){
} else { } else {
err = templates.ExecuteTemplate(w,"create-topic.html",ctpage) err = templates.ExecuteTemplate(w,"create-topic.html",ctpage)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
} }
} }
} }
// POST functions. Authorised users only. // POST functions. Authorised users only.
func route_create_topic(w http.ResponseWriter, r *http.Request) { func route_create_topic(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r) err := r.ParseForm()
if err != nil {
PreError("Bad Form",w,r)
return
}
fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
if err != nil {
PreError("The provided ForumID is not a valid number.",w,r)
return
}
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok { if !ok {
return return
} }
@ -596,17 +587,6 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
return return
} }
err := r.ParseForm()
if err != nil {
LocalError("Bad Form",w,r,user)
return
}
fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
if err != nil {
LocalError("The provided ForumID is not a valid number.",w,r,user)
return
}
topic_name := html.EscapeString(r.PostFormValue("topic-name")) topic_name := html.EscapeString(r.PostFormValue("topic-name"))
content := html.EscapeString(preparse_message(r.PostFormValue("topic-content"))) content := html.EscapeString(preparse_message(r.PostFormValue("topic-content")))
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
@ -615,33 +595,27 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
return return
} }
if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
LocalError("The topic's parent forum doesn't exist.",w,r,user)
return
}
res, err := create_topic_stmt.Exec(fid,topic_name,content,parse_message(content),ipaddress,user.ID) res, err := create_topic_stmt.Exec(fid,topic_name,content,parse_message(content),ipaddress,user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
lastId, err := res.LastInsertId() lastId, err := res.LastInsertId()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = add_topics_to_forum_stmt.Exec(1,fid) _, err = add_topics_to_forum_stmt.Exec(1,fid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
forums[fid].TopicCount -= 1 forums[fid].TopicCount -= 1
_, err = update_forum_cache_stmt.Exec(topic_name,lastId,user.Name,user.ID,fid) _, err = update_forum_cache_stmt.Exec(topic_name,lastId,user.Name,user.ID,fid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
forums[fid].LastTopic = topic_name forums[fid].LastTopic = topic_name
@ -654,13 +628,35 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
wcount := word_count(content) wcount := word_count(content)
err = increase_post_user_stats(wcount,user.ID,true,user) err = increase_post_user_stats(wcount,user.ID,true,user)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
func route_create_reply(w http.ResponseWriter, r *http.Request) { func route_create_reply(w http.ResponseWriter, r *http.Request) {
user, ok := SimpleSessionCheck(w,r) err := r.ParseForm()
if err != nil {
PreError("Bad Form",w,r)
return
}
tid, err := strconv.Atoi(r.PostFormValue("tid"))
if err != nil {
PreError("Failed to convert the TopicID",w,r)
return
}
var topic_name string
var fid int
err = db.QueryRow("select title, parentID from topics where tid = ?",tid).Scan(&topic_name,&fid)
if err == sql.ErrNoRows {
PreError("Couldn't find the parent topic",w,r)
return
} else if err != nil {
InternalError(err,w,r)
return
}
user, ok := SimpleForumSessionCheck(w,r,fid)
if !ok { if !ok {
return return
} }
@ -669,17 +665,6 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
return return
} }
err := r.ParseForm()
if err != nil {
LocalError("Bad Form", w, r, user)
return
}
tid, err := strconv.Atoi(r.PostFormValue("tid"))
if err != nil {
LocalError("Failed to convert the TopicID", w, r, user)
return
}
content := preparse_message(html.EscapeString(r.PostFormValue("reply-content"))) content := preparse_message(html.EscapeString(r.PostFormValue("reply-content")))
ipaddress, _, err := net.SplitHostPort(r.RemoteAddr) ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil { if err != nil {
@ -689,36 +674,26 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
_, err = create_reply_stmt.Exec(tid,content,parse_message(content),ipaddress,user.ID) _, err = create_reply_stmt.Exec(tid,content,parse_message(content),ipaddress,user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return
}
var topic_name string
err = db.QueryRow("select title from topics where tid = ?", tid).Scan(&topic_name)
if err == sql.ErrNoRows {
LocalError("Couldn't find the parent topic", w, r, user)
return
} else if err != nil {
InternalError(err,w,r,user)
return return
} }
_, err = add_replies_to_topic_stmt.Exec(1, tid) _, err = add_replies_to_topic_stmt.Exec(1, tid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = update_forum_cache_stmt.Exec(topic_name, tid, user.Name, user.ID, 1) _, err = update_forum_cache_stmt.Exec(topic_name, tid, user.Name, user.ID, 1)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w, r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther) http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
wcount := word_count(content) wcount := word_count(content)
err = increase_post_user_stats(wcount, user.ID, false, user) err = increase_post_user_stats(wcount, user.ID, false, user)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
@ -735,7 +710,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) LocalError("Bad Form",w,r,user)
return return
} }
uid, err := strconv.Atoi(r.PostFormValue("uid")) uid, err := strconv.Atoi(r.PostFormValue("uid"))
@ -746,7 +721,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
_, err = create_profile_reply_stmt.Exec(uid,html.EscapeString(preparse_message(r.PostFormValue("reply-content"))),parse_message(html.EscapeString(preparse_message(r.PostFormValue("reply-content")))),user.ID) _, err = create_profile_reply_stmt.Exec(uid,html.EscapeString(preparse_message(r.PostFormValue("reply-content"))),parse_message(html.EscapeString(preparse_message(r.PostFormValue("reply-content")))),user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -756,7 +731,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
LocalError("The profile you're trying to post on doesn't exist.",w,r,user) LocalError("The profile you're trying to post on doesn't exist.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -806,7 +781,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the reported post",w,r,user) LocalError("We were unable to find the reported post",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -815,7 +790,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the topic which the reported post is supposed to be in",w,r,user) LocalError("We were unable to find the topic which the reported post is supposed to be in",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(tid) + "'>" + title + "</a>" content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(tid) + "'>" + title + "</a>"
@ -825,7 +800,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the reported post",w,r,user) LocalError("We were unable to find the reported post",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -834,17 +809,17 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
LocalError("We were unable to find the profile which the reported post is supposed to be on",w,r,user) LocalError("We were unable to find the profile which the reported post is supposed to be on",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
content = content + "<br><br>Original Post: <a href='/user/" + strconv.Itoa(tid) + "'>" + title + "</a>" content = content + "<br><br>Original Post: <a href='/user/" + strconv.Itoa(tid) + "'>" + title + "</a>"
} else if item_type == "topic" { } else if item_type == "topic" {
err = db.QueryRow("select title, content from topics where tid = ?", item_id).Scan(&title,&content) err = db.QueryRow("select title, content from topics where tid = ?", item_id).Scan(&title,&content)
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
NotFound(w,r,user) NotFound(w,r)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(item_id) + "'>" + title + "</a>" content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(item_id) + "'>" + title + "</a>"
@ -861,14 +836,14 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
var count int var count int
rows, err := db.Query("select count(*) as count from topics where data = ? and data != '' and parentID = 1", item_type + "_" + strconv.Itoa(item_id)) rows, err := db.Query("select count(*) as count from topics where data = ? and data != '' and parentID = 1", item_type + "_" + strconv.Itoa(item_id))
if err != nil && err != sql.ErrNoRows { if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
for rows.Next() { for rows.Next() {
err = rows.Scan(&count) err = rows.Scan(&count)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
@ -880,24 +855,24 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
title = "Report: " + title title = "Report: " + title
res, err := create_report_stmt.Exec(title,content,content,user.ID,item_type + "_" + strconv.Itoa(item_id)) res, err := create_report_stmt.Exec(title,content,content,user.ID,item_type + "_" + strconv.Itoa(item_id))
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
lastId, err := res.LastInsertId() lastId, err := res.LastInsertId()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = add_topics_to_forum_stmt.Exec(1, fid) _, err = add_topics_to_forum_stmt.Exec(1, fid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = update_forum_cache_stmt.Exec(title, lastId, user.Name, user.ID, fid) _, err = update_forum_cache_stmt.Exec(title, lastId, user.Name, user.ID, fid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -913,7 +888,7 @@ func route_account_own_edit_critical(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user) LocalError("You need to login to edit your account.",w,r,user)
return return
} }
pi := Page{"Edit Password",user,noticeList,tList,0} pi := Page{"Edit Password",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit.html", pi) templates.ExecuteTemplate(w,"account-own-edit.html", pi)
} }
@ -929,7 +904,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) LocalError("Bad Form",w,r,user)
return return
} }
@ -944,7 +919,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
LocalError("Your account no longer exists.",w,r,user) LocalError("Your account no longer exists.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -954,7 +929,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
LocalError("That's not the correct password.",w,r,user) LocalError("That's not the correct password.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
if new_password != confirm_password { if new_password != confirm_password {
@ -966,12 +941,12 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
// Log the user out as a safety precaution // Log the user out as a safety precaution
_, err = logout_stmt.Exec(user.ID) _, err = logout_stmt.Exec(user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
noticeList[len(noticeList)] = "Your password was successfully updated" noticeList = append(noticeList,"Your password was successfully updated")
pi := Page{"Edit Password",user,noticeList,tList,0} pi := Page{"Edit Password",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit.html", pi) templates.ExecuteTemplate(w,"account-own-edit.html", pi)
} }
@ -984,13 +959,13 @@ func route_account_own_edit_avatar(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user) LocalError("You need to login to edit your account.",w,r,user)
return return
} }
pi := Page{"Edit Avatar",user,noticeList,tList,0} pi := Page{"Edit Avatar",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi) templates.ExecuteTemplate(w,"account-own-edit-avatar.html",pi)
} }
func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request) { func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request) {
if r.ContentLength > int64(max_request_size) { if r.ContentLength > int64(max_request_size) {
http.Error(w, "request too large", http.StatusExpectationFailed) http.Error(w,"Request too large",http.StatusExpectationFailed)
return return
} }
r.Body = http.MaxBytesReader(w, r.Body, int64(max_request_size)) r.Body = http.MaxBytesReader(w, r.Body, int64(max_request_size))
@ -1006,7 +981,7 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
err := r.ParseMultipartForm(int64(max_request_size)) err := r.ParseMultipartForm(int64(max_request_size))
if err != nil { if err != nil {
LocalError("Upload failed", w, r, user) LocalError("Upload failed",w,r,user)
return return
} }
@ -1051,14 +1026,14 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
outfile, err := os.Create("./uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext); outfile, err := os.Create("./uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext);
if err != nil { if err != nil {
LocalError("Upload failed [File Creation Failed]", w, r, user) LocalError("Upload failed [File Creation Failed]",w,r,user)
return return
} }
defer outfile.Close() defer outfile.Close()
_, err = io.Copy(outfile, infile); _, err = io.Copy(outfile, infile);
if err != nil { if err != nil {
LocalError("Upload failed [Copy Failed]", w, r, user) LocalError("Upload failed [Copy Failed]",w,r,user)
return return
} }
} }
@ -1066,13 +1041,13 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
_, err = set_avatar_stmt.Exec("." + ext, strconv.Itoa(user.ID)) _, err = set_avatar_stmt.Exec("." + ext, strconv.Itoa(user.ID))
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext
noticeList = append(noticeList, "Your avatar was successfully updated") noticeList = append(noticeList, "Your avatar was successfully updated")
pi := Page{"Edit Avatar",user,noticeList,tList,0} pi := Page{"Edit Avatar",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi) templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
} }
@ -1085,9 +1060,8 @@ func route_account_own_edit_username(w http.ResponseWriter, r *http.Request) {
LocalError("You need to login to edit your account.",w,r,user) LocalError("You need to login to edit your account.",w,r,user)
return return
} }
pi := Page{"Edit Username",user,noticeList,tList,user.Name} pi := Page{"Edit Username",user,noticeList,tList,user.Name}
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi) templates.ExecuteTemplate(w,"account-own-edit-username.html",pi)
} }
func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Request) { func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Request) {
@ -1101,7 +1075,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
} }
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) LocalError("Bad Form",w,r,user)
return return
} }
@ -1114,7 +1088,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
user.Name = new_username user.Name = new_username
noticeList = append(noticeList,"Your username was successfully updated") noticeList = append(noticeList,"Your username was successfully updated")
pi := Page{"Edit Username",user,noticeList,tList,0} pi := Page{"Edit Username",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"account-own-edit-username.html", pi) templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
} }
@ -1217,7 +1191,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
_, err = verify_email_stmt.Exec(user.Email) _, err = verify_email_stmt.Exec(user.Email)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1225,7 +1199,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
if settings["activation_type"] == 2 { if settings["activation_type"] == 2 {
_, err = activate_user_stmt.Exec(user.ID) _, err = activate_user_stmt.Exec(user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
@ -1250,7 +1224,7 @@ func route_logout(w http.ResponseWriter, r *http.Request) {
_, err := logout_stmt.Exec(user.ID) _, err := logout_stmt.Exec(user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
http.Redirect(w,r, "/", http.StatusSeeOther) http.Redirect(w,r, "/", http.StatusSeeOther)
@ -1265,7 +1239,7 @@ func route_login(w http.ResponseWriter, r *http.Request) {
LocalError("You're already logged in.",w,r,user) LocalError("You're already logged in.",w,r,user)
return return
} }
pi := Page{"Login",user,noticeList,tList,0} pi := Page{"Login",user,noticeList,tList,nil}
templates.ExecuteTemplate(w,"login.html", pi) templates.ExecuteTemplate(w,"login.html", pi)
} }
@ -1278,10 +1252,9 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("You're already logged in.",w,r,user) LocalError("You're already logged in.",w,r,user)
return return
} }
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
LocalError("Bad Form", w, r, user) LocalError("Bad Form",w,r,user)
return return
} }
@ -1297,7 +1270,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("That username doesn't exist.",w,r,user) LocalError("That username doesn't exist.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1313,7 +1286,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
} else { // Normal login.. } else { // Normal login..
password = password + salt password = password + salt
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1322,20 +1295,20 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
LocalError("That's not the correct password.",w,r,user) LocalError("That's not the correct password.",w,r,user)
return return
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
} }
session, err = GenerateSafeString(sessionLength) session, err = GenerateSafeString(sessionLength)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = update_session_stmt.Exec(session, uid) _, err = update_session_stmt.Exec(session, uid)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1402,7 +1375,7 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
// Is this username already taken..? // Is this username already taken..?
err = username_exists_stmt.QueryRow(username).Scan(&username) err = username_exists_stmt.QueryRow(username).Scan(&username)
if err != nil && err != sql.ErrNoRows { if err != nil && err != sql.ErrNoRows {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} else if err != sql.ErrNoRows { } else if err != sql.ErrNoRows {
LocalError("This username isn't available. Try another.",w,r,user) LocalError("This username isn't available. Try another.",w,r,user)
@ -1411,19 +1384,19 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
salt, err := GenerateSafeString(saltLength) salt, err := GenerateSafeString(saltLength)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
session, err := GenerateSafeString(sessionLength) session, err := GenerateSafeString(sessionLength)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
password = password + salt password = password + salt
hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1439,12 +1412,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
res, err := register_stmt.Exec(username,email,string(hashed_password),salt,group,session,active) res, err := register_stmt.Exec(username,email,string(hashed_password),salt,group,session,active)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
lastId, err := res.LastInsertId() lastId, err := res.LastInsertId()
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
@ -1452,12 +1425,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
if enable_emails { if enable_emails {
token, err := GenerateSafeString(80) token, err := GenerateSafeString(80)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }
_, err = add_email_stmt.Exec(email, lastId, 0, token) _, err = add_email_stmt.Exec(email, lastId, 0, token)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return return
} }

View File

@ -1,7 +1,7 @@
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */ /* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
package main package main
import "strconv"
import "io" import "io"
import "strconv"
func init() { func init() {
template_forum_handle = template_forum template_forum_handle = template_forum

View File

@ -1,7 +1,7 @@
/* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */ /* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
package main package main
import "strconv"
import "io" import "io"
import "strconv"
func init() { func init() {
template_profile_handle = template_profile template_profile_handle = template_profile

106
user.go
View File

@ -73,76 +73,57 @@ func SendValidationEmail(username string, email string, token string) bool {
return SendEmail(email, subject, msg) return SendEmail(email, subject, msg)
} }
func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) { func SimpleForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, success bool) {
// Are there any session cookies..? if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
cookie, err := r.Cookie("uid") PreError("The target forum doesn't exist.",w,r)
if err != nil { return user, false
user.Group = 6
user.Perms = GuestPerms
return user, noticeList, true
} }
user.ID, err = strconv.Atoi(cookie.Value) user, success = SimpleSessionCheck(w,r)
if err != nil { fperms := groups[user.Group].Forums[fid]
user.Group = 6 if fperms.Overrides && !user.Is_Super_Admin {
user.Perms = GuestPerms user.Perms.ViewTopic = fperms.ViewTopic
return user, noticeList, true user.Perms.CreateTopic = fperms.CreateTopic
} user.Perms.EditTopic = fperms.EditTopic
cookie, err = r.Cookie("session") user.Perms.DeleteTopic = fperms.DeleteTopic
if err != nil { user.Perms.CreateReply = fperms.CreateReply
user.Group = 6 user.Perms.EditReply = fperms.EditReply
user.Perms = GuestPerms user.Perms.DeleteReply = fperms.DeleteReply
return user, noticeList, true user.Perms.PinTopic = fperms.PinTopic
user.Perms.CloseTopic = fperms.CloseTopic
} }
return user, success
}
// Is this session valid..? func ForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, noticeList []string, success bool) {
err = get_session_stmt.QueryRow(user.ID,cookie.Value).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName, &user.Level, &user.Score, &user.Last_IP) if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
if err == sql.ErrNoRows { NotFound(w,r)
user.ID = 0
user.Session = ""
user.Group = 6
user.Perms = GuestPerms
return user, noticeList, true
} else if err != nil {
InternalError(err,w,r,user)
return user, noticeList, false return user, noticeList, false
} }
user, success = SimpleSessionCheck(w,r)
user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin fperms := groups[user.Group].Forums[fid]
user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin if fperms.Overrides && !user.Is_Super_Admin {
user.Is_Mod = user.Is_Super_Mod user.Perms.ViewTopic = fperms.ViewTopic
user.Is_Banned = groups[user.Group].Is_Banned user.Perms.CreateTopic = fperms.CreateTopic
user.Loggedin = !user.Is_Banned || user.Is_Super_Mod user.Perms.EditTopic = fperms.EditTopic
if user.Is_Banned && user.Is_Super_Mod { user.Perms.DeleteTopic = fperms.DeleteTopic
user.Is_Banned = false user.Perms.CreateReply = fperms.CreateReply
user.Perms.EditReply = fperms.EditReply
user.Perms.DeleteReply = fperms.DeleteReply
user.Perms.PinTopic = fperms.PinTopic
user.Perms.CloseTopic = fperms.CloseTopic
} }
if user.Is_Super_Admin {
user.Perms = AllPerms
} else {
user.Perms = groups[user.Group].Perms
}
if user.Is_Banned { if user.Is_Banned {
noticeList = append(noticeList, "Your account has been suspended. Some of your permissions may have been revoked.") noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
} }
return user, noticeList, success
}
if user.Avatar != "" { func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
if user.Avatar[0] == '.' { user, success = SimpleSessionCheck(w,r)
user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar if user.Is_Banned {
} noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
} else {
user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
} }
return user, noticeList, success
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
LocalError("Bad IP",w,r,user)
return user, noticeList, false
}
if host != user.Last_IP {
go update_last_ip_stmt.Exec(host, user.ID)
}
return user, noticeList, true
} }
func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) { func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) {
@ -175,7 +156,7 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
user.Perms = GuestPerms user.Perms = GuestPerms
return user, true return user, true
} else if err != nil { } else if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return user, false return user, false
} }
@ -208,10 +189,9 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
return user, false return user, false
} }
if host != user.Last_IP { if host != user.Last_IP {
//fmt.Println("Update")
_, err = update_last_ip_stmt.Exec(host, user.ID) _, err = update_last_ip_stmt.Exec(host, user.ID)
if err != nil { if err != nil {
InternalError(err,w,r,user) InternalError(err,w,r)
return user, false return user, false
} }
} }