add password change option (Closes GH-15)

author: Sebastian Reichel <sre@ring0.de> 2012-10-05 20:52:04 +0200
committer: Sebastian Reichel <sre@ring0.de> 2012-10-05 20:52:04 +0200
commit: 6b69561a171568b36710e0e28aea9f0bd59a295c (patch)
tree: d54b98b5dabb513a9f93ddee1d5bac559f885522
parent: 133f6d01ce9dcbc01ccbef0bc58cecc9ca713cfe (diff)
download: serial-barcode-scanner-6b69561a171568b36710e0e28aea9f0bd59a295c.tar.bz2
5 files changed, 69 insertions, 29 deletions
diff --git a/src/db.vala b/src/db.vala
index d261eed..2ab5f7c 100644
--- a/src/db.vala
+++ b/src/db.vala
@@ -184,6 +184,7 @@ public class Database {
 		queries["session_get"]       = "SELECT user FROM authentication WHERE session = ?";
 		queries["username"]          = "SELECT firstname, lastname FROM users WHERE id = ?";
 		queries["password_get"]      = "SELECT password FROM authentication WHERE user = ?";
+		queries["password_set"]      = "UPDATE authentication SET password=? WHERE user = ?";
 		queries["userinfo"]          = "SELECT firstname, lastname, email, gender, street, plz, city FROM users WHERE id = ?";
 		queries["userauth"]          = "SELECT disabled, superuser FROM authentication WHERE user = ?";
 		queries["profit_by_product"] = "SELECT name, SUM(memberprice - (SELECT price FROM purchaseprices WHERE product = purch.product)) AS price FROM sells purch, prices, products WHERE purch.product = products.id AND purch.product = prices.product AND purch.user > 0 AND purch.timestamp > ? AND purch.timestamp < ? AND prices.valid_from = (SELECT valid_from FROM prices WHERE product = purch.product AND valid_from < purch.timestamp ORDER BY valid_from DESC LIMIT 1) GROUP BY name ORDER BY price;";
@@ -582,6 +583,26 @@ public class Database {
 		}
 	}
 
+	public void set_user_password(int32 user, string password) {
+		var pwhash = Checksum.compute_for_string(ChecksumType.SHA256, password);
+		int rc;
+
+		/* create user auth line if not existing */
+		statements["user_auth_create"].reset();
+		statements["user_auth_create"].bind_int(1, user);
+		rc = statements["user_auth_create"].step();
+		if(rc != Sqlite.DONE)
+			error("[internal error: %d]".printf(rc));
+
+		/* set password */
+		statements["password_set"].reset();
+		statements["password_set"].bind_text(1, pwhash);
+		statements["password_set"].bind_int(2, user);
+		rc = statements["password_set"].step();
+		if(rc != Sqlite.DONE)
+			error("[internal error: %d]".printf(rc));
+	}
+
 	public void set_sessionid(int user, string sessionid) {
 		statements["session_set"].reset();
 		statements["session_set"].bind_text(1, sessionid);
diff --git a/src/web.vala b/src/web.vala
index 8c87eed..2e2e13f 100644
--- a/src/web.vala
+++ b/src/web.vala
@@ -200,12 +200,12 @@ public class WebServer {
 
 	void handler_user_entry(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client, int id) {
 		try {
-			var l = new WebSession(server, msg, path, query, client);
-			if(id != l.user && !l.superuser) {
+			var session = new WebSession(server, msg, path, query, client);
+			if(id != session.user && !session.superuser) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
-			var t = new WebTemplate("users/entry.html", l);
+			var t = new WebTemplate("users/entry.html", session);
 			t.replace("TITLE", "KtT Shop System: User Info %llu".printf(id));
 			t.menu_set_active("users");
 
@@ -224,6 +224,20 @@ public class WebServer {
 			t.replace("DISABLED", userauth.disabled ? "true" : "false");
 			t.replace("ISSUPERUSER", userauth.superuser ? "true" : "false");
 
+			var postdata = Soup.Form.decode_multipart(msg, null, null, null, null);
+			if(postdata != null && postdata.contains("password1") && postdata.contains("password2")) {
+				if(postdata["password1"] != postdata["password2"]) {
+					t.replace("MESSAGE", "<div class=\"alert alert-error\">Error! Passwords do not match!</div>");
+				} else if(postdata["password1"] == "") {
+					t.replace("MESSAGE", "<div class=\"alert alert-error\">Error! Empty Password not allowed!</div>");
+				} else {
+					db.set_user_password(session.user, postdata["password1"]);
+					t.replace("MESSAGE", "<div class=\"alert alert-success\">Password Changed!</div>");
+				}
+			} else {
+				t.replace("MESSAGE", "");
+			}
+
 			msg.set_response("text/html", Soup.MemoryUse.COPY, t.data);
 		} catch(TemplateError e) {
 			stderr.printf(e.message+"\n");
diff --git a/templates/base.html b/templates/base.html
index b2ac665..67f89cb 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -5,14 +5,14 @@
 		<title>{{{TITLE}}}</title>
 		<link type="text/css" rel="stylesheet" href="/css/bootstrap.css" />
 		<link type="text/css" rel="stylesheet" href="/css/base.css" />
-		<script language="javascript" type="text/javascript" src="/js/sorttable.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/jquery.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/jquery.mousewheel.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/jquery.flot.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/jquery.flot.selection.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/jquery.flot.navigate.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/jquery.flot.pie.js"></script>
-		<script language="javascript" type="text/javascript" src="/js/bootstrap.js"></script>
+		<script type="text/javascript" src="/js/sorttable.js"></script>
+		<script type="text/javascript" src="/js/jquery.js"></script>
+		<script type="text/javascript" src="/js/jquery.mousewheel.js"></script>
+		<script type="text/javascript" src="/js/jquery.flot.js"></script>
+		<script type="text/javascript" src="/js/jquery.flot.selection.js"></script>
+		<script type="text/javascript" src="/js/jquery.flot.navigate.js"></script>
+		<script type="text/javascript" src="/js/jquery.flot.pie.js"></script>
+		<script type="text/javascript" src="/js/bootstrap.js"></script>
 	</head>
 	<body>
 		<div class="navbar navbar-fixed-top">
diff --git a/templates/menu_logout.html b/templates/menu_logout.html
index feb16d8..e93d470 100644
--- a/templates/menu_logout.html
+++ b/templates/menu_logout.html
@@ -2,11 +2,11 @@
 	<li id="usermenu" class="drop-down">
 		<a href="#" id="usermenulink" role="button" class="dropdown-toggle" data-toggle="dropdown"><i class="icon-user"></i>&nbsp;{{{USERNAME}}}&nbsp;<b class="caret"></b></a>
 		<ul class="dropdown-menu" role="menu" aria-labelledby="usermenulink">
-			<li><a tabindex="-1" href="/users/{{{USERID}}}">Personal Data</a></li>
-			<li><a tabindex="-1" href="/users/{{{USERID}}}/invoice">Invoice</a></li>
-			<li><a tabindex="-1" href="/users/{{{USERID}}}/stats">Statistics</a></li>
-			<li class="divider"></li>
-			<li><a tabindex="-1" href="/logout">Logout</a></li>
+			<li role="menuitem"><a tabindex="-1" href="/users/{{{USERID}}}">Personal Data</a></li>
+			<li role="menuitem"><a tabindex="-1" href="/users/{{{USERID}}}/invoice">Invoice</a></li>
+			<li role="menuitem"><a tabindex="-1" href="/users/{{{USERID}}}/stats">Statistics</a></li>
+			<li role="menuitem" class="divider"></li>
+			<li role="menuitem"><a tabindex="-1" href="/logout">Logout</a></li>
 		</ul>
 	</li>
 </ul>
diff --git a/templates/users/entry.html b/templates/users/entry.html
index b92b686..8a72860 100644
--- a/templates/users/entry.html
+++ b/templates/users/entry.html
@@ -1,17 +1,22 @@
 <h2>Personal Data</h2>
-<p>
+
+{{{MESSAGE}}}
+
+<form method="POST" enctype="multipart/form-data" action="#">
 	<table class="table table-bordered table-nonfluid">
-		<th>ID</th><td>{{{UID}}}</td></tr>
-		<th>Firstname</th><td>{{{FIRSTNAME}}}</td></tr>
-		<th>Lastname</th><td>{{{LASTNAME}}}</td></tr>
-		<th>E-Mail</th><td>{{{EMAIL}}}</td></tr>
-		<th>Gender</th><td>{{{GENDER}}}</td></tr>
-		<th>Street</th><td>{{{STREET}}}</td></tr>
-		<th>PLZ</th><td>{{{POSTALCODE}}}</td></tr>
-		<th>City</th><td>{{{CITY}}}</td></tr>
+		<tr><th>ID</th><td>{{{UID}}}</td></tr>
+		<tr><th>Firstname</th><td>{{{FIRSTNAME}}}</td></tr>
+		<tr><th>Lastname</th><td>{{{LASTNAME}}}</td></tr>
+		<tr><th>E-Mail</th><td>{{{EMAIL}}}</td></tr>
+		<tr><th>Gender</th><td>{{{GENDER}}}</td></tr>
+		<tr><th>Street</th><td>{{{STREET}}}</td></tr>
+		<tr><th>PLZ</th><td>{{{POSTALCODE}}}</td></tr>
+		<tr><th>City</th><td>{{{CITY}}}</td></tr>
 		<tr><th colspan="2">Administrative Information</th></tr>
-		<th>Disabled</th><td>{{{DISABLED}}}</td></tr>
-		<th>Superuser</th><td>{{{ISSUPERUSER}}}</td></tr>
+		<tr><th>Disabled</th><td>{{{DISABLED}}}</td></tr>
+		<tr><th>Superuser</th><td>{{{ISSUPERUSER}}}</td></tr>
+		<tr><th rowspan="3">Password</th><td><input name="password1" placeholder="New Password" type="password" /></td></tr>
+		<tr><td><input name="password2" placeholder="New Password (again)" type="password" /></td></tr>
+		<tr><td><input type="submit" value="Change Password" /></td></tr>
 	</table>
-</p>
-
+</form>
author	Sebastian Reichel <sre@ring0.de>	2012-10-05 20:52:04 +0200
committer	Sebastian Reichel <sre@ring0.de>	2012-10-05 20:52:04 +0200
commit	6b69561a171568b36710e0e28aea9f0bd59a295c (patch)
tree	d54b98b5dabb513a9f93ddee1d5bac559f885522
parent	133f6d01ce9dcbc01ccbef0bc58cecc9ca713cfe (diff)
download	serial-barcode-scanner-6b69561a171568b36710e0e28aea9f0bd59a295c.tar.bz2