diff options
author | Sebastian Reichel <sre@ring0.de> | 2012-10-05 20:52:04 +0200 |
---|---|---|
committer | Sebastian Reichel <sre@ring0.de> | 2012-10-05 20:52:04 +0200 |
commit | 6b69561a171568b36710e0e28aea9f0bd59a295c (patch) | |
tree | d54b98b5dabb513a9f93ddee1d5bac559f885522 | |
parent | 133f6d01ce9dcbc01ccbef0bc58cecc9ca713cfe (diff) | |
download | serial-barcode-scanner-6b69561a171568b36710e0e28aea9f0bd59a295c.tar.bz2 |
add password change option (Closes GH-15)
-rw-r--r-- | src/db.vala | 21 | ||||
-rw-r--r-- | src/web.vala | 20 | ||||
-rw-r--r-- | templates/base.html | 16 | ||||
-rw-r--r-- | templates/menu_logout.html | 10 | ||||
-rw-r--r-- | templates/users/entry.html | 31 |
5 files changed, 69 insertions, 29 deletions
diff --git a/src/db.vala b/src/db.vala index d261eed..2ab5f7c 100644 --- a/src/db.vala +++ b/src/db.vala @@ -184,6 +184,7 @@ public class Database { queries["session_get"] = "SELECT user FROM authentication WHERE session = ?"; queries["username"] = "SELECT firstname, lastname FROM users WHERE id = ?"; queries["password_get"] = "SELECT password FROM authentication WHERE user = ?"; + queries["password_set"] = "UPDATE authentication SET password=? WHERE user = ?"; queries["userinfo"] = "SELECT firstname, lastname, email, gender, street, plz, city FROM users WHERE id = ?"; queries["userauth"] = "SELECT disabled, superuser FROM authentication WHERE user = ?"; queries["profit_by_product"] = "SELECT name, SUM(memberprice - (SELECT price FROM purchaseprices WHERE product = purch.product)) AS price FROM sells purch, prices, products WHERE purch.product = products.id AND purch.product = prices.product AND purch.user > 0 AND purch.timestamp > ? AND purch.timestamp < ? AND prices.valid_from = (SELECT valid_from FROM prices WHERE product = purch.product AND valid_from < purch.timestamp ORDER BY valid_from DESC LIMIT 1) GROUP BY name ORDER BY price;"; @@ -582,6 +583,26 @@ public class Database { } } + public void set_user_password(int32 user, string password) { + var pwhash = Checksum.compute_for_string(ChecksumType.SHA256, password); + int rc; + + /* create user auth line if not existing */ + statements["user_auth_create"].reset(); + statements["user_auth_create"].bind_int(1, user); + rc = statements["user_auth_create"].step(); + if(rc != Sqlite.DONE) + error("[internal error: %d]".printf(rc)); + + /* set password */ + statements["password_set"].reset(); + statements["password_set"].bind_text(1, pwhash); + statements["password_set"].bind_int(2, user); + rc = statements["password_set"].step(); + if(rc != Sqlite.DONE) + error("[internal error: %d]".printf(rc)); + } + public void set_sessionid(int user, string sessionid) { statements["session_set"].reset(); statements["session_set"].bind_text(1, sessionid); diff --git a/src/web.vala b/src/web.vala index 8c87eed..2e2e13f 100644 --- a/src/web.vala +++ b/src/web.vala @@ -200,12 +200,12 @@ public class WebServer { void handler_user_entry(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client, int id) { try { - var l = new WebSession(server, msg, path, query, client); - if(id != l.user && !l.superuser) { + var session = new WebSession(server, msg, path, query, client); + if(id != session.user && !session.superuser) { handler_403(server, msg, path, query, client); return; } - var t = new WebTemplate("users/entry.html", l); + var t = new WebTemplate("users/entry.html", session); t.replace("TITLE", "KtT Shop System: User Info %llu".printf(id)); t.menu_set_active("users"); @@ -224,6 +224,20 @@ public class WebServer { t.replace("DISABLED", userauth.disabled ? "true" : "false"); t.replace("ISSUPERUSER", userauth.superuser ? "true" : "false"); + var postdata = Soup.Form.decode_multipart(msg, null, null, null, null); + if(postdata != null && postdata.contains("password1") && postdata.contains("password2")) { + if(postdata["password1"] != postdata["password2"]) { + t.replace("MESSAGE", "<div class=\"alert alert-error\">Error! Passwords do not match!</div>"); + } else if(postdata["password1"] == "") { + t.replace("MESSAGE", "<div class=\"alert alert-error\">Error! Empty Password not allowed!</div>"); + } else { + db.set_user_password(session.user, postdata["password1"]); + t.replace("MESSAGE", "<div class=\"alert alert-success\">Password Changed!</div>"); + } + } else { + t.replace("MESSAGE", ""); + } + msg.set_response("text/html", Soup.MemoryUse.COPY, t.data); } catch(TemplateError e) { stderr.printf(e.message+"\n"); diff --git a/templates/base.html b/templates/base.html index b2ac665..67f89cb 100644 --- a/templates/base.html +++ b/templates/base.html @@ -5,14 +5,14 @@ <title>{{{TITLE}}}</title> <link type="text/css" rel="stylesheet" href="/css/bootstrap.css" /> <link type="text/css" rel="stylesheet" href="/css/base.css" /> - <script language="javascript" type="text/javascript" src="/js/sorttable.js"></script> - <script language="javascript" type="text/javascript" src="/js/jquery.js"></script> - <script language="javascript" type="text/javascript" src="/js/jquery.mousewheel.js"></script> - <script language="javascript" type="text/javascript" src="/js/jquery.flot.js"></script> - <script language="javascript" type="text/javascript" src="/js/jquery.flot.selection.js"></script> - <script language="javascript" type="text/javascript" src="/js/jquery.flot.navigate.js"></script> - <script language="javascript" type="text/javascript" src="/js/jquery.flot.pie.js"></script> - <script language="javascript" type="text/javascript" src="/js/bootstrap.js"></script> + <script type="text/javascript" src="/js/sorttable.js"></script> + <script type="text/javascript" src="/js/jquery.js"></script> + <script type="text/javascript" src="/js/jquery.mousewheel.js"></script> + <script type="text/javascript" src="/js/jquery.flot.js"></script> + <script type="text/javascript" src="/js/jquery.flot.selection.js"></script> + <script type="text/javascript" src="/js/jquery.flot.navigate.js"></script> + <script type="text/javascript" src="/js/jquery.flot.pie.js"></script> + <script type="text/javascript" src="/js/bootstrap.js"></script> </head> <body> <div class="navbar navbar-fixed-top"> diff --git a/templates/menu_logout.html b/templates/menu_logout.html index feb16d8..e93d470 100644 --- a/templates/menu_logout.html +++ b/templates/menu_logout.html @@ -2,11 +2,11 @@ <li id="usermenu" class="drop-down"> <a href="#" id="usermenulink" role="button" class="dropdown-toggle" data-toggle="dropdown"><i class="icon-user"></i> {{{USERNAME}}} <b class="caret"></b></a> <ul class="dropdown-menu" role="menu" aria-labelledby="usermenulink"> - <li><a tabindex="-1" href="/users/{{{USERID}}}">Personal Data</a></li> - <li><a tabindex="-1" href="/users/{{{USERID}}}/invoice">Invoice</a></li> - <li><a tabindex="-1" href="/users/{{{USERID}}}/stats">Statistics</a></li> - <li class="divider"></li> - <li><a tabindex="-1" href="/logout">Logout</a></li> + <li role="menuitem"><a tabindex="-1" href="/users/{{{USERID}}}">Personal Data</a></li> + <li role="menuitem"><a tabindex="-1" href="/users/{{{USERID}}}/invoice">Invoice</a></li> + <li role="menuitem"><a tabindex="-1" href="/users/{{{USERID}}}/stats">Statistics</a></li> + <li role="menuitem" class="divider"></li> + <li role="menuitem"><a tabindex="-1" href="/logout">Logout</a></li> </ul> </li> </ul> diff --git a/templates/users/entry.html b/templates/users/entry.html index b92b686..8a72860 100644 --- a/templates/users/entry.html +++ b/templates/users/entry.html @@ -1,17 +1,22 @@ <h2>Personal Data</h2> -<p> + +{{{MESSAGE}}} + +<form method="POST" enctype="multipart/form-data" action="#"> <table class="table table-bordered table-nonfluid"> - <th>ID</th><td>{{{UID}}}</td></tr> - <th>Firstname</th><td>{{{FIRSTNAME}}}</td></tr> - <th>Lastname</th><td>{{{LASTNAME}}}</td></tr> - <th>E-Mail</th><td>{{{EMAIL}}}</td></tr> - <th>Gender</th><td>{{{GENDER}}}</td></tr> - <th>Street</th><td>{{{STREET}}}</td></tr> - <th>PLZ</th><td>{{{POSTALCODE}}}</td></tr> - <th>City</th><td>{{{CITY}}}</td></tr> + <tr><th>ID</th><td>{{{UID}}}</td></tr> + <tr><th>Firstname</th><td>{{{FIRSTNAME}}}</td></tr> + <tr><th>Lastname</th><td>{{{LASTNAME}}}</td></tr> + <tr><th>E-Mail</th><td>{{{EMAIL}}}</td></tr> + <tr><th>Gender</th><td>{{{GENDER}}}</td></tr> + <tr><th>Street</th><td>{{{STREET}}}</td></tr> + <tr><th>PLZ</th><td>{{{POSTALCODE}}}</td></tr> + <tr><th>City</th><td>{{{CITY}}}</td></tr> <tr><th colspan="2">Administrative Information</th></tr> - <th>Disabled</th><td>{{{DISABLED}}}</td></tr> - <th>Superuser</th><td>{{{ISSUPERUSER}}}</td></tr> + <tr><th>Disabled</th><td>{{{DISABLED}}}</td></tr> + <tr><th>Superuser</th><td>{{{ISSUPERUSER}}}</td></tr> + <tr><th rowspan="3">Password</th><td><input name="password1" placeholder="New Password" type="password" /></td></tr> + <tr><td><input name="password2" placeholder="New Password (again)" type="password" /></td></tr> + <tr><td><input type="submit" value="Change Password" /></td></tr> </table> -</p> - +</form> |