Mercurial Hosting > freedit

diff src/change_email.html.luan @ 59:02d8876dc41d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
improve change email
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 29 Nov 2022 18:45:22 -0700
parents 31c895b73bd0
children
line wrap: on
line diff
--- a/src/change_email.html.luan	Tue Nov 29 16:09:17 2022 -0700
+++ b/src/change_email.html.luan	Tue Nov 29 18:45:22 2022 -0700
@@ -50,9 +50,8 @@
 	local user = User.current_required()
 	if user==nil then return end
 	local email = Http.request.parameters.email
-	local password1 = Http.request.parameters.password1
-	local password2 = Http.request.parameters.password2
-	if email == nil then
+	local password = Http.request.parameters.password
+	if email == nil and password == nil then
 		page(function()
 %>
 			<form>
@@ -65,10 +64,11 @@
 			</form>
 <%
 		end)
-	elseif password1 == nil and password2 == nil then
+	elseif email ~= nil and password == nil then
 		run_in_transaction( function()
 			user = user.reload()
-			user.hidden_password_1 = User.new_password()
+			user.hidden_password = User.new_password()
+			user.new_email = nil
 			user.save()
 		end )
 		local result = call_mail_api( "change_email_1", {
@@ -76,7 +76,7 @@
 			from = forum_title.." <support@freedit.org>"
 			to = user.email
 			email = email
-			password = user.hidden_password_1
+			password = user.hidden_password
 		} )
 		result.okay or error(result.error)
 		page(function()
@@ -84,22 +84,22 @@
 			<p>We have sent an email to your current email address.  Click on the link in that email to change your email.</p>
 <%
 		end)
-	elseif password1 ~= nil then
-		if password1 ~= user.hidden_password_1 then
+	elseif email ~= nil and password ~= nil then
+		if password ~= user.hidden_password then
 			invalid()
 			return
 		end
 		run_in_transaction( function()
 			user = user.reload()
-			user.hidden_password_1 = nil
-			user.hidden_password_2 = User.new_password()
+			user.hidden_password = User.new_password()
+			user.new_email = email
 			user.save()
 		end )
 		local result = call_mail_api( "change_email_2", {
 			base_url = base_url()
 			from = forum_title.." <support@freedit.org>"
-			email = email
-			password = user.hidden_password_2
+			to = email
+			password = user.hidden_password
 		} )
 		result.okay or error(result.error)
 		page(function()
@@ -107,15 +107,16 @@
 			<p>We have sent an email to <b><%=email%></b>.  Click on the link in that email to complete the change.</p>
 <%
 		end)
-	elseif password2 ~= nil then
-		if password2 ~= user.hidden_password_2 then
+	elseif email == nil and password ~= nil then
+		if password ~= user.hidden_password then
 			invalid()
 			return
 		end
 		run_in_transaction( function()
 			user = user.reload()
-			user.email = email
-			user.hidden_password_2 = nil
+			user.email = user.new_email or error()
+			user.hidden_password = nil
+			user.new_email = nil
 			user.save()
 		end )
 		page(function()