Mercurial Hosting > freedit
diff src/change_email.html.luan @ 58:31c895b73bd0
improve change email
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Tue, 29 Nov 2022 16:09:17 -0700 |
| parents | 169ac5fdb320 |
| children | 02d8876dc41d |
line wrap: on
line diff
--- a/src/change_email.html.luan Mon Nov 28 23:47:19 2022 -0700 +++ b/src/change_email.html.luan Tue Nov 29 16:09:17 2022 -0700 @@ -38,11 +38,20 @@ <% end +local function invalid() + page(function() +%> + <p>This link is no longer valid. Please <a href="/change_email.html">try again</a>.</p> +<% + end) +end + return function() local user = User.current_required() if user==nil then return end local email = Http.request.parameters.email - local password = Http.request.parameters.password + local password1 = Http.request.parameters.password1 + local password2 = Http.request.parameters.password2 if email == nil then page(function() %> @@ -56,35 +65,57 @@ </form> <% end) - elseif password == nil then + elseif password1 == nil and password2 == nil then run_in_transaction( function() user = user.reload() - user.hidden_password = User.new_password() + user.hidden_password_1 = User.new_password() user.save() end ) - local result = call_mail_api( "change_email", { + local result = call_mail_api( "change_email_1", { base_url = base_url() from = forum_title.." <support@freedit.org>" + to = user.email email = email - password = user.hidden_password + password = user.hidden_password_1 } ) result.okay or error(result.error) page(function() %> - <p>We have sent an email to your new email address. Click on the link in that email to complete the change.</p> + <p>We have sent an email to your current email address. Click on the link in that email to change your email.</p> <% end) - elseif password ~= user.hidden_password then + elseif password1 ~= nil then + if password1 ~= user.hidden_password_1 then + invalid() + return + end + run_in_transaction( function() + user = user.reload() + user.hidden_password_1 = nil + user.hidden_password_2 = User.new_password() + user.save() + end ) + local result = call_mail_api( "change_email_2", { + base_url = base_url() + from = forum_title.." <support@freedit.org>" + email = email + password = user.hidden_password_2 + } ) + result.okay or error(result.error) page(function() %> - <p>This link is no longer valid. Please <a href="/change_email.html">try again</a>.</p> + <p>We have sent an email to <b><%=email%></b>. Click on the link in that email to complete the change.</p> <% end) - else + elseif password2 ~= nil then + if password2 ~= user.hidden_password_2 then + invalid() + return + end run_in_transaction( function() user = user.reload() user.email = email - user.hidden_password = nil + user.hidden_password_2 = nil user.save() end ) page(function() @@ -92,5 +123,7 @@ <p>Your email has been change to <b><%=user.email%></b>.</p> <% end) + else + error() end end