repo/nabble: src/nabble/view/web/user/ResetPassword.java comparison

comparison src/nabble/view/web/user/ResetPassword.java @ 0:7ecd1a4ef557

add content

author	Franklin Schmidt <fschmidt@gmail.com>
date	Thu, 21 Mar 2019 19:15:52 -0600
parents
children	18cf4872fd7f

comparison

equal deleted inserted replaced

--1:000000000000
+:7ecd1a4ef557
+package nabble.view.web.user;
+import fschmidt.db.DbDatabase;
+import fschmidt.util.java.HtmlUtils;
+import fschmidt.util.servlet.ServletUtils;
+import nabble.model.Db;
+import nabble.model.ModelException;
+import nabble.model.User;
+import nabble.view.lib.Jtp;
+import nabble.view.lib.Shared;
+import nabble.view.lib.help.Help;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+public final class ResetPassword extends HttpServlet {
+	protected void service(HttpServletRequest request,HttpServletResponse response)
+		throws ServletException, IOException
+	{
+		PrintWriter out = response.getWriter();
+		if ( Jtp.getUser(request,response) != null ) {
+			Jtp.logout(request,response);
+		}
+		String email = request.getParameter("email");
+		String resetcode = request.getParameter("q");
+		if ( email==null || resetcode==null || resetcode.trim().length()==0 ) {
+			Jtp.login("This password reset link is not valid.",request,response);
+			return;
+		}
+		User user = Jtp.getSiteNotNull(request).getUserFromEmail(email);
+		if ( ! (user!=null && user.isRegistered() && user.checkResetcode(resetcode)) ) {
+			Jtp.login("This password reset link is no longer valid.",request,response);
+			return;
+		}
+		String password1 = null;
+		String password2 = null;
+		String errorMsg = null;
+		if ("save".equals(request.getParameter("action")) && "POST".equals(request.getMethod())) {
+			password1 = request.getParameter("password1");
+			password2 = request.getParameter("password2");
+			if (!password1.equals(password2) ) {
+				errorMsg = "The password fields don't match.";
+			} else if (password1.trim().length() == 0) {
+				errorMsg = "Your password must contain valid alphanumeric characters.";
+			} else {
+				DbDatabase db = user.getSite().getDb();
+				db.beginTransaction();
+				try {
+					User u = user.getGoodCopy();
+					u.setPassword(password1);
+					u.update();
+					db.commitTransaction();
+					String pwd = u.getPasscookie();
+					Jtp.doLogin(request,response,u,false);
+					StringBuffer js = new StringBuffer();
+					js.append("if (parent.nabbleinfo) {");
+					js.append("Nabble.setCookie('username','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(u.getName()))).append("');");
+					js.append("Nabble.setCookie('password','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(pwd))).append("');");
+					js.append("}");
+					Shared.javascriptRedirect(request,response, "/template/NamlServlet.jtp?macro=user_profile", js.toString());
+					return;
+				} catch(ModelException e) {
+					errorMsg = e.getMessage();
+				} finally {
+					db.endTransaction();
+				}
+			}
+		}
+		out.print( "\n<html>\n	<head>\n		" );
+Shared.title(request,response,"Reset Password");
+		out.print( "\n	</head>\n	<body>\n		" );
+Shared.minHeaderGlobal(request, response);
+		out.print( "\n		" );
+Shared.profileHeading(request,out,user,"Reset Password");
+		out.print( "\n		" );
+Shared.errorMessage(request,response,errorMsg, "Please re-enter the information and click on \"Update Information\".");
+		out.print( "\n		<style>\n			div.field-title {\n				margin-top: 0;\n			}\n		</style>\n		<form method=post action=\"ResetPassword.jtp\">\n			<input type=hidden name=\"action\" value=\"save\">\n			<input type=hidden name=\"email\" value=\"" );
+		out.print( (Jtp.hideNull(email)) );
+		out.print( "\">\n			<input type=hidden name=\"q\" value=\"" );
+		out.print( (Jtp.hideNull(resetcode)) );
+		out.print( "\">\n			\n			<div class=\"field-box light-border-color\">\n				<div class=\"second-font field-title\">Your Email</div>\n				<div class=\"weak-color\">" );
+		out.print( (user.getEmail()) );
+		out.print( "</div>\n			</div>\n\n			<div class=\"field-box light-border-color\">\n				<div class=\"second-font field-title\">Your User Name</div>\n				<div class=\"weak-color\">" );
+		out.print( (user.getNameHtml()) );
+		out.print( "</div>\n			</div>\n\n			<div class=\"field-box light-border-color\">\n				<div class=\"second-font field-title\">Change Password</div>\n				<div class=\"weak-color\">Nabble encrypts your password (<a href=\"" );
+		out.print( (Help.password.url(request)) );
+		out.print( "\">?</a>)</div>						\n				<table style=\"margin: .4em 0\" class=\"shaded-bg-color\">\n					<tr valign=\"top\">\n						<td class=\"form-label\" style=\"padding-top:.6em\">Password:&nbsp;</td>\n						<td><input type=\"password\" name=\"password1\" size=\"25\" value=\"" );
+		out.print( (Jtp.hideNull(password1)) );
+		out.print( "\"/></td>\n					</tr>\n					<tr>\n						<td class=\"form-label\">Confirm Password:&nbsp;</td>\n						<td><input type=\"password\" name=\"password2\" size=\"25\" value=\"" );
+		out.print( (Jtp.hideNull(password2)) );
+		out.print( "\"/></td>\n					</tr>\n				</table>\n			</div>\n\n			<div class=\"field-box light-border-color\" style=\"padding-top:0\">\n				<input type=submit value=\"Update Password\" />\n				or <a href=\"/template/NamlServlet.jtp?macro=user_profile\">Cancel</a>\n			</div>\n		</form>\n\n		" );
+Shared.footer(request,response);
+		out.print( "\n		" );
+Shared.analytics(request,response);
+		out.print( "\n	</body>\n</html>\n" );
+	}
+}

Mercurial Hosting > nabble

comparison src/nabble/view/web/user/ResetPassword.java @ 0:7ecd1a4ef557