Mercurial Hosting > nabble
diff src/nabble/view/web/user/ResetPassword.java @ 0:7ecd1a4ef557
add content
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Thu, 21 Mar 2019 19:15:52 -0600 |
parents | |
children | 18cf4872fd7f |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/nabble/view/web/user/ResetPassword.java Thu Mar 21 19:15:52 2019 -0600 @@ -0,0 +1,110 @@ + +package nabble.view.web.user; + +import fschmidt.db.DbDatabase; +import fschmidt.util.java.HtmlUtils; +import fschmidt.util.servlet.ServletUtils; +import nabble.model.Db; +import nabble.model.ModelException; +import nabble.model.User; +import nabble.view.lib.Jtp; +import nabble.view.lib.Shared; +import nabble.view.lib.help.Help; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + + +public final class ResetPassword extends HttpServlet { + + protected void service(HttpServletRequest request,HttpServletResponse response) + throws ServletException, IOException + { + PrintWriter out = response.getWriter(); + if ( Jtp.getUser(request,response) != null ) { + Jtp.logout(request,response); + } + String email = request.getParameter("email"); + String resetcode = request.getParameter("q"); + if ( email==null || resetcode==null || resetcode.trim().length()==0 ) { + Jtp.login("This password reset link is not valid.",request,response); + return; + } + User user = Jtp.getSiteNotNull(request).getUserFromEmail(email); + if ( ! (user!=null && user.isRegistered() && user.checkResetcode(resetcode)) ) { + Jtp.login("This password reset link is no longer valid.",request,response); + return; + } + String password1 = null; + String password2 = null; + String errorMsg = null; + + if ("save".equals(request.getParameter("action")) && "POST".equals(request.getMethod())) { + password1 = request.getParameter("password1"); + password2 = request.getParameter("password2"); + if (!password1.equals(password2) ) { + errorMsg = "The password fields don't match."; + } else if (password1.trim().length() == 0) { + errorMsg = "Your password must contain valid alphanumeric characters."; + } else { + DbDatabase db = user.getSite().getDb(); + db.beginTransaction(); + try { + User u = user.getGoodCopy(); + u.setPassword(password1); + u.update(); + db.commitTransaction(); + String pwd = u.getPasscookie(); + Jtp.doLogin(request,response,u,false); + + StringBuffer js = new StringBuffer(); + js.append("if (parent.nabbleinfo) {"); + js.append("Nabble.setCookie('username','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(u.getName()))).append("');"); + js.append("Nabble.setCookie('password','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(pwd))).append("');"); + js.append("}"); + + Shared.javascriptRedirect(request,response, "/template/NamlServlet.jtp?macro=user_profile", js.toString()); + return; + } catch(ModelException e) { + errorMsg = e.getMessage(); + } finally { + db.endTransaction(); + } + } + } + + out.print( "\n<html>\n <head>\n " ); + Shared.title(request,response,"Reset Password"); + out.print( "\n </head>\n <body>\n " ); + Shared.minHeaderGlobal(request, response); + out.print( "\n " ); + Shared.profileHeading(request,out,user,"Reset Password"); + out.print( "\n " ); + Shared.errorMessage(request,response,errorMsg, "Please re-enter the information and click on \"Update Information\"."); + out.print( "\n <style>\n div.field-title {\n margin-top: 0;\n }\n </style>\n <form method=post action=\"ResetPassword.jtp\">\n <input type=hidden name=\"action\" value=\"save\">\n <input type=hidden name=\"email\" value=\"" ); + out.print( (Jtp.hideNull(email)) ); + out.print( "\">\n <input type=hidden name=\"q\" value=\"" ); + out.print( (Jtp.hideNull(resetcode)) ); + out.print( "\">\n \n <div class=\"field-box light-border-color\">\n <div class=\"second-font field-title\">Your Email</div>\n <div class=\"weak-color\">" ); + out.print( (user.getEmail()) ); + out.print( "</div>\n </div>\n\n <div class=\"field-box light-border-color\">\n <div class=\"second-font field-title\">Your User Name</div>\n <div class=\"weak-color\">" ); + out.print( (user.getNameHtml()) ); + out.print( "</div>\n </div>\n\n <div class=\"field-box light-border-color\">\n <div class=\"second-font field-title\">Change Password</div>\n <div class=\"weak-color\">Nabble encrypts your password (<a href=\"" ); + out.print( (Help.password.url(request)) ); + out.print( "\">?</a>)</div> \n <table style=\"margin: .4em 0\" class=\"shaded-bg-color\">\n <tr valign=\"top\">\n <td class=\"form-label\" style=\"padding-top:.6em\">Password: </td>\n <td><input type=\"password\" name=\"password1\" size=\"25\" value=\"" ); + out.print( (Jtp.hideNull(password1)) ); + out.print( "\"/></td>\n </tr>\n <tr>\n <td class=\"form-label\">Confirm Password: </td>\n <td><input type=\"password\" name=\"password2\" size=\"25\" value=\"" ); + out.print( (Jtp.hideNull(password2)) ); + out.print( "\"/></td>\n </tr>\n </table>\n </div>\n\n <div class=\"field-box light-border-color\" style=\"padding-top:0\">\n <input type=submit value=\"Update Password\" />\n or <a href=\"/template/NamlServlet.jtp?macro=user_profile\">Cancel</a>\n </div>\n </form>\n\n " ); + Shared.footer(request,response); + out.print( "\n " ); + Shared.analytics(request,response); + out.print( "\n </body>\n</html>\n" ); + + } +} +