Mercurial Hosting > nabble
view src/nabble/view/web/user/ResetPassword.java @ 19:18cf4872fd7f
remove anonymous posting
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Fri, 29 May 2020 22:58:25 -0600 |
parents | 7ecd1a4ef557 |
children |
line wrap: on
line source
package nabble.view.web.user; import fschmidt.db.DbDatabase; import fschmidt.util.java.HtmlUtils; import fschmidt.util.servlet.ServletUtils; import nabble.model.Db; import nabble.model.ModelException; import nabble.model.User; import nabble.view.lib.Jtp; import nabble.view.lib.Shared; import nabble.view.lib.help.Help; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; public final class ResetPassword extends HttpServlet { protected void service(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); if ( Jtp.getUser(request) != null ) { Jtp.logout(request,response); } String email = request.getParameter("email"); String resetcode = request.getParameter("q"); if ( email==null || resetcode==null || resetcode.trim().length()==0 ) { Jtp.login("This password reset link is not valid.",request,response); return; } User user = Jtp.getSiteNotNull(request).getUserFromEmail(email); if ( ! (user!=null && user.isRegistered() && user.checkResetcode(resetcode)) ) { Jtp.login("This password reset link is no longer valid.",request,response); return; } String password1 = null; String password2 = null; String errorMsg = null; if ("save".equals(request.getParameter("action")) && "POST".equals(request.getMethod())) { password1 = request.getParameter("password1"); password2 = request.getParameter("password2"); if (!password1.equals(password2) ) { errorMsg = "The password fields don't match."; } else if (password1.trim().length() == 0) { errorMsg = "Your password must contain valid alphanumeric characters."; } else { DbDatabase db = user.getSite().getDb(); db.beginTransaction(); try { User u = user.getGoodCopy(); u.setPassword(password1); u.update(); db.commitTransaction(); String pwd = u.getPasscookie(); Jtp.doLogin(request,response,u,false); StringBuffer js = new StringBuffer(); js.append("if (parent.nabbleinfo) {"); js.append("Nabble.setCookie('username','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(u.getName()))).append("');"); js.append("Nabble.setCookie('password','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(pwd))).append("');"); js.append("}"); Shared.javascriptRedirect(request,response, "/template/NamlServlet.jtp?macro=user_profile", js.toString()); return; } catch(ModelException e) { errorMsg = e.getMessage(); } finally { db.endTransaction(); } } } out.print( "\n<html>\n <head>\n " ); Shared.title(request,response,"Reset Password"); out.print( "\n </head>\n <body>\n " ); Shared.minHeaderGlobal(request, response); out.print( "\n " ); Shared.profileHeading(request,out,user,"Reset Password"); out.print( "\n " ); Shared.errorMessage(request,response,errorMsg, "Please re-enter the information and click on \"Update Information\"."); out.print( "\n <style>\n div.field-title {\n margin-top: 0;\n }\n </style>\n <form method=post action=\"ResetPassword.jtp\">\n <input type=hidden name=\"action\" value=\"save\">\n <input type=hidden name=\"email\" value=\"" ); out.print( (Jtp.hideNull(email)) ); out.print( "\">\n <input type=hidden name=\"q\" value=\"" ); out.print( (Jtp.hideNull(resetcode)) ); out.print( "\">\n \n <div class=\"field-box light-border-color\">\n <div class=\"second-font field-title\">Your Email</div>\n <div class=\"weak-color\">" ); out.print( (user.getEmail()) ); out.print( "</div>\n </div>\n\n <div class=\"field-box light-border-color\">\n <div class=\"second-font field-title\">Your User Name</div>\n <div class=\"weak-color\">" ); out.print( (user.getNameHtml()) ); out.print( "</div>\n </div>\n\n <div class=\"field-box light-border-color\">\n <div class=\"second-font field-title\">Change Password</div>\n <div class=\"weak-color\">Nabble encrypts your password (<a href=\"" ); out.print( (Help.password.url(request)) ); out.print( "\">?</a>)</div> \n <table style=\"margin: .4em 0\" class=\"shaded-bg-color\">\n <tr valign=\"top\">\n <td class=\"form-label\" style=\"padding-top:.6em\">Password: </td>\n <td><input type=\"password\" name=\"password1\" size=\"25\" value=\"" ); out.print( (Jtp.hideNull(password1)) ); out.print( "\"/></td>\n </tr>\n <tr>\n <td class=\"form-label\">Confirm Password: </td>\n <td><input type=\"password\" name=\"password2\" size=\"25\" value=\"" ); out.print( (Jtp.hideNull(password2)) ); out.print( "\"/></td>\n </tr>\n </table>\n </div>\n\n <div class=\"field-box light-border-color\" style=\"padding-top:0\">\n <input type=submit value=\"Update Password\" />\n or <a href=\"/template/NamlServlet.jtp?macro=user_profile\">Cancel</a>\n </div>\n </form>\n\n " ); Shared.footer(request,response); out.print( "\n " ); Shared.analytics(request,response); out.print( "\n </body>\n</html>\n" ); } }