Mercurial Hosting > nabble
view src/nabble/view/web/user/ResetPassword.jtp @ 19:18cf4872fd7f
remove anonymous posting
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Fri, 29 May 2020 22:58:25 -0600 |
parents | 7ecd1a4ef557 |
children |
line wrap: on
line source
<% package nabble.view.web.user; import fschmidt.db.DbDatabase; import fschmidt.util.java.HtmlUtils; import fschmidt.util.servlet.ServletUtils; import nabble.model.Db; import nabble.model.ModelException; import nabble.model.User; import nabble.view.lib.Jtp; import nabble.view.lib.Shared; import nabble.view.lib.help.Help; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; public final class ResetPassword extends HttpServlet { protected void service(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); if ( Jtp.getUser(request) != null ) { Jtp.logout(request,response); } String email = request.getParameter("email"); String resetcode = request.getParameter("q"); if ( email==null || resetcode==null || resetcode.trim().length()==0 ) { Jtp.login("This password reset link is not valid.",request,response); return; } User user = Jtp.getSiteNotNull(request).getUserFromEmail(email); if ( ! (user!=null && user.isRegistered() && user.checkResetcode(resetcode)) ) { Jtp.login("This password reset link is no longer valid.",request,response); return; } String password1 = null; String password2 = null; String errorMsg = null; if ("save".equals(request.getParameter("action")) && "POST".equals(request.getMethod())) { password1 = request.getParameter("password1"); password2 = request.getParameter("password2"); if (!password1.equals(password2) ) { errorMsg = "The password fields don't match."; } else if (password1.trim().length() == 0) { errorMsg = "Your password must contain valid alphanumeric characters."; } else { DbDatabase db = user.getSite().getDb(); db.beginTransaction(); try { User u = user.getGoodCopy(); u.setPassword(password1); u.update(); db.commitTransaction(); String pwd = u.getPasscookie(); Jtp.doLogin(request,response,u,false); StringBuffer js = new StringBuffer(); js.append("if (parent.nabbleinfo) {"); js.append("Nabble.setCookie('username','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(u.getName()))).append("');"); js.append("Nabble.setCookie('password','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(pwd))).append("');"); js.append("}"); Shared.javascriptRedirect(request,response, "/template/NamlServlet.jtp?macro=user_profile", js.toString()); return; } catch(ModelException e) { errorMsg = e.getMessage(); } finally { db.endTransaction(); } } } %> <html> <head> <% Shared.title(request,response,"Reset Password"); %> </head> <body> <% Shared.minHeaderGlobal(request, response); %> <% Shared.profileHeading(request,out,user,"Reset Password"); %> <% Shared.errorMessage(request,response,errorMsg, "Please re-enter the information and click on \"Update Information\"."); %> <style> div.field-title { margin-top: 0; } </style> <form method=post action="ResetPassword.jtp"> <input type=hidden name="action" value="save"> <input type=hidden name="email" value="<%=Jtp.hideNull(email)%>"> <input type=hidden name="q" value="<%=Jtp.hideNull(resetcode)%>"> <div class="field-box light-border-color"> <div class="second-font field-title">Your Email</div> <div class="weak-color"><%=user.getEmail()%></div> </div> <div class="field-box light-border-color"> <div class="second-font field-title">Your User Name</div> <div class="weak-color"><%=user.getNameHtml()%></div> </div> <div class="field-box light-border-color"> <div class="second-font field-title">Change Password</div> <div class="weak-color">Nabble encrypts your password (<a href="<%=Help.password.url(request)%>">?</a>)</div> <table style="margin: .4em 0" class="shaded-bg-color"> <tr valign="top"> <td class="form-label" style="padding-top:.6em">Password: </td> <td><input type="password" name="password1" size="25" value="<%=Jtp.hideNull(password1)%>"/></td> </tr> <tr> <td class="form-label">Confirm Password: </td> <td><input type="password" name="password2" size="25" value="<%=Jtp.hideNull(password2)%>"/></td> </tr> </table> </div> <div class="field-box light-border-color" style="padding-top:0"> <input type=submit value="Update Password" /> or <a href="/template/NamlServlet.jtp?macro=user_profile">Cancel</a> </div> </form> <% Shared.footer(request,response); %> <% Shared.analytics(request,response); %> </body> </html> <% } } %>