Mercurial Hosting > nabble

view src/nabble/view/web/user/ResetPassword.java @ 19:18cf4872fd7f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remove anonymous posting
author Franklin Schmidt <fschmidt@gmail.com>
date Fri, 29 May 2020 22:58:25 -0600
parents 7ecd1a4ef557
children
line wrap: on
line source


package nabble.view.web.user;

import fschmidt.db.DbDatabase;
import fschmidt.util.java.HtmlUtils;
import fschmidt.util.servlet.ServletUtils;
import nabble.model.Db;
import nabble.model.ModelException;
import nabble.model.User;
import nabble.view.lib.Jtp;
import nabble.view.lib.Shared;
import nabble.view.lib.help.Help;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;


public final class ResetPassword extends HttpServlet {

	protected void service(HttpServletRequest request,HttpServletResponse response)
		throws ServletException, IOException
	{
		PrintWriter out = response.getWriter();
		if ( Jtp.getUser(request) != null ) {
			Jtp.logout(request,response);
		}
		String email = request.getParameter("email");
		String resetcode = request.getParameter("q");
		if ( email==null || resetcode==null || resetcode.trim().length()==0 ) {
			Jtp.login("This password reset link is not valid.",request,response);
			return;
		}
		User user = Jtp.getSiteNotNull(request).getUserFromEmail(email);
		if ( ! (user!=null && user.isRegistered() && user.checkResetcode(resetcode)) ) {
			Jtp.login("This password reset link is no longer valid.",request,response);
			return;
		}
		String password1 = null;
		String password2 = null;
		String errorMsg = null;

		if ("save".equals(request.getParameter("action")) && "POST".equals(request.getMethod())) {
			password1 = request.getParameter("password1");
			password2 = request.getParameter("password2");
			if (!password1.equals(password2) ) {
				errorMsg = "The password fields don't match.";
			} else if (password1.trim().length() == 0) {
				errorMsg = "Your password must contain valid alphanumeric characters.";
			} else {
				DbDatabase db = user.getSite().getDb();
				db.beginTransaction();
				try {
					User u = user.getGoodCopy();
					u.setPassword(password1);
					u.update();
					db.commitTransaction();
					String pwd = u.getPasscookie();
					Jtp.doLogin(request,response,u,false);

					StringBuffer js = new StringBuffer();
					js.append("if (parent.nabbleinfo) {");
					js.append("Nabble.setCookie('username','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(u.getName()))).append("');");
					js.append("Nabble.setCookie('password','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(pwd))).append("');");
					js.append("}");

					Shared.javascriptRedirect(request,response, "/template/NamlServlet.jtp?macro=user_profile", js.toString());
					return;
				} catch(ModelException e) {
					errorMsg = e.getMessage();
				} finally {
					db.endTransaction();
				}
			}
		}
		
		out.print( "\n<html>\n	<head>\n		" );
 Shared.title(request,response,"Reset Password"); 
		out.print( "\n	</head>\n	<body>\n		" );
 Shared.minHeaderGlobal(request, response); 
		out.print( "\n		" );
 Shared.profileHeading(request,out,user,"Reset Password"); 
		out.print( "\n		" );
 Shared.errorMessage(request,response,errorMsg, "Please re-enter the information and click on \"Update Information\"."); 
		out.print( "\n		<style>\n			div.field-title {\n				margin-top: 0;\n			}\n		</style>\n		<form method=post action=\"ResetPassword.jtp\">\n			<input type=hidden name=\"action\" value=\"save\">\n			<input type=hidden name=\"email\" value=\"" );
		out.print( (Jtp.hideNull(email)) );
		out.print( "\">\n			<input type=hidden name=\"q\" value=\"" );
		out.print( (Jtp.hideNull(resetcode)) );
		out.print( "\">\n			\n			<div class=\"field-box light-border-color\">\n				<div class=\"second-font field-title\">Your Email</div>\n				<div class=\"weak-color\">" );
		out.print( (user.getEmail()) );
		out.print( "</div>\n			</div>\n\n			<div class=\"field-box light-border-color\">\n				<div class=\"second-font field-title\">Your User Name</div>\n				<div class=\"weak-color\">" );
		out.print( (user.getNameHtml()) );
		out.print( "</div>\n			</div>\n\n			<div class=\"field-box light-border-color\">\n				<div class=\"second-font field-title\">Change Password</div>\n				<div class=\"weak-color\">Nabble encrypts your password (<a href=\"" );
		out.print( (Help.password.url(request)) );
		out.print( "\">?</a>)</div>						\n				<table style=\"margin: .4em 0\" class=\"shaded-bg-color\">\n					<tr valign=\"top\">\n						<td class=\"form-label\" style=\"padding-top:.6em\">Password:&nbsp;</td>\n						<td><input type=\"password\" name=\"password1\" size=\"25\" value=\"" );
		out.print( (Jtp.hideNull(password1)) );
		out.print( "\"/></td>\n					</tr>\n					<tr>\n						<td class=\"form-label\">Confirm Password:&nbsp;</td>\n						<td><input type=\"password\" name=\"password2\" size=\"25\" value=\"" );
		out.print( (Jtp.hideNull(password2)) );
		out.print( "\"/></td>\n					</tr>\n				</table>\n			</div>\n\n			<div class=\"field-box light-border-color\" style=\"padding-top:0\">\n				<input type=submit value=\"Update Password\" />\n				or <a href=\"/template/NamlServlet.jtp?macro=user_profile\">Cancel</a>\n			</div>\n		</form>\n\n		" );
 Shared.footer(request,response); 
		out.print( "\n		" );
 Shared.analytics(request,response); 
		out.print( "\n	</body>\n</html>\n" );

	}
}