Mercurial Hosting > nabble

view src/nabble/view/web/user/ResetPassword.jtp @ 19:18cf4872fd7f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remove anonymous posting
author Franklin Schmidt <fschmidt@gmail.com>
date Fri, 29 May 2020 22:58:25 -0600
parents 7ecd1a4ef557
children
line wrap: on
line source

<%
package nabble.view.web.user;

import fschmidt.db.DbDatabase;
import fschmidt.util.java.HtmlUtils;
import fschmidt.util.servlet.ServletUtils;
import nabble.model.Db;
import nabble.model.ModelException;
import nabble.model.User;
import nabble.view.lib.Jtp;
import nabble.view.lib.Shared;
import nabble.view.lib.help.Help;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;


public final class ResetPassword extends HttpServlet {

	protected void service(HttpServletRequest request,HttpServletResponse response)
		throws ServletException, IOException
	{
		PrintWriter out = response.getWriter();
		if ( Jtp.getUser(request) != null ) {
			Jtp.logout(request,response);
		}
		String email = request.getParameter("email");
		String resetcode = request.getParameter("q");
		if ( email==null || resetcode==null || resetcode.trim().length()==0 ) {
			Jtp.login("This password reset link is not valid.",request,response);
			return;
		}
		User user = Jtp.getSiteNotNull(request).getUserFromEmail(email);
		if ( ! (user!=null && user.isRegistered() && user.checkResetcode(resetcode)) ) {
			Jtp.login("This password reset link is no longer valid.",request,response);
			return;
		}
		String password1 = null;
		String password2 = null;
		String errorMsg = null;

		if ("save".equals(request.getParameter("action")) && "POST".equals(request.getMethod())) {
			password1 = request.getParameter("password1");
			password2 = request.getParameter("password2");
			if (!password1.equals(password2) ) {
				errorMsg = "The password fields don't match.";
			} else if (password1.trim().length() == 0) {
				errorMsg = "Your password must contain valid alphanumeric characters.";
			} else {
				DbDatabase db = user.getSite().getDb();
				db.beginTransaction();
				try {
					User u = user.getGoodCopy();
					u.setPassword(password1);
					u.update();
					db.commitTransaction();
					String pwd = u.getPasscookie();
					Jtp.doLogin(request,response,u,false);

					StringBuffer js = new StringBuffer();
					js.append("if (parent.nabbleinfo) {");
					js.append("Nabble.setCookie('username','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(u.getName()))).append("');");
					js.append("Nabble.setCookie('password','").append(HtmlUtils.javascriptStringEncode(HtmlUtils.urlEncode(pwd))).append("');");
					js.append("}");

					Shared.javascriptRedirect(request,response, "/template/NamlServlet.jtp?macro=user_profile", js.toString());
					return;
				} catch(ModelException e) {
					errorMsg = e.getMessage();
				} finally {
					db.endTransaction();
				}
			}
		}
		%>
		<html>
			<head>
				<% Shared.title(request,response,"Reset Password"); %>
			</head>
			<body>
				<% Shared.minHeaderGlobal(request, response); %>
				<% Shared.profileHeading(request,out,user,"Reset Password"); %>
				<% Shared.errorMessage(request,response,errorMsg, "Please re-enter the information and click on \"Update Information\"."); %>
				<style>
					div.field-title {
						margin-top: 0;
					}
				</style>
				<form method=post action="ResetPassword.jtp">
					<input type=hidden name="action" value="save">
					<input type=hidden name="email" value="<%=Jtp.hideNull(email)%>">
					<input type=hidden name="q" value="<%=Jtp.hideNull(resetcode)%>">
					
					<div class="field-box light-border-color">
						<div class="second-font field-title">Your Email</div>
						<div class="weak-color"><%=user.getEmail()%></div>
					</div>

					<div class="field-box light-border-color">
						<div class="second-font field-title">Your User Name</div>
						<div class="weak-color"><%=user.getNameHtml()%></div>
					</div>

					<div class="field-box light-border-color">
						<div class="second-font field-title">Change Password</div>
						<div class="weak-color">Nabble encrypts your password (<a href="<%=Help.password.url(request)%>">?</a>)</div>						
						<table style="margin: .4em 0" class="shaded-bg-color">
							<tr valign="top">
								<td class="form-label" style="padding-top:.6em">Password:&nbsp;</td>
								<td><input type="password" name="password1" size="25" value="<%=Jtp.hideNull(password1)%>"/></td>
							</tr>
							<tr>
								<td class="form-label">Confirm Password:&nbsp;</td>
								<td><input type="password" name="password2" size="25" value="<%=Jtp.hideNull(password2)%>"/></td>
							</tr>
						</table>
					</div>

					<div class="field-box light-border-color" style="padding-top:0">
						<input type=submit value="Update Password" />
						or <a href="/template/NamlServlet.jtp?macro=user_profile">Cancel</a>
					</div>
				</form>

				<% Shared.footer(request,response); %>
				<% Shared.analytics(request,response); %>
			</body>
		</html>
		<%
	}
}
%>