specter/CyTube
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add password change (#88)

Browse source
This commit is contained in:
calzoneman 2013-05-04 13:01:04 -05:00
parent 27c1f78dbd
commit 62e80cec63
7 changed files with 98 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
api.js
View file

@ -25,6 +25,7 @@ var jsonHandlers = {
"listloaded" : handleChannelList, "listloaded" : handleChannelList,
"login" : handleLogin, "login" : handleLogin,
"register" : handleRegister, "register" : handleRegister,
"changepass" : handlePasswordChange,
"globalbans" : handleGlobalBans, "globalbans" : handleGlobalBans,
"admreports" : handleAdmReports "admreports" : handleAdmReports
}; };
@ -197,6 +198,33 @@ function handleLogin(params, req, res) {
} }
} }
function handlePasswordChange(params, req, res) {
var name = params.name || "";
var oldpw = params.oldpw || "";
var newpw = params.newpw || "";
if(oldpw == "" || newpw == "") {
sendJSON(res, {
success: false,
error: "Old password and new password cannot be empty"
});
return;
}
var row = Auth.login(name, oldpw);
if(row) {
var success = Auth.setUserPassword(name, newpw);
sendJSON(res, {
success: success,
error: success ? "" : "Change password failed"
});
}
else {
sendJSON(res, {
success: false,
error: "Invalid username or password"
});
}
}
function handleRegister(params, req, res) { function handleRegister(params, req, res) {
var name = params.name || ""; var name = params.name || "";
var pw = params.pw || ""; var pw = params.pw || "";

17
auth.js
View file

@ -10,6 +10,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI
*/ */
var mysql = require("mysql-libmysqlclient"); var mysql = require("mysql-libmysqlclient");
var Database = require("./database.js");
var Config = require("./config.js"); var Config = require("./config.js");
var bcrypt = require("bcrypt"); var bcrypt = require("bcrypt");
var hashlib = require("node_hash"); var hashlib = require("node_hash");
@ -186,6 +187,22 @@ function sessionSalt() {
return salt.join(''); return salt.join('');
} }
exports.setUserPassword = function(name, pw) {
var db = mysql.createConnectionSync();
db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER,
Config.MYSQL_PASSWORD, Config.MYSQL_DB);
if(!db.connectedSync()) {
Logger.errlog.log("Auth.setUserPassword: DB connection failed");
return false;
}
var hash = bcrypt.hashSync(pw, 10);
var query = "UPDATE registrations SET pw='{1}' WHERE uname='{2}'"
.replace("{1}", Database.sqlEscape(hash))
.replace("{2}", Database.sqlEscape(name));
var result = db.querySync(query);
return result;
}
exports.getGlobalRank = function(name) { exports.getGlobalRank = function(name) {
var db = mysql.createConnectionSync(); var db = mysql.createConnectionSync();
db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER, db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER,

1
database.js
View file

@ -40,6 +40,7 @@ function sqlEscape(data) {
return data.replace("'", "\\'"); return data.replace("'", "\\'");
} }
} }
exports.sqlEscape = sqlEscape;
exports.init = function() { exports.init = function() {
if(initialized) if(initialized)

2
package.json
View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "1.5.3", "version": "1.5.5",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

2
server.js
View file

@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
const VERSION = "1.5.4"; const VERSION = "1.5.5";
var fs = require("fs"); var fs = require("fs");
var Logger = require("./logger.js"); var Logger = require("./logger.js");

10
www/assets/js/functions.js
View file

@ -1002,6 +1002,16 @@ function showLoginFrame() {
modal.modal("hide"); modal.modal("hide");
} }
} }
else if(e.data.substring(0, e.data.indexOf(":")) == "cytube-changepass") {
var data = e.data.substring(e.data.indexOf(":")+1);
data = JSON.parse(data);
if(data.error) {
alert(data.error);
}
else if(data.success) {
alert("Password changed");
}
}
} }
if(window.addEventListener) { if(window.addEventListener) {
window.addEventListener("message", respond, false); window.addEventListener("message", respond, false);

40
www/login.html
View file

@ -4,6 +4,17 @@
<meta charset="utf-8"> <meta charset="utf-8">
<title>CyTube - Login</title> <title>CyTube - Login</title>
<link rel="stylesheet" href="assets/css/bootstrap.css"> <link rel="stylesheet" href="assets/css/bootstrap.css">
<style type="text/css">
#username, #pw {
width: 95%;
}
#login, #register {
width: 49%;
}
#changepass {
width: 99%;
}
</style>
</head> </head>
<body> <body>
<form class="form-horizontal" action="javascript:void(0)"> <form class="form-horizontal" action="javascript:void(0)">
@ -19,6 +30,12 @@
<input type="password" id="pw"> <input type="password" id="pw">
</div> </div>
</div> </div>
<div class="control-group" style="display: none" id="newpassdiv">
<label class="control-label" for="newpass" id="nplabel">New Password</label>
<div class="controls">
<input type="password" id="newpass">
</div>
</div>
<div class="control-group" style="display: none" id="pw2div"> <div class="control-group" style="display: none" id="pw2div">
<label class="control-label" for="pw2" id="confirm">Confirm Password</label> <label class="control-label" for="pw2" id="confirm">Confirm Password</label>
<div class="controls"> <div class="controls">
@ -31,6 +48,11 @@
<button class="btn" id="register">Register</button> <button class="btn" id="register">Register</button>
</div> </div>
</div> </div>
<div class="control-group">
<div class="controls">
<button class="btn" id="changepass">Change Password</button>
</div>
</div>
</form> </form>
<script src="assets/js/jquery.js" type="text/javascript"></script> <script src="assets/js/jquery.js" type="text/javascript"></script>
<script src="assets/js/iourl.js" type="text/javascript"></script> <script src="assets/js/iourl.js" type="text/javascript"></script>
@ -65,6 +87,24 @@
source.postMessage("cytube-login:"+JSON.stringify(data), document.location); source.postMessage("cytube-login:"+JSON.stringify(data), document.location);
}); });
}); });
$("#changepass").click(function() {
if($("#newpassdiv").css("display") == "none") {
$("#newpassdiv").css("display", "");
$("#pw2div").css("display", "");
return false;
}
else if($("#newpass").val() != $("#pw2").val()) {
$("#confirm").addClass("text-error");
return;
}
$.getJSON(IO_URL+"/api/json/changepass?name="+$("#username").val()+"&oldpw="+$("#pw").val()+"&newpw="+$("#newpass").val()+"&callback=?", function(data) {
if(data.success) {
$("#newpassdiv").css("display", "none");
$("#pw2div").css("display", "none");
}
source.postMessage("cytube-changepass:"+JSON.stringify(data), document.location);
});
});
</script> </script>
</body> </body>
</html> </html>