Add password change (#88)

This commit is contained in:
calzoneman 2013-05-04 13:01:04 -05:00
parent 27c1f78dbd
commit 62e80cec63
7 changed files with 98 additions and 2 deletions

28
api.js
View file

@ -25,6 +25,7 @@ var jsonHandlers = {
"listloaded" : handleChannelList,
"login" : handleLogin,
"register" : handleRegister,
"changepass" : handlePasswordChange,
"globalbans" : handleGlobalBans,
"admreports" : handleAdmReports
};
@ -197,6 +198,33 @@ function handleLogin(params, req, res) {
}
}
function handlePasswordChange(params, req, res) {
var name = params.name || "";
var oldpw = params.oldpw || "";
var newpw = params.newpw || "";
if(oldpw == "" || newpw == "") {
sendJSON(res, {
success: false,
error: "Old password and new password cannot be empty"
});
return;
}
var row = Auth.login(name, oldpw);
if(row) {
var success = Auth.setUserPassword(name, newpw);
sendJSON(res, {
success: success,
error: success ? "" : "Change password failed"
});
}
else {
sendJSON(res, {
success: false,
error: "Invalid username or password"
});
}
}
function handleRegister(params, req, res) {
var name = params.name || "";
var pw = params.pw || "";

17
auth.js
View file

@ -10,6 +10,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI
*/
var mysql = require("mysql-libmysqlclient");
var Database = require("./database.js");
var Config = require("./config.js");
var bcrypt = require("bcrypt");
var hashlib = require("node_hash");
@ -186,6 +187,22 @@ function sessionSalt() {
return salt.join('');
}
exports.setUserPassword = function(name, pw) {
var db = mysql.createConnectionSync();
db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER,
Config.MYSQL_PASSWORD, Config.MYSQL_DB);
if(!db.connectedSync()) {
Logger.errlog.log("Auth.setUserPassword: DB connection failed");
return false;
}
var hash = bcrypt.hashSync(pw, 10);
var query = "UPDATE registrations SET pw='{1}' WHERE uname='{2}'"
.replace("{1}", Database.sqlEscape(hash))
.replace("{2}", Database.sqlEscape(name));
var result = db.querySync(query);
return result;
}
exports.getGlobalRank = function(name) {
var db = mysql.createConnectionSync();
db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER,

View file

@ -40,6 +40,7 @@ function sqlEscape(data) {
return data.replace("'", "\\'");
}
}
exports.sqlEscape = sqlEscape;
exports.init = function() {
if(initialized)

View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery",
"name": "CyTube",
"description": "Online media synchronizer and chat",
"version": "1.5.3",
"version": "1.5.5",
"repository": {
"url": "http://github.com/calzoneman/sync"
},

View file

@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
const VERSION = "1.5.4";
const VERSION = "1.5.5";
var fs = require("fs");
var Logger = require("./logger.js");

View file

@ -1002,6 +1002,16 @@ function showLoginFrame() {
modal.modal("hide");
}
}
else if(e.data.substring(0, e.data.indexOf(":")) == "cytube-changepass") {
var data = e.data.substring(e.data.indexOf(":")+1);
data = JSON.parse(data);
if(data.error) {
alert(data.error);
}
else if(data.success) {
alert("Password changed");
}
}
}
if(window.addEventListener) {
window.addEventListener("message", respond, false);

View file

@ -4,6 +4,17 @@
<meta charset="utf-8">
<title>CyTube - Login</title>
<link rel="stylesheet" href="assets/css/bootstrap.css">
<style type="text/css">
#username, #pw {
width: 95%;
}
#login, #register {
width: 49%;
}
#changepass {
width: 99%;
}
</style>
</head>
<body>
<form class="form-horizontal" action="javascript:void(0)">
@ -19,6 +30,12 @@
<input type="password" id="pw">
</div>
</div>
<div class="control-group" style="display: none" id="newpassdiv">
<label class="control-label" for="newpass" id="nplabel">New Password</label>
<div class="controls">
<input type="password" id="newpass">
</div>
</div>
<div class="control-group" style="display: none" id="pw2div">
<label class="control-label" for="pw2" id="confirm">Confirm Password</label>
<div class="controls">
@ -31,6 +48,11 @@
<button class="btn" id="register">Register</button>
</div>
</div>
<div class="control-group">
<div class="controls">
<button class="btn" id="changepass">Change Password</button>
</div>
</div>
</form>
<script src="assets/js/jquery.js" type="text/javascript"></script>
<script src="assets/js/iourl.js" type="text/javascript"></script>
@ -65,6 +87,24 @@
source.postMessage("cytube-login:"+JSON.stringify(data), document.location);
});
});
$("#changepass").click(function() {
if($("#newpassdiv").css("display") == "none") {
$("#newpassdiv").css("display", "");
$("#pw2div").css("display", "");
return false;
}
else if($("#newpass").val() != $("#pw2").val()) {
$("#confirm").addClass("text-error");
return;
}
$.getJSON(IO_URL+"/api/json/changepass?name="+$("#username").val()+"&oldpw="+$("#pw").val()+"&newpw="+$("#newpass").val()+"&callback=?", function(data) {
if(data.success) {
$("#newpassdiv").css("display", "none");
$("#pw2div").css("display", "none");
}
source.postMessage("cytube-changepass:"+JSON.stringify(data), document.location);
});
});
</script>
</body>
</html>