From 62e80cec63393922e8a658844eef3b44a38604b8 Mon Sep 17 00:00:00 2001 From: calzoneman Date: Sat, 4 May 2013 13:01:04 -0500 Subject: [PATCH] Add password change (#88) --- api.js | 28 ++++++++++++++++++++++++++ auth.js | 17 ++++++++++++++++ database.js | 1 + package.json | 2 +- server.js | 2 +- www/assets/js/functions.js | 10 ++++++++++ www/login.html | 40 ++++++++++++++++++++++++++++++++++++++ 7 files changed, 98 insertions(+), 2 deletions(-) diff --git a/api.js b/api.js index efb2b474..344d23ff 100644 --- a/api.js +++ b/api.js @@ -25,6 +25,7 @@ var jsonHandlers = { "listloaded" : handleChannelList, "login" : handleLogin, "register" : handleRegister, + "changepass" : handlePasswordChange, "globalbans" : handleGlobalBans, "admreports" : handleAdmReports }; @@ -197,6 +198,33 @@ function handleLogin(params, req, res) { } } +function handlePasswordChange(params, req, res) { + var name = params.name || ""; + var oldpw = params.oldpw || ""; + var newpw = params.newpw || ""; + if(oldpw == "" || newpw == "") { + sendJSON(res, { + success: false, + error: "Old password and new password cannot be empty" + }); + return; + } + var row = Auth.login(name, oldpw); + if(row) { + var success = Auth.setUserPassword(name, newpw); + sendJSON(res, { + success: success, + error: success ? "" : "Change password failed" + }); + } + else { + sendJSON(res, { + success: false, + error: "Invalid username or password" + }); + } +} + function handleRegister(params, req, res) { var name = params.name || ""; var pw = params.pw || ""; diff --git a/auth.js b/auth.js index dd7dc8e0..d43fbb38 100644 --- a/auth.js +++ b/auth.js @@ -10,6 +10,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI */ var mysql = require("mysql-libmysqlclient"); +var Database = require("./database.js"); var Config = require("./config.js"); var bcrypt = require("bcrypt"); var hashlib = require("node_hash"); @@ -186,6 +187,22 @@ function sessionSalt() { return salt.join(''); } +exports.setUserPassword = function(name, pw) { + var db = mysql.createConnectionSync(); + db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER, + Config.MYSQL_PASSWORD, Config.MYSQL_DB); + if(!db.connectedSync()) { + Logger.errlog.log("Auth.setUserPassword: DB connection failed"); + return false; + } + var hash = bcrypt.hashSync(pw, 10); + var query = "UPDATE registrations SET pw='{1}' WHERE uname='{2}'" + .replace("{1}", Database.sqlEscape(hash)) + .replace("{2}", Database.sqlEscape(name)); + var result = db.querySync(query); + return result; +} + exports.getGlobalRank = function(name) { var db = mysql.createConnectionSync(); db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER, diff --git a/database.js b/database.js index 083ead24..f2e33158 100644 --- a/database.js +++ b/database.js @@ -40,6 +40,7 @@ function sqlEscape(data) { return data.replace("'", "\\'"); } } +exports.sqlEscape = sqlEscape; exports.init = function() { if(initialized) diff --git a/package.json b/package.json index cc5b9c7a..2a7a93ca 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "author": "Calvin Montgomery", "name": "CyTube", "description": "Online media synchronizer and chat", - "version": "1.5.3", + "version": "1.5.5", "repository": { "url": "http://github.com/calzoneman/sync" }, diff --git a/server.js b/server.js index 561f66f7..81f943d8 100644 --- a/server.js +++ b/server.js @@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -const VERSION = "1.5.4"; +const VERSION = "1.5.5"; var fs = require("fs"); var Logger = require("./logger.js"); diff --git a/www/assets/js/functions.js b/www/assets/js/functions.js index cde4f433..3c6a929b 100644 --- a/www/assets/js/functions.js +++ b/www/assets/js/functions.js @@ -1002,6 +1002,16 @@ function showLoginFrame() { modal.modal("hide"); } } + else if(e.data.substring(0, e.data.indexOf(":")) == "cytube-changepass") { + var data = e.data.substring(e.data.indexOf(":")+1); + data = JSON.parse(data); + if(data.error) { + alert(data.error); + } + else if(data.success) { + alert("Password changed"); + } + } } if(window.addEventListener) { window.addEventListener("message", respond, false); diff --git a/www/login.html b/www/login.html index 4e68406d..9880c7e1 100644 --- a/www/login.html +++ b/www/login.html @@ -4,6 +4,17 @@ CyTube - Login +
@@ -19,6 +30,12 @@ + +
+
+ +
+
@@ -65,6 +87,24 @@ source.postMessage("cytube-login:"+JSON.stringify(data), document.location); }); }); + $("#changepass").click(function() { + if($("#newpassdiv").css("display") == "none") { + $("#newpassdiv").css("display", ""); + $("#pw2div").css("display", ""); + return false; + } + else if($("#newpass").val() != $("#pw2").val()) { + $("#confirm").addClass("text-error"); + return; + } + $.getJSON(IO_URL+"/api/json/changepass?name="+$("#username").val()+"&oldpw="+$("#pw").val()+"&newpw="+$("#newpass").val()+"&callback=?", function(data) { + if(data.success) { + $("#newpassdiv").css("display", "none"); + $("#pw2div").css("display", "none"); + } + source.postMessage("cytube-changepass:"+JSON.stringify(data), document.location); + }); + });