1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
# User registration and password reset. These functions share some common code.
package VN3::User::RegReset;
use VN3::Prelude;
TUWF::get '/u/newpass' => sub {
return tuwf->resRedirect('/', 'temp') if auth;
Framework title => 'Password reset', center => 1, sub {
Div 'data-elm-module' => 'User.PassReset', '';
};
};
my $elm_BadEmail = elm_api 'BadEmail';
my $elm_BadPass = elm_api 'BadPass';
my $elm_Bot = elm_api 'Bot';
my $elm_Taken = elm_api 'Taken';
my $elm_DoubleEmail = elm_api 'DoubleEmail';
my $elm_DoubleIP = elm_api 'DoubleIP';
json_api '/u/newpass', {
email => { email => 1 },
}, sub {
my $data = shift;
my($id, $token) = auth->resetpass($data->{email});
return $elm_BadEmail->() if !$id;
my $name = tuwf->dbVali('SELECT username FROM users WHERE id =', \$id);
my $body = sprintf
"Hello %s,"
."\n\n"
."Your VNDB.org login has been disabled, you can now set a new password by following the link below:"
."\n\n"
."%s"
."\n\n"
."Now don't forget your password again! :-)"
."\n\n"
."vndb.org",
$name, tuwf->reqBaseURI()."/u$id/setpass/$token";
tuwf->mail($body,
To => $data->{email},
From => 'VNDB <noreply@vndb.org>',
Subject => "Password reset for $name",
);
$elm_Success->();
};
my $reset_url = qr{/$UID_RE/setpass/(?<token>[a-f0-9]{40})};
TUWF::get $reset_url, sub {
return tuwf->resRedirect('/', 'temp') if auth;
my $id = tuwf->capture('id');
my $token = tuwf->capture('token');
my $name = tuwf->dbVali('SELECT username FROM users WHERE id =', \$id);
return tuwf->resNotFound if !$name || !auth->isvalidtoken($id, $token);
Framework title => 'Set password', center => 1, sub {
Div 'data-elm-module' => 'User.PassSet', 'data-elm-flags' => '"'.tuwf->reqPath().'"', '';
};
};
json_api $reset_url, {
pass => { password => 1 },
}, sub {
my $data = shift;
my $id = tuwf->capture('id');
my $token = tuwf->capture('token');
return $elm_BadPass->() if tuwf->isUnsafePass($data->{pass});
die "Invalid reset token" if !auth->setpass($id, $token, undef, $data->{pass});
tuwf->dbExeci('UPDATE users SET email_confirmed = true WHERE id =', \$id);
$elm_Success->()
};
TUWF::get '/u/register', sub {
return tuwf->resRedirect('/', 'temp') if auth;
Framework title => 'Register', center => 1, sub {
Div 'data-elm-module' => 'User.Register', '';
};
};
json_api '/u/register', {
username => { username => 1 },
email => { email => 1 },
vns => { int => 1 },
}, sub {
my $data = shift;
my $num = tuwf->dbVali("SELECT count FROM stats_cache WHERE section = 'vn'");
return $elm_Bot->() if $data->{vns} < $num*0.995 || $data->{vns} > $num*1.005;
return $elm_Taken->() if tuwf->dbVali('SELECT 1 FROM users WHERE username =', \$data->{username});
return $elm_DoubleEmail->() if tuwf->dbVali(select => sql_func user_emailexists => \$data->{email});
my $ip = tuwf->reqIP;
return $elm_DoubleIP->() if tuwf->dbVali(
q{SELECT 1 FROM users WHERE registered >= NOW()-'1 day'::interval AND ip <<},
$ip =~ /:/ ? \"$ip/48" : \"$ip/30"
);
my $id = tuwf->dbVali('INSERT INTO users', {
username => $data->{username},
mail => $data->{email},
ip => $ip,
}, 'RETURNING id');
my(undef, $token) = auth->resetpass($data->{email});
my $body = sprintf
"Hello %s,"
."\n\n"
."Someone has registered an account on VNDB.org with your email address. To confirm your registration, follow the link below."
."\n\n"
."%s"
."\n\n"
."If you don't remember creating an account on VNDB.org recently, please ignore this e-mail."
."\n\n"
."vndb.org",
$data->{username}, tuwf->reqBaseURI()."/u$id/setpass/$token";
tuwf->mail($body,
To => $data->{email},
From => 'VNDB <noreply@vndb.org>',
Subject => "Confirm registration for $data->{username}",
);
$elm_Success->()
};
1;
|
