summaryrefslogtreecommitdiff
path: root/lib/VN3/User/RegReset.pm
blob: 5b227ef7d70afd3114341e3bd3c09cc787b092e0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# User registration and password reset. These functions share some common code.
package VN3::User::RegReset;

use VN3::Prelude;


TUWF::get '/u/newpass' => sub {
    return tuwf->resRedirect('/', 'temp') if auth;
    Framework title => 'Password reset', center => 1, sub {
        Div 'data-elm-module' => 'User.PassReset', '';
    };
};


json_api '/u/newpass', {
    email => { email => 1 },
}, sub {
    my $data = shift;

    my($id, $token) = auth->resetpass($data->{email});
    return tuwf->resJSON({BadEmail => 1}) if !$id;

    my $name = tuwf->dbVali('SELECT username FROM users WHERE id =', \$id);
    my $body = sprintf
         "Hello %s,"
        ."\n\n"
        ."Your VNDB.org login has been disabled, you can now set a new password by following the link below:"
        ."\n\n"
        ."%s"
        ."\n\n"
        ."Now don't forget your password again! :-)"
        ."\n\n"
        ."vndb.org",
        $name, tuwf->reqBaseURI()."/u$id/setpass/$token";

    tuwf->mail($body,
      To => $data->{email},
      From => 'VNDB <noreply@vndb.org>',
      Subject => "Password reset for $name",
    );
    tuwf->resJSON({Success => 1});
};


my $reset_url = qr{/$UID_RE/setpass/(?<token>[a-f0-9]{40})};

TUWF::get $reset_url, sub {
    return tuwf->resRedirect('/', 'temp') if auth;

    my $id = tuwf->capture('id');
    my $token = tuwf->capture('token');
    my $name = tuwf->dbVali('SELECT username FROM users WHERE id =', \$id);

    return tuwf->resNotFound if !$name || !auth->isvalidtoken($id, $token);

    Framework title => 'Set password', center => 1, sub {
        Div 'data-elm-module' => 'User.PassSet', 'data-elm-flags' => '"'.tuwf->reqPath().'"', '';
    };
};


json_api $reset_url, {
   pass => { password => 1 },
}, sub {
    my $data = shift;
    my $id = tuwf->capture('id');
    my $token = tuwf->capture('token');

    return tuwf->resJSON({BadPass => 1}) if tuwf->isUnsafePass($data->{pass});
    die "Invalid reset token" if !auth->setpass($id, $token, undef, $data->{pass});
    tuwf->dbExeci('UPDATE users SET email_confirmed = true WHERE id =', \$id);
    tuwf->resJSON({Success => 1});
};


TUWF::get '/u/register', sub {
    return tuwf->resRedirect('/', 'temp') if auth;
    Framework title => 'Register', center => 1, sub {
        Div 'data-elm-module' => 'User.Register', '';
    };
};


json_api '/u/register', {
    username => { username => 1 },
    email    => { email => 1 },
    vns      => { int => 1 },
}, sub {
    my $data = shift;

    my $num = tuwf->dbVali("SELECT count FROM stats_cache WHERE section = 'vn'");
    return tuwf->resJSON({Bot => 1})
        if $data->{vns} < $num*0.995 || $data->{vns} > $num*1.005;
    return tuwf->resJSON({Taken => 1})
        if tuwf->dbVali('SELECT 1 FROM users WHERE username =', \$data->{username});
    return tuwf->resJSON({DoubleEmail => 1})
        if tuwf->dbVali(select => sql_func user_emailexists => \$data->{email});

    my $ip = tuwf->reqIP;
    return tuwf->resJSON({DoubleIP => 1}) if tuwf->dbVali(
        q{SELECT 1 FROM users WHERE registered >= NOW()-'1 day'::interval AND ip <<},
        $ip =~ /:/ ? \"$ip/48" : \"$ip/30"
    );

    my $id = tuwf->dbVali('INSERT INTO users', {
        username => $data->{username},
        mail     => $data->{email},
        ip       => $ip,
    }, 'RETURNING id');
    my(undef, $token) = auth->resetpass($data->{email});

    my $body = sprintf
         "Hello %s,"
        ."\n\n"
        ."Someone has registered an account on VNDB.org with your email address. To confirm your registration, follow the link below."
        ."\n\n"
        ."%s"
        ."\n\n"
        ."If you don't remember creating an account on VNDB.org recently, please ignore this e-mail."
        ."\n\n"
        ."vndb.org",
        $data->{username}, tuwf->reqBaseURI()."/u$id/setpass/$token";

    tuwf->mail($body,
      To => $data->{email},
      From => 'VNDB <noreply@vndb.org>',
      Subject => "Confirm registration for $data->{username}",
    );
    tuwf->resJSON({Success => 1});
};

1;