1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
package VN3::User::Settings;
use VN3::Prelude;
my $FORM = {
username => { username => 1 },
mail => { email => 1 },
perm => { uint => 1, func => sub { ($_[0] & ~auth->allPerms) == 0 } },
ign_votes => { anybool => 1 },
hide_list => { anybool => 1 },
show_nsfw => { anybool => 1 },
traits_sexual => { anybool => 1 },
tags_all => { anybool => 1 },
tags_cont => { anybool => 1 },
tags_ero => { anybool => 1 },
tags_tech => { anybool => 1 },
spoilers => { uint => 1, range => [ 0, 2 ] },
password => { _when => 'in', required => 0, type => 'hash', keys => {
old => { password => 1 },
new => { password => 1 }
} },
id => { _when => 'out', uint => 1 },
authmod => { _when => 'out', anybool => 1 },
};
my $FORM_OUT = form_compile out => $FORM;
my $FORM_IN = form_compile in => $FORM;
elm_form UserEdit => $FORM_OUT, $FORM_IN;
my $elm_BadPass = elm_api 'BadPass';
my $elm_BadLogin = elm_api 'BadLogin';
TUWF::get qr{/$UID_RE/edit}, sub {
my $u = tuwf->dbRowi('SELECT id, username, perm, ign_votes FROM users WHERE id =', \tuwf->capture('id'));
return tuwf->resNotFound if !can_edit u => $u;
$u->{mail} = tuwf->dbVali(select => sql_func user_getmail => \$u->{id}, \auth->uid, sql_fromhex auth->token);
$u->{authmod} = auth->permUsermod;
# Let's not disclose this (though it's not hard to find out through other means)
if(!auth->permUsermod) {
$u->{ign_votes} = 0;
$u->{perm} = auth->defaultPerms;
}
my $prefs = { map +($_->{key}, $_->{value}), @{ tuwf->dbAlli('SELECT key, value FROM users_prefs WHERE uid =', \$u->{id}) }};
$u->{$_} = $prefs->{$_}||'' for qw/hide_list show_nsfw traits_sexual tags_all spoilers/;
$u->{spoilers} ||= 0;
$u->{"tags_$_"} = (($prefs->{tags_cat}||'cont,tech') =~ /$_/) for qw/cont ero tech/;
my $title = $u->{id} == auth->uid ? 'My Preferences' : "Edit $u->{username}";
Framework title => $title, noindex => 1, narrow => 1, sub {
FullPageForm module => 'User.Settings', data => $u, schema => $FORM_OUT;
};
};
json_api qr{/$UID_RE/edit}, $FORM_IN, sub {
my $data = shift;
my $id = tuwf->capture('id');
return $elm_Unauth->() if !can_edit u => { id => $id };
if(auth->permUsermod) {
tuwf->dbExeci(update => users => set => {
username => $data->{username},
ign_votes => $data->{ign_votes},
email_confirmed => 1,
}, where => { id => $id });
tuwf->dbExeci(select => sql_func user_setperm => \$id, \auth->uid, sql_fromhex(auth->token), \$data->{perm});
}
if($data->{password}) {
return $elm_BadPass->() if tuwf->isUnsafePass($data->{password}{new});
if(auth->uid == $id) {
return $elm_BadLogin->() if !auth->setpass($id, undef, $data->{password}{old}, $data->{password}{new});
} else {
tuwf->dbExeci(select => sql_func user_admin_setpass => \$id, \auth->uid,
sql_fromhex(auth->token), sql_fromhex auth->_preparepass($data->{password}{new})
);
}
}
tuwf->dbExeci(select => sql_func user_setmail => \$id, \auth->uid, sql_fromhex(auth->token), \$data->{mail});
auth->prefSet($_, $data->{$_}, $id) for qw/hide_list show_nsfw traits_sexual tags_all spoilers/;
auth->prefSet(tags_cat => join(',', map $data->{"tags_$_"} ? $_ : (), qw/cont ero tech/), $id);
$elm_Success->();
};
1;
|