From d2204b171cb0d4e1ba1e29861ac07431dc54fa44 Mon Sep 17 00:00:00 2001
From: mrkubax10 <mrkubax10@onet.pl>
Date: Sun, 10 Sep 2023 18:57:44 +0200
Subject: [PATCH] Frontend: Add password changing support

---
 frontend_routes.pm           | 44 ++++++++++++++++++++++++++++++++++++
 static/password_changed.html | 10 ++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 static/password_changed.html

diff --git a/frontend_routes.pm b/frontend_routes.pm
index 592ba40..8a493e4 100644
--- a/frontend_routes.pm
+++ b/frontend_routes.pm
@@ -208,6 +208,50 @@ sub handlePath {
 		frontend::sendTemplate("templates/panel.html", $aClient, {"username"=>$session->{"username"}, "manageChannelAccess"=>$manageChannelAccess, "manageServers"=>$manageServers, "manageChannels"=>$manageChannels, "addUser"=>$addUser});
 		return 1;
 	}
+	when("/change_password_action") {
+		if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
+			frontend::redirect($aClient, "/");
+			return 1;
+		}
+		if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
+			frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
+			return 1;
+		}
+		if(!defined($aRequest->{"content"})) {
+			frontend::sendBadRequest($aClient, "Request content required");
+			return 1;
+		}
+		my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
+
+		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
+		if(!defined($parameters{"currentPassword"})) {
+			frontend::sendBadRequest($aClient, "Current password parameter required");
+			return 1;
+		}
+		if(!defined($parameters{"newPassword"})) {
+			frontend::sendBadRequest($aClient, "New password parameter required");
+			return 1;
+		}
+
+		my $query = $aConnection->prepare(qq(select password from users where name=?;));
+		$query->execute($session->{"username"});
+		my @row = $query->fetchrow_array();
+		my $password = $row[0];
+		if($parameters{"currentPassword"} ne $password) {
+			frontend::sendBadRequest($aClient, "Wrong password");
+			return 1;
+		}
+		if($parameters{"newPassword"} eq $password) {
+			frontend::sendBadRequest($aClient, "New password and current password match");
+			return 1;
+		}
+
+		$query = $aConnection->prepare(qq(update users set password=? where name=?;));
+		$query->execute($parameters{"newPassword"}, $session->{"username"});
+		frontend::redirect($aClient, "/password_changed.html");
+
+		return 1;
+	}
 	when("/view_logs") {
 		my $channelID = $aRequest->{"path"}{"parameters"}{"channel"};
 		if(!defined($channelID)) {
diff --git a/static/password_changed.html b/static/password_changed.html
new file mode 100644
index 0000000..abfdce6
--- /dev/null
+++ b/static/password_changed.html
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+	<head>
+		<title>Password changed</title>
+	</head>
+	<body>
+		<p>Password successfully changed</p>
+		<a href="/panel">Return to user panel</a>
+	</body>
+</html>