change password form working

13 files changed, 145 insertions, 30 deletions

diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js
index f00c296..70cfeec 100644
--- a/bucky/app/bucky.js
+++ b/bucky/app/bucky.js
@@ -547,6 +547,22 @@ var bucky = module.exports = {
       }
     })
   },
+  ensureUserFromBody: function (req, res, next){
+    var username = util.sanitizeName(req.body.username)
+    if (! username) {
+      return res.sendStatus(404)
+    }
+    db.getUserByUsername(username).then(function(user){
+      if (user) {
+        res.user = user
+        next()
+      }
+      else {
+        console.log('no such user!!')
+        res.sendStatus(404)
+      }
+    })
+  },
   sanitizeUser: function(req, res, next) {
     res.user = util.sanitizeUser(res.user)
     next()
diff --git a/bucky/db/index.js b/bucky/db/index.js
index 5e21603..f454c92 100644
--- a/bucky/db/index.js
+++ b/bucky/db/index.js
@@ -69,6 +69,10 @@ db.getUsernamesById = function(ids){
   return knex.column("id").column("username")
     .select().from('users').where("id", "in", ids)
 }
+db.getUsernames = function(){
+  return knex.column("username")
+    .select().from('users').orderBy("username").pluck("username")
+}
 db.checkUsernames = function(usernames){
   return knex.column("username")
     .select().distinct().from('users').where("username", "in", usernames)
diff --git a/bucky/util/adminz.js b/bucky/util/adminz.js
index 0092dc2..7224785 100644
--- a/bucky/util/adminz.js
+++ b/bucky/util/adminz.js
@@ -1,4 +1,3 @@
-
 var fs = require('fs')
 var db = require('../db')
 var util = require('./util')
@@ -6,6 +5,8 @@ var upload = require('./upload')
 var fortune = require('../db/fortune')
 var middleware = require('./middleware')
 var privacy = require('../app/privacy')
+var bucky = require('../app/bucky')
+var auth = require('./auth')
 
 var adminz = module.exports = {
 
@@ -13,28 +14,63 @@ var adminz = module.exports = {
   },
 
   title: function(){
-    return (Math.random() < 0.8 ? [
-      fortune('admin-adj'),
-      fortune('admin-noun1'),
-    ] : [
+    let title = [
+      fortune('admin-name'),
       fortune('admin-adj'),
       fortune('admin-noun1'),
-      "and",
-      fortune('admin-noun2'),
-    ]).join(" ")
+    ]
+    if (Math.random() < 0.2) {
+      title = title.concat([
+        "and",
+        fortune('admin-noun2')
+      ])
+    }
+    return title.join(" ")
+  },
+
+  ensureUsernames: function (req, res, next){
+    db.getUsernames().then(function(usernames){
+      res.usernames = usernames
+      next()
+    })
   },
 
   route: function(app){
     app.get("/adminz",
+      middleware.ensureAuthenticated,
       privacy.checkIsAdmin,
       function(req, res){
         res.render("pages/adminz", {
           title: adminz.title()
         })
       })
-    // app.put("/api/checkin",
-    //   middleware.ensureAuthenticated,
-    // )
+    app.get("/api/admin",
+      middleware.ensureAuthenticated,
+      privacy.checkIsAdmin,
+      adminz.ensureUsernames,
+      bucky.ensureLastlog,
+      bucky.bumpLastSeen,
+      bucky.checkMail,
+      function(req, res){
+        res.json({
+          status: 'ok',
+          lastlog: res.lastlog,
+          usernames: res.usernames,
+          mail: res.mail,
+        })
+      }
+    )
+    app.put("/api/admin/password/",
+      middleware.ensureAuthenticated,
+      privacy.checkIsAdmin,
+      bucky.ensureUserFromBody,
+      auth.changePasswordDangerously,
+      function(req, res){
+        res.json({
+          status: 'ok',
+        })
+      }
+    )
   },
 
 }
diff --git a/bucky/util/auth.js b/bucky/util/auth.js
index 624c898..16368cf 100644
--- a/bucky/util/auth.js
+++ b/bucky/util/auth.js
@@ -163,6 +163,19 @@ var auth = module.exports = {
     res.user.set('password', newPassword)
     res.user.save().then(() => next()).catch(err => res.send({ error: err }))
   },
+  changePasswordDangerously: function(req, res, next){
+    if (! req.body.password && ! req.body.newpassword) return next()
+    if (req.body.newpassword !== req.body.newpassword2) {
+      return res.send({ error: 'Passwords don\'t match.' })
+    }
+    if (! auth.validPassword(req.user, req.body.password)) {
+      return res.send({ error: 'Password is incorrect.' })
+    }
+    var username = res.user.get('username')
+    var newPassword = auth.makePassword(username, req.body.newpassword)
+    res.user.set('password', newPassword)
+    res.user.save().then(() => next()).catch(err => res.send({ error: err }))
+  },
 
 	verifyLocalUser: function (username, password, done) {
     // handle passwords!!
diff --git a/public/assets/css/bucky.css b/public/assets/css/bucky.css
index 074da47..278e235 100644
--- a/public/assets/css/bucky.css
+++ b/public/assets/css/bucky.css
@@ -3,8 +3,12 @@
 }
 html {
 	padding-bottom: 300px;
+  width: 100:;
+  height: 100%;
 }
 body {
+  width: 100:;
+  height: 100%;
   background-color: #e6f0f0;
   transition: background-color 100ms;
 	color: #111111;
@@ -107,6 +111,8 @@ a:active  { color: #a0a0c7; text-decoration: underline; }
 .desktop a:hover   { color: #2040f0; text-decoration: underline; }
 hr {
   border-color: #000;
+  opacity: 0.6;
+  height: 2px;
 }
 input[type=text],
 input[type=password] {
@@ -967,12 +973,12 @@ header .search_form {
   max-width: 300px;
   max-height: 300px;
 }
-#profile td {
+.profile_meta td {
   padding: 4px;
   font-size: 13px;
   color: #211;
 }
-#profile td:first-child {
+.profile_meta td:first-child {
   font-weight: bold;
   padding-right: 20px;
   color: #322;
@@ -1017,6 +1023,20 @@ header .search_form {
   margin-left: 7px;
 }
 
+/* ADMIN */
+
+.admin {
+  height: 100%;
+  background-image: linear-gradient(to bottom, rgba(255,254,248,0.5) 0%,rgba(0,0,0,0) 100%);
+  background-position: fixed;
+}
+.admin h1, big {
+  text-shadow: 0 2px 4px #fff;
+}
+.admin #content {
+  padding-top: 10px;
+}
+
 /* 404 */
 
 #error_404 {
@@ -1113,6 +1133,9 @@ audio {
   #content {
     width: 100%;
   }
+  .admin #sidebar {
+    display: block;
+  }
   .index header .search_form {
     display: block;
   }
diff --git a/public/assets/js/lib/router.js b/public/assets/js/lib/router.js
index 9ac6336..b6eff73 100644
--- a/public/assets/js/lib/router.js
+++ b/public/assets/js/lib/router.js
@@ -25,6 +25,7 @@ var SiteRouter = Router.extend({
 		"/profile":                'profile',
 		"/profile/:username":      'profile',
 		"/profile/:username/edit": 'editProfile',
+    "/adminz":                 'adminz',
 	},
 	
 	initialize: function(){
@@ -103,6 +104,11 @@ var SiteRouter = Router.extend({
     app.view = new SearchResults ()
     app.view.load()
   },
+
+  adminz: function(){
+    app.view = new AdminView ()
+    app.view.load()
+  },
   
   error404: function(){
     $("content").hide()
diff --git a/public/assets/js/lib/views/details/files.js b/public/assets/js/lib/views/details/files.js
index 00ca201..44c65c4 100644
--- a/public/assets/js/lib/views/details/files.js
+++ b/public/assets/js/lib/views/details/files.js
@@ -38,8 +38,10 @@ var FilesView = FormView.extend({
       audio.init()
     }
 
-    const sort = this.thread.settings.sort || "name_asc"
-    this.resort(sort)
+    if (this.thread) {
+      const sort = this.thread.settings.sort || "name_asc"
+      this.resort(sort)
+    }
   },
   
   files: [],
diff --git a/public/assets/js/lib/views/index/lastlog.js b/public/assets/js/lib/views/index/lastlog.js
index 02b3cca..7a738b7 100644
--- a/public/assets/js/lib/views/index/lastlog.js
+++ b/public/assets/js/lib/views/index/lastlog.js
@@ -29,7 +29,7 @@ var LastLog = View.extend({
   parse: function(user){
     if (Date.now()/1000 - user.lastseen > 86400 * 5 *10) return ''
     var t = this.template
-                .replace(/{{username}}/g, user.username)
+                .replace(/{{username}}/g, sanitize(user.username))
                 .replace(/{{age}}/g, get_age(user.lastseen) )
                 .replace(/{{age_class}}/g, carbon_date(user.lastseen) )
                 .trim()
diff --git a/public/assets/js/lib/views/index/threadbox.js b/public/assets/js/lib/views/index/threadbox.js
index e3a5193..34974b7 100644
--- a/public/assets/js/lib/views/index/threadbox.js
+++ b/public/assets/js/lib/views/index/threadbox.js
@@ -40,9 +40,18 @@ var ThreadBox = View.extend({
       })
       Object.keys(keywords).sort().forEach((keyword) => {
         this.appendKeyword({ keyword })
-        this.appendThreads(keywords[keyword].sort( (a,b) => {
-          return a.title.localeCompare(b.title) // b.lastmodified - a.lastmodified
-        }))
+        switch (data.sort) {
+          case 'date':
+            this.appendThreads(keywords[keyword].sort( (a,b) => {
+              return b.lastmodified - a.lastmodified
+            }))
+            break
+          default:
+            this.appendThreads(keywords[keyword].sort( (a,b) => {
+              return a.title.localeCompare(b.title)
+            }))
+            break
+        }
       })
     }
     if (is_mobile || window.innerWidth < 700) {
diff --git a/public/assets/js/lib/views/profile/profile.js b/public/assets/js/lib/views/profile/profile.js
index a738950..46ade8e 100644
--- a/public/assets/js/lib/views/profile/profile.js
+++ b/public/assets/js/lib/views/profile/profile.js
@@ -26,8 +26,8 @@ var ProfileView = View.extend({
     // this.comments.load(data.comments, data.thread)
     this.gallery.load(files)
     this.files.load(files)
-    this.files.resort("date", "asc")
-    this.threadbox.load({ threads, user })
+    this.files.resort("date_desc")
+    this.threadbox.load({ threads, user, sort: 'date' })
   },
 
   populate: function(user){
diff --git a/views/pages/adminz.ejs b/views/pages/adminz.ejs
index 9bb62ac..24096a5 100644
--- a/views/pages/adminz.ejs
+++ b/views/pages/adminz.ejs
@@ -2,8 +2,17 @@
 
 <div id="content">
 
-welcome 2 adminland
+</div>
+
+<div id="sidebar">
 
+<div class="bluebox alert"></div>
+  <% include ../partials/searchform %>
+  <% include ../partials/lastlog %>
+  <div class='bluebox'>
+    <big><b>welcome 2 adminland</b></big>
+  </div>
+  <% include ../partials/admin_password %>
 </div>
 
 <% include ../partials/footer %>
diff --git a/views/pages/index.ejs b/views/pages/index.ejs
index 1a6255b..14d7412 100644
--- a/views/pages/index.ejs
+++ b/views/pages/index.ejs
@@ -9,13 +9,7 @@
 <div id="sidebar">
   <% include ../partials/searchform %>
   <div class="bluebox alert"></div>
-  <span class="lastlog bluebox">
-    <script class="template" type="text/html">
-      <a href="/profile/{{username}}">{{username}}</a>
-      [{{age}}]
-    </script>
-  </span>
-
+  <% include ../partials/lastlog %>
   <% include ../partials/hootbox %>
 </div>
 
diff --git a/views/partials/scripts.ejs b/views/partials/scripts.ejs
index 5ed307e..7a8e8da 100644
--- a/views/partials/scripts.ejs
+++ b/views/partials/scripts.ejs
@@ -26,6 +26,9 @@
 <script src="/assets/js/lib/views/index/threadbox.js"></script>
 <script src="/assets/js/lib/views/index/threadform.js"></script>
 
+<script src="/assets/js/lib/views/admin/adminz.js"></script>
+<script src="/assets/js/lib/views/admin/password.js"></script>
+
 <script src="/assets/js/lib/views/search/results.js"></script>
 
 <script src="/assets/js/lib/views/keywords/keywords.js"></script>
@@ -41,8 +44,8 @@
 <script src="/assets/js/lib/views/details/editcomment.js"></script>
 <script src="/assets/js/lib/views/details/files.js"></script>
 <script src="/assets/js/lib/views/details/audio.js"></script>
-<script src="/assets/js/lib/views/details/gallery.js"></script>
 
+<script src="/assets/js/lib/views/details/gallery.js"></script>
 <script src="/assets/js/lib/views/mail/mailbox.js"></script>
 <script src="/assets/js/lib/views/mail/message.js"></script>
 <script src="/assets/js/lib/views/mail/compose.js"></script>