gradido/src/cpsp/updateUserPassword.cpsp

<%@ page class="UpdateUserPasswordPage" %>
<%@ page baseClass="SessionHTTPRequestHandler" %>
<%@ page ctorArg="Session*" %>
<%@ header include="SessionHTTPRequestHandler.h" %>
<%@	page compressed="true" %>
<%!
#include "../SingletonManager/SessionManager.h"
#include "Poco/Net/HTTPCookie.h"

enum PageState {
	PAGE_STATE_ASK_PASSWORD,
	PAGE_STATE_SUCCEED
};

%>
<%%
	const char* pageName = "Passwort bestimmen";
	auto user = mSession->getUser();
	auto sm = SessionManager::getInstance();
	auto uri_start = ServerConfig::g_serverPath;
	PageState state = PAGE_STATE_ASK_PASSWORD;
	
	// remove old cookies if exist
	sm->deleteLoginCookies(request, response, mSession);
	// save login cookie, because maybe we've get an new session
	response.addCookie(mSession->getLoginCookie());
	
	if(!form.empty()) {
		auto pwd = form.get("register-password", "");
		if(pwd != "") {
			if(pwd != form.get("register-password2", "")) {
				mSession->addError(new Error("Passwort", "Passw&ouml;rter sind nicht identisch."), false);
			} else if(SessionManager::getInstance()->checkPwdValidation(pwd, mSession)) {
			    auto sessionState = mSession->getSessionState();
				
				
				if(user->updatePassword(pwd, mSession->getPassphrase(), mSession->getNewUser())) {
					//std::string referUri = request.get("Referer", uri_start + "/");
					//printf("[updateUserPasswordPage] redirect to referUri: %s\n", referUri.data());
					
					// I think we can savly assume that this session was loaded from verification code 
					//! \return 1 = konto already activated
					//!        -1 = invalid code
					//!        -2 = critical error
					//!         0 = ok
					auto code = mSession->getEmailVerificationCode();
					int retUpdateEmailCode = 0;
					if(code) {
						retUpdateEmailCode = mSession->updateEmailVerification(mSession->getEmailVerificationCode());
					}
					mSession->getErrors(user);
					if(-2 == retUpdateEmailCode || -1 == retUpdateEmailCode || 1 == retUpdateEmailCode) {
						response.redirect(uri_start + "/error500");
						return;
					}
					if(sessionState == SESSION_STATE_RESET_PASSWORD_REQUEST) {
						state = PAGE_STATE_SUCCEED;
						mSession->updateState(SESSION_STATE_RESET_PASSWORD_SUCCEED);
					} else {
						response.redirect(uri_start + "/passphrase");
						return;
					}
				}
			}
		}
	}
	getErrors(mSession);
	getErrors(user);
	printf("session state end [UpdateUserPassword Page]: %s\n", mSession->getSessionStateString());
%><%@ include file="header_old.cpsp" %>
<div class="grd_container">
	<% if(PAGE_STATE_ASK_PASSWORD == state ) { %>
	<h1>Passwort bestimmen</h1>
	<%= getErrorsHtml() %>
	<form method="POST">	
		<fieldset class="grd_container_small">
			<div class="grd_text">
				Bitte denke dir ein sicheres Passwort aus, das mindestens 8 Zeichen lang ist, ein Klein- und einen Gro&szlig;buchstaben enth&auml;lt,
				eine Zahl und eines der folgenden Sonderzeichen: @$!%*?&+-
			</div>
			<p class="grd_small">
				<label for="register-password">Passwort</label>
				<input id="register-password" type="password" name="register-password"/>
			</p>
			<p class="grd_small">
				<label for="register-password2">Passwort Best&auml;tigung</label>
				<input id="register-password2" type="password" name="register-password2"/>
			</p>
		</fieldset>
		<input class="grd-form-bn grd-form-bn-succeed grd_clickable" type="submit" name="submit" value="&Auml;nderung(en) speichern">
	</form>
	<% } else if(PAGE_STATE_SUCCEED == state) { %>
		<p>Deine Daten werden jetzt mit dem neuen Passwort verschl&uuml;sselt. Du kannst dich in etwa 1 Minute mit deinem neuen Passwort einloggen</p>
		<a href="<%= uri_start %>/login" class="grd-form-bn grd-form-bn-succeed">Zum Login</a>
	<% } %>
</div>
<%@ include file="footer.cpsp" %>