@RequestMapping(method = RequestMethod.GET)
public ModelAndView show(
@ModelAttribute("form") EditRegisterRequest form,
@PathVariable String nick,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isSessionAuthorized()) {
throw new AccessViolationException("Not authorized");
}
if (!tmpl.getNick().equals(nick)) {
throw new AccessViolationException("Not authorized");
}
User user = tmpl.getCurrentUser();
UserInfo userInfo = userDao.getUserInfoClass(user);
ModelAndView mv = new ModelAndView("edit-reg");
form.setEmail(user.getEmail());
form.setUrl(userInfo.getUrl());
form.setTown(userInfo.getTown());
form.setName(user.getName());
form.setInfo(StringEscapeUtils.unescapeHtml(userDao.getUserInfo(user)));
response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
return mv;
}
@RequestMapping(method = RequestMethod.POST)
public ModelAndView editProfile(ServletRequest request) throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isSessionAuthorized()) {
throw new AccessViolationException("Not authorized");
}
String profile = tmpl.getNick();
int topics = Integer.parseInt(request.getParameter("topics"));
int messages = Integer.parseInt(request.getParameter("messages"));
int tags = Integer.parseInt(request.getParameter("tags"));
if (topics <= 0 || topics > 500) {
throw new BadInputException("некорректное число тем");
}
if (messages <= 0 || messages > 1000) {
throw new BadInputException("некорректное число сообщений");
}
if (tags <= 0 || tags > 100) {
throw new BadInputException("некорректное число меток в облаке");
}
if (!DefaultProfile.getStyleList().contains(request.getParameter("style"))) {
throw new BadInputException("неправльное название темы");
}
tmpl.getProf().setTopics(topics);
tmpl.getProf().setMessages(messages);
tmpl.getProf().setTags(tags);
tmpl.getProf().setShowNewFirst("on".equals(request.getParameter("newfirst")));
tmpl.getProf().setShowPhotos("on".equals(request.getParameter("photos")));
tmpl.getProf().setHideAdsense("on".equals(request.getParameter("hideAdsense")));
tmpl.getProf().setShowGalleryOnMain("on".equals(request.getParameter("mainGallery")));
tmpl.getProf().setFormatMode(request.getParameter("format_mode"));
tmpl.getProf().setStyle(request.getParameter("style")); // TODO убрать как только
userDao.setStyle(tmpl.getCurrentUser(), request.getParameter("style"));
tmpl.getProf().setShowSocial("on".equals(request.getParameter("showSocial")));
String avatar = request.getParameter("avatar");
if (!DefaultProfile.getAvatars().contains(avatar)) {
throw new BadInputException("invalid avatar value");
}
tmpl.getProf().setAvatarMode(avatar);
tmpl.getProf().setThreeColumnsOnMain("on".equals(request.getParameter("3column")));
tmpl.getProf().setShowAnonymous("on".equals(request.getParameter("showanonymous")));
tmpl.getProf().setUseHover("on".equals(request.getParameter("hover")));
tmpl.writeProfile(profile);
return new ModelAndView(new RedirectView("/"));
}
@RequestMapping(value = "/edit-vote.jsp", method = RequestMethod.POST)
public ModelAndView editVote(
HttpServletRequest request,
@RequestParam("msgid") int msgid,
@RequestParam("id") int id,
@RequestParam("title") String title)
throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isModeratorSession()) {
throw new AccessViolationException("Not authorized");
}
Connection db = null;
try {
db = LorDataSource.getConnection();
db.setAutoCommit(false);
User user = User.getUser(db, tmpl.getNick());
user.checkCommit();
Poll poll = new Poll(db, id);
PreparedStatement pstTitle = db.prepareStatement("UPDATE votenames SET title=? WHERE id=?");
pstTitle.setInt(2, id);
pstTitle.setString(1, HTMLFormatter.htmlSpecialChars(title));
pstTitle.executeUpdate();
PreparedStatement pstTopic = db.prepareStatement("UPDATE topics SET title=? WHERE id=?");
pstTopic.setInt(2, msgid);
pstTopic.setString(1, HTMLFormatter.htmlSpecialChars(title));
pstTopic.executeUpdate();
List<PollVariant> variants = poll.getPollVariants(db, Poll.ORDER_ID);
for (PollVariant var : variants) {
String label = new ServletParameterParser(request).getString("var" + var.getId());
if (label == null || label.trim().length() == 0) {
var.remove(db);
} else {
var.updateLabel(db, label);
}
}
for (int i = 1; i <= 3; i++) {
String label = new ServletParameterParser(request).getString("new" + i);
if (label != null && label.trim().length() > 0) {
poll.addNewVariant(db, label);
}
}
logger.info("Отредактирован опрос" + id + " пользователем " + user.getNick());
db.commit();
Random random = new Random();
return new ModelAndView(
new RedirectView("view-message.jsp?msgid=" + msgid + "&nocache=" + random.nextInt()));
} finally {
if (db != null) {
db.close();
}
}
}
@RequestMapping(method = RequestMethod.POST)
public ModelAndView edit(
HttpServletRequest request,
@Valid @ModelAttribute("form") EditRegisterRequest form,
Errors errors)
throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isSessionAuthorized()) {
throw new AccessViolationException("Not authorized");
}
String nick = tmpl.getNick();
String password = Strings.emptyToNull(form.getPassword());
if (password != null && password.equalsIgnoreCase(nick)) {
errors.reject(null, "пароль не может совпадать с логином");
}
InternetAddress mail = null;
if (!Strings.isNullOrEmpty(form.getEmail())) {
try {
mail = new InternetAddress(form.getEmail());
} catch (AddressException e) {
errors.rejectValue("email", null, "Некорректный e-mail: " + e.getMessage());
}
}
String url = null;
if (!Strings.isNullOrEmpty(form.getUrl())) {
url = URLUtil.fixURL(form.getUrl());
}
String name = Strings.emptyToNull(form.getName());
if (name != null) {
name = StringUtil.escapeHtml(name);
}
String town = null;
if (!Strings.isNullOrEmpty(form.getTown())) {
town = StringUtil.escapeHtml(form.getTown());
}
String info = null;
if (!Strings.isNullOrEmpty(form.getInfo())) {
info = StringUtil.escapeHtml(form.getInfo());
}
ipBlockDao.checkBlockIP(request.getRemoteAddr(), errors, tmpl.getCurrentUser());
boolean emailChanged = false;
User user = userDao.getUser(nick);
if (Strings.isNullOrEmpty(form.getOldpass())) {
errors.rejectValue("oldpass", null, "Для изменения регистрации нужен ваш пароль");
} else if (!user.matchPassword(form.getOldpass())) {
errors.rejectValue("oldpass", null, "Неверный пароль");
}
user.checkAnonymous();
String newEmail = null;
if (mail != null) {
if (user.getEmail() != null && user.getEmail().equals(form.getEmail())) {
newEmail = null;
} else {
if (userDao.getByEmail(mail.getAddress(), false) != null) {
errors.rejectValue("email", null, "такой email уже используется");
}
newEmail = mail.getAddress();
emailChanged = true;
}
}
if (!errors.hasErrors()) {
userDao.updateUser(user, name, url, newEmail, town, password, info);
if (emailChanged) {
emailService.sendEmail(user.getNick(), mail.getAddress(), false);
}
} else {
return new ModelAndView("edit-reg");
}
if (emailChanged) {
String msg =
"Обновление регистрации прошло успешно. Ожидайте письма с кодом активации смены email.";
return new ModelAndView("action-done", "message", msg);
} else {
return new ModelAndView(new RedirectView("/people/" + nick + "/profile"));
}
}