corefwnode 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/.eslintrc.js +40 -40
  2. package/build.js +266 -266
  3. package/index.js +240 -240
  4. package/lib/CfwObject.js +1629 -1626
  5. package/lib/Decorator.js +322 -322
  6. package/lib/ErrorCodes.js +111 -111
  7. package/lib/ErrorControl.js +50 -50
  8. package/lib/GeneralHandling.js +638 -638
  9. package/lib/Language.js +139 -139
  10. package/lib/MySql.js +141 -142
  11. package/lib/Observer.js +75 -75
  12. package/lib/Validator.js +536 -536
  13. package/lib/Wiki.js +409 -409
  14. package/lib/errors/CoreError.js +11 -11
  15. package/lib/errors/SQLError.js +125 -125
  16. package/objects/AclGroups.js +69 -69
  17. package/objects/AclObjects.js +46 -46
  18. package/objects/AclPrivilages.js +202 -202
  19. package/objects/EmailTemplates.js +108 -108
  20. package/objects/Session.js +317 -317
  21. package/objects/SiteProps.js +55 -55
  22. package/objects/TransLang.js +39 -39
  23. package/objects/Translator.js +345 -345
  24. package/objects/UserCompanies.js +46 -46
  25. package/objects/Users.js +409 -409
  26. package/objects/UsersData.js +85 -85
  27. package/objects/Wiki.js +425 -425
  28. package/objects/WikiCategory.js +40 -40
  29. package/objects/WikiTemplates.js +92 -92
  30. package/objects/index.js +47 -47
  31. package/package.json +31 -32
package/objects/Users.js CHANGED
@@ -1,409 +1,409 @@
1
-
2
- const md5 = require('md5');
3
- const moment = require('moment');
4
- const ErrorCodes = require('../lib/ErrorCodes');
5
- const CfwObject = require('../lib/CfwObject.js');
6
- const UsersData = require('./UsersData.js');
7
- /**
8
- * user object
9
- *
10
- * @version $Id$
11
- * @copyright 2008
12
- */
13
-
14
- module.exports = class Users extends CfwObject
15
- {
16
- constructor(session)
17
- {
18
- const proxy = super(session);
19
-
20
- return proxy;
21
- }
22
-
23
- // eslint-disable-next-line class-methods-use-this
24
- tableConf()
25
- {
26
- return {
27
- tableName: 'users',
28
- id: {
29
- userId: {
30
- fieldType: 'int',
31
- maxlength: 20,
32
- req: 0,
33
- },
34
- },
35
- ownerField: 'userId',
36
- companyField: 'companyId',
37
- fields: {
38
- companyId: {
39
- fieldType: 'int',
40
- maxlength: 20,
41
- req: 1,
42
- },
43
- username: {
44
- fieldType: 'text',
45
- maxlength: 255,
46
- minlength: 1,
47
- req: 1,
48
- },
49
- password: {
50
- fieldType: 'text',
51
- maxlength: 255,
52
- minlength: 5,
53
- req: 1,
54
- },
55
- userEmail: {
56
- fieldType: 'email',
57
- maxlength: 255,
58
- minlength: 5,
59
- req: 1,
60
- },
61
- groupId: {
62
- fieldType: 'int',
63
- maxlength: 20,
64
- minlength: 1,
65
- req: 0,
66
- },
67
- dateEntered: {
68
- fieldType: 'dateTime',
69
- req: 1,
70
- },
71
- status: {
72
- fieldType: 'text',
73
- maxlength: 255,
74
- req: 1,
75
- },
76
- },
77
- };
78
- }
79
-
80
- async selectRow(param)
81
- {
82
- const me = this;
83
-
84
- let data = [];
85
- let dir = 'DESC';
86
-
87
- let sort = `u.${Object.keys(me.idField)[0]}`;
88
-
89
- if (typeof param.sort !== 'undefined')
90
- {
91
- sort = `u.${me.db.escape(param.sort)}`;
92
- }
93
-
94
- if (typeof param.dir !== 'undefined')
95
- {
96
- dir = me.db.escape(param.dir);
97
- }
98
-
99
- let limit = '';
100
- if (typeof param.start !== 'undefined' && typeof param.limit !== 'undefined')
101
- {
102
- const start = me.db.escape(parseInt(param.start, 10));
103
- const end = me.db.escape(parseInt(param.limit, 10));
104
- limit = ` LIMIT ${start}, ${end} `;
105
- }
106
-
107
- let whereSearch = '';
108
- const params = {};
109
- if (typeof param.query !== 'undefined' && param.query !== '')
110
- {
111
- const searchString = [];
112
- for (const key in me.tableConfig.fields)
113
- {
114
- if (me.tableConfig.fields[key])
115
- {
116
- const value = me.tableConfig.fields[key];
117
- if (value.fieldType === 'date' || value.fieldType === 'dateTime')
118
- {
119
- continue;
120
- }
121
- searchString.push(` u.${key} LIKE :${key} `);
122
- params[key] = `%${param.query}%`;
123
- }
124
- }
125
- if (searchString.length > 0)
126
- {
127
- whereSearch = ` AND (${searchString.join(' OR ')}) `;
128
- }
129
- }
130
-
131
- if (typeof param.conditions !== 'undefined' && param.conditions !== '')
132
- {
133
- for (const key in param.conditions)
134
- {
135
- if (param.conditions[key])
136
- {
137
- const value = me.db.escape(param.conditions[key]);
138
- whereSearch += ` AND u.${value} = :${value} `;
139
- params[value] = param.bind[key];
140
- }
141
- }
142
- }
143
-
144
- if (typeof param.filter !== 'undefined' && param.filter !== '')
145
- {
146
- const filters = JSON.parse(param.filter);
147
- for (const key in filters)
148
- {
149
- if (filters[key])
150
- {
151
- const value = filters[key];
152
- const keySec = me.db.escape(value.property);
153
- whereSearch += ` AND u.${keySec} LIKE :${keySec} `;
154
- params[keySec] = `%${value.value}%`;
155
- }
156
- }
157
- }
158
-
159
- let ownerWhere = '';
160
- if (me.ownerActionGlob === true)
161
- {
162
- ownerWhere = ` AND u.${me.tableConfig.ownerField}=:sessionUserId `;
163
- params.sessionUserId = me.session.userId;
164
- }
165
-
166
- if (me.companyActionGlob === true)
167
- {
168
- ownerWhere += ` AND u.${me.tableConfig.companyField}=:sessionCompanyId `;
169
- params.sessionCompanyId = me.session.companyId;
170
- }
171
-
172
- let results = await me[me.dbName].query(`SELECT
173
- ud.*, u.*, uc.companyName
174
- FROM \`${me.tableName}\` u
175
- LEFT JOIN users_data ud ON ud.userId=u.userId
176
- LEFT JOIN user_companies uc ON uc.companyId=u.companyId
177
- WHERE 1=1 ${ownerWhere} ${whereSearch}
178
- ORDER BY ${sort} ${dir} ${limit}`, params);
179
-
180
- for (const result of results)
181
- {
182
- data.push(result);
183
- }
184
-
185
- if (typeof param.initialId !== 'undefined')
186
- {
187
- data = await me.findInitialId(data, param.initialId);
188
- }
189
-
190
- results = await me[me.dbName].query(`SELECT COUNT(*) AS cnt
191
- FROM \`${me.tableName}\` u
192
- WHERE 1=1 ${ownerWhere} ${whereSearch}`, params);
193
-
194
- const numRows = results[0].cnt;
195
-
196
- return { root: data, totalCount: numRows };
197
- }
198
-
199
- async insertRow(param)
200
- {
201
- const me = this;
202
- try
203
- {
204
- me.db = await me.db.begin(me.session);
205
- me.username = param.username;
206
- me.password = await me.session.getHashedPassword(param.password);
207
- me.userEmail = param.userEmail;
208
- me.dateEntered = moment.utc().format('YYYY-MM-DD HH:mm:ss');
209
- me.groupId = 2;
210
- me.status = 'active';
211
- me.userId = false;
212
- const val = await me.insert();
213
-
214
- param.id = { userId: val.lastId };
215
- const userData = new UsersData(me.session);
216
- userData.db = me.db;
217
- await userData.insertRow(param);
218
- await me.db.commit();
219
- return { error: false, notice: 'success' };
220
- }
221
- catch (e)
222
- {
223
- me.db.rollback();
224
- throw (e);
225
- }
226
- }
227
-
228
- async updateRow(param)
229
- {
230
- const me = this;
231
- try
232
- {
233
- me.db = await me.db.begin(me.session);
234
- if (param.password && param.password !== '')
235
- {
236
- param.password = await me.session.getHashedPassword(param.password);
237
- }
238
- else
239
- {
240
- delete (param.password);
241
- }
242
-
243
- for (const key in param)
244
- {
245
- if (param[key] !== undefined)
246
- {
247
- me[key] = param[key];
248
- }
249
- }
250
- await me.update();
251
- const userData = new UsersData(me.session);
252
- userData.id = param.id;
253
- try
254
- {
255
- await userData.select();
256
- await userData.updateRow(param);
257
- }
258
- catch (error)
259
- {
260
- const secParams = { ...param };
261
- secParams.id = { userId: param.id };
262
- await userData.insertRow(secParams);
263
- }
264
-
265
- await me.db.commit();
266
- return { error: false, notice: 'success' };
267
- }
268
- catch (e)
269
- {
270
- me.db.rollback();
271
- throw (e);
272
- }
273
- }
274
-
275
- async registerUser(param)
276
- {
277
- const me = this;
278
- try
279
- {
280
- me.username = param.username;
281
- me.password = await me.session.getHashedPassword(param.password);
282
- me.userEmail = param.email;
283
- me.groupId = '2';
284
- me.dateEntered = moment.utc().format('YYYY-MM-DD HH:mm:ss');
285
- me.status = 'inactive';
286
-
287
- const userdata = new UsersData(me.session);
288
- userdata.name = param.name;
289
- userdata.surname = param.surname;
290
- userdata.address = param.address;
291
- userdata.city = param.city;
292
- userdata.postalCode = param.postalCode;
293
- userdata.phone = param.phone;
294
- userdata.countryId = param.countryId;
295
-
296
- me.db = await me.db.begin(me.session);
297
-
298
- const val = await me.insert();
299
-
300
- userdata.id = { userId: val.lastId };
301
- await userdata.insert();
302
-
303
- /* TODO
304
- const subject = `${me.config.siteName} ${me.translate('USERACCOUNTACTIVATION')}`;
305
- const mailTable = `${me.translate('USERACTIVATIONPREMAILTEXT')}<br />
306
- <a href="${me.config.siteUrl}/register.html?activate=${me.password}">
307
- ${me.config.siteUrl}/register.html?activate=${me.password}</a>`;
308
- const message = `From: ${me.config.siteEmail},
309
- Message: ${me.translate('USERACCOUNTACTIVATION')}<br />${mailTable}`;
310
- const headers = me.config.siteEmail;
311
- const mail = new MailMe();
312
- mail.sendMail(me.userEmail, subject, headers, me.config.siteName, message);
313
- */
314
-
315
- me.db.commit();
316
- return val;
317
- }
318
- catch (e)
319
- {
320
- me.db = me.db.rollback();
321
- throw (e);
322
- }
323
- }
324
-
325
- async activateUser(pass)
326
- {
327
- const me = this;
328
-
329
- await me.db.query('UPDATE users SET `status`=\'active\' WHERE password=?', [pass]);
330
- return { error: false, notice: 'success' };
331
- }
332
-
333
- async editPassword(param)
334
- {
335
- const me = this;
336
-
337
- me.password = await me.session.getHashedPassword(param.password);
338
- me.id = param.id;
339
- const val = await me.update();
340
- return val;
341
- }
342
-
343
- async changePassword(param)
344
- {
345
- const me = this;
346
-
347
- const results = await me.db.query('SELECT * FROM users WHERE userId=?', [me.session.userId]);
348
-
349
- const row = results[0];
350
- if (row.password !== await me.session.getHashedPassword(param.oldPassword))
351
- {
352
- throw (ErrorCodes.error('old_password_invalid'));
353
- }
354
-
355
- if (param.password !== param.password2)
356
- {
357
- throw (ErrorCodes.error('passwords_do_not_match'));
358
- }
359
-
360
- me.password = await me.session.getHashedPassword(param.password);
361
- me.id = me.session.userId;
362
- const val = await me.update();
363
- return val;
364
- }
365
-
366
- async resetPassword(param)
367
- {
368
- const me = this;
369
-
370
- if (md5(param.verify) !== param.code)
371
- {
372
- throw (ErrorCodes.error('verification_code_entered_wrong'));
373
- }
374
- const results = await me.db.query(`SELECT userId, userEmail
375
- FROM users
376
- WHERE userEmail=:query OR username=:query`, { query: param.string });
377
-
378
- if (typeof results[0] !== 'undefined')
379
- {
380
- const row = results[0];
381
- /*
382
- const subject = `${me.config.siteName} ${me.translate('PASSWORDRESET')}`;
383
- const mailTable = `${me.translate('PASSWORDRESETTEXT')}<br />
384
- <a href="${me.config.siteUrl}/register-changepassword-${md5(param.verify)}/register.html">
385
- ${me.config.siteUrl}/register-changepassword-${md5(param.verify)}/register.html</a>`;
386
- const message = `From: ${me.config.siteEmail}, Message: ${me.translate('PASSWORDRESET')}<br />${mailTable}`;
387
- const headers = me.config.siteEmail;
388
- const mail = new MailMe();
389
- await mail.sendMail(row.userEmail, subject, headers, me.config.siteName, message);
390
- */
391
-
392
- const expireDate = moment().add(10800, 'seconds');
393
-
394
- await me.db.query(
395
- `INSERT INTO reset_password (userId, verifyCode, expireDate)
396
- VALUES(:userId, :verifyCode, :expireDate)
397
- ON DUPLICATE KEY UPDATE verifyCode=:verifyCode, expireDate=:expireDate`,
398
- {
399
- userId: row.userId,
400
- verifyCode: md5(param.verify),
401
- expireDate: expireDate.format('YYYY-MM-DD HH:mm:ss'),
402
- },
403
- );
404
-
405
- return { error: false, notice: 'success' };
406
- }
407
- throw (ErrorCodes.error('account_not_found'));
408
- }
409
- };
1
+
2
+ const md5 = require('md5');
3
+ const moment = require('moment');
4
+ const ErrorCodes = require('../lib/ErrorCodes');
5
+ const CfwObject = require('../lib/CfwObject.js');
6
+ const UsersData = require('./UsersData.js');
7
+ /**
8
+ * user object
9
+ *
10
+ * @version $Id$
11
+ * @copyright 2008
12
+ */
13
+
14
+ module.exports = class Users extends CfwObject
15
+ {
16
+ constructor(session)
17
+ {
18
+ const proxy = super(session);
19
+
20
+ return proxy;
21
+ }
22
+
23
+ // eslint-disable-next-line class-methods-use-this
24
+ tableConf()
25
+ {
26
+ return {
27
+ tableName: 'users',
28
+ id: {
29
+ userId: {
30
+ fieldType: 'int',
31
+ maxlength: 20,
32
+ req: 0,
33
+ },
34
+ },
35
+ ownerField: 'userId',
36
+ companyField: 'companyId',
37
+ fields: {
38
+ companyId: {
39
+ fieldType: 'int',
40
+ maxlength: 20,
41
+ req: 1,
42
+ },
43
+ username: {
44
+ fieldType: 'text',
45
+ maxlength: 255,
46
+ minlength: 1,
47
+ req: 1,
48
+ },
49
+ password: {
50
+ fieldType: 'text',
51
+ maxlength: 255,
52
+ minlength: 5,
53
+ req: 1,
54
+ },
55
+ userEmail: {
56
+ fieldType: 'email',
57
+ maxlength: 255,
58
+ minlength: 5,
59
+ req: 1,
60
+ },
61
+ groupId: {
62
+ fieldType: 'int',
63
+ maxlength: 20,
64
+ minlength: 1,
65
+ req: 0,
66
+ },
67
+ dateEntered: {
68
+ fieldType: 'dateTime',
69
+ req: 1,
70
+ },
71
+ status: {
72
+ fieldType: 'text',
73
+ maxlength: 255,
74
+ req: 1,
75
+ },
76
+ },
77
+ };
78
+ }
79
+
80
+ async selectRow(param)
81
+ {
82
+ const me = this;
83
+
84
+ let data = [];
85
+ let dir = 'DESC';
86
+
87
+ let sort = `u.${Object.keys(me.idField)[0]}`;
88
+
89
+ if (typeof param.sort !== 'undefined')
90
+ {
91
+ sort = `u.${me.db.escape(param.sort)}`;
92
+ }
93
+
94
+ if (typeof param.dir !== 'undefined')
95
+ {
96
+ dir = me.db.escape(param.dir);
97
+ }
98
+
99
+ let limit = '';
100
+ if (typeof param.start !== 'undefined' && typeof param.limit !== 'undefined')
101
+ {
102
+ const start = me.db.escape(parseInt(param.start, 10));
103
+ const end = me.db.escape(parseInt(param.limit, 10));
104
+ limit = ` LIMIT ${start}, ${end} `;
105
+ }
106
+
107
+ let whereSearch = '';
108
+ const params = {};
109
+ if (typeof param.query !== 'undefined' && param.query !== '')
110
+ {
111
+ const searchString = [];
112
+ for (const key in me.tableConfig.fields)
113
+ {
114
+ if (me.tableConfig.fields[key])
115
+ {
116
+ const value = me.tableConfig.fields[key];
117
+ if (value.fieldType === 'date' || value.fieldType === 'dateTime')
118
+ {
119
+ continue;
120
+ }
121
+ searchString.push(` u.${key} LIKE :${key} `);
122
+ params[key] = `%${param.query}%`;
123
+ }
124
+ }
125
+ if (searchString.length > 0)
126
+ {
127
+ whereSearch = ` AND (${searchString.join(' OR ')}) `;
128
+ }
129
+ }
130
+
131
+ if (typeof param.conditions !== 'undefined' && param.conditions !== '')
132
+ {
133
+ for (const key in param.conditions)
134
+ {
135
+ if (param.conditions[key])
136
+ {
137
+ const value = me.db.escape(param.conditions[key]);
138
+ whereSearch += ` AND u.${value} = :${value} `;
139
+ params[value] = param.bind[key];
140
+ }
141
+ }
142
+ }
143
+
144
+ if (typeof param.filter !== 'undefined' && param.filter !== '')
145
+ {
146
+ const filters = JSON.parse(param.filter);
147
+ for (const key in filters)
148
+ {
149
+ if (filters[key])
150
+ {
151
+ const value = filters[key];
152
+ const keySec = me.db.escape(value.property);
153
+ whereSearch += ` AND u.${keySec} LIKE :${keySec} `;
154
+ params[keySec] = `%${value.value}%`;
155
+ }
156
+ }
157
+ }
158
+
159
+ let ownerWhere = '';
160
+ if (me.ownerActionGlob === true)
161
+ {
162
+ ownerWhere = ` AND u.${me.tableConfig.ownerField}=:sessionUserId `;
163
+ params.sessionUserId = me.session.userId;
164
+ }
165
+
166
+ if (me.companyActionGlob === true)
167
+ {
168
+ ownerWhere += ` AND u.${me.tableConfig.companyField}=:sessionCompanyId `;
169
+ params.sessionCompanyId = me.session.companyId;
170
+ }
171
+
172
+ let results = await me[me.dbName].query(`SELECT
173
+ ud.*, u.*, uc.companyName
174
+ FROM \`${me.tableName}\` u
175
+ LEFT JOIN users_data ud ON ud.userId=u.userId
176
+ LEFT JOIN user_companies uc ON uc.companyId=u.companyId
177
+ WHERE 1=1 ${ownerWhere} ${whereSearch}
178
+ ORDER BY ${sort} ${dir} ${limit}`, params);
179
+
180
+ for (const result of results)
181
+ {
182
+ data.push(result);
183
+ }
184
+
185
+ if (typeof param.initialId !== 'undefined')
186
+ {
187
+ data = await me.findInitialId(data, param.initialId);
188
+ }
189
+
190
+ results = await me[me.dbName].query(`SELECT COUNT(*) AS cnt
191
+ FROM \`${me.tableName}\` u
192
+ WHERE 1=1 ${ownerWhere} ${whereSearch}`, params);
193
+
194
+ const numRows = results[0].cnt;
195
+
196
+ return { root: data, totalCount: numRows };
197
+ }
198
+
199
+ async insertRow(param)
200
+ {
201
+ const me = this;
202
+ try
203
+ {
204
+ me.db = await me.db.begin(me.session);
205
+ me.username = param.username;
206
+ me.password = await me.session.getHashedPassword(param.password);
207
+ me.userEmail = param.userEmail;
208
+ me.dateEntered = moment.utc().format('YYYY-MM-DD HH:mm:ss');
209
+ me.groupId = 2;
210
+ me.status = 'active';
211
+ me.userId = false;
212
+ const val = await me.insert();
213
+
214
+ param.id = { userId: val.lastId };
215
+ const userData = new UsersData(me.session);
216
+ userData.db = me.db;
217
+ await userData.insertRow(param);
218
+ await me.db.commit();
219
+ return { error: false, notice: 'success' };
220
+ }
221
+ catch (e)
222
+ {
223
+ me.db.rollback();
224
+ throw (e);
225
+ }
226
+ }
227
+
228
+ async updateRow(param)
229
+ {
230
+ const me = this;
231
+ try
232
+ {
233
+ me.db = await me.db.begin(me.session);
234
+ if (param.password && param.password !== '')
235
+ {
236
+ param.password = await me.session.getHashedPassword(param.password);
237
+ }
238
+ else
239
+ {
240
+ delete (param.password);
241
+ }
242
+
243
+ for (const key in param)
244
+ {
245
+ if (param[key] !== undefined)
246
+ {
247
+ me[key] = param[key];
248
+ }
249
+ }
250
+ await me.update();
251
+ const userData = new UsersData(me.session);
252
+ userData.id = param.id;
253
+ try
254
+ {
255
+ await userData.select();
256
+ await userData.updateRow(param);
257
+ }
258
+ catch (error)
259
+ {
260
+ const secParams = { ...param };
261
+ secParams.id = { userId: param.id };
262
+ await userData.insertRow(secParams);
263
+ }
264
+
265
+ await me.db.commit();
266
+ return { error: false, notice: 'success' };
267
+ }
268
+ catch (e)
269
+ {
270
+ me.db.rollback();
271
+ throw (e);
272
+ }
273
+ }
274
+
275
+ async registerUser(param)
276
+ {
277
+ const me = this;
278
+ try
279
+ {
280
+ me.username = param.username;
281
+ me.password = await me.session.getHashedPassword(param.password);
282
+ me.userEmail = param.email;
283
+ me.groupId = '2';
284
+ me.dateEntered = moment.utc().format('YYYY-MM-DD HH:mm:ss');
285
+ me.status = 'inactive';
286
+
287
+ const userdata = new UsersData(me.session);
288
+ userdata.name = param.name;
289
+ userdata.surname = param.surname;
290
+ userdata.address = param.address;
291
+ userdata.city = param.city;
292
+ userdata.postalCode = param.postalCode;
293
+ userdata.phone = param.phone;
294
+ userdata.countryId = param.countryId;
295
+
296
+ me.db = await me.db.begin(me.session);
297
+
298
+ const val = await me.insert();
299
+
300
+ userdata.id = { userId: val.lastId };
301
+ await userdata.insert();
302
+
303
+ /* TODO
304
+ const subject = `${me.config.siteName} ${me.translate('USERACCOUNTACTIVATION')}`;
305
+ const mailTable = `${me.translate('USERACTIVATIONPREMAILTEXT')}<br />
306
+ <a href="${me.config.siteUrl}/register.html?activate=${me.password}">
307
+ ${me.config.siteUrl}/register.html?activate=${me.password}</a>`;
308
+ const message = `From: ${me.config.siteEmail},
309
+ Message: ${me.translate('USERACCOUNTACTIVATION')}<br />${mailTable}`;
310
+ const headers = me.config.siteEmail;
311
+ const mail = new MailMe();
312
+ mail.sendMail(me.userEmail, subject, headers, me.config.siteName, message);
313
+ */
314
+
315
+ me.db.commit();
316
+ return val;
317
+ }
318
+ catch (e)
319
+ {
320
+ me.db = me.db.rollback();
321
+ throw (e);
322
+ }
323
+ }
324
+
325
+ async activateUser(pass)
326
+ {
327
+ const me = this;
328
+
329
+ await me.db.query('UPDATE users SET `status`=\'active\' WHERE password=?', [pass]);
330
+ return { error: false, notice: 'success' };
331
+ }
332
+
333
+ async editPassword(param)
334
+ {
335
+ const me = this;
336
+
337
+ me.password = await me.session.getHashedPassword(param.password);
338
+ me.id = param.id;
339
+ const val = await me.update();
340
+ return val;
341
+ }
342
+
343
+ async changePassword(param)
344
+ {
345
+ const me = this;
346
+
347
+ const results = await me.db.query('SELECT * FROM users WHERE userId=?', [me.session.userId]);
348
+
349
+ const row = results[0];
350
+ if (row.password !== await me.session.getHashedPassword(param.oldPassword))
351
+ {
352
+ throw (ErrorCodes.error('old_password_invalid'));
353
+ }
354
+
355
+ if (param.password !== param.password2)
356
+ {
357
+ throw (ErrorCodes.error('passwords_do_not_match'));
358
+ }
359
+
360
+ me.password = await me.session.getHashedPassword(param.password);
361
+ me.id = me.session.userId;
362
+ const val = await me.update();
363
+ return val;
364
+ }
365
+
366
+ async resetPassword(param)
367
+ {
368
+ const me = this;
369
+
370
+ if (md5(param.verify) !== param.code)
371
+ {
372
+ throw (ErrorCodes.error('verification_code_entered_wrong'));
373
+ }
374
+ const results = await me.db.query(`SELECT userId, userEmail
375
+ FROM users
376
+ WHERE userEmail=:query OR username=:query`, { query: param.string });
377
+
378
+ if (typeof results[0] !== 'undefined')
379
+ {
380
+ const row = results[0];
381
+ /*
382
+ const subject = `${me.config.siteName} ${me.translate('PASSWORDRESET')}`;
383
+ const mailTable = `${me.translate('PASSWORDRESETTEXT')}<br />
384
+ <a href="${me.config.siteUrl}/register-changepassword-${md5(param.verify)}/register.html">
385
+ ${me.config.siteUrl}/register-changepassword-${md5(param.verify)}/register.html</a>`;
386
+ const message = `From: ${me.config.siteEmail}, Message: ${me.translate('PASSWORDRESET')}<br />${mailTable}`;
387
+ const headers = me.config.siteEmail;
388
+ const mail = new MailMe();
389
+ await mail.sendMail(row.userEmail, subject, headers, me.config.siteName, message);
390
+ */
391
+
392
+ const expireDate = moment().add(10800, 'seconds');
393
+
394
+ await me.db.query(
395
+ `INSERT INTO reset_password (userId, verifyCode, expireDate)
396
+ VALUES(:userId, :verifyCode, :expireDate)
397
+ ON DUPLICATE KEY UPDATE verifyCode=:verifyCode, expireDate=:expireDate`,
398
+ {
399
+ userId: row.userId,
400
+ verifyCode: md5(param.verify),
401
+ expireDate: expireDate.format('YYYY-MM-DD HH:mm:ss'),
402
+ },
403
+ );
404
+
405
+ return { error: false, notice: 'success' };
406
+ }
407
+ throw (ErrorCodes.error('account_not_found'));
408
+ }
409
+ };