1 files changed, 59 insertions, 1 deletions

diff --git a/fbin.py b/fbin.py
index 0b8bed4..5aaa6a1 100755
--- a/fbin.py
+++ b/fbin.py
@@ -65,6 +65,17 @@ class Application(object):
 
 		return user
 
+	def save_user_pass(self, user, password):
+		session = db.Session()
+		try:
+			user.password = password
+			session.add(user)
+			session.commit()
+			# Avoid having to fetch user again (used by changepass)
+			session.refresh(user)
+		finally:
+			session.close()
+
 	def get_file(self, hash):
 		session = db.Session()
 		try:
@@ -346,6 +357,52 @@ class Application(object):
 			('Location', settings.virtual_root)])
 		return []
 
+	def changepass(self, environ, start_response, path):
+		c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
+		user = self.validate_cookie(c)
+		form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ)
+		if environ['REQUEST_METHOD'] != 'POST' or not 'oldpass' in form or not 'password' in form or not 'password2' in form:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.changepass(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'error': None,
+			}))
+
+		oldpass = hashlib.sha1(form.getvalue('oldpass')).hexdigest()
+		password = form.getvalue('password')
+		password2 = form.getvalue('password2')
+
+		if oldpass != user.password:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.changepass(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'error': 'Invalid password.',
+			}))
+
+		if password != password2:
+			start_response('200 OK', [('Content-Type', 'text/html')])
+			return str(templates.changepass(searchList = {
+				'root': settings.virtual_root,
+				'user': user,
+				'error': 'Passwords doesn\'t match.',
+			}))
+
+		password = hashlib.sha1(password).hexdigest()
+		self.save_user_pass(user, password)
+
+		dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
+		expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
+		c['uid']['expires'] = expires
+		c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest()
+		c['identifier']['expires'] = expires
+		start_response('302 Found', [
+			('Set-Cookie', c['uid'].OutputString()),
+			('Set-Cookie', c['identifier'].OutputString()),
+			('Location', settings.virtual_root)])
+		return []
+
 	def static(self, environ, start_response, path):
 		filename = path[1]
 		if not filename in ('style.css',):
@@ -424,11 +481,12 @@ class Application(object):
 	t = thumb
 	o = logout
 	r = register
+	c = changepass
 
 	def __call__(self, environ, start_response):
 		path = environ['PATH_INFO'].split('/')[1:]
 		module = path[0] if len(path) else ''
-		if len(module) and module in 'fulshmitor':
+		if len(module) and module in 'fulshmitorc':
 			return getattr(self, module)(environ, start_response, path)
 		else:
 			start_response('302 Found', [('Location', settings.virtual_root + 'u')])