diff --git a/main.go b/main.go index c23b856..3b981a2 100644 --- a/main.go +++ b/main.go @@ -55,9 +55,11 @@ func UsernameAvailable(username string) bool { if len(username) == 0 { return false } - var u string + var tmp string + u := strings.ToLower(username) + q := fmt.Sprintf("select username from %s_auth where username ILIKE $1", c.TablePrefix) - err := c.db.Get(&u, q, username) + err := c.db.Get(&tmp, q, u) if err == sql.ErrNoRows { return true } @@ -74,14 +76,16 @@ func Register(username, email, ip string) bool { if !UsernameAvailable(username) { return false } + u := strings.ToLower(username) + pass := randBytes(16) crypt, err := bcrypt.GenerateFromPassword(pass, 10) if err != nil { log.Printf("scsusers.Register: Bcrypt GenerateFromPassword failed? Pass is %s and error is %s\n", pass, err.Error()) return false } - q := fmt.Sprintf("insert into %s_auth (username, email, password, registration_date, registration_ip) values ($1, $2, $3, CURRENT_TIMESTAMP, $4)", c.TablePrefix) - _, err = c.db.Exec(q, username, email, crypt, ip) + q := fmt.Sprintf("insert into %s_auth (username, , displayname, email, password, registration_date, registration_ip) values ($1, $2, $3, CURRENT_TIMESTAMP, $4)", c.TablePrefix) + _, err = c.db.Exec(q, u, username, email, crypt, ip) if err != nil { log.Printf("scsusers.Register: insert failed: %s\n", err.Error()) return false @@ -100,9 +104,11 @@ func Register(username, email, ip string) bool { } func Login(username, password string) bool { - q := fmt.Sprintf("select password from %s_auth where username ILIKE $1 AND status='active'", c.TablePrefix) + u := strings.ToLower(username) + + q := fmt.Sprintf("select password from %s_auth where username = $1 AND status='active'", c.TablePrefix) var crypt string - err := c.db.Get(&crypt, q, username) + err := c.db.Get(&crypt, q, u) if err != nil { log.Printf("scsusers.Login: Failed login attempt for unknown username: %s\n", username) return false @@ -116,9 +122,11 @@ func Login(username, password string) bool { } func ChangePassword(username, oldpass, newpass string) bool { - q := fmt.Sprintf("select password from %s_auth where username ILIKE $1 AND status='active'", c.TablePrefix) + u := strings.ToLower(username) + + q := fmt.Sprintf("select password from %s_auth where username = $1 AND status='active'", c.TablePrefix) var crypt string - err := c.db.Get(&crypt, q, username) + err := c.db.Get(&crypt, q, u) if err != nil { log.Println("scsusers.ChangePassword: Failed change attempt for unknown username: " + username) return false @@ -128,8 +136,8 @@ func ChangePassword(username, oldpass, newpass string) bool { return false } newcrypt, err := bcrypt.GenerateFromPassword([]byte(newpass), 10) - q = fmt.Sprintf("update %s_auth set password=$2 where username ILIKE $1", c.TablePrefix) - _, err = c.db.Exec(q, username, newcrypt) + q = fmt.Sprintf("update %s_auth set password=$2 where username = $1", c.TablePrefix) + _, err = c.db.Exec(q, u, newcrypt) if err != nil { log.Printf("scsusers.ChangePassword: update failed for %s: %s\n", username, err.Error()) return false @@ -140,8 +148,10 @@ func ChangePassword(username, oldpass, newpass string) bool { func GetUserid(username string) int64 { var i int64 - q := fmt.Sprintf("select userid from %s_auth where username ILIKE $1", c.TablePrefix) - err := c.db.Get(&i, q, username) + u := strings.ToLower(username) + + q := fmt.Sprintf("select userid from %s_auth where username = $1", c.TablePrefix) + err := c.db.Get(&i, q, u) if err != nil { log.Printf("scsusers.getUserId: Error loading user: %s : %s\n", username, err.Error()) return 0 @@ -149,29 +159,32 @@ func GetUserid(username string) int64 { return i } func LoadUser(username string) (UserData, error) { - var u UserData - q := fmt.Sprintf("select data from %s_userdata where username ILIKE $1", c.TablePrefix) + var tmp UserData + u := strings.ToLower(username) + + q := fmt.Sprintf("select data from %s_userdata where username = $1", c.TablePrefix) var d string - err := c.db.Get(d, q, username) + err := c.db.Get(d, q, u) if err != nil { log.Printf("scsusers.LoadUser: Error loading user: %s : %s\n", username, err.Error()) - return u, err + return tmp, err } - err = json.Unmarshal([]byte(d), &u) + err = json.Unmarshal([]byte(d), &tmp) if err != nil { log.Printf("scsusers.LoadUser: Error decoding json on user %s. Unmarshal returned %s\n", username, err.Error()) } - return u, err + return tmp, err } func SaveUser(username string, d UserData) bool { - q := fmt.Sprintf("update %s_userdata set data=$1 where username ILIKE $2") + u := strings.ToLower(username) + q := fmt.Sprintf("update %s_userdata set data=$1 where username = $2", c.TablePrefix) j, err := json.Marshal(d) if err != nil { log.Printf("scsusers.SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error()) return false } - _, err = c.db.Exec(q, username, j) + _, err = c.db.Exec(q, u, j) if err != nil { log.Printf("scsusers.SaveUser: db.Exec failed for username %s : %s\n", username, err.Error()) return false @@ -181,25 +194,28 @@ func SaveUser(username string, d UserData) bool { } func Bump(username string, ip string) { - q := fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP, lastseenip=$2 where username ILIKE $1", c.TablePrefix) - _, err := c.db.Exec(q, username, ip) + u := strings.ToLower(username) + q := fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP, lastseenip=$2 where username = $1", c.TablePrefix) + _, err := c.db.Exec(q, u, ip) if err != nil { log.Printf("scsusers.Bump: Error on user bump: %s : %s\n", username, err.Error()) } } type Metadata struct { - MetaKey string `db:meta_key` - MetaValue string `db:meta_value` + MetaKey string `db:"meta_key"` + MetaValue string `db:"meta_value"` } func GetAllMeta(username string) map[string]string { meta := make(map[string]string) + u := strings.ToLower(username) + q := fmt.Sprintf(`select meta_key, meta_value from %s_user_metadata where - user_id=(select userid from %s_auth where username ILIKE $1)`, + user_id=(select userid from %s_auth where username = $1)`, c.TablePrefix, c.TablePrefix) - rows, err := c.db.Queryx(q, username) + rows, err := c.db.Queryx(q, u) if err != nil && err != sql.ErrNoRows { log.Printf("scsusers.GetAllMeta: %s: %s\n", username, err.Error()) return meta @@ -208,7 +224,7 @@ func GetAllMeta(username string) map[string]string { for rows.Next() { err = rows.StructScan(&m) if err != nil { - log.Printf("scsusers.GetAllMeta: StructScan: %s\n", username, err.Error()) + log.Printf("scsusers.GetAllMeta: StructScan: %s: %s\n", username, err.Error()) return meta } meta[m.MetaKey] = m.MetaValue @@ -218,9 +234,11 @@ func GetAllMeta(username string) map[string]string { func GetMeta(username string, metakey string) string { var v string + u := strings.ToLower(username) + q := fmt.Sprintf(`select meta_value from %s_user_metadata where - user_id=(select userid from %s_auth where username ILIKE $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix) - err := c.db.Get(&v, q, username, metakey) + user_id=(select userid from %s_auth where username = $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix) + err := c.db.Get(&v, q, u, metakey) if err != nil && err != sql.ErrNoRows { log.Printf("scsusers.GetMeta: %s - %s - %s\n", username, metakey, err.Error()) } @@ -237,29 +255,32 @@ func GetMeta(username string, metakey string) string { func SetMeta(username string, metakey string, metavalue string) { var err error + u := strings.ToLower(username) + if metavalue == "" { - q := fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username ILIKE $1) AND meta_key=$2`, + q := fmt.Sprintf(`delete from %s_user_metadata where user_id=(select userid from %s_auth where username = $1) AND meta_key=$2`, c.TablePrefix, c.TablePrefix) - _, err = c.db.Exec(q, username, metakey) + _, err = c.db.Exec(q, u, metakey) } else { q := fmt.Sprintf(`insert into %s_user_metadata (user_id, meta_key, meta_value) VALUES - ((select userid from %s_auth where username ILIKE $1), $2, $3)`, c.TablePrefix, c.TablePrefix) - _, err = c.db.Exec(q, username, metakey, metavalue) + ((select userid from %s_auth where username = $1), $2, $3)`, c.TablePrefix, c.TablePrefix) + _, err = c.db.Exec(q, u, metakey, metavalue) } if err != nil { log.Printf("scsusers.SetMeta: %s %s %s %s\n", username, metakey, metavalue, err.Error()) } } -func RecoverByUsername(u string) { - var username, email string - q := fmt.Sprintf("select username, email from %s_auth where username ILIKE $1", c.TablePrefix) - row := c.db.QueryRow(q, u) - err := row.Scan(&username, &email) +func RecoverByUsername(username string) { + var email string + u := strings.ToLower(username) + + q := fmt.Sprintf("select email from %s_auth where username = $1", c.TablePrefix) + err := c.db.Get(&email, q, u) if err != sql.ErrNoRows { recoverycode := randBytes(16) - qq := fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username ILIKE $2", c.TablePrefix) - _, err := c.db.Exec(qq, recoverycode, username) + qq := fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username = $2", c.TablePrefix) + _, err := c.db.Exec(qq, recoverycode, u) if err == nil { sendRecoveryEmail(email, username, string(recoverycode)) } @@ -268,12 +289,11 @@ func RecoverByUsername(u string) { func RecoverByEmail(e string) { var username, email string - q := fmt.Sprintf("select username, email from %s_auth where email=$1", c.TablePrefix) - row := c.db.QueryRow(q, e) - err := row.Scan(&username, &email) + q := fmt.Sprintf("select username from %s_auth where email ILIKE $1", c.TablePrefix) + err := c.db.Get(&username, q, e) if err != sql.ErrNoRows { recoverycode := randBytes(16) - qq := fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username ILIKE $2", c.TablePrefix) + qq := fmt.Sprintf("update %s_auth set recoverycode=$1, recoverytime=NOW() where username = $2", c.TablePrefix) _, err := c.db.Exec(qq, recoverycode, username) if err == nil { sendRecoveryEmail(email, username, string(recoverycode)) @@ -336,7 +356,7 @@ func sendAlertEmail(username, recipient, message string) bool { return false } - subject := fmt.Sprintf("New activity on %s", c.SiteName) + subject := fmt.Sprintf("new Activity Notification on %s", c.SiteName) err = SendMail(c.SMTPServer, c.FromEmail, subject, body.String(), recipient) if err != nil { log.Printf("scsusers.sendAlertEmail: Error sending mail to %s: %s\n", recipient, err.Error())