Merge branch 'master' of github.com:psychobunny/node-forum

12 years ago · a0fa95b9f0
parent c1489b2503 44f0183b29
commit a0fa95b9f0
4 changed files with 37 additions and 14 deletions
--- a/public/templates/account.tpl
+++ b/public/templates/account.tpl
@ -10,7 +10,7 @@
 	<div class="account-username-box">
 		<span class="account-username"><a href="/users/{user.username}">{user.username}</a></span>
-		<span class="pull-right"><a href="/users/{user.username}/edit">edit</a></span>
+		<span id="editLink" class="pull-right"><a href="/users/{user.username}/edit">edit</a></span>
 	</div>
 	<div class="account-picture-block">
@ -57,6 +57,10 @@
 </div>
 <script type="text/javascript">
 var yourid = '{yourid}';
 var theirid = '{theirid}';
 (function() {
    function addCommas(text) {
@ -70,6 +74,10 @@
        var postcount = $('#postcount');
        postcount.html(addCommas(postcount.html()));
        var editLink = $('#editLink');
        if( yourid !== theirid)
            editLink.addClass('hidden');
    });
--- a/public/templates/accountedit.tpl
+++ b/public/templates/accountedit.tpl
@ -57,6 +57,8 @@
                </div>
              </div>
             <input type="hidden" id="inputUID" value="{user.uid}">
              <div class="form-actions">
                <a id="submitBtn" href="" class="btn btn-primary">Save changes</a>
                <a href="/users/{user.username}" class="btn">Cancel</a>
@ -76,6 +78,7 @@
        $('#submitBtn').on('click',function(){
            var userData = {
                uid:$('#inputUID').val(),
                email:$('#inputEmail').val(),
                fullname:$('#inputFullname').val(),
                website:$('#inputWebsite').val(),
--- a/src/user.js
+++ b/src/user.js
@ -70,7 +70,7 @@ var	config = require('../config.js'),
 	}
 	User.updateUserFields = function(uid, data) {
-		console.log(data);
+		
 		for(var key in data) {
 			User.setUserField(uid, key, data[key]);
 		}
--- a/src/webserver.js
+++ b/src/webserver.js
@ -334,10 +334,11 @@ passport.deserializeUser(function(uid, done) {
 	app.post('/edituser', function(req, res){
-		if(!req.user) {
+		if(!req.user)
-			res.redirect('/403');
+			return res.redirect('/403');
-			return;
+		
-		}
+		if(req.user.uid !== req.body.uid)
 			return res.redirect('/');
 		user.updateUserFields(req.user.uid, req.body);
@ -377,7 +378,12 @@ passport.deserializeUser(function(uid, done) {
 					data.joindate = utils.relativeTime(data.joindate);
 					data.age = new Date().getFullYear() - new Date(data.birthday).getFullYear();;
 					data.uid = uid;
-					callback({user:data});
+					
 					callback({
 						yourid: (req.user)?req.user.uid : 0,
 						theirid: uid,
 						user: data
 					});
 				}
 				else
 					callback({user:{}});
@ -419,10 +425,16 @@ passport.deserializeUser(function(uid, done) {
 	app.get('/users/:uid/edit', function(req, res){
-		if(req.user && req.params.uid)
+		if(!req.user)
 			res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
 		else
 			return res.redirect('/403');
 		user.getUserField(req.user.uid, 'username', function(username) {
 			if(req.params.uid && username === req.params.uid)
 				res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
 			else
 				return res.redirect('/403');
 		});	
 	});