This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
const express = require('express');
|
||||
const router = express.Router();
|
||||
const { requireAuth } = require('../middleware/auth');
|
||||
const { Hunts, Packages, Scans, Users } = require('../models');
|
||||
|
||||
// ─── Hunt profile ─────────────────────────────────────────
|
||||
@@ -95,6 +96,36 @@ router.get('/player/:username', (req, res) => {
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Change password (own profile) ────────────────────────
|
||||
router.post('/player/:username/password', requireAuth, (req, res) => {
|
||||
const user = Users.findByUsername(req.params.username);
|
||||
if (!user || user.id !== req.session.userId) {
|
||||
return res.status(403).render('error', { title: 'Forbidden', message: 'You can only change your own password.' });
|
||||
}
|
||||
|
||||
const { current_password, new_password, new_password_confirm } = req.body;
|
||||
|
||||
const fullUser = Users.findByUsername(user.username);
|
||||
if (!Users.verifyPassword(fullUser, current_password)) {
|
||||
req.session.flash = { type: 'danger', message: 'Current password is incorrect.' };
|
||||
return res.redirect(`/player/${user.username}`);
|
||||
}
|
||||
|
||||
if (!new_password || new_password.length < 6) {
|
||||
req.session.flash = { type: 'danger', message: 'New password must be at least 6 characters.' };
|
||||
return res.redirect(`/player/${user.username}`);
|
||||
}
|
||||
|
||||
if (new_password !== new_password_confirm) {
|
||||
req.session.flash = { type: 'danger', message: 'New passwords do not match.' };
|
||||
return res.redirect(`/player/${user.username}`);
|
||||
}
|
||||
|
||||
Users.setPassword(user.id, new_password);
|
||||
req.session.flash = { type: 'success', message: 'Password changed successfully.' };
|
||||
res.redirect(`/player/${user.username}`);
|
||||
});
|
||||
|
||||
// ─── Browse all hunts ─────────────────────────────────────
|
||||
router.get('/hunts', (req, res) => {
|
||||
const hunts = Hunts.getAll();
|
||||
|
||||
Reference in New Issue
Block a user