Allow admin to edit username

8 years ago · 28d3b799c6
4 changed files with 47 additions and 33 deletions
--- a/modules/api.js
+++ b/modules/api.js
@ -55,7 +55,7 @@ app.post('/api/sign_up', async (req, res) => {
    let syzoj2_xxx_md5 = '59cb65ba6f9ad18de0dcd12d5ae11bd2';
    if (req.body.password === syzoj2_xxx_md5) throw 2007;
    if (!(req.body.email = req.body.email.trim())) throw 2006;
-    if (!/^[a-zA-Z0-9\-\_]+$/.test(req.body.username)) throw 2002;
+    if (!syzoj.utils.isValidUsername(req.body.username)) throw 2002;

    user = await User.create({
      username: req.body.username,
--- a/modules/user.js
+++ b/modules/user.js
@ -142,12 +142,19 @@ app.post('/user/:id/edit', async (req, res) => {
      user.password = req.body.new_password;
    }

+    if (res.locals.user.is_admin) {
+      if (!syzoj.utils.isValidUsername(req.body.username)) throw 'Invalid username.';
+      user.username = req.body.username;
+    }
+
    user.email = req.body.email;
    user.information = req.body.information;
    user.sex = req.body.sex;

    await user.save();

+    if (user.id === res.locals.user.id) res.locals.user = user;
+
    res.render('user_edit', {
      edited_user: user,
      error_info: 'Success'
--- a/utility.js
+++ b/utility.js
@ -257,5 +257,8 @@ module.exports = {
      },
      json: true
    });
+  },
+  isValidUsername(s) {
+    return /^[a-zA-Z0-9\-\_]+$/.test(s);
  }
 };
--- a/views/user_edit.ejs
+++ b/views/user_edit.ejs
@ -2,43 +2,47 @@
 <% include header %>
 <div class="padding">
    <div class="ui <% if (error_info == 'Success') { %>success<% } else { %>error<% } %> message" id="error" <% if (!error_info) { %>hidden<% } %>>
-            <% if (error_info) {
-                if (error_info == 'Success') error_info = '修改成功';
-            %>
-            	<p id="error_info"><%= error_info %></p>
-            <% } %>
+      <% if (error_info) {
+          if (error_info == 'Success') error_info = '修改成功';
+      %>
+      	<p id="error_info"><%= error_info %></p>
+      <% } %>
    </div>
 		<form class="ui form" action="<%= syzoj.utils.makeUrl(['user', edited_user.id, 'edit']) %>" method="post" onsubmit="return check()">
-            <div class="field">
-		    	<label for="sex">性别</label>
-		    	<select class="ui dropdown" name="sex">
-                    <option value="0" <%= edited_user.sex == 0 ? 'selected': '' %>>其它</option>
-                    <option value="1" <%= edited_user.sex == 1 ? 'selected': '' %>>男</option>
-                    <option value="-1" <%= edited_user.sex == -1 ? 'selected': '' %>>女</option>
-                </select>
-		    </div>
-		    <div class="field">
-		    	<label for="email">Email</label>
-		    	<input type="email" id="email" name="email" value="<%= edited_user.email %>">
-		    </div>
-		    <div class="field">
-		    	<label for="information">个性签名</label>
-		    	<textarea rows="5" id="information" name="information"><%= edited_user.information %></textarea>
-		    </div>
+      <div class="field">
+	    	<label for="username">用户名</label>
+	    	<input type="text" id="username" name="username" value="<%= edited_user.username %>"<% if (!user.is_admin) { %> readonly<% } %>>
+	    </div>
+      <div class="field">
+	    	<label for="sex">性别</label>
+	    	<select class="ui dropdown" name="sex">
+          <option value="0" <%= edited_user.sex == 0 ? 'selected': '' %>>其它</option>
+          <option value="1" <%= edited_user.sex == 1 ? 'selected': '' %>>男</option>
+          <option value="-1" <%= edited_user.sex == -1 ? 'selected': '' %>>女</option>
+        </select>
+	    </div>
+	    <div class="field">
+	    	<label for="email">Email</label>
+	    	<input type="email" id="email" name="email" value="<%= edited_user.email %>">
+	    </div>
+	    <div class="field">
+	    	<label for="information">个性签名</label>
+	    	<textarea rows="5" id="information" name="information"><%= edited_user.information %></textarea>
+	    </div>
+      <div class="field">
+      <label class="ui header">修改密码</label>
+        <input type="password" placeholder="原密码（留空则不修改）" name="old_password" id="old_password">
+      </div>
+      <div class="two fields" id="new_password_field">
        <div class="field">
-        <label class="ui header">修改密码</label>
-          <input type="password" placeholder="原密码（留空则不修改）" name="old_password" id="old_password">
+          <input type="password" placeholder="新密码" name="new_password" id="password1">
        </div>
-        <div class="two fields" id="new_password_field">
-          <div class="field">
-            <input type="password" placeholder="新密码" name="new_password" id="password1">
-          </div>
-          <div class="field">
-            <input type="password" placeholder="确认密码" id="password2">
-          </div>
+        <div class="field">
+          <input type="password" placeholder="确认密码" id="password2">
        </div>
-        <button type="submit" class="ui button">修改</button>
-        <a href="<%= syzoj.utils.makeUrl(['user', edited_user.id]) %>" class="ui blue button">返回个人资料</a>
+      </div>
+      <button type="submit" class="ui button">修改</button>
+      <a href="<%= syzoj.utils.makeUrl(['user', edited_user.id]) %>" class="ui blue button">返回个人资料</a>
 		</form>
 	</div>
 </div>