From 1f887be68c8e777cdaa6853eb942f7b691bc1e4e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Wed, 18 May 2022 01:27:06 +0200
Subject: [PATCH] Squashed 'cgilite/' changes from 2f3c712..49a67fe

49a67fe metadata blocks
b406efc avoid odd margins in list items
2092bc6 user passphrase update, improved username form

git-subtree-dir: cgilite
git-subtree-split: 49a67fed963936a4e88b2a8904296a16a4bbb9eb
---
 common.css   |  5 +++++
 markdown.awk |  7 +++++++
 users.sh     | 58 ++++++++++++++++++++++++++++++++++++++++++++++------
 3 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/common.css b/common.css
index 359f07d..a79230a 100644
--- a/common.css
+++ b/common.css
@@ -17,6 +17,7 @@ body {
 }
 
 ul, ol, dl, table, p { margin-bottom: .5em; }
+p:only-child { margin-bottom: 0; }
 
 a {
   font-style: italic;
@@ -44,6 +45,10 @@ ul, ol { margin-left: 1.125em; }
 dl dt { font-weight: bolder; }
 table th { font-weight: bold; }
 
+li p + ul, li p + ol {
+  margin-top: -.25em;
+}
+
 hr { border-bottom: 1pt solid; }
 
 h1, h2, h3 {
diff --git a/markdown.awk b/markdown.awk
index d28c7cf..b064792 100755
--- a/markdown.awk
+++ b/markdown.awk
@@ -56,6 +56,7 @@
 # - [ ] Definition lists (php md, pandoc)
 # - [-] Numbered example lists (pandoc)
 # - [-] Metadata blocks (pandoc)
+# - [x] Metadata blocks (custom)
 # - [x] Fenced Divs (pandoc)
 #
 # Extensions - Inline elements:
@@ -279,6 +280,12 @@ function _block( block, LOCAL, st, len, hlvl, htxt, guard, code, indent, attrib
   } else if ( AllowHTML && match( block, /^ ? ? ?(<\/[A-Za-z][A-Za-z0-9-]*[[:space:]]*>|<[A-Za-z][A-Za-z0-9-]*([[:space:]]+[A-Za-z_:][A-Za-z0-9_\.:-]*([[:space:]]*=[[:space:]]*([[:space:]"'=<>`]+|"[^"]*"|'[^']*'))?)*[[:space:]]*\/?>)([[:space:]]*\n)([^\n]|\n[ \t]*[^\n])*(\n[[:space:]]*\n|$)/) ) {
     len = RLENGTH; st = RSTART;
     return substr(block, st, len) _block(substr(block, st + len));
+
+  # Metadata (custom, block starting with %something)
+  # Metadata is ignored but can be interpreted externally
+  } else if ( match(block, /^%[a-zA-Z]+([[:space:]][^\n]*)?(\n|$)(%[a-zA-Z]+([[:space:]][^\n]*)?(\n|$)|%([[:space:]][^\n]*)?(\n|$)|[ \t]+[^\n[:space:]][^\n]*(\n|$))*/) ) {
+    len = RLENGTH; st = RSTART;
+    return  _block( substr( block, len + 1) );
  
   # Blockquote (leading >)
   } else if ( match( block, /^> /) ) {
diff --git a/users.sh b/users.sh
index 44a5e13..87143d8 100755
--- a/users.sh
+++ b/users.sh
@@ -391,9 +391,35 @@ user_logout(){
 }
 
 user_update(){
-  # passphrase, email
-  :
+  # todo: username update, email update / email confirm
+  local UID	UNAME	STATUS	EMAIL	PWSALT	PWHASH	EXPIRE	DEVICES FUTUREUSE
+  # local uname="$(POST uname |STRING)"
+  local uid oldpw pw pwconfirm
+
+        uid="$(POST uid)"
+      oldpw="$(POST oldpw)"
+         pw="$(POST pw |grep -xE '.{6}')"
+  pwconfirm="$(POST pwconfirm)"
+
+
+  read -r UID	UNAME	STATUS	EMAIL	PWSALT	PWHASH	EXPIRE	DEVICES FUTUREUSE <<-EOF
+	$(grep "^${uid}	" "$user_db")
+	EOF
+
+  if [ "$UID" = "$USER_ID" -a "$PWHASH" = "$(user_pwhash "$PWSALT" "$oldpw")" ]; then
+    if [ "$pw" -a "$pw" = "$pwconfirm" ]; then
+      update_user "${uid}" password="$pw"
+      REDIRECT "${_BASE}${PATH_INFO}#UPDATE_SUCCESS"
+    else
+      REDIRECT "${_BASE}${PATH_INFO}#ERROR_PWMISMATCH"
+    fi
+  elif [ "$UID" = "$USER_ID" ]; then
+    REDIRECT "${_BASE}${PATH_INFO}#ERROR_INVALID_AUTH_PASSWORD"
+  else
+    REDIRECT "${_BASE}${PATH_INFO}#ERROR_NOTLOGGEDIN"
+  fi
 }
+
 user_recover(){
   # send recover link
   :
@@ -411,14 +437,34 @@ read_user "$(SESSION_VAR user_id)"
   user_invite)   user_invite ;;
   user_login)    user_login ;;
   user_logout)   user_logout ;;
-  user_update)
-    :;;
+  user_update)   user_update ;;
   user_recover)
     :;;
   user_disable)
     :;;
 esac
 
+w_user_update(){
+  if [ ! "$USER_ID" ]; then
+    cat <<-EOF
+	[div #user_update .nouser
+	This page can only be used by registered users
+	]
+	EOF
+  else
+    cat <<-EOF
+	[form #user_update method=POST
+	  [hidden "uid" "$USER_ID"]
+	  [p .username Logged in as $USER_NAME]
+	  [input type=password name=oldpw placeholder="Current Passphrase"]
+	  [input type=password name=pw placeholder="New Passphrase" pattern=".{6,}"]
+	  [input type=password name=pwconfirm placeholder="Confirm New Passphrase" pattern=".{6,}"]
+	  [submit "action" "user_update" Update Passphrase]
+	]
+	EOF
+  fi
+}
+
 w_user_register(){
   if [ "$(GET user_confirm)" ]; then
     w_user_confirm
@@ -441,7 +487,7 @@ w_user_register(){
   elif [ "$USER_REQUIREEMAIL" != true ]; then
     cat <<-EOF
 	[form #user_register .registername method=POST
-          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off]
+          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[\\\\p{L}\]\[\\\\p{L}0-9 -~\]{2,127}$" autocomplete=off]
 	  [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"]
 	  [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"]
 	  [submit "action" "user_register" Sign Up]
@@ -467,7 +513,7 @@ w_user_confirm(){
 	  $([ "$EMAIL" != '\' ] && printf \
 	    '[input disabled=disabled value="%s" placeholder="Email"]' "$(UNSTRING "$EMAIL" |HTML)"
 	  )
-          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off]
+          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[\\\\p{L}\]\[\\\\p{L}0-9 -~\]{2,127}$" autocomplete=off]
 	  [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"]
 	  [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"]
 	  [submit "action" "user_confirm" Finish Registration]
-- 
2.39.2