add change password

data/control.json

@@ -3,7 +3,7 @@
   "open": 1,
   "admin_email": "",
   "email_mode": "file",
-  "email_file_path": "data/emails.txt",
+  "email_file_path": "emails.txt",
   "smtp_host": "",
   "smtp_port": "587",
   "smtp_username": "",

internal/actions/fight.go

@@ -146,8 +146,6 @@ func HandleSpell(fight *fights.Fight, user *users.User, spellID int) *FightResul
 		}
 	}
 
-	fmt.Printf("new MP is %d\n", user.MP-spell.MP)
-
 	result := &FightResult{
 		UserUpdates: map[string]any{"mp": user.MP - spell.MP},
 	}

internal/routes/index.go

@@ -10,6 +10,7 @@ import (
 	"strconv"
 
 	sushi "git.sharkk.net/Sharkk/Sushi"
+	"git.sharkk.net/Sharkk/Sushi/password"
 )
 
 func Index(ctx sushi.Ctx) {
@@ -135,3 +136,64 @@ func Teleport(ctx sushi.Ctx) {
 	sess.SetFlash("success", "You teleported to "+town.Name+" successfully!")
 	ctx.Redirect("/town")
 }
+
+func ShowChangePassword(ctx sushi.Ctx) {
+	components.RenderPage(ctx, "Change Password", "changepassword.html", nil)
+}
+
+func ChangePassword(ctx sushi.Ctx) {
+	sess := ctx.GetCurrentSession()
+	user := ctx.GetCurrentUser().(*users.User)
+
+	currentPassword := ctx.Form("p").String()
+	newPassword := ctx.Form("p2").String()
+	confirmPassword := ctx.Form("p3").String()
+
+	// Validate inputs
+	if currentPassword == "" || newPassword == "" || confirmPassword == "" {
+		sess.SetFlash("error", "All fields are required")
+		ctx.Redirect("/change-password")
+		return
+	}
+
+	if len(newPassword) < 6 {
+		sess.SetFlash("error", "New password must be at least 6 characters")
+		ctx.Redirect("/change-password")
+		return
+	}
+
+	if newPassword != confirmPassword {
+		sess.SetFlash("error", "New passwords do not match")
+		ctx.Redirect("/change-password")
+		return
+	}
+
+	// Verify current password
+	isValid, err := password.VerifyPassword(currentPassword, user.Password)
+	if err != nil {
+		sess.SetFlash("error", "Password verification failed")
+		ctx.Redirect("/change-password")
+		return
+	}
+	if !isValid {
+		sess.SetFlash("error", "Current password is incorrect")
+		ctx.Redirect("/change-password")
+		return
+	}
+
+	// Update password
+	err = database.Transaction(func() error {
+		return database.Update("users", map[string]any{
+			"password": password.HashPassword(newPassword),
+		}, "id", user.ID)
+	})
+
+	if err != nil {
+		sess.SetFlash("error", "Failed to update password")
+		ctx.Redirect("/change-password")
+		return
+	}
+
+	sess.SetFlash("success", "Password changed successfully!")
+	ctx.Redirect("/")
+}

main.go

@@ -180,6 +180,8 @@ func start(port string) error {
 	protected.Get("/explore", routes.Explore)
 	protected.Post("/move", routes.Move)
 	protected.Get("/teleport/:to", routes.Teleport)
+	protected.Get("/change-password", routes.ShowChangePassword)
+	protected.Post("/change-password", routes.ChangePassword)
 
 	routes.RegisterAuthRoutes(app)
 	routes.RegisterTownRoutes(app)

templates/changepassword.html

@@ -0,0 +1,26 @@
+{include "layout.html"}
+
+{block "content"}
+<h1>Change Password</h1>
+
+<form class="standard mb-1" action="/change-password" method="post">
+	{csrf}
+
+	<div class="row">
+		<label for="p">Current Password</label>
+		<input id="p" class="text" type="password" name="p" required>
+	</div>
+
+	<div class="row">
+		<label for="p2">New Password</label>
+		<input id="p2" class="text" type="password" name="p2" required>
+		<label for="p3">Confirm New Password</label>
+		<input id="p3" class="text" type="password" name="p3" required>
+	</div>
+
+	<div class="actions">
+		<a href="/"><button class="btn" type="button">Never mind</button></a>
+		<button class="btn btn-primary" type="submit">Change Password</button>
+	</div>
+</form>
+{/block}