forked from bigyunicorn/security_lab
-
Notifications
You must be signed in to change notification settings - Fork 72
/
profile.js
132 lines (85 loc) · 3.36 KB
/
profile.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/********************************************************************************/
/* */
/* profile.js */
/* */
/* Handle profile pages */
/* */
/********************************************************************************/
var db = require("./database.js");
/********************************************************************************/
/* */
/* Display profile request */
/* */
/********************************************************************************/
function displayProfile(req,res,next)
{
displayProfile0(req,res,next,false);
}
function displayProfile0(req,res,next,succ)
{
var userid = req.session.userId;
var q = "SELECT U.firstName, U.lastName, P.ssn, P.dob, P.address, P.bankAcc, P.bankRouting";
q += " FROM User U, Profile P";
q += " WHERE U.userId = P.userId AND U.userId = " + userid;
db.query(q,function (e1,d1) { displayProfile1(req,res,next,succ,e1,d1); } );
}
function displayProfile1(req,res,next,succ,err,data)
{
if (err != null) return next(err);
var doc = data.rows[0];
doc.userId = req.session.userId;
if (succ) doc.updateSuccess = true;
return res.render("profile",doc);
}
/********************************************************************************/
/* */
/* Handle profile update */
/* */
/********************************************************************************/
function handleProfileUpdate(req,res,next)
{
var firstname = req.body.firstName;
var lastname = req.body.lastName;
var ssn = req.body.ssn;
var dob = req.body.dob;
var address = req.body.address;
var bankAcc = req.body.bankAcc;
var bankRouting = req.body.bankRouting;
var regexPattern = /([0-9]+)+\#/;
// Allow only numbers with a suffix of the letter #, for example: 'XXXXXX#'
var testComplyWithRequirements = regexPattern.test(bankRouting);
if (testComplyWithRequirements !== true) {
var doc = { updateError: "Bank Routing number does not comply with requirements for format specified" };
return res.render("profile", doc);
}
var userId = req.session.userId;
var q = "UPDATE User SET firstName = '" + firstname + "', lastName = '" + lastname + "'" +
" WHERE userId = " + userId;
db.query(q,function (e1,d1) { handleProfileUpdate1(req,res,next,e1,d1); } );
}
function handleProfileUpdate1(req,res,next,err,data)
{
if (err != null) return next(err);
var ssn = req.body.ssn;
var dob = req.body.dob;
var address = req.body.address;
var bankAcc = req.body.bankAcc;
var bankRouting = req.body.bankRouting;
var q = "UPDATE Profile SET ssn = '" + ssn + "', dob = '" + dob + "', address = '" +
address + "', bankAcc = '" + bankAcc + "', bankRouting = '" + bankRouting + "'" +
" WHERE userId = " + req.session.userId;
db.query(q,function(e1,d1) { handleProfileUpdate2(req,res,next,e1,d1); } );
}
function handleProfileUpdate2(req,res,next,err,data)
{
if (err != null) return next(err);
displayProfile0(req,res,next,true);
}
/********************************************************************************/
/* */
/* Exports */
/* */
/********************************************************************************/
exports.displayProfile = displayProfile;
exports.handleProfileUpdate = handleProfileUpdate;
/* end of profile.js */