From 62200219537db5ceb248af791dd948647c99b946 Mon Sep 17 00:00:00 2001
From: Gregory Wells <gawells@astraltech.xyz>
Date: Tue, 31 Mar 2026 20:33:38 -0400
Subject: [PATCH] show error when new passwords do not match

---
 src/main/main.go            | 41 ++++++++++++++++++++++++++++
 src/pages/profile_page.html | 54 ++++++++++++++++++++++++++++++++-----
 2 files changed, 89 insertions(+), 6 deletions(-)

diff --git a/src/main/main.go b/src/main/main.go
index 827ce5f..d3b5df3 100644
--- a/src/main/main.go
+++ b/src/main/main.go
@@ -309,6 +309,47 @@ func cleanupSessions() {
 	}
 }
 
+// func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
+// 	exist, sessionData := validateSession(r)
+// 	if !exist {
+// 		http.Redirect(w, r, "/login", http.StatusSeeOther)
+// 		return
+// 	}
+// 	err := r.ParseMultipartForm(10 << 20) // 10MB limit
+// 	if err != nil {
+// 		http.Error(w, "Bad request", http.StatusBadRequest)
+// 		return
+// 	}
+
+// 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
+// 		http.Error(w, "CSRF Forbidden", http.StatusForbidden)
+// 		return
+// 	}
+
+// 	file, header, err := r.FormFile("photo")
+// 	if err != nil {
+// 		http.Error(w, "File not found", http.StatusBadRequest)
+// 		return
+// 	}
+// 	defer file.Close()
+// 	if header.Size > (10 * 1024 * 1024) {
+// 		http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
+// 		return
+// 	}
+
+// 	// 3. Read file into memory
+// 	data, err := io.ReadAll(file)
+// 	if err != nil {
+// 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
+// 		return
+// 	}
+// 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
+// 	ldapServerMutex.Lock()
+// 	defer ldapServerMutex.Unlock()
+// 	modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
+// 	createUserPhoto(sessionData.data.Username, data)
+// }
+
 func main() {
 	logging.Info("Starting the server")
 
diff --git a/src/pages/profile_page.html b/src/pages/profile_page.html
index 41a17a0..1230a43 100644
--- a/src/pages/profile_page.html
+++ b/src/pages/profile_page.html
@@ -12,10 +12,25 @@
 <div id="popup_background" class="blocked hidden"></div>
 
 <div id="change_password_dialouge" class="hidden card">
-    <input type="password" placeholder="Current Password" />
-    <input type="password" placeholder="New Password" />
-    <input type="password" placeholder="New Password(repeat)" />
-    <button>Change Password</button>
+    <div id="new_password_error" class="error hidden">
+        ⚠️ New password and new Password repeat do not match.
+        <button id="new_password_error_close_button" class="close_error_button">
+            X
+        </button>
+    </div>
+
+    <input
+        type="password"
+        id="current_password"
+        placeholder="Current Password"
+    />
+    <input type="password" id="new_password" placeholder="New Password" />
+    <input
+        type="password"
+        id="new_password_repeat"
+        placeholder="New Password(repeat)"
+    />
+    <button id="final_change_password_button">Change Password</button>
 </div>
 
 <img id="logo_image" alt="logo" src="/logo" />
@@ -102,9 +117,36 @@
         document
             .getElementById("change_password_dialouge")
             .classList.remove("hidden");
+    });
+</script>
 
-        // document.getElementById("change_password_dialouge").classList.add("hidden");
-        // document.getElementById("popup_background").classList.add("hidden");
+<script type="text/javascript">
+    const changePasswordButton = document.getElementById(
+        "final_change_password_button",
+    );
+
+    changePasswordButton.addEventListener("click", () => {
+        if (
+            document.getElementById("new_password").value !=
+            document.getElementById("new_password_repeat").value
+        ) {
+            document
+                .getElementById("new_password_error")
+                .classList.remove("hidden");
+            return;
+        }
+
+        const formData = new FormData();
+        formData.append(
+            "csrf_token",
+            document.getElementById("csrf_token_storage").value,
+        );
+        formData.append("old", file);
+
+        document
+            .getElementById("change_password_dialouge")
+            .classList.add("hidden");
+        document.getElementById("popup_background").classList.add("hidden");
     });
 </script>