add server side password change information

src/logging/logging.go

@@ -1,7 +1,6 @@
 package logging
 
 import (
-	"fmt"
 	"log"
 )
 
@@ -9,54 +8,113 @@ type EventType int
 
 const (
 	ReadFile EventType = iota
+	AuthenticateUser
+)
+
+type LogLevel int
+
+const (
+	InfoLevel LogLevel = iota
+	EventLevel
+	DebugLevel
+	WarnLevel
+	ErrorLevel
+	FatalLevel
+)
+
+var (
+	currentLevel LogLevel = InfoLevel
 )
 
 func Info(message string) {
+	if currentLevel > InfoLevel {
+		return
+	}
 	log.Printf("Info: %s", message)
 }
 
 func Infof(message string, v ...any) {
-	log.Printf("Info: %s", fmt.Sprintf(message, v...))
+	if currentLevel > InfoLevel {
+		return
+	}
+	log.Printf("Info: "+message, v...)
 }
 
 func Debug(message string) {
+	if currentLevel > DebugLevel {
+		return
+	}
 	log.Printf("Debug: %s", message)
 }
 
 func Debugf(message string, v ...any) {
-	log.Printf("Debug: %s", fmt.Sprintf(message, v...))
+	if currentLevel > DebugLevel {
+		return
+	}
+	log.Printf("Debug: "+message, v...)
 }
 
 func Warn(message string) {
+	if currentLevel > WarnLevel {
+		return
+	}
 	log.Printf("Warn: %s", message)
 }
 
 func Warnf(message string, v ...any) {
-	log.Printf("Warn: %s", fmt.Sprintf(message, v...))
+	if currentLevel > WarnLevel {
+		return
+	}
+	log.Printf("Warn: "+message, v...)
 }
 
 func Error(message string) {
+	if currentLevel > ErrorLevel {
+		return
+	}
 	log.Printf("Error: %s", message)
 }
 
 func Errorf(message string, v ...any) {
-	log.Printf("Error: %s", fmt.Sprintf(message, v...))
+	if currentLevel > ErrorLevel {
+		return
+	}
+	log.Printf("Error: "+message, v...)
 }
 
 func Fatal(message string) {
+	if currentLevel > FatalLevel {
+		return
+	}
 	log.Fatal(message)
 }
 
 func Fatalf(message string, v ...any) {
+	if currentLevel > FatalLevel {
+		return
+	}
 	log.Fatalf(message, v...)
 }
 
 func Event(eventType EventType, eventData ...any) {
+	if currentLevel > EventLevel {
+		return
+	}
+
 	switch eventType {
 	case ReadFile:
 		{
 			log.Printf("Reading file %s", eventData[0])
 			break
 		}
+	case AuthenticateUser:
+		{
+			log.Printf("Authenticating user %s", eventData[0])
+			break
+		}
 	}
 }
+
+func SetLogLovel(level LogLevel) {
+	currentLevel = level
+}

src/main/email.go

@@ -1,9 +1,11 @@
 package main
 
 import (
-	"log"
 	"net/smtp"
 	"strconv"
+	"strings"
+
+	"astraltech.xyz/accountmanager/src/logging"
 )
 
 type EmailAccount struct {
@@ -20,6 +22,7 @@ type EmailAccountData struct {
 }
 
 func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
+	logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.username, accountData.email, smtpHost, smtpPort)
 	account := EmailAccount{
 		email:    accountData.email,
 		smtpHost: smtpHost,
@@ -30,13 +33,9 @@ func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort
 }
 
 func sendEmail(account EmailAccount, toEmail []string, subject string, message string) {
-	ToEmailList := ""
+	logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmail, ""))
-	for i := 0; i < len(toEmail); i++ {
+
-		ToEmailList += toEmail[i]
+	ToEmailList := strings.Join(toEmail, "")
-		if i+1 < len(toEmail) {
-			ToEmailList += ", "
-		}
-	}
 
 	messageData := []byte(
 		"From: " + account.email + "\r\n" +
@@ -47,6 +46,7 @@ func sendEmail(account EmailAccount, toEmail []string, subject string, message s
 	)
 	err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData)
 	if err != nil {
-		log.Print(err)
+		logging.Error("Failed to send email")
+		logging.Error(err.Error())
 	}
 }

src/main/ldap.go

@@ -2,8 +2,8 @@ package main
 
 import (
 	"crypto/tls"
-	"errors"
+	"fmt"
-	"log"
+	"strings"
 
 	"astraltech.xyz/accountmanager/src/logging"
 	"github.com/go-ldap/ldap/v3"
@@ -46,41 +46,55 @@ func connectToLDAPServer(URL string, starttls bool, ignore_cert bool) *LDAPServe
 	}
 }
 
-func reconnectToLDAPServer(server *LDAPServer) {
+func reconnectToLDAPServer(server *LDAPServer) error {
+	logging.Debugf("Reconnecting to %s LDAP server", server.URL)
 	if server == nil {
-		log.Println("Cannot reconnect: server is nil")
+		logging.Errorf("Cannot reconnect: server is nil")
-		return
+		return fmt.Errorf("Server is nil")
 	}
 
 	l, err := ldap.DialURL(server.URL)
 	if err != nil {
-		log.Print(err)
+		logging.Errorf("Failed to connect to LDAP server (has server gone down)")
-		return
+		return err
 	}
 
 	if server.StartTLS {
+		logging.Debugf("StartTLS enabling")
 		if err := l.StartTLS(&tls.Config{InsecureSkipVerify: server.IgnoreInsecureCert}); err != nil {
-			log.Println("StartTLS failed:", err)
+			logging.Error("StartTLS failed")
+			return err
 		}
+		logging.Debugf("Successfully Started TLS")
 	}
 
 	server.Connection = l
+	return nil
 }
 
 func connectAsLDAPUser(server *LDAPServer, bindDN, password string) error {
+	logging.Debugf("Connecting to %s LDAP server with %s BindDN", server.URL, bindDN)
 	if server == nil {
-		return errors.New("LDAP server is nil")
+		logging.Errorf("Failed to connect as user, LDAP server is NULL")
+		return fmt.Errorf("LDAP server is null")
 	}
 
-	// Reconnect if needed
 	if server.Connection == nil || server.Connection.IsClosing() {
-		reconnectToLDAPServer(server)
+		err := reconnectToLDAPServer(server)
+		return err
 	}
-	return server.Connection.Bind(bindDN, password)
+	err := server.Connection.Bind(bindDN, password)
+	if err != nil {
+		logging.Errorf("Failed to bind to LDAP as user %s", err.Error())
+		return err
+	}
+	return nil
 }
 
 func searchLDAPServer(server *LDAPServer, baseDN string, searchFilter string, attributes []string) LDAPSearch {
+	logging.Debugf("Searching %s LDAP server\n\tBase DN: %s\n\tSearch Filter %s\n\tAttributes: %s", server.URL, baseDN, searchFilter, strings.Join(attributes, ","))
 	if server == nil {
+		logging.Errorf("Server is nil, failed to search LDAP server")
 		return LDAPSearch{false, nil}
 	}
 
@@ -100,6 +114,7 @@ func searchLDAPServer(server *LDAPServer, baseDN string, searchFilter string, at
 
 	sr, err := server.Connection.Search(searchRequest)
 	if err != nil {
+		logging.Errorf("Failed to search LDAP server %s\n", err.Error())
 		return LDAPSearch{false, nil}
 	}
 
@@ -107,15 +122,52 @@ func searchLDAPServer(server *LDAPServer, baseDN string, searchFilter string, at
 }
 
 func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, data []string) error {
+	logging.Infof("Modifing LDAP attribute %s", attribute)
 	modify := ldap.NewModifyRequest(userDN, nil)
 	modify.Replace(attribute, data)
 	err := server.Connection.Modify(modify)
 	if err != nil {
+		logging.Errorf("Failed to modify %s", err.Error())
 		return err
 	}
 	return nil
 }
 
+func changeLDAPPassword(server *LDAPServer, userDN, oldPassword, newPassword string) error {
+	logging.Infof("Changing LDAP password for %s", userDN)
+
+	if server == nil || server.Connection == nil {
+		return fmt.Errorf("LDAP connection not initialized")
+	}
+
+	// Ensure connection is alive
+	if server.Connection.IsClosing() {
+		if err := reconnectToLDAPServer(server); err != nil {
+			return err
+		}
+	}
+
+	// Bind as the user (required for FreeIPA self-password change)
+	err := server.Connection.Bind(userDN, oldPassword)
+	if err != nil {
+		logging.Errorf("Failed to bind as user: %s", err.Error())
+		return err
+	}
+
+	// Perform password modify extended operation
+	_, err = server.Connection.PasswordModify(&ldap.PasswordModifyRequest{
+		UserIdentity: userDN,
+		OldPassword:  oldPassword,
+		NewPassword:  newPassword,
+	})
+	if err != nil {
+		logging.Errorf("Password modify failed: %s", err.Error())
+		return err
+	}
+	logging.Infof("Password successfully changed for %s", userDN)
+	return nil
+}
+
 func closeLDAPServer(server *LDAPServer) {
 	if server != nil && server.Connection != nil {
 		logging.Debug("Closing connection to LDAP server")

src/main/main.go

@@ -57,6 +57,7 @@ func createUserPhoto(username string, photoData []byte) error {
 }
 
 func authenticateUser(username, password string) (UserData, error) {
+	logging.Event(logging.AuthenticateUser, username)
 	ldapServerMutex.Lock()
 	defer ldapServerMutex.Unlock()
 	if ldapServer.Connection == nil {
@@ -191,7 +192,6 @@ func avatarHandler(w http.ResponseWriter, r *http.Request) {
 	connected := connectAsLDAPUser(ldapServer, serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword)
 	if connected != nil {
 		w.Write(blankPhotoData)
-		fmt.Println("Returned blank avatar because couldnt connect as user")
 		return
 	}
 
@@ -203,13 +203,11 @@ func avatarHandler(w http.ResponseWriter, r *http.Request) {
 	)
 	if !userSearch.Succeeded || len(userSearch.LDAPSearch.Entries) == 0 {
 		w.Write(blankPhotoData)
-		fmt.Println("Returned blank avatar because we couldnt find the user")
 		return
 	}
 	entry := userSearch.LDAPSearch.Entries[0]
 	bytes := entry.GetRawAttributeValue("jpegphoto")
 	if len(bytes) == 0 {
-		fmt.Println("Returned blank avatar because we just don't have an avatar")
 		w.Write(blankPhotoData)
 		return
 	} else {
@@ -230,14 +228,13 @@ func logoutHandler(w http.ResponseWriter, r *http.Request) {
 	if exist {
 		if r.FormValue("csrf_token") != sessionData.CSRFToken {
 			http.Error(w, "Unable to log user out", http.StatusForbidden)
-			log.Printf("%s attempted to logout with invalid csrf token", sessionData.data.Username)
+			logging.Debugf("%s attempted to logout with invalid csrf token", sessionData.data.Username)
 			return
 		}
 	}
+	logging.Infof("handling logout event for %s", sessionData.data.Username)
 
-	sessionMutex.Lock()
+	deleteSession(token)
-	delete(sessions, token)
-	sessionMutex.Unlock()
 	http.Redirect(w, r, "/login", http.StatusSeeOther)
 }
 
@@ -293,9 +290,9 @@ func logoHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func cleanupSessions() {
-	sessionMutex.Lock()
+	logging.Debug("Cleaning up stale session\n")
-	defer sessionMutex.Unlock()
 
+	sessionMutex.Lock()
 	sessions_to_delete := []string{}
 	for session_token, session_data := range sessions {
 		timeUntilRemoval := time.Minute * 5
@@ -306,11 +303,69 @@ func cleanupSessions() {
 			sessions_to_delete = append(sessions_to_delete, session_token)
 		}
 	}
+	sessionMutex.Unlock()
 	for _, session_id := range sessions_to_delete {
-		delete(sessions, session_id)
+		deleteSession(session_id)
 	}
 }
 
+func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
+
+	exist, sessionData := validateSession(r)
+	if !exist {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
+		return
+	}
+
+	err := r.ParseMultipartForm(10 << 20)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"success": false, "error": "Bad request"}`))
+		return
+	}
+
+	if r.FormValue("csrf_token") != sessionData.CSRFToken {
+		w.WriteHeader(http.StatusForbidden)
+		w.Write([]byte(`{"success": false, "error": "CSRF Forbidden"}`))
+		return
+	}
+
+	oldPassword := r.FormValue("old_password")
+	newPassword := r.FormValue("new_password")
+	newPasswordRepeat := r.FormValue("new_password_repeat")
+
+	if newPassword != newPasswordRepeat {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"success": false, "error": "Passwords do not match"}`))
+		return
+	}
+
+	userDN := fmt.Sprintf(
+		"uid=%s,cn=users,cn=accounts,%s",
+		sessionData.data.Username,
+		serverConfig.LDAPConfig.BaseDN,
+	)
+
+	err = changeLDAPPassword(ldapServer, userDN, oldPassword, newPassword)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+
+		if strings.Contains(err.Error(), "Invalid Credentials") {
+			w.Write([]byte(`{"success": false, "error": "Current password incorrect"}`))
+		} else if strings.Contains(err.Error(), "Too soon to change password") {
+			w.Write([]byte(`{"success": false, "error": "Too soon to change password"}`))
+		} else {
+			w.Write([]byte(`{"success": false, "error": "Internal error"}`))
+		}
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(`{"success": true}`))
+}
+
 func main() {
 	logging.Info("Starting the server")
 
@@ -341,6 +396,7 @@ func main() {
 
 	HandleFunc("/avatar", avatarHandler)
 	HandleFunc("/change-photo", uploadPhotoHandler)
+	HandleFunc("/change-password", changePasswordHandler)
 
 	HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect

src/main/session.go

@@ -4,10 +4,11 @@ import (
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
-	"log"
 	"net/http"
 	"sync"
 	"time"
+
+	"astraltech.xyz/accountmanager/src/logging"
 )
 
 type SessionData struct {
@@ -33,14 +34,15 @@ func GenerateSessionToken(length int) (string, error) {
 }
 
 func createSession(userData *UserData) *http.Cookie {
+	logging.Debugf("Creating a new session for %s", userData.Username)
 	token, err := GenerateSessionToken(32) // Use crypto/rand for this
 	if err != nil {
-		log.Print(err)
+		logging.Error(err.Error())
 		return nil
 	}
 	CSRFToken, err := GenerateSessionToken(32)
 	if err != nil {
-		log.Print(err)
+		logging.Error(err.Error())
 		return nil
 	}
 
@@ -72,8 +74,10 @@ func createSession(userData *UserData) *http.Cookie {
 }
 
 func validateSession(r *http.Request) (bool, *SessionData) {
+	logging.Debugf("Validating session")
 	cookie, err := r.Cookie("session_token")
 	if err != nil {
+		logging.Error(err.Error())
 		return false, &SessionData{}
 	}
 	token := cookie.Value
@@ -87,5 +91,16 @@ func validateSession(r *http.Request) (bool, *SessionData) {
 	if !exists || !sessionData.loggedIn {
 		return false, &SessionData{}
 	}
+	logging.Infof("Validated session for %s", sessionData.data.Username)
 	return true, &sessionData
 }
+
+func deleteSession(session_id string) {
+	sessionMutex.Lock()
+
+	tokenEncoded := sha256.Sum256([]byte(session_id))
+	tokenEncodedString := string(tokenEncoded[:])
+
+	delete(sessions, tokenEncodedString)
+	sessionMutex.Unlock()
+}

src/pages/login_page.html

@@ -6,37 +6,31 @@
     rel="stylesheet"
 />
 <link rel="stylesheet" href="static/style.css" />
+<link rel="stylesheet" href="static/error/error.css" />
+<link rel="stylesheet" href="static/card.css" />
 <link rel="stylesheet" href="static/login_page.css" />
 
 <img id="logo_image" alt="logo" src="/logo" />
-<form id="login_card" method="POST">
+<form id="login_card" class="card" method="POST">
     <div id="welcome_text">
         Welcome to Astral Tech, Please Sign in to your account below
     </div>
 
-    <div id="incorrect_password_text" class="{{.IsHiddenClassList}}">
+    <div class="error {{.IsHiddenClassList}}">
         ⚠️ Invalid username or password.
-        <button id="incorrect_password_close_button">X</button>
+        <button class="close_error_button">X</button>
     </div>
 
     <div>
-        <label class="login_text">Username</label><br />
+        <label class="input_label">Username</label><br />
         <input type="text" name="username" placeholder="" required />
     </div>
 
     <div>
-        <label class="login_text">Password</label><br />
+        <label class="input_label">Password</label><br />
         <input type="password" name="password" placeholder="" required />
     </div>
     <button type="submit">Login</button>
 </form>
 
-<script>
+<script src="/static/error/error.js" type="text/javascript"></script>
-    document
-        .getElementById("incorrect_password_close_button")
-        .addEventListener("click", function () {
-            document
-                .getElementById("incorrect_password_text")
-                .classList.add("hidden");
-        });
-</script>

src/pages/profile_page.html

@@ -7,8 +7,59 @@
 />
 <link rel="stylesheet" href="static/style.css" />
 <link rel="stylesheet" href="static/card.css" />
+<link rel="stylesheet" href="static/error/error.css" />
 <link rel="stylesheet" href="static/profile_page.css" />
 
+<div id="popup_background" class="blocked hidden"></div>
+
+<div id="change_password_dialogue" class="hidden card static_center">
+    Change Password
+
+    <button id="close_password_dialogue">X</button>
+
+    <div id="password_error" class="error hidden">
+        <div id="password_text"></div>
+        <button id="password_error_close_button" class="close_error_button">
+            X
+        </button>
+    </div>
+
+    <div>
+        <label class="input_label">Current password</label><br />
+        <input
+            type="password"
+            id="current_password"
+            name="current_password"
+            placeholder=""
+            required
+        />
+    </div>
+
+    <div>
+        <label class="input_label">New password</label><br />
+        <input
+            type="password"
+            id="new_password"
+            name="new_password"
+            placeholder=""
+            required
+        />
+    </div>
+
+    <div>
+        <label class="input_label">New password (repeat)</label><br />
+        <input
+            type="password"
+            id="new_password_repeat"
+            name="new_password_repeat"
+            placeholder=""
+            required
+        />
+    </div>
+
+    <button id="final_change_password_button">Change Password</button>
+</div>
+
 <img id="logo_image" alt="logo" src="/logo" />
 <div id="main_content">
     <div class="cards">
@@ -51,28 +102,18 @@
                 <div class="data-value">{{.Email}}</div>
             </div>
 
-            <form
+            <button class="bottom_button" id="change_password_button">
-                action="/logout"
+                <input
-                method="POST"
+                    id="csrf_token_storage"
-                style="
+                    type="hidden"
-                    color: var(--primary-accent);
+                    name="csrf_token"
-                    text-decoration: none;
+                    value="{{.CSRFToken}}"
-                    font-weight: bold;
+                />
-                    margin-top: 20px;
+                Change Password
-                    display: inline-block;
+            </button>
-                "
+
-            >
+            <form action="/logout" method="POST" style="display: inline-block">
-                <button
+                <button class="bottom_button" id="signout_button">
-                    style="
-                        background: none;
-                        border-style: none;
-                        color: var(--primary-accent);
-                        text-decoration: none;
-                        font-weight: bold;
-                        font-size: 20px;
-                    "
-                    id="signout_button"
-                >
                     <input
                         id="csrf_token_storage"
                         type="hidden"
@@ -95,10 +136,102 @@
     });
 </script>
 
+<script type="text/javascript">
+    const popup_botton = document.getElementById("change_password_button");
+
+    popup_botton.addEventListener("click", () => {
+        document.getElementById("popup_background").classList.remove("hidden");
+        document
+            .getElementById("change_password_dialogue")
+            .classList.remove("hidden");
+    });
+</script>
+
+<script type="text/javascript">
+    const changePasswordButton = document.getElementById(
+        "final_change_password_button",
+    );
+
+    function displayError(errorText) {
+        document.getElementById("password_error").classList.remove("hidden");
+        document.getElementById("password_text").innerText =
+            "⚠️ " + errorText + ".";
+        return;
+    }
+
+    changePasswordButton.addEventListener("click", () => {
+        if (document.getElementById("current_password").value === "") {
+            displayError("Please enter current password");
+            return;
+        }
+
+        if (document.getElementById("new_password").value === "") {
+            displayError("No value for new password");
+            return;
+        }
+
+        if (document.getElementById("new_password_repeat").value === "") {
+            displayError("Please repeat new password");
+            return;
+        }
+
+        if (
+            document.getElementById("new_password").value !==
+            document.getElementById("new_password_repeat").value
+        ) {
+            displayError("New password and new password repeat do not match");
+            return;
+        }
+
+        const formData = new FormData();
+        formData.append(
+            "csrf_token",
+            document.getElementById("csrf_token_storage").value,
+        );
+        formData.append(
+            "old_password",
+            document.getElementById("current_password").value,
+        );
+        formData.append(
+            "new_password",
+            document.getElementById("new_password").value,
+        );
+        formData.append(
+            "new_password_repeat",
+            document.getElementById("new_password_repeat").value,
+        );
+
+        fetch("/change-password", {
+            method: "POST",
+            body: formData,
+        })
+            .then(async (res) => {
+                const data = await res.json();
+                if (!res.ok) {
+                    throw new Error(data.error || "Request failed");
+                }
+                return data;
+            })
+            .then((data) => {
+                document
+                    .getElementById("change_password_dialogue")
+                    .classList.add("hidden");
+                document
+                    .getElementById("popup_background")
+                    .classList.add("hidden");
+            })
+            .catch((err) => {
+                displayError(err.message);
+            });
+    });
+</script>
+
 <script type="text/javascript">
     var currentPreviewURL = null;
 
     fileInput.addEventListener("change", async () => {
+        document.getElementById("popup_background").classList.remove("hidden");
+
         const file = fileInput.files[0];
         if (!file) return;
         if (file.type !== "image/jpeg") {
@@ -118,7 +251,9 @@
             credentials: "include",
         });
         const text = await res.text();
-        // show the picture (so we don't need to re render the whole page)
+
+        document.getElementById("popup_background").classList.add("hidden");
+
         const img = document.querySelector(".profile-pic");
 
         if (currentPreviewURL != null) {
@@ -129,3 +264,16 @@
         currentPreviewURL = img.src;
     });
 </script>
+
+<script type="text/javascript">
+    document
+        .getElementById("close_password_dialogue")
+        .addEventListener("click", () => {
+            document
+                .getElementById("change_password_dialogue")
+                .classList.add("hidden");
+            document.getElementById("popup_background").classList.add("hidden");
+        });
+</script>
+
+<script src="/static/error/error.js" type="text/javascript"></script>

static/card.css

@@ -3,11 +3,22 @@
         255,
         255,
         255,
-        0.8
+        1
     ); /* Semi-transparent white for light theme */
     border: 1px solid var(--border-subtle);
     border-radius: 12px;
-    padding: 24px;
+    padding: 2.5rem;
     box-shadow: 0 4px 15px rgba(0, 0, 0, 0.03);
     transition: transform 0.2s ease;
+
+    display: flex;
+    flex-direction: column;
+    gap: 15px;
+}
+
+.static_center {
+    position: fixed;
+    left: 50%;
+    top: 50%;
+    transform: translateX(-50%) translateY(-50%);
 }

static/error/error.css

@@ -0,0 +1,30 @@
+.error {
+    background-color: var(--error-red) !important;
+    border-radius: 10px;
+    padding: 20px;
+    border-style: solid;
+    border-color: var(--error-border-red);
+    border-width: 1px;
+    box-sizing: border-box;
+    font-size: 12px;
+    position: relative;
+    color: white;
+    box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1);
+}
+
+.close_error_button {
+    position: absolute !important;
+    background-color: rgba(0, 0, 0, 0) !important;
+    padding: 0px !important;
+    top: 20px;
+    right: 20px;
+    color: black !important;
+    font-weight: normal !important;
+    border: none;
+    width: fit-content !important;
+}
+
+.close_error_button:hover {
+    cursor: default;
+    font-weight: bold !important;
+}

static/error/error.js

@@ -0,0 +1,7 @@
+var error_close_buttons = document.getElementsByClassName("close_error_button");
+
+for (const close_button of error_close_buttons) {
+  close_button.addEventListener("click", function () {
+    this.parentElement.classList.add("hidden");
+  });
+}

static/login_page.css

@@ -6,51 +6,17 @@
 }
 
 #login_card {
-    /* The Magic Three */
-    display: flex;
-    flex-direction: column; /* Stack vertically */
-    gap: 15px; /* Space between inputs */
-
     position: fixed;
     top: 50%;
     left: 50%;
     transform: translateX(-50%) translateY(-50%);
-
-    background-color: var(--bg-card);
-    border: 1px solid var(--border-subtle);
-    padding: 2.5rem;
-    border-radius: 8px;
     width: 350px;
-
-    /* Soft shadow for depth in light mode */
-    box-shadow:
-        0 4px 12px rgba(0, 0, 0, 0.05),
-        0 1px 3px rgba(0, 0, 0, 0.1);
 }
 
 #login_card input {
-    padding: 12px;
-    background-color: var(--bg-input);
-    border: 1px solid var(--border-subtle);
-    color: var(--text-main);
-    border-radius: 6px;
     width: 324px;
 }
 
-#login_card input::placeholder {
-    color: var(--text-muted);
-}
-
-#login_card button {
-    padding: 12px;
-    background-color: var(--primary-accent); /* Our Teal/Blue */
-    color: white;
-    border: none;
-    border-radius: 6px;
-    cursor: pointer;
-    font-weight: bold;
-}
-
 #login_card div {
     width: 100%;
 }
@@ -69,48 +35,8 @@
     flex: 2;
 }
 
-#login_card button:hover {
-    background-color: var(--primary-hover);
-}
-
-.login_text {
-    color: var(--text-muted);
-    margin: 0;
-    padding: 0;
-    font-size: 15px;
-}
-
 #welcome_text {
     font-weight: 700;
     font-size: 1.25rem;
     margin-bottom: 8px;
 }
-
-#incorrect_password_text {
-    background-color: var(--error-red) !important;
-    border-radius: 10px;
-    padding: 20px;
-    border-style: solid;
-    border-color: var(--error-border-red);
-    border-width: 1px;
-    box-sizing: border-box;
-    font-size: 12px;
-    position: relative;
-    color: white;
-    box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1);
-}
-
-#incorrect_password_close_button {
-    position: absolute !important;
-    background-color: rgba(0, 0, 0, 0) !important;
-    padding: 0px !important;
-    top: 20px;
-    right: 20px;
-    color: black !important;
-    font-weight: normal !important;
-}
-
-#incorrect_password_close_button:hover {
-    cursor: default;
-    font-weight: bold !important;
-}

static/profile_page.css

@@ -33,6 +33,8 @@
     max-width: 500px;
     text-align: center;
 
+    gap: 0px !important;
+
     position: fixed;
     left: 50%;
     top: 50%;
@@ -83,6 +85,8 @@
     border-radius: 50%;
     border: none;
     padding: 6px;
+
+    width: fit-content !important;
 }
 
 #edit_picture_button:hover {
@@ -90,8 +94,8 @@
 }
 
 #edit_picture_image {
-    width: 20px;
+    width: 20px !important;
-    height: 20px;
+    height: 20px !important;
 }
 
 #picture_holder {
@@ -100,6 +104,31 @@
     line-height: 0;
 }
 
-#signout_button:hover {
+.bottom_button:hover {
     text-decoration: underline !important;
+    background: none !important;
+}
+
+.bottom_button {
+    background: none;
+    border-style: none;
+    color: var(--primary-accent);
+    text-decoration: none;
+    font-weight: bold;
+    font-size: 20px;
+}
+
+#change_password_dialogue {
+    z-index: 10000;
+    position: fixed;
+}
+
+#change_password_dialogue input {
+    width: 350px;
+}
+
+#close_password_dialogue {
+    width: fit-content;
+    position: absolute;
+    right: 2.5rem;
 }

static/style.css

@@ -24,6 +24,52 @@ body {
     background-color: var(--bg-main);
 }
 
-.hidden {
+button {
-    display: none;
+    padding: 12px;
+    background-color: var(--primary-accent); /* Our Teal/Blue */
+    color: white;
+    border: none;
+    border-radius: 6px;
+    cursor: pointer;
+    font-weight: bold;
+    width: 100%;
+}
+
+button:hover {
+    background-color: var(--primary-hover);
+}
+
+input {
+    padding: 12px;
+    background-color: var(--bg-input);
+    border: 1px solid var(--border-subtle);
+    color: var(--text-main);
+    border-radius: 6px;
+}
+
+input::placeholder {
+    color: var(--text-muted);
+}
+
+.input_label {
+    color: var(--text-muted);
+    margin: 0;
+    padding: 0;
+    font-size: 15px;
+}
+
+.hidden {
+    display: none !important;
+}
+
+.blocked {
+    position: fixed; /* or absolute */
+    top: 0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+    z-index: 9999; /* higher = on top */
+
+    background-color: black;
+    opacity: 10%;
 }