From 9494bf637844224ff258f2e1861fa727d0fe9f9f Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 8 May 2013 14:20:57 -0400
Subject: [PATCH 1/5] edit restrict

---
 src/webserver.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/webserver.js b/src/webserver.js
index c4c41c39d1..fbcd7fe16b 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -419,7 +419,7 @@ passport.deserializeUser(function(uid, done) {
 
 	app.get('/users/:uid/edit', function(req, res){
 		
-		if(req.user && req.params.uid)
+		if(req.user && req.params.uid && req.user.uid === req.params.uid)
 			res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
 		else
 			return res.redirect('/403');	

From 0210e5a92831379a2d95540a6153e2fd5907923f Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 8 May 2013 14:26:29 -0400
Subject: [PATCH 2/5] edit

---
 src/webserver.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/webserver.js b/src/webserver.js
index fbcd7fe16b..e79c2e5290 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -419,10 +419,16 @@ passport.deserializeUser(function(uid, done) {
 
 	app.get('/users/:uid/edit', function(req, res){
 		
-		if(req.user && req.params.uid && req.user.uid === req.params.uid)
-			res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
-		else
-			return res.redirect('/403');	
+		if(!req.user)
+			return res.redirect('/403');
+		
+		user.getUserField(req.user.uid, 'username', function(username) {
+		
+			if(req.params.uid && username === req.params.uid)
+				res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
+			else
+				return res.redirect('/403');
+		});	
 	});
 
 	

From 9166a9ccdec74884333c38acf60ad4ad182ffabb Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 8 May 2013 14:49:33 -0400
Subject: [PATCH 3/5] user edit changes

---
 public/templates/account.tpl     | 14 +++++++++++---
 public/templates/accountedit.tpl |  3 +++
 src/user.js                      |  2 +-
 src/webserver.js                 | 17 +++++++++++------
 4 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/public/templates/account.tpl b/public/templates/account.tpl
index 7b3f2b3ea7..0aa2334368 100644
--- a/public/templates/account.tpl
+++ b/public/templates/account.tpl
@@ -10,7 +10,7 @@
 	
 	<div class="account-username-box">
 		<span class="account-username"><a href="/users/{user.username}">{user.username}</a></span>
-		<span class="pull-right"><a href="/users/{user.username}/edit">edit</a></span>
+		<span id="editLink" class="pull-right"><a href="/users/{user.username}/edit">edit</a></span>
 	</div>
 		
 	<div class="account-picture-block">
@@ -50,13 +50,17 @@
 		<span id='postcount'>{user.postcount}</span>
 	</div>
 	 
-
+   
 	<!-- END user -->
-
+ 
 
 
 </div>
 <script type="text/javascript">
+
+var yourid = '{yourid}';
+var theirid = '{theirid}';
+
 (function() {
     
     function addCommas(text) {
@@ -70,6 +74,10 @@
         var postcount = $('#postcount');
         postcount.html(addCommas(postcount.html()));
         
+        var editLink = $('#editLink');
+        if( yourid !== theirid)
+            editLink.addClass('hidden');
+        
     });
     
 
diff --git a/public/templates/accountedit.tpl b/public/templates/accountedit.tpl
index dcb0d4fabc..33e4719432 100644
--- a/public/templates/accountedit.tpl
+++ b/public/templates/accountedit.tpl
@@ -57,6 +57,8 @@
                 </div>
               </div>
              
+             <input type="hidden" id="inputUID" value="{user.uid}">
+             
               <div class="form-actions">
                 <a id="submitBtn" href="" class="btn btn-primary">Save changes</a>
                 <a href="/users/{user.username}" class="btn">Cancel</a>
@@ -76,6 +78,7 @@
         $('#submitBtn').on('click',function(){
             
             var userData = {
+                uid:$('#inputUID').val(),
                 email:$('#inputEmail').val(),
                 fullname:$('#inputFullname').val(),
                 website:$('#inputWebsite').val(),
diff --git a/src/user.js b/src/user.js
index 51167d4ca8..99aa738703 100644
--- a/src/user.js
+++ b/src/user.js
@@ -70,7 +70,7 @@ var	config = require('../config.js'),
 	}
 
 	User.updateUserFields = function(uid, data) {
-		console.log(data);
+		
 		for(var key in data) {
 			User.setUserField(uid, key, data[key]);
 		}
diff --git a/src/webserver.js b/src/webserver.js
index e79c2e5290..fb0d29bb44 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -228,7 +228,7 @@ passport.deserializeUser(function(uid, done) {
 					else if (String(req.params.section).toLowerCase() === 'edit') {
 						get_account_fn(req, res, function(userData) {
 							res.send(JSON.stringify(userData));
-						});			
+						});
 					} else {
 						get_account_fn(req, res, function(userData) {
 							res.send(JSON.stringify(userData));
@@ -334,10 +334,11 @@ passport.deserializeUser(function(uid, done) {
 
 	app.post('/edituser', function(req, res){
 		
-		if(!req.user) {
-			res.redirect('/403');
-			return;
-		}
+		if(!req.user)
+			return res.redirect('/403');
+		console.log(req.body.uid);
+		if(req.user.uid !== req.body.uid)
+			return res.redirect('/');
 		
 		user.updateUserFields(req.user.uid, req.body);
 		
@@ -377,7 +378,11 @@ passport.deserializeUser(function(uid, done) {
 					data.joindate = utils.relativeTime(data.joindate);
 					data.age = new Date().getFullYear() - new Date(data.birthday).getFullYear();;
 					data.uid = uid;
-					callback({user:data});
+					callback({
+						yourid:req.user.uid,
+						theirid:uid,
+						user:data
+					});
 				}
 				else
 					callback({user:{}});

From 2539079c846a44a5d9d45f1a1efbf36455f74c85 Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 8 May 2013 14:54:07 -0400
Subject: [PATCH 4/5] removed console.log

---
 src/webserver.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/webserver.js b/src/webserver.js
index fb0d29bb44..2f6fddde44 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -336,7 +336,7 @@ passport.deserializeUser(function(uid, done) {
 		
 		if(!req.user)
 			return res.redirect('/403');
-		console.log(req.body.uid);
+		
 		if(req.user.uid !== req.body.uid)
 			return res.redirect('/');
 		

From 44f0183b293945d6ca12c0095c19dd2aa77c49bc Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 8 May 2013 14:58:40 -0400
Subject: [PATCH 5/5] fixed anon users visiting user profiles

---
 src/webserver.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/webserver.js b/src/webserver.js
index 2f6fddde44..e9280cdb5d 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -378,10 +378,11 @@ passport.deserializeUser(function(uid, done) {
 					data.joindate = utils.relativeTime(data.joindate);
 					data.age = new Date().getFullYear() - new Date(data.birthday).getFullYear();;
 					data.uid = uid;
+					
 					callback({
-						yourid:req.user.uid,
-						theirid:uid,
-						user:data
+						yourid: (req.user)?req.user.uid : 0,
+						theirid: uid,
+						user: data
 					});
 				}
 				else