func (c User) SigninPost(name, password string) revel.Result {
c.Validation.Required(name).Message("请输入用户名")
c.Validation.Required(password).Message("请输入密码")
if c.Validation.HasErrors() {
c.Validation.Keep()
c.FlashParams()
return c.Redirect(routes.User.Signin())
}
var user models.User
var count int64
var hashedPassword string
has, _ := engine.Where("name = ?", name).Get(&user)
if has {
// 密码加盐兼容旧密码
if user.Salt == "" {
hashedPassword = models.EncryptPassword(password, "")
} else {
hashedPassword = models.EncryptPassword(password, user.Salt)
}
count, _ = engine.Where("name = ? AND hashed_password = ?", name, hashedPassword).Count(&models.User{})
// 密码加盐兼容旧密码
if count > 0 && user.Salt == "" {
salt := uuidName()
hashedPassword = models.EncryptPassword(password, salt)
engine.Id(user.Id).Update(&models.User{
Salt: salt,
HashedPassword: hashedPassword,
})
}
}
if !has || count == 0 {
c.Validation.Keep()
c.FlashParams()
c.Flash.Out["user"] = name
c.Flash.Error("用户名或密码错误")
return c.Redirect(routes.User.Signin())
}
if !user.IsActive() {
c.Flash.Error(fmt.Sprintf("您的账号 %s 尚未激活,请到您的邮箱 %s 激活账号!", user.Name, user.Email))
c.Validation.Keep()
c.FlashParams()
return c.Redirect(routes.User.Signin())
}
c.Session["user"] = name
if preUrl, ok := c.Session["preUrl"]; ok {
return c.Redirect(preUrl)
}
return c.Redirect(routes.App.Index())
}
