Example #1
0
func MechHandler(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case "GET":
		{
			uid := r.FormValue("uid")
			log.Println(uid)
			db := services.GetDB()

			rows, err := db.Query("SELECT * FROM mechs WHERE uid = $1 AND isPrimary = true", uid)

			defer rows.Close()
			if err != nil {
				log.Fatal(err)
			}

			for rows.Next() {
				var mech mydb.Mech
				err = rows.Scan(
					&mech.Uid,
					&mech.Arms,
					&mech.Legs,
					&mech.Core,
					&mech.Head,
					&mech.Weapon1L,
					&mech.Weapon1R,
					&mech.Weapon2L,
					&mech.Weapon2R,
					&mech.Booster,
					&mech.IsPrimary,
				)
				if err != nil {
					log.Fatal(err)
				}
				SendResponse(w, http.StatusOK, mech)
				return

			}

			w.WriteHeader(http.StatusNotFound)

		}
	}
}
Example #2
0
func LoginHandler(w http.ResponseWriter, r *http.Request) {
	success := false
	ret := make(map[string]interface{})
	db := services.GetDB()
	var user mydb.User
	switch r.Method {
	case "POST":
		{
			potentialPassword := r.FormValue("password")

			rows, err := db.Query("SELECT * FROM users WHERE username = $1", r.FormValue("username")) // where ... sql injection
			if err != nil {
				log.Fatal(err)
			}

			if rows.Next() {
				err = rows.Scan(
					&user.Uid,
					&user.Username,
					&user.Password,
					&user.PilotName,
					&user.Level,
					&user.Rank,
					&user.Credits,
				)
				if err != nil {
					log.Fatal(err)
				}
				if potentialPassword == user.Password {
					success = true
					ret["User"] = user
				}
			}
			rows.Close()

			if !success {
				log.Printf("Invalid credentials")
				w.WriteHeader(http.StatusUnauthorized)
				return
			}

			// Get main Mech
			rows, err = db.Query("SELECT * FROM mechs WHERE uid = $1 AND isPrimary = true", user.Uid) // sql injection

			defer rows.Close()
			if err != nil {
				log.Fatal(err)
			}

			if rows.Next() {
				var mech mydb.Mech
				err = rows.Scan(
					&mech.Uid,
					&mech.Arms,
					&mech.Legs,
					&mech.Core,
					&mech.Head,
					&mech.Weapon1L,
					&mech.Weapon1R,
					&mech.Weapon2L,
					&mech.Weapon2R,
					&mech.Booster,
					&mech.IsPrimary,
				)
				if err != nil {
					log.Fatal(err)
				}

				ret["Mech"] = mech

			} else {
				w.WriteHeader(http.StatusNotFound)
				log.Println("No mech data for user: "******"Owns"] = make([]string, 0)
			rows, err = db.Query("SELECT name FROM equipment E, owns O, users U WHERE E.eid = O.eid and O.uid = U.uid and U.uid = $1;", user.Uid)
			for rows.Next() {
				var part string
				err = rows.Scan(&part)
				if err != nil {
					log.Fatal(err)
				}
				ret["Owns"] = append(ret["Owns"].([]string), part)
			}

			SendResponse(w, http.StatusOK, ret)

		}
	}
}