func postLogin(w *web, routes martini.Routes) {
var form formLogin
w.decode(&form)
user := findUserByEmail(form.Email)
if !user.valid() {
panic(ae("User **%s** does not exist.", form.Email))
}
// If the user doesn't have a password in the database, then they need
// to set a password.
newPassUrl := routes.URLFor("newpassword", user.Id)
_, err := uauth.Get(user.Id)
if err != nil {
panic(ae("Account has no password. Please [set a new password]"+
"(%s).", newPassUrl))
}
ok, err := uauth.Authenticate(user.Id, form.Password)
if err != nil || !ok {
panic(ae("Invalid password."))
}
w.s.Values[sessionUserId] = user.Id
assert(w.s.Save(w.r, w.w))
http.Redirect(w.w, w.r, form.BackTo, 302)
}
// MethodNotAllowed writes a 405 Method Not Allowed response when applicable.
// It also sets the Accept header to the list of methods that are acceptable.
func MethodNotAllowed(routes martini.Routes, w http.ResponseWriter, r *http.Request) {
if methods := routes.MethodsFor(r.URL.Path); len(methods) != 0 {
w.Header().Set("Allow", strings.Join(methods, ","))
w.WriteHeader(http.StatusMethodNotAllowed)
}
}