func postLogin(w *web, routes martini.Routes) { var form formLogin w.decode(&form) user := findUserByEmail(form.Email) if !user.valid() { panic(ae("User **%s** does not exist.", form.Email)) } // If the user doesn't have a password in the database, then they need // to set a password. newPassUrl := routes.URLFor("newpassword", user.Id) _, err := uauth.Get(user.Id) if err != nil { panic(ae("Account has no password. Please [set a new password]"+ "(%s).", newPassUrl)) } ok, err := uauth.Authenticate(user.Id, form.Password) if err != nil || !ok { panic(ae("Invalid password.")) } w.s.Values[sessionUserId] = user.Id assert(w.s.Save(w.r, w.w)) http.Redirect(w.w, w.r, form.BackTo, 302) }