func login(w http.ResponseWriter, r *http.Request) error {
username := r.FormValue("username")
password := r.FormValue("password")
userLog.Info("Log in: %v/%v", username, password)
query := DB.QueryRow("SELECT id, username, password FROM users WHERE username = $1", username)
var user User
err := query.Scan(&user.Id, &user.Username, &user.password)
if err != nil {
web.FlashWarning(r, "No such user found")
http.Redirect(w, r, "/login", http.StatusFound)
return nil
}
if string(user.password) == password {
session := web.Session(r)
session.Values["userId"] = user.Id
web.FlashInfo(r, fmt.Sprintf("Logged in as %v", user.Username))
if dest, ok := session.Values["loginDestination"]; ok {
http.Redirect(w, r, dest.(string), http.StatusFound)
} else {
http.Redirect(w, r, "/user", http.StatusFound)
}
return nil
}
web.FlashWarning(r, "Incorrect username or password")
http.Redirect(w, r, "/login", http.StatusFound)
return nil
}
func addQuestion(w http.ResponseWriter, r *http.Request) error {
vars := mux.Vars(r)
questionType, ok := types.QuestionTypes[vars["questionType"]]
if !ok {
return fmt.Errorf("Question Type %v does not exist", vars["questionType"])
}
question := &Question{Type: questionType.Name()}
var form = NewQuestionForm(r, question)
r.ParseForm()
err := forms.DecodeForm(form, r.Form)
if err != nil {
web.FlashWarning(r, err.Error())
}
if !web.ValidateCSRF(r, form.CSRF) {
return fmt.Errorf("Invalid token")
}
validationErrors := forms.Validate(form)
if len(validationErrors) == 0 {
q := new(Question)
q.Type = questionType.Name()
form.scan(q)
q.Save()
q.SetSubjectTypes(form.subjectTypeIds())
web.FlashSuccess(r, fmt.Sprintf("\"%v\" created successfully.", q.Name))
http.Redirect(w, r, "/admin/questions", http.StatusFound)
return nil
} else {
context.Set(r, "newQuestionForm", form)
return addQuestionForm(w, r)
}
return nil
}