func SettingsPost(w http.ResponseWriter, r *http.Request) {
// /settings POST method handler.
// Validates the form,
db := database.GetConnection()
sessionid := cookies.GetCookieVal(r, "sessionid")
username := cookies.UsernameFromCookie(sessionid)
if username != "" {
pass, _ := database.GetPassword(db, username)
newPassword := r.FormValue("new")
repeat := r.FormValue("repeat")
oldPassword := r.FormValue("old")
if password.Authenticate(oldPassword, pass) && len(newPassword) > 5 && newPassword == repeat {
hashed := password.NewPassword(newPassword)
database.ChangePassword(db, username, hashed)
log.Printf("USER (%s) CHANGED PASSWORD\n", username)
}
}
http.Redirect(w, r, "/login", http.StatusFound)
}
func LoginPost(w http.ResponseWriter, r *http.Request) {
// /login handler for POST request.
// Tries to validate user.
// If email / password is OK,
// new sessionid cookie is set and user is redirected to / .
db := database.GetConnection()
username := r.FormValue("username")
username = strings.ToLower(username)
pass := r.FormValue("password")
remember := r.FormValue("remember") == "1"
hashed, _ := database.GetPassword(db, username)
if password.Authenticate(pass, hashed) {
// Valid password.
sessionid := cookies.GenerateSessionId(username)
cookies.SetSessionId(w, sessionid, remember)
http.Redirect(w, r, "/", http.StatusFound)
log.Printf("LOGGED IN (%s)\n", username)
} else {
context := loginContext{username, config.Config.Register, true}
templates.Render(w, "login", context)
}
}
