func (c User) SigninPost(name, password string) revel.Result { c.Validation.Required(name).Message("请输入用户名") c.Validation.Required(password).Message("请输入密码") if c.Validation.HasErrors() { c.Validation.Keep() c.FlashParams() return c.Redirect(routes.User.Signin()) } var user models.User var count int64 var hashedPassword string has, _ := engine.Where("name = ?", name).Get(&user) if has { // 密码加盐兼容旧密码 if user.Salt == "" { hashedPassword = models.EncryptPassword(password, "") } else { hashedPassword = models.EncryptPassword(password, user.Salt) } count, _ = engine.Where("name = ? AND hashed_password = ?", name, hashedPassword).Count(&models.User{}) // 密码加盐兼容旧密码 if count > 0 && user.Salt == "" { salt := uuidName() hashedPassword = models.EncryptPassword(password, salt) engine.Id(user.Id).Update(&models.User{ Salt: salt, HashedPassword: hashedPassword, }) } } if !has || count == 0 { c.Validation.Keep() c.FlashParams() c.Flash.Out["user"] = name c.Flash.Error("用户名或密码错误") return c.Redirect(routes.User.Signin()) } if !user.IsActive() { c.Flash.Error(fmt.Sprintf("您的账号 %s 尚未激活,请到您的邮箱 %s 激活账号!", user.Name, user.Email)) c.Validation.Keep() c.FlashParams() return c.Redirect(routes.User.Signin()) } c.Session["user"] = name if preUrl, ok := c.Session["preUrl"]; ok { return c.Redirect(preUrl) } return c.Redirect(routes.App.Index()) }