func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) { doErr := func(err error) (shared.IResponse, error) { log.Println(err) r.Session().AddFlash("error", "Something went wrong...") return getRedirectResponse("/set_password") } currentPassword := r.PostValueString("current_password") newPassword1 := r.PostValueString("new_password_1") newPassword2 := r.PostValueString("new_password_2") if newPassword1 != newPassword2 { r.Session().AddFlash("error", "Passwords didn't match") return getRedirectResponse("/set_password") } if len(currentPassword) < 1 { // Is user exempt? //if !r.Session().shared.IUser().SetOnNextLogin { // r.Session.AddFlash("error", "Incorrect current password") // r.Redirect("/set_password") // return //} } else { //Check Current Password matches, err := r.Session().User().CheckPassword(currentPassword) if err != nil { return doErr(err) } if !matches { r.Session().AddFlash("error", "Incorrect current password") return getRedirectResponse("/set_password") } } /// Is it secure enough? // TODO:... something useful. if len(newPassword1) < 5 { r.Session().AddFlash("error", "Password must be at least 5 characters long") return getRedirectResponse("/set_password") } hashed := HashPassword(newPassword1) db := lilo.db _, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID()) if err != nil { return doErr(err) } return getRedirectResponse("/app.html") }
func (lilo *basicLoginLogout) HandleLogin(request shared.IRequest) (shared.IResponse, error) { username := request.PostValueString("username") password := request.PostValueString("password") lilo.doLogin(request, false, lilo.ColUsername, username, password) return nil, nil }