func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) {
doErr := func(err error) (shared.IResponse, error) {
log.Println(err)
r.Session().AddFlash("error", "Something went wrong...")
return getRedirectResponse("/set_password")
}
currentPassword := r.PostValueString("current_password")
newPassword1 := r.PostValueString("new_password_1")
newPassword2 := r.PostValueString("new_password_2")
if newPassword1 != newPassword2 {
r.Session().AddFlash("error", "Passwords didn't match")
return getRedirectResponse("/set_password")
}
if len(currentPassword) < 1 {
// Is user exempt?
//if !r.Session().shared.IUser().SetOnNextLogin {
// r.Session.AddFlash("error", "Incorrect current password")
// r.Redirect("/set_password")
// return
//}
} else {
//Check Current Password
matches, err := r.Session().User().CheckPassword(currentPassword)
if err != nil {
return doErr(err)
}
if !matches {
r.Session().AddFlash("error", "Incorrect current password")
return getRedirectResponse("/set_password")
}
}
/// Is it secure enough?
// TODO:... something useful.
if len(newPassword1) < 5 {
r.Session().AddFlash("error", "Password must be at least 5 characters long")
return getRedirectResponse("/set_password")
}
hashed := HashPassword(newPassword1)
db := lilo.db
_, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID())
if err != nil {
return doErr(err)
}
return getRedirectResponse("/app.html")
}
func (lilo *basicLoginLogout) HandleLogin(request shared.IRequest) (shared.IResponse, error) {
username := request.PostValueString("username")
password := request.PostValueString("password")
lilo.doLogin(request, false, lilo.ColUsername, username, password)
return nil, nil
}
