func Auth_Login_POST(rw http.ResponseWriter, req *http.Request) {
email := req.PostFormValue("email")
password := req.PostFormValue("password")
userID, ak, isAdmin := ValidateUserEmailPassword(req, email, password)
if userID == 0 {
session.AddFlash(req, session.Flash{
Severity: "error",
Msg: "Invalid e. mail address or password.",
})
Auth_Login_GET(rw, req)
return
}
session.Set(req, "user_id", int(userID))
session.Set(req, "user_ak", ak)
session.Set(req, "user_is_admin", isAdmin)
if req.PostFormValue("remember") != "" {
session.Set(req, "session_lifetime", 90*24*time.Hour)
}
session.Bump(req)
session.AddFlash(req, session.Flash{
Severity: "success",
Msg: "You have been logged in.",
})
authz.ReturnRedirect(req, 302, authz.AfterLoginURL)
}
func Auth_Logout_POST(rw http.ResponseWriter, req *http.Request) {
session.Delete(req, "user_id")
session.Delete(req, "user_ak")
session.Delete(req, "user_is_admin")
session.Delete(req, "signup_flow")
session.AddFlash(req, session.Flash{
Severity: "success",
Msg: "You have been logged out.",
})
authz.ReturnRedirect(req, 302, "/")
}
