// RPC/SignInLogin logs in a user, specified by their login (aka username) // Args: // "L" string // "P" string = HMAC-hashed password // Err: // ErrApp: If the sign-in information is incorrect // non-nil: If a technical problem occured // func (a *API) SignInLogin(args *rpc.Args, r *rpc.Ret) (err os.Error) { // Validate and sanitize arguments login, _ := args.QueryString("L") if login, err = SanitizeLogin(login); err != nil { return ErrApp } hpass, _ := args.QueryString("P") // Fetch user for this login u, _, err := a.db.FindUserByLogin(login) if err != nil { return ErrDb } if u == nil { return ErrApp } // Verify credentials if !VerifyPassword(hpass, u.Password) { return ErrSec } r.AddSetCookie(a.newUserAuthCookie(u)) r.AddSetCookie(a.newUserNameCookie(u)) r.AddSetCookie(a.newUserNymCookie(u)) r.SetInt("XPad", 0) return nil }