func Logout(w http.ResponseWriter, r *http.Request) { // Get session sess := session.Instance(r) // If user is authenticated if sess.Values["id"] != nil { session.Empty(sess) sess.AddFlash(view.Flash{"Goodbye!", view.FlashNotice}) sess.Save(r, w) } http.Redirect(w, r, "/", http.StatusFound) }
func LoginPOST(w http.ResponseWriter, r *http.Request) { // Get session sess := session.Instance(r) // Prevent brute force login attempts by not hitting MySQL and pretending like it was invalid :-) if sess.Values[sessLoginAttempt] != nil && sess.Values[sessLoginAttempt].(int) >= 5 { log.Println("Brute force login prevented") sess.AddFlash(view.Flash{"Sorry, no brute force :-)", view.FlashNotice}) sess.Save(r, w) LoginGET(w, r) return } // Validate with required fields if validate, missingField := view.Validate(r, []string{"email", "password"}); !validate { sess.AddFlash(view.Flash{"Field missing: " + missingField, view.FlashError}) sess.Save(r, w) LoginGET(w, r) return } // Form values email := r.FormValue("email") password := r.FormValue("password") // Get database result result, err := model.UserByEmail(email) // Determine if user exists if err == sql.ErrNoRows { loginAttempt(sess) sess.AddFlash(view.Flash{"Password is incorrect - Attempt: " + fmt.Sprintf("%v", sess.Values[sessLoginAttempt]), view.FlashWarning}) sess.Save(r, w) } else if err != nil { // Display error message log.Println(err) sess.AddFlash(view.Flash{"There was an error. Please try again later.", view.FlashError}) sess.Save(r, w) } else if passhash.MatchString(result.Password, password) { if result.Status_id != 1 { // User inactive and display inactive message sess.AddFlash(view.Flash{"Account is inactive so login is disabled.", view.FlashNotice}) sess.Save(r, w) } else { // Login successfully session.Empty(sess) sess.AddFlash(view.Flash{"Login successful!", view.FlashSuccess}) sess.Values["id"] = result.Id sess.Values["email"] = email sess.Values["first_name"] = result.First_name sess.Save(r, w) http.Redirect(w, r, "/", http.StatusFound) return } } else { loginAttempt(sess) sess.AddFlash(view.Flash{"Password is incorrect - Attempt: " + fmt.Sprintf("%v", sess.Values[sessLoginAttempt]), view.FlashWarning}) sess.Save(r, w) } // Show the login page again LoginGET(w, r) }