func LoginHandler(w http.ResponseWriter, r *http.Request) error {
// POST validation
if r.FormValue("Password") == "" || r.FormValue("Username") == "" {
return util.NewError(nil, "Missing username or password", 400)
}
// Database initialization
db, err := util.OpenDb()
if err != nil {
return err
}
defer db.Close()
// User authentication
authenticated, err := gen.CheckCredentials(db, r.FormValue("Username"), r.FormValue("Password"))
if err != nil {
return err
}
if authenticated {
myCookie, err := util.CreateCookie(r.FormValue("Username"), db, true, true) // This also stores a hashed cookie in the database
if err != nil {
return err
}
http.SetCookie(w, &myCookie)
w.WriteHeader(200)
fmt.Fprint(w, "Logged in as "+r.FormValue("Username"))
return nil
} else {
return util.NewError(nil, "Your username or password was incorrect", 400)
}
return nil
}
func DeleteAccountHandler(w http.ResponseWriter, r *http.Request) error {
db, err := util.OpenDb()
if err != nil {
return err
}
defer db.Close()
// User authentication
user, userId, _, err := util.CheckCookie(r, db) // return "" if not logged in
if err != nil {
return err
}
if user == "" {
return util.NewError(nil, "Se requiere ingreso a la cuenta", 401)
}
// put this in valid
if r.FormValue("Password") == "" || r.FormValue("Password2") == "" {
return util.NewError(nil, "Rellena el formulario completo por favor", 400)
}
if r.FormValue("Password") != r.FormValue("Password2") {
return util.NewError(nil, "No coincide la contraseña", 400)
}
authenticated, err := gen.CheckCredentials(db, user, r.FormValue("Password"))
if err != nil {
return err
}
if !authenticated {
return util.NewError(nil, "Contraseña incorrecta", 400)
}
err = gen.DeleteAccount(db, userId)
if err != nil {
return err
}
Page := struct {
Title string
MessageTitle string
Message string
}{
"Borrar cuenta",
"",
"Cuenta eliminada",
}
err = templates.ExecuteTemplate(w, "formSubmit.html", Page)
if err != nil {
return util.NewError(err, "No se cargó la página", 500)
}
return nil
}
func LoginHandler(w http.ResponseWriter, r *http.Request) error {
// POST validation
if r.FormValue("Password") == "" || r.FormValue("Username") == "" {
return util.NewError(nil, "Falta nombre de usuario o contraseña", 400)
}
// Database initialization
db, err := util.OpenDb()
if err != nil {
return err
}
defer db.Close()
userIp := ""
if ipProxy := r.Header.Get("X-Real-IP"); len(ipProxy) > 0 {
userIp = ipProxy
} else {
userIp, _, _ = net.SplitHostPort(r.RemoteAddr)
}
// Check for captcha if login attempts > 2
attempts, err := gen.CheckAttempts(db, userIp)
if err != nil {
return err
}
if attempts > 2 {
human, err := gen.CheckCaptcha(r.FormValue("g-recaptcha-response"), userIp)
if err != nil {
return err
}
if !human {
return util.NewError(nil, "Captcha invalido", 400)
}
}
// User authentication
authenticated, err := gen.CheckCredentials(db, r.FormValue("Username"), r.FormValue("Password"))
if err != nil {
return err
}
if authenticated {
persistent := false
if r.FormValue("Persistent") == "true" {
persistent = true
}
myCookie, err := util.CreateCookie(r.FormValue("Username"), db, persistent, false) // This also stores a hashed cookie in the database
if err != nil {
return err
}
http.SetCookie(w, &myCookie)
http.Redirect(w, r, "https://5sur.com/", 303)
return nil
} else {
err = gen.UpdateLoginAttempts(db, userIp)
if err != nil {
return err
}
return util.NewError(nil, "Nombre de usuario o contraseña incorrecto", 400)
}
return nil
}