func Welcome(w http.ResponseWriter, req *http.Request) { cookie, err := req.Cookie("username") if err != nil { io.WriteString(w, "no cookie, get lost") return } dehexedUsername, err := hex.DecodeString(cookie.Value) if err != nil { io.WriteString(w, "mangled cookie, it should be hex, get lost") } decryptedUsername := dimebag.Encrypt(string(dehexedUsername)) flag := "only for the admin" if decryptedUsername == "admin" { flagtmp, err := ioutil.ReadFile("/home/badmedicine/flag") if err != nil { panic(err) } flag = string(flagtmp) } views.WriteSuccess(w, decryptedUsername, flag) }
func Login(w http.ResponseWriter, req *http.Request) { username := req.FormValue("username") if username == "admin" { views.WriteIndexFlash(w, "admin login disabled") return } encryptedUsername := []byte(dimebag.Encrypt(username)) hexUsername := hex.EncodeToString(encryptedUsername) cookie := &http.Cookie{ Name: "username", Value: hexUsername, } log.Printf("cookie %s", cookie.String()) http.SetCookie(w, cookie) http.Redirect(w, req, "/welcome", 303) }