Пример #1
0
func login(w http.ResponseWriter, r *http.Request) error {
	username := r.FormValue("username")
	password := r.FormValue("password")

	userLog.Info("Log in: %v/%v", username, password)

	query := DB.QueryRow("SELECT id, username, password FROM users WHERE username = $1", username)
	var user User
	err := query.Scan(&user.Id, &user.Username, &user.password)

	if err != nil {
		web.FlashWarning(r, "No such user found")
		http.Redirect(w, r, "/login", http.StatusFound)
		return nil
	}

	if string(user.password) == password {
		session := web.Session(r)
		session.Values["userId"] = user.Id
		web.FlashInfo(r, fmt.Sprintf("Logged in as %v", user.Username))

		if dest, ok := session.Values["loginDestination"]; ok {
			http.Redirect(w, r, dest.(string), http.StatusFound)
		} else {
			http.Redirect(w, r, "/user", http.StatusFound)
		}
		return nil
	}
	web.FlashWarning(r, "Incorrect username or password")
	http.Redirect(w, r, "/login", http.StatusFound)
	return nil
}
Пример #2
0
func addQuestion(w http.ResponseWriter, r *http.Request) error {
	vars := mux.Vars(r)
	questionType, ok := types.QuestionTypes[vars["questionType"]]
	if !ok {
		return fmt.Errorf("Question Type %v does not exist", vars["questionType"])
	}

	question := &Question{Type: questionType.Name()}

	var form = NewQuestionForm(r, question)
	r.ParseForm()
	err := forms.DecodeForm(form, r.Form)

	if err != nil {
		web.FlashWarning(r, err.Error())
	}

	if !web.ValidateCSRF(r, form.CSRF) {
		return fmt.Errorf("Invalid token")
	}

	validationErrors := forms.Validate(form)

	if len(validationErrors) == 0 {

		q := new(Question)
		q.Type = questionType.Name()
		form.scan(q)
		q.Save()

		q.SetSubjectTypes(form.subjectTypeIds())

		web.FlashSuccess(r, fmt.Sprintf("\"%v\" created successfully.", q.Name))

		http.Redirect(w, r, "/admin/questions", http.StatusFound)
		return nil
	} else {
		context.Set(r, "newQuestionForm", form)
		return addQuestionForm(w, r)
	}
	return nil
}