// CheckPass compares a password to the salt/hash combination; returns true
// if they match. It may be used in custom
func CheckPass(password string, salt, hash []byte) bool {
if len(salt) == 0 || len(hash) == 0 {
return false
}
ph := pbkdf2.PasswordHash{salt, hash}
return pbkdf2.MatchPassword(password, ph)
}
func processForm(form url.Values) (err error) {
var seen bool
fmt.Println("[-] processing form")
if seen, err = urlSeen(form.Get("url")); err != nil {
return
} else if seen {
fmt.Println("[!] url already shortened")
return fmt.Errorf(urlAlreadyPresent)
}
fmt.Println("[-] lookup", form.Get("user"))
pHash, err := getPassHash(form.Get("user"))
if err != nil {
return
}
if !pbkdf2.MatchPassword(form.Get("pass"), pHash) {
fmt.Printf("[-] pass: %s\n\t%+v\n", form.Get("pass"), pHash)
err = fmt.Errorf("invalid credentials")
return
}
var shorturl string
var notFound bool
if len(form.Get("shortcode")) == 0 {
shorturl, err = ShortenUrl(shortNotFound)
} else {
shorturl = form.Get("shortcode")
if notFound, err = shortNotFound(shorturl); !notFound {
err = fmt.Errorf("shortcode already exists")
return
} else if err != nil {
return
}
}
if err != nil {
return
}
if err = insertShortened(shorturl, form.Get("url")); err != nil {
return
}
return
}