func (this *MainController) Remove() { this.activeContent("user/remove") //******** This page requires login sess := this.GetSession("acme") if sess == nil { this.Redirect("/user/login/home", 302) return } m := sess.(map[string]interface{}) if this.Ctx.Input.Method() == "POST" { current := this.GetString("current") valid := validation.Validation{} valid.Required(current, "current") if valid.HasErrors() { errormap := make(map[string]string) for _, err := range valid.Errors { errormap[err.Key] = err.Message } this.Data["Errors"] = errormap return } flash := beego.NewFlash() //******** Read password hash from database var x pk.PasswordHash x.Hash = make([]byte, 32) x.Salt = make([]byte, 16) o := orm.NewOrm() o.Using("default") user := models.AuthUser{Email: m["username"].(string)} err := o.Read(&user, "Email") if err == nil { // scan in the password hash/salt if x.Hash, err = hex.DecodeString(user.Password[:64]); err != nil { fmt.Println("ERROR:", err) } if x.Salt, err = hex.DecodeString(user.Password[64:]); err != nil { fmt.Println("ERROR:", err) } } else { flash.Error("Internal error") flash.Store(&this.Controller) return } //******** Compare submitted password with database if !pk.MatchPassword(current, &x) { flash.Error("Bad current password") flash.Store(&this.Controller) return } //******** Delete user record _, err = o.Delete(&user) if err == nil { flash.Notice("Your account is deleted.") flash.Store(&this.Controller) this.DelSession("acme") this.Redirect("/notice", 302) } else { flash.Error("Internal error") flash.Store(&this.Controller) return } } }
func (this *MainController) Profile() { this.activeContent("user/profile") //******** This page requires login sess := this.GetSession("acme") if sess == nil { this.Redirect("/user/login/home", 302) return } m := sess.(map[string]interface{}) flash := beego.NewFlash() //******** Read password hash from database var x pk.PasswordHash x.Hash = make([]byte, 32) x.Salt = make([]byte, 16) o := orm.NewOrm() o.Using("default") user := models.AuthUser{Email: m["username"].(string)} err := o.Read(&user, "Email") if err == nil { // scan in the password hash/salt if x.Hash, err = hex.DecodeString(user.Password[:64]); err != nil { fmt.Println("ERROR:", err) } if x.Salt, err = hex.DecodeString(user.Password[64:]); err != nil { fmt.Println("ERROR:", err) } } else { flash.Error("Internal error") flash.Store(&this.Controller) return } if this.Ctx.Input.Method() == "POST" { u := user2{} if err := this.ParseForm(&u); err != nil { fmt.Println("cannot parse form") return } this.Data["User"] = u valid := validation.Validation{} if b, _ := valid.Valid(&u); !b { this.Data["Errors"] = valid.ErrorsMap return } password := this.GetString("password") password2 := this.GetString("password2") if password != "" { valid.MinSize(password, 6, "password") valid.Required(password2, "password2") if valid.HasErrors() { errormap := make(map[string]string) for _, err := range valid.Errors { errormap[err.Key] = err.Message } this.Data["Errors"] = errormap return } if password != password2 { flash.Error("Passwords don't match") flash.Store(&this.Controller) return } h := pk.HashPassword(password) // Convert password hash to string user.Password = hex.EncodeToString(h.Hash) + hex.EncodeToString(h.Salt) } //******** Compare submitted password with database if !pk.MatchPassword(u.Current, &x) { flash.Error("Bad current password") flash.Store(&this.Controller) return } //******** Save user info to database user.First = u.First user.Last = u.Last user.Email = u.Email _, err := o.Update(&user) if err == nil { flash.Notice("Profile updated") flash.Store(&this.Controller) m["username"] = u.Email } else { flash.Error("Internal error") flash.Store(&this.Controller) return } } else { this.Data["User"] = user } }