func RegisterPOST(w http.ResponseWriter, r *http.Request) { // Get session sess := session.Instance(r) // If user is authenticated if sess.Values["id"] != nil { http.Redirect(w, r, "/", http.StatusFound) return } // Prevent brute force login attempts by not hitting MySQL and pretending like it was invalid :-) if sess.Values["register_attempt"] != nil && sess.Values["register_attempt"].(int) >= 5 { log.Println("Brute force register prevented") http.Redirect(w, r, "/register", http.StatusFound) return } // Validate with required fields if validate, missingField := view.Validate(r, []string{"first_name", "last_name", "email", "password"}); !validate { sess.AddFlash(view.Flash{"Field missing: " + missingField, view.FlashError}) sess.Save(r, w) RegisterGET(w, r) return } // Get form values first_name := r.FormValue("first_name") last_name := r.FormValue("last_name") email := r.FormValue("email") password, errp := passhash.HashString(r.FormValue("password")) // If password hashing failed if errp != nil { log.Println(errp) sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError}) sess.Save(r, w) http.Redirect(w, r, "/register", http.StatusFound) return } // Get database result db, _ := mysql.Instance() defer db.Link.Close() result := database.User{} err := db.Link.Get(&result, "SELECT id FROM user WHERE email = ? LIMIT 1", email) if err == sql.ErrNoRows { // If success (no user exists with that email) _, ex := db.Link.Exec("INSERT INTO user (first_name, last_name, email, password) VALUES (?,?,?,?)", first_name, last_name, email, password) // Will only error if there is a problem with the query if ex != nil { log.Println(ex) sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError}) sess.Save(r, w) } else { sess.AddFlash(view.Flash{"Account created successfully for: " + email, view.FlashSuccess}) sess.Save(r, w) http.Redirect(w, r, "/login", http.StatusFound) return } } else if err != nil { // Catch all other errors log.Println(err) sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError}) sess.Save(r, w) } else { // Else the user already exists sess.AddFlash(view.Flash{"Account already exists for: " + email, view.FlashError}) sess.Save(r, w) } // Display the page RegisterGET(w, r) }
func RegisterPOST(w http.ResponseWriter, r *http.Request) { // Get session sess := session.Instance(r) // Prevent brute force login attempts by not hitting MySQL and pretending like it was invalid :-) if sess.Values["register_attempt"] != nil && sess.Values["register_attempt"].(int) >= 5 { log.Println("Brute force register prevented") http.Redirect(w, r, "/register", http.StatusFound) return } // Validate with required fields if validate, missingField := view.Validate(r, []string{"first_name", "last_name", "email", "password"}); !validate { sess.AddFlash(view.Flash{"Field missing: " + missingField, view.FlashError}) sess.Save(r, w) RegisterGET(w, r) return } // Validate with Google reCAPTCHA if !recaptcha.Verified(r) { sess.AddFlash(view.Flash{"reCAPTCHA invalid!", view.FlashError}) sess.Save(r, w) RegisterGET(w, r) return } // Get form values first_name := r.FormValue("first_name") last_name := r.FormValue("last_name") email := r.FormValue("email") password, errp := passhash.HashString(r.FormValue("password")) // If password hashing failed if errp != nil { log.Println(errp) sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError}) sess.Save(r, w) http.Redirect(w, r, "/register", http.StatusFound) return } // Get database result _, err := model.UserIdByEmail(email) if err == sql.ErrNoRows { // If success (no user exists with that email) ex := model.UserCreate(first_name, last_name, email, password) // Will only error if there is a problem with the query if ex != nil { log.Println(ex) sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError}) sess.Save(r, w) } else { sess.AddFlash(view.Flash{"Account created successfully for: " + email, view.FlashSuccess}) sess.Save(r, w) http.Redirect(w, r, "/login", http.StatusFound) return } } else if err != nil { // Catch all other errors log.Println(err) sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError}) sess.Save(r, w) } else { // Else the user already exists sess.AddFlash(view.Flash{"Account already exists for: " + email, view.FlashError}) sess.Save(r, w) } // Display the page RegisterGET(w, r) }