diff options
| -rw-r--r-- | main.go | 31 | ||||
| -rw-r--r-- | templates/login.tmpl | 1 |
2 files changed, 17 insertions, 15 deletions
@@ -43,25 +43,26 @@ func (app *App) validateHandler(w http.ResponseWriter, r *http.Request) { func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodPost { - if err := r.ParseForm(); err != nil { - panic(err) + username := r.FormValue("username") + password := r.FormValue("password") + hash := md5.Sum([]byte(password)) + dst := make([]byte, hex.EncodedLen(md5.Size)) + hex.Encode(dst, hash[:]) + u, ok := app.GetUser(username) + next := r.FormValue("next") + if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 { + http.Redirect(w, r, next, http.StatusSeeOther) } else { - username := r.Form.Get("username") - password := r.Form.Get("password") - hash := md5.Sum([]byte(password)) - dst := make([]byte, hex.EncodedLen(md5.Size)) - hex.Encode(dst, hash[:]) - u, ok := app.GetUser(username) - if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 { - - } else { - - } + app.Template.ExecuteTemplate(w, "login.tmpl", struct { + Next string + }{next}) } } else if r.Method == http.MethodGet { - app.Template.ExecuteTemplate(w, "login.tmpl", nil) + next := r.FormValue("next") + app.Template.ExecuteTemplate(w, "login.tmpl", struct { + Next string + }{next}) } - } func main() { diff --git a/templates/login.tmpl b/templates/login.tmpl index 28529a7..67d0000 100644 --- a/templates/login.tmpl +++ b/templates/login.tmpl @@ -29,6 +29,7 @@ button:hover {background-color: #1967be; border-color: #1862b5} <input type="password" id="password" name="password" placeholder="Mot de passe"/> <button type="submit" name="login">Se Connecter</button> + <input type="hidden" id="next" value="{{.Next}}"/> </div> <hr> </form> |