diff options
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 22 |
1 files changed, 7 insertions, 15 deletions
@@ -1,7 +1,6 @@ package main import ( - "crypto/subtle" "flag" "fmt" "html/template" @@ -61,10 +60,14 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, "/", http.StatusSeeOther) } else if r.Method == http.MethodPost { username := r.FormValue("username") - hash := md5hex([]byte(r.FormValue("password"))) + password := r.FormValue("password") next := r.FormValue("next") - u, ok := app.GetUser(username) - if ok && subtle.ConstantTimeCompare(u.Password, hash) == 1 { + if u, err := app.ValidateUser(username, password); err != nil { + app.Template.ExecuteTemplate(w, "login.tmpl", struct { + Next string + Flash string + }{next, err.Error()}) + } else { s := app.NewSession(u.Id) c := http.Cookie{ Name: "id", @@ -73,17 +76,6 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { } http.SetCookie(w, &c) http.Redirect(w, r, next, http.StatusSeeOther) - } else { - var flash string - if !ok { - flash = "Utilisateur non enregistré" - } else if subtle.ConstantTimeCompare(u.Password, hash) != 1 { - flash = "Mot de passe incorrect" - } - app.Template.ExecuteTemplate(w, "login.tmpl", struct { - Next string - Flash string - }{next, flash}) } } else if r.Method == http.MethodGet { next := r.FormValue("next") |