From 08a5afd311e918f89d0d6ef955a3b1dbbe38713a Mon Sep 17 00:00:00 2001
From: Thibaut Horel <thibaut.horel@gmail.com>
Date: Thu, 27 Dec 2018 20:31:01 -0500
Subject: Login: WIP

---
 main.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'main.go')

diff --git a/main.go b/main.go
index 5317ffa..b459324 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,9 @@
 package main
 
 import (
+	"crypto/md5"
+	"crypto/subtle"
+	"encoding/hex"
 	"html/template"
 	"log"
 	"net/http"
@@ -45,8 +48,11 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
 		} else {
 			username := r.Form.Get("username")
 			password := r.Form.Get("password")
+			hash := md5.Sum([]byte(password))
+			dst := make([]byte, hex.EncodedLen(md5.Size))
+			hex.Encode(dst, hash[:])
 			u, ok := app.GetUser(username)
-			if ok && (u.Password == password) {
+			if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 {
 
 			} else {
 
-- 
cgit v1.2.3-70-g09d2