Browse Source

Compare password with hash

pull/2/head
Tovi Jaeschke-Rogers 3 years ago
parent
commit
2906116a63
1 changed files with 17 additions and 1 deletions
  1. +17
    -1
      Webserver/Admin.go

+ 17
- 1
Webserver/Admin.go View File

@ -14,6 +14,7 @@ import (
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
"golang.org/x/crypto/bcrypt"
) )
func CheckAuth(w http.ResponseWriter, r *http.Request) bool { func CheckAuth(w http.ResponseWriter, r *http.Request) bool {
@ -107,6 +108,21 @@ func AdminView(w http.ResponseWriter, r *http.Request) {
} }
} }
func comparePasswords(hashedPwd, plainPwd string) bool {
var (
e error
)
e = bcrypt.CompareHashAndPassword(
[]byte(hashedPwd),
[]byte(plainPwd),
)
if e != nil {
return false
}
return true
}
func AdminLogin(w http.ResponseWriter, r *http.Request) { func AdminLogin(w http.ResponseWriter, r *http.Request) {
var ( var (
session *sessions.Session session *sessions.Session
@ -154,7 +170,7 @@ func AdminLogin(w http.ResponseWriter, r *http.Request) {
username = r.FormValue("username") username = r.FormValue("username")
password = r.FormValue("password") password = r.FormValue("password")
if username != Variables.AdminPassword && password != Variables.AdminPassword {
if username != Variables.AdminPassword && !comparePasswords(Variables.AdminPassword, password) {
session.AddFlash("Invalid Username or Password") session.AddFlash("Invalid Username or Password")
e = session.Save(r, w) e = session.Save(r, w)
if e != nil { if e != nil {


Loading…
Cancel
Save