gochan/gochan
1
0
Fork 0
mirror of https://github.com/Eggbertx/gochan.git synced 2025-08-17 10:56:24 -07:00
Code Releases Activity

Fix staff logins

Browse source
This commit is contained in:
Eggbertx 2022-11-09 10:56:10 -08:00
parent 1c9858ceab
commit 879da1eaa2
2 changed files with 6 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
pkg/gcsql/staff.go
View file

@ -139,7 +139,7 @@ func GetStaffByUsername(username string, onlyActive bool) (*Staff, error) {
}
staff := new(Staff)
err := QueryRowSQL(query, interfaceSlice(username), interfaceSlice(
&staff.ID, &staff.Username, &staff.PasswordChecksum, &staff.Rank, &staff.Rank, &staff.AddedOn,
&staff.ID, &staff.Username, &staff.PasswordChecksum, &staff.Rank, &staff.AddedOn,
&staff.LastLogin, &staff.IsActive,
))
if errors.Is(err, sql.ErrNoRows) {
@ -149,14 +149,10 @@ func GetStaffByUsername(username string, onlyActive bool) (*Staff, error) {
}
// CreateLoginSession inserts a session for a given key and username into the database
func CreateLoginSession(key, username string) error {
func (staff *Staff) CreateLoginSession(key string) error {
const insertSQL = `INSERT INTO DBPREFIXsessions (staff_id,data,expires) VALUES(?,?,?)`
const updateSQL = `UPDATE DBPREFIXstaff SET last_login = CURRENT_TIMESTAMP WHERE id = ?`
staff, err := GetStaffByUsername(username, true)
if err != nil {
return err
}
_, err = ExecSQL(insertSQL, staff.ID, key, time.Now().Add(time.Duration(time.Hour*730))) //TODO move amount of time to config file
_, err := ExecSQL(insertSQL, staff.ID, key, time.Now().Add(time.Duration(time.Hour*730))) //TODO move amount of time to config file
if err != nil {
return err
}

7
pkg/manage/util.go
View file

@ -47,13 +47,12 @@ func createSession(key, username, password string, request *http.Request, writer
return sInvalidPassword
}
success := bcrypt.CompareHashAndPassword([]byte(staff.PasswordChecksum), []byte(password))
if success == bcrypt.ErrMismatchedHashAndPassword {
err = bcrypt.CompareHashAndPassword([]byte(staff.PasswordChecksum), []byte(password))
if err == bcrypt.ErrMismatchedHashAndPassword {
// password mismatch
gcutil.LogError(nil).
Str("staff", username).
Str("IP", gcutil.GetRealIP(request)).
Str("remoteAddr", request.Response.Request.RemoteAddr).
Msg("Invalid password")
return sInvalidPassword
}
@ -73,7 +72,7 @@ func createSession(key, username, password string, request *http.Request, writer
MaxAge: int(maxAge),
})
if err = gcsql.CreateLoginSession(username, key); err != nil {
if err = staff.CreateLoginSession(key); err != nil {
gcutil.LogError(err).
Str("staff", username).
Str("sessionKey", key).