diff --git a/assets/config/users.db b/assets/config/users.db index e69de29..edfb057 100644 Binary files a/assets/config/users.db and b/assets/config/users.db differ diff --git a/router/router.go b/router/router.go index 5aedc94..1039b43 100644 --- a/router/router.go +++ b/router/router.go @@ -157,9 +157,9 @@ func loginHandler() common.Handler { password := r.Form.Get("password") rows, err := statement.Query(username) - if username == "" || password == "" { + if username == "" || password == "" || err != nil { return &common.HTTPError{ - Message: "username or password is empty", + Message: "username or password is invalid", StatusCode: http.StatusBadRequest, } } @@ -180,7 +180,7 @@ func loginHandler() common.Handler { } // Create a cookie here because the credentials are correct - if dbun == username && bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil { + if bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil { c, err := auth.CreateSession(&common.User{ Username: username, }) diff --git a/setup.go b/setup.go index 7d02ee7..264161d 100644 --- a/setup.go +++ b/setup.go @@ -12,6 +12,7 @@ import ( "net/http" "os" "path/filepath" + "strings" "github.com/google/go-github/github" ) @@ -38,13 +39,21 @@ func Setup() { reader := bufio.NewReader(os.Stdin) fmt.Print("Administrator password: ") text, err := reader.ReadString('\n') + text = strings.Replace(text, "\n", "", -1) + if err != nil { + fmt.Sprintf("Problem reading password input! %v", err) + } + fmt.Println(text) - hash, err := bcrypt.GenerateFromPassword([]byte(text), 8) - - q, err := db.Prepare("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,`admin`,?,`Administrator`,`admin@localhost`,2") - q.Exec(hash) - - db.Close() + hash, err := bcrypt.GenerateFromPassword([]byte(text), 4) + if bcrypt.CompareHashAndPassword(hash, []byte(text)) == nil { + fmt.Println("Password hashed") + } + _, err = db.Exec("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,'admin',?,'Administrator','admin@localhost',2)", hash) + if err != nil { + fmt.Sprintf("Problem creating database! %v", err) + } + defer db.Close() // Download web assets fmt.Println("Downloading web assets")