在登录之前,请检查登录值。

huangapple
go评论127阅读模式
英文:

Go checking login values before login

问题

我有一个登录表单,当我点击发送时,页面会重定向到/create。在那里,我会在一个GO函数中检查我的登录值是否正确,以便给予下一页的访问权限,但是我的函数有问题。

loginCheck:

  1. func loginCheck(w http.ResponseWriter, r* http.Request){
  2.         r.ParseForm()
  4.         //调用DB函数
  5.         db:= SetupDB()
  7.         name, password := r.FormValue("user"), r.FormValue("password")
  8.         hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
  9.         PanicIf(err)
  11.         rows, err := db.Query("SELECT name, password from users where name = $1 and password = $2" ,name, hashedPassword)
  12.         PanicIf(err)
  14.         defer rows.Close()
  16.         for rows.Next() {
  17.            
  18.             err := rows.Scan(&name, &hashedPassword)
  19.             PanicIf(err)
  21.                fmt.Println(name, hashedPassword)
  22.         }
  23.      
  25.         db.Close()
  26. }

我试图在rows.Next()中打印值,以查看是否从数据库中读取了值,但是它是空的。

英文:

I got a login form, when I click on send, I redirect the page to a /create. There I check in a GO function if the values of my login are the correct to give access to the next page, but I have a problem with my function.

loginCheck:

  1. func loginCheck(w http.ResponseWriter, r* http.Request){
  2.         r.ParseForm()
  4.         //Call the DB function
  5.         db:= SetupDB()
  7.         name, password := r.FormValue("user"), r.FormValue("password")
  8.         hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
  9.         PanicIf(err)
  11.         rows, err := db.Query("SELECT name, password from users where name = $1 and password = $2" ,name, hashedPassword)
  12.         PanicIf(err)
  14.         defer rows.Close()
  16.         for rows.Next() {
  17.            
  18.             err := rows.Scan(&name, &hashedPassword)
  19.             PanicIf(err)
  21.                fmt.Println(name, hashedPassword)
  22.         }
  23.      
  25.         db.Close()
  26. }

Im trying to print the values inside the rows.Next() to see if read the values from the database but it's empty.

答案1

得分: 5

为了补充seong评论,你可以考虑参考goserver中的这个例子

  1. func CheckPassword(username, password string) bool {
  2.     if len(username) == 0 || len(password) == 0 {
  3.         return false
  4.     }
  6.     var hashPw []byte
  7.     err := DB.QueryRow("SELECT password FROM users WHERE username=?", username).Scan(&hashPw)
  8.     if err != nil {
  9.         log.Println("CheckPassword", err.Error())
  10.         return false
  11.     }
  13.     if len(hashPw) == 0 {
  14.         return false
  15.     }
  17.     err = bcrypt.CompareHashAndPassword(hashPw, []byte(password))
  18.     if err == nil {
  19.         return true
  20.     }
  21.     return false
  22. }

查询只使用了username

英文:

To add to seong's comment, you can consider this example in goserver:

  1. func CheckPassword(username, password string) bool {
  2. 	if len(username) == 0 || len(password) == 0 {
  3. 		return false
  4. 	}
  6. 	var hashPw []byte
  7. 	err := DB.QueryRow("SELECT password FROM users WHERE username=?", username).Scan(&hashPw)
  8. 	if err != nil {
  9. 		log.Println("CheckPassword", err.Error())
  10. 		return false
  11. 	}
  13. 	if len(hashPw) == 0 {
  14. 		return false
  15. 	}
  17. 	err = bcrypt.CompareHashAndPassword(hashPw, []byte(password))
  18. 	if err == nil {
  19. 		return true
  20. 	}
  21. 	return false
  22. }

The query is done using only username.

huangapple
  • 本文由 发表于 2014年7月15日 19:22:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/24756912.html
  • go
  • html
  • postgresql
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定