32 lines
870 B
Lua
32 lines
870 B
Lua
local db = sqlite("dk")
|
|
|
|
local username = string.trim(ctx.form.username)
|
|
if username == "" or not db:exists("users", "username = :u", {u = username}) then
|
|
return "username required and must exist"
|
|
end
|
|
|
|
if ctx.form.password == "" then
|
|
return "password required"
|
|
end
|
|
|
|
local user_row = db:get_one("SELECT id, username, password, auth_level FROM users WHERE username = :u", {u = username})
|
|
if not password.verify(ctx.form.password, user_row.password) then
|
|
return "wrong username or password"
|
|
end
|
|
|
|
local token = util.generate_token()
|
|
local expires = os.time() + (30 * 24 * 60 * 60) -- 30 days
|
|
db:insert("user_sessions", {
|
|
user_id = user_row.id,
|
|
token = token,
|
|
expires = expires
|
|
})
|
|
|
|
cookie.set("dkauth", token, { expires = expires })
|
|
|
|
session.set("logged_in", true)
|
|
session.set("user_id", user_row.id)
|
|
session.set("auth_level", user_row.auth_level)
|
|
|
|
return "Logged in!"
|