1 files changed, 78 insertions, 13 deletions
diff --git a/ctl.c b/ctl.c
index cd90f4f..9583c44 100644
--- a/ctl.c
+++ b/ctl.c
@@ -37,19 +37,6 @@ printhtml(char *s)
 		}
 }
 
-void
-login()
-{
-	char *hlite, msg[MAXMSG], *name;
-	char title[] = "Log In";
-	
-	*msg = 0;
-	hlite = name = NULL;
-	
-	printf("Content-Type: text/html\n\n");
-	#include "t/login.tc"
-}
-
 /*
  * The `new' functions provide a way to add a new attachment/post/user.
  * On GET, they show a form. On POST, they insert the posted information
@@ -64,6 +51,84 @@ newpost()
 {}
 
 void
+newsession()
+{
+	char *hlite, msg[MAXMSG], *p, *v;
+	char *name, *pass, *remember;
+	char title[] = "Log In";
+	struct user *user;
+	sqlite3_stmt *stmt;
+	
+	*msg = 0;
+	hlite = name = pass = remember = NULL;
+	
+	if(query.method == GET){
+		printf("Content-Type: text/html\n\n");
+		#include "t/login.tc"
+		return;
+	}
+	
+	if(query.length > MAXSESSIONDATA){
+		snprintf(msg, MAXMSG, "Input exceeded server limitations");
+		printf("Status: 431 Request Header Fields Too Large\n");
+		printf("Content-Type: text/html\n\n");
+		#include "t/login.tc"
+		return;
+	}
+	
+	while(p = nextparam(POST, NULL, MAXSESSIONDATA)){
+		if(!(v = split(p))) continue;
+		
+		if(!name && strcmp(p, "name") == 0)
+			name = strdup(v);
+		else if(!pass && strcmp(p, "pass") == 0)
+		 	pass = strdup(v);
+		else if(!remember && strcmp(p, "remember") == 0)
+		 	remember = strdup(v);
+		else
+			continue;
+	}
+	
+	if(!name || !*name){
+		snprintf(msg, MAXMSG, "Username may not be empty");
+		printf("Status: 400 Bad Request\n");
+		printf("Content-Type: text/html\n\n");
+		#include "t/login.tc"
+		return;
+	}
+	
+	if(sqlite3_prepare(db, "SELECT oid, * from users WHERE name = ?",
+	    -1, &stmt, 0) != SQLITE_OK)
+		goto fail;
+	
+	if(sqlite3_bind_text(stmt, 1, name, -1, SQLITE_STATIC) != SQLITE_OK)
+		goto dberr;
+	
+	if(!(user = getuser(stmt)))
+		goto fail;
+	
+	if(!haspass(user, pass))
+		goto fail;
+	
+	printf("Content-Type: text/plain\n\n");
+	printf("Success!\n");
+	return;
+
+dberr:
+	snprintf(msg, MAXMSG, "Could not retrieve user: %s",
+	    sqlite3_errmsg(db));
+	printf("Status: 500 Internal Server Errror\n");
+	printf("Content-Type: text/html\n\n");
+	#include "t/login.tc"
+	return;
+fail:
+	snprintf(msg, MAXMSG, "Invalid username or password");
+	printf("Status: 400 Bad Request\n");
+	printf("Content-Type: text/html\n\n");
+	#include "t/login.tc"
+}
+
+void
 newuser()
 {
 	char *captcha, *confirm, *name, *full, *pass;