1 files changed, 51 insertions, 3 deletions

diff --git a/src/user.cpp b/src/user.cpp
index cc2af65..36ad821 100644
--- a/src/user.cpp
+++ b/src/user.cpp
@@ -4,6 +4,7 @@
 
 #include <cppcms/url_dispatcher.h>  
 #include <cppcms/url_mapper.h>   
+#include <cppdb/frontend.h>
 
 namespace apps {
 
@@ -16,24 +17,51 @@ user::user( strusCms &cms )
 
 void user::login( )
 {
-	content::user c;
+	content::user c( cms );
 	c.title = "strusCms";
 	if( request( ).request_method( ) == "POST" ) {
 		c.login.load( context( ) ); 
 		if( c.login.validate( ) ) {
+			response( ).set_redirect_header( cms.root( ) );
 		}
 	}
 	render( "login", c );
 }
 
+// TODO: make this a salted hash
+bool user::check_login( std::string user, std::string password )
+{
+	if( user.empty( ) || password.empty( ) ) {
+		return false;
+	}
+	
+	cppdb::session sql( cms.conn );
+	cppdb::result r;
+	r = sql << "SELECT password FROM users WHERE username=?" << user << cppdb::row;
+	if( r.empty( ) ) {
+		return false;
+	}
+	
+	std::string pass;
+	r >> pass;
+	
+	if( password != pass ) {
+		return false;
+	}
+	
+	return true;
 }
 
+} // namespace apps
+
 namespace content {
 	
-login_form::login_form( ) : cppcms::form( )
+login_form::login_form( apps::strusCms &cms  )
+	: cppcms::form( ),
+	cms( cms )
 {
 	username.message( "Your login" );
-	username.error_message( "The login name can't be empty" );
+	username.error_message( "The login is illegal" );
 	password.message( "Your password" );
 	password.error_message( "Your password is illegal" );
 	submit.value( "Log in" );
@@ -46,4 +74,24 @@ login_form::login_form( ) : cppcms::form( )
 	password.non_empty( );
 }
 	
+bool login_form::validate( )
+{
+	if( !form::validate( ) ) {
+		return false;
+	}
+
+	if( !cms.user.check_login( username.value( ), password.value( ) ) ) {
+		username.valid( false );
+		password.valid( false );
+		return false;
+	}
+	
+	return true;
 }
+	
+user::user( apps::strusCms &cms )
+	: login( cms )
+{
+}
+
+} // namespace content