B4J=true
Group=Default Group
ModulesStructureVersion=1
Type=Class
Version=10.3
@EndOfDesignText@
'Class module: DoLoginHandler
Sub Class_Globals
	Private bc As BCrypt
End Sub

Public Sub Initialize
	bc.Initialize("BC")
End Sub

Public Sub Handle(req As ServletRequest, resp As ServletResponse)
	' Limpiamos el input del usuario para evitar errores
	Dim u As String = req.GetParameter("username").Trim
	Dim p As String = req.GetParameter("password")
	Log(u)
	Try
		' Buscamos el hash en la base de datos de autenticación (SQL_Auth)
		Dim storedHash As String = Main.SQL_Auth.ExecQuerySingleResult2("SELECT password_hash FROM users WHERE username = ?", Array As String(u))
		Log($"${storedHash}"$)
    
		' Verificamos la contraseña contra el hash
		If storedHash <> Null And bc.checkpw(p, storedHash) Then
			' CREDENCIALES CORRECTAS
			req.GetSession.SetAttribute("user_is_authorized", True)
			req.GetSession.SetAttribute("username", u)
			resp.SendRedirect("/manager")
		Else
			' Credenciales incorrectas
			resp.SendRedirect("/login")
		End If
	Catch
		Log(LastException)
		resp.SendRedirect("/login")
	End Try
End Sub