Handlers: Add password confirmation validation to signup

- Server-side validation for password confirmation field - Display error message if passwords don't match - Complements client-side validation added in previous commit
2026-01-15 22:39:58 -03:00 · 2026-01-15 22:39:58 -03:00 · 69a62f0ad5
parent ca4268dfec
commit 69a62f0ad5
1 changed files with 88 additions and 60 deletions
--- a/handlers/signup.go
+++ b/handlers/signup.go
@ -1,10 +1,10 @@
 package handlers

 import (
+	"github.com/gorilla/sessions"
 	"log"
 	"net/http"
 	"threadr/models"
-    "github.com/gorilla/sessions"
 )

 func SignupHandler(app *App) http.HandlerFunc {
@ -14,6 +14,34 @@ func SignupHandler(app *App) http.HandlerFunc {
 		if r.Method == http.MethodPost {
 			username := r.FormValue("username")
 			password := r.FormValue("password")
+			passwordConfirm := r.FormValue("password_confirm")
+
+			// Server-side validation for password confirmation
+			if password != passwordConfirm {
+				log.Printf("Password confirmation mismatch for user: %s", username)
+				data := struct {
+					PageData
+					Error string
+				}{
+					PageData: PageData{
+						Title:            "ThreadR - Sign Up",
+						Navbar:           "signup",
+						LoggedIn:         false,
+						ShowCookieBanner: cookie == nil || cookie.Value != "accepted",
+						BasePath:         app.Config.ThreadrDir,
+						StaticPath:       app.Config.ThreadrDir + "/static",
+						CurrentURL:       r.URL.Path,
+					},
+					Error: "Passwords do not match. Please try again.",
+				}
+				if err := app.Tmpl.ExecuteTemplate(w, "signup", data); err != nil {
+					log.Printf("Error executing template in SignupHandler: %v", err)
+					http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+					return
+				}
+				return
+			}
+
 			err := models.CreateUser(app.DB, username, password)
 			if err != nil {
 				log.Printf("Error creating user: %v", err)