sub user_login {
    my $self = shift;
    my $cgi = $self->query;
    my $xml = $self->param('xml');
    $self->header_props( -uri => '/' );
    if ((defined $cgi->param('username')) && (defined $cgi->param('password'))) {
        my @user = grep { $_->{'username'} eq $cgi->param('username') } @{%{$xml}->{'user'}};
        if (scalar @user) {
            my $user = shift @user;
            if ($user->{password} eq md5_hex($cgi->param('password'))) {
                $self->header_props(
                    -cookie  =>  $cgi->cookie(
                        -expires =>  '+1y',
                        -name    =>  'cowsnet-auth',
                        -path    =>  '/',
                        -value   =>  \%{$user}
                    ),
                    -uri    =>  '/'
                );
            }
        }
    };
    $self->header_type('redirect');
}