def login():
if 'username' in session:
flash('You are already logged in.')
return redirect(url_for('home'))
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = db.retrieve_user_by_username(form.username.data)
if not user:
form.username.errors.append('Username not found')
return render_template('login.html', form=form, title='Login')
if not db.is_activated(form.username.data):
flash('This account is not activated, please verify your email by opening activation link that we sent you')
return render_template('login.html', form=form, title='Login')
if not user.is_password_correct(form.password.data):
form.password.errors.append('Wrong password, please try again...')
return render_template('login.html', form=form, title='Login')
# username and password are correct, create a session
session['username'] = user.username
session['acc_type'] = user.acc_type
# record ip address and timestamp
db.insert_log(Log(user.username, request.remote_addr))
return redirect(url_for('profile'))
return render_template('login.html', form=form, title='Login')
def register():
if 'username' in session:
flash('You cannot register while you are logged in, please log out first.')
return redirect(url_for('home'))
form = RegistrationForm(request.form)
if request.method == 'POST' and form.validate():
username_exist = db.retrieve_user_by_username(form.username.data)
email_exist = db.retrieve_user_by_email(form.email.data)
if username_exist:
form.username.errors.append('Username already taken')
if email_exist:
form.email.errors.append('Email already used')
if username_exist or email_exist:
return render_template('register.html',
form=form,
title='Sign Up')
# load data from form and create User object
user = User(form.username.data,
form.email.data,
User.generate_hash(form.password.data),
form.acc_type.data)
# save user to database
db.insert_user(user)
# generate 5 digits activation code and save it inside db
activation_code = str(random.randint(10000, 99999))
db.insert_token(user.username, activation_code)
# generate activation link, activation code is encoded as URL parameter
activation_link = url_for('activate', _external=True, username=user.username)
activation_link += "?activation_code=" + activation_code
# generate template for confirmation email
email_msg = render_template('email/verify_email.html',
username=user.username,
activation_code=activation_code,
activation_link=activation_link)
# send email
send_email(recipient=user.email, subject='Account Activation', template=email_msg)
flash('Thanks for registering, check your email inbox for instructions on how to activate your account')
return redirect(url_for('home'))
return render_template('register.html',
form=form,
title='Sign Up')
