def get_user(user_id=None, username=None):
global _users_data
if not _users_data:
_users_data = {}
with open(os.path.join(const.DATA_DIR, "users.csv")) as f:
user_dict = util.csv_to_array_of_dicts(f)
for user in user_dict:
new_user = UserMixin()
new_user.id = user["id"]
new_user.username = user["name"]
new_user.password = user["password"]
_users_data[new_user.get_id()] = new_user
if user_id is None:
for user in _users_data.values():
if user.username == username:
return user
if user_id in _users_data:
return _users_data[user_id]
else:
return False
def user_loader(login):
db_manager = DbManager.Manager()
if db_manager.get_user(login) is None:
return
user = UserMixin()
user.id = login
return user
def login():
if current_user.is_authenticated:
return redirect('/')
try:
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
if not (email and password):
error="Empty field detected"
return render_template('login.html',error=error)
cursor=g.conn.execute("SELECT password FROM Users WHERE email='%s'"%email)
real=''
for result in cursor:
real=result['password']
cursor.close()
if real==password:
cur_user = UserMixin()
cur_user.id=email
login_user(cur_user)
print("login successfully")
#_next=request.args.get('next')
#print(_next)
#if not next_is_valid(_next):
# return abort(400)
return redirect('/')
else:
error="Email and password don't match"
return render_template('login.html',error=error)
else:
return render_template('login.html')
except:
return redirect('/login')
def connexion():
if request.method == 'GET':
if current_user.is_anonymous:
return render_template("connexion.html")
else:
return redirect(url_for('main'))
elif request.method == 'POST':
email = request.form['email']
password = request.form['password']
results = c.execute(
"SELECT prenom, password FROM utilisateur WHERE email=?",
(email, )).fetchone()
if results:
passwordEnBase = results[1]
if sha256_crypt.verify(password, passwordEnBase):
user = UserMixin()
user.id = email
user.prenom = results[0]
login_user(user)
return redirect(url_for('main'))
else:
flash(
"Votre email et/ou votre mot de passe est incorrect. Veuillez les saisir à nouveau ",
"danger")
return render_template("connexion.html")
else:
flash(
"Votre email et/ou votre mot de passe est incorrect. Veuillez les saisir à nouveau ",
"danger")
return render_template("connexion.html")
def validate(self):
"""Validate form contents."""
print("errors are\n{}".format(self.errors))
if not Form.validate(self):
print("validation failed")
return False
# In this trivial app, a login is valid if
# 1) the username and password fields are not empty, and
# 2), the password is the username backwards.
if self.username.data == self.password.data[::-1]:
self.user = UserMixin()
self.user.id = self.username.data
users[self.user.id] = self.user
print("we are good")
# The `remember` flag means our app will remember
# users even if they close their browser. It uses
# cookies to accomplish this.
login_user(self.user, remember=True)
print("current_user: {}".format(current_user.get_id()))
return True
print("invalid password")
# See this link for why the following pattern is necessary:
# https://stackoverflow.com/questions/22889295/flask-self-errors-append-attributeerror-tuple-object-has-no-attribute-ap#comment74244200_22889381
errorlist = list(self.username.errors) # issue
errorlist.append('Invalid password')
self.username.errors = errorlist
flash('invalid passwird')
print(self.username.errors)
return False
def create_root(config):
from flask_login import UserMixin
import pickle
root_user = UserMixin()
root_user.id = 1
with open(config['ROOT_FILE'], 'wb') as f:
pickle.dump(root_user, f)
def login():
if request.method == "GET":
next_ = '/' if ("next" not in request.args) else request.args.get("next")
params = {
'formAction': url_for("login_api.login"),
'next': next_
}
return render_template("login.html", **params) # unpack the params dictionary, using its values as named parameters
elif request.method == "POST":
data = request.form
password = str(data["password"])
username = str(data["username"])
next_ = str(data["next"])
# find the hashed password associated with the given username
passwordHash = database.getPasswordHash(username)
# error if there is no such username, or the password is incorrect
if passwordHash == -1 or not util.checkHash(passwordHash, password):
flash("Invalid username or password", "error")
return redirect(url_for(".login"))
userId = database.getUserByName(username)['id']
user = UserMixin()
user.id = userId
login_user(user)
flash("Log in successful", "success")
# don't render a template directly off of a POST request; redirect to a GET request, avoiding problems if the user manually reloads the page
return redirect(next_)
def login():
if request.method == 'POST':
user = request.form.to_dict()
#incomplete data
#incomplete data
errors = {}
user['username'] = user['username'].strip().lower()
if len(user['username']) == 0:
errors['username'] = '******'t be blank'
if len(user['password']) == 0:
errors['password'] = '******'
user_found = db.users.find_one({
'username': user['username'],
'password': user['password']
})
#username or password incorrect
if not user_found:
errors['not_valid'] = 'username or password is not valid'
return render_template('login.html', user=user, errors=errors)
user = UserMixin()
user.username = user_found['username']
user.id = user_found['_id'].__str__()
login_user(user)
g.user = user
return redirect(request.args.get("next") or url_for("index"))
return render_template('login.html', user={'username': '', 'password': ''})
def load_user(userid):
#get the user 3
user_found = db.users.find_one({'_id': ObjectId(userid)})
user = UserMixin()
user.username = user_found['username']
user.id = user_found['_id'].__str__()
g.user = user
return user
def load_user(user_id):
userDansLaBase = c.execute("SELECT email, prenom, pro FROM utilisateur WHERE email=?", (user_id,)).fetchone()
if userDansLaBase is None:
return None
user = UserMixin()
user.id = user_id
user.prenom = userDansLaBase[1]
user.pro = userDansLaBase[2]
return user
def user_loader(user_id): # user_id為表單資料的['user_id']
# user_loader是特殊method,雖然接受的是UserMixin() 但會自動取出其中的.id屬性
print("檢查登入狀態")
user = UserMixin()
user.id = user_id # 產生新的UserMixin()預設是沒有.id這個東西,但在自身的method中卻需要用到, 要補給他才會在current_user.id有紀錄
# user.is_anonymous 匿名用戶為T 登入用戶為 F
# user.is_active 帳號啟用 且 登入成功
# user.get_id() == user.id
# .is_authenticated是個T/F 這個是辨認有無登入的關鍵 為T時才可以使用@login_required method
return user
def load_user(request) -> typing.Optional[UserMixin]:
"""
Verify that the 'Authorization' header equals our secret key.
Returns an empty `UserMixin` on success.
Docs: https://flask-login.readthedocs.io/en/latest/#installation
Example: http://gouthamanbalaraman.com/blog/minimal-flask-login-example.html
"""
token = str(request.headers.get('Authorization'))
secret = str(current_app.config['SECRET_KEY'])
return UserMixin() if token == secret else None
def load_user_from_header(header_val):
'''see if this user sent the correct username and hashed message'''
header_val = header_val.replace('Basic ', '', 1)
val = header_val.split(':')
if len(val) == 2:
user = mongo.db.users.find_one({'username': val[0]})
if user:
key = mongo.db.keys.find_one({'username': val[0]})
if check_signature(key, val[1], request.method,
request.get_data()):
return UserMixin()
else:
return "Not Authorized", 401
def login():
if request.method == 'GET':
logged_in = 'true' if current_user.get_id(
) == ADMIN_USERNAME else 'false'
return render_template('login.html', logged_in=logged_in)
if request.form['username'] == ADMIN_USERNAME and request.form[
'password'] == ADMIN_PASSWORD:
user = UserMixin()
user.id = request.form['username']
login_user(user)
print(f'Logged in as {user.id}')
return redirect('/browse.html')
return render_template('login.html')
def login():
error = None
user = UserMixin()
user.id = "admin"
#User[user] = 1
if request.method == 'POST':
if request.form['username'] != 'admin' or request.form['password'] != '123':
error = 'Invalid Credentials. Please try again.'
else:
#session['username'] = request.form['username']
#session.add(user)
login_user(user)
return redirect(url_for('home_page'))
return render_template('login.html', error=error)
def load_user(editor_id: str) -> UserMixin:
# looks for extra info in session, and updates the user object with that.
# If session isn't loaded/valid, should return None
if (not session.get("editor")) or (not session.get("api_token")):
return None
editor = session["editor"]
token = session["api_token"]
user = UserMixin()
user.id = editor_id
user.editor_id = editor_id
user.username = editor["username"]
user.is_admin = editor["is_admin"]
user.token = token
return user
def load_user(editor_id):
# looks for extra info in session, and updates the user object with that.
# If session isn't loaded/valid, should return None
if (not session.get('editor')) or (not session.get('api_token')):
return None
editor = session['editor']
token = session['api_token']
user = UserMixin()
user.id = editor_id
user.editor_id = editor_id
user.username = editor['username']
user.is_admin = editor['is_admin']
user.token = token
return user
def verify():
print('try login')
user_id = request.form['user_id'] # Flask.request
if ((user_id in usersinfo['user_id'])
and (request.form['password']
== users[usersinfo['user_id'].index(user_id)][1])):
# 如果帳密符合資料庫內容 就產生一個UserMixin()紀錄Session 存取id
user = UserMixin()
user.id = user_id
# 會將Session送到@login_manager.user_loader 將其激活
login_user(user) #需要@login_manager.user_loader來接收資料
print('驗證成功')
return redirect(url_for('success')) # 這裡的from_start是指method名稱
else:
return redirect(url_for('fail'))
def login():
if request.method == 'GET':
return render_template('login.html')
else:
email = request.form.get('email')
password = request.form.get('password')
print(email, password)
SQL = """
SELECT password
FROM `movie.users`
WHERE email='%s'
""" % (email)
try:
df = pandas_gbq.read_gbq(SQL)
print('success')
print(df)
if len(df) > 0:
if df.iloc[0].password == password:
#print('iam here')
cur_user = UserMixin()
cur_user.id = email
login_user(cur_user)
session['user_email'] = email
SQL = """
SELECT uid
FROM `movie.users`
WHERE email='%s'
""" % (email)
df = pandas_gbq.read_gbq(SQL)
session['user_id'] = int(df.iloc[0].uid)
session.permenant = True
return redirect(url_for('index'))
else:
error = 'email or password is wrong, try again'
return render_template('login.html', error=error)
else:
error = 'user does not exist'
return render_template('login.html', error=error)
except:
error = 'something wrong try again'
return render_template('login.html', error=error)
def register():
if request.method == 'POST':
new_user = request.form.to_dict()
#incomplete data
errors = {}
new_user['username'] = new_user['username'].strip().lower()
if len(new_user['username']) == 0:
errors['username'] = '******'t be blank'
if len(new_user['password']) == 0:
errors['password'] = '******'
#user already registered
if db.users.find_one({'username': new_user['username']}):
errors[
'username'] = '******' % new_user[
'username']
if len(errors) > 0:
return render_template('register.html',
new_user=new_user,
errors=errors)
db.users.save(new_user)
user = UserMixin()
user.username = new_user['username']
user.id = new_user['_id'].__str__()
login_user(user)
return redirect(request.args.get("next") or url_for("index"))
elif request.method == 'GET':
return render_template('register.html',
new_user={
'username': '',
'password': '',
'email': ''
})
def load_user_from_request(request):
"""Decorator for performing authentication of requests' API_TOKEN"""
# first, try to login using the api_key url arg
#api_key = request.args.get('api_key')
#if api_key:
# user = User.query.filter_by(api_key=api_key).first()
# if user:
# return user
# next, try to login using Basic Auth
api_key = request.headers.get('Authorization')
if api_key:
api_key = api_key.replace('Basic ', '', 1)
try:
api_key = base64.b64decode(api_key)
except TypeError:
pass
api_key = api_key.decode("utf-8")
api_key, dummy_pass = api_key.split(":")
if app.config["API_TOKEN"] == api_key:
return UserMixin()
# finally, return None if both methods did not login the user
return None
def signup():
if request.method == 'POST':
uid=request.form['userid']
first=request.form['firstname']
last=request.form['lastname']
age=request.form['age']
gender=request.form['gender']
age=request.form['age']
email=request.form['email']
password=request.form['password']
if not (uid and first and last and age and gender and age and email and password):
error="Empty fields detected"
return render_template('login.html',error_signup=error)
try:
g.conn.execute("INSERT INTO Users VALUES ('%s','%s','%s','%s','%s','%s',%s)"%(email,last,first,gender,uid,password,age))
cur_user = UserMixin()
cur_user.id=email
login_user(cur_user)
return redirect('/')
except:
error="Some fields failed"
return render_template('login.html',error_signup=error)
else:
return redirect('login')
def login():
db_manager = DbManager.Manager()
if current_user.is_authenticated:
return redirect(url_for('store.download'))
if request.method == 'GET':
return render_template('login.html')
login = request.form['login']
match = db_manager.check_validity(
login,
request.form['password']
)
if match:
user = UserMixin()
user.id = login
login_user(user)
return redirect(url_for('store.download'))
return render_template(
'login.html',
)
def test_hashable(self):
self.assertTrue(isinstance(UserMixin(), collections.Hashable))
def load_user(username):
userId = database.getUser(username)['id']
user = UserMixin()
user.id = userId
return user
def load_user(user_id): user=UserMixin() user.id=user_id return user
def load_user(user_id):
if user_id == app.config['ADMIN_LOGIN']:
user = UserMixin()
user.id = user_id
return user
return None
def signup():
if request.method == 'GET':
return render_template('signup.html')
else:
email = request.form.get('email')
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
gender = request.form.get('gender')
age = request.form.get('age')
password1 = request.form.get('password1')
password2 = request.form.get('password2')
print(type(email), first_name, last_name, gender, age)
#查看是否有未填写
if not (email and first_name and last_name and gender and age
and password1 and password2):
error = "Empty fields detected"
return render_template('signup.html', error_signup=error)
#验证密码是否相等
if password1 != password2:
return '2 passwords not matched'
#'email'验证,是否被注册过
SQL1 = """
SELECT email
FROM `movie.users`
WHERE email='%s'
""" % (email)
SQL2 = """
SELECT uid
FROM `movie.users`
"""
try:
df1 = pandas_gbq.read_gbq(SQL1,
project_id=g.project_id,
credentials=g.credentials)
df2 = pandas_gbq.read_gbq(SQL2,
project_id=g.project_id,
credentials=g.credentials)
print('success')
if len(df1) > 0:
error = "email already exists, please change an email"
print(error)
return render_template('signup.html', error_signup=error)
else:
print('heloo')
uid = df2.uid.unique().max() + 1
print('uid', uid)
print('i am here')
SQL3 = """
INSERT INTO movie.users VALUES (%d,'%s','%s','%s',%d,'%s','%s')
""" % (int(uid), first_name, last_name, gender, int(age),
email, password1)
pandas_gbq.read_gbq(SQL3,
project_id=g.project_id,
credentials=g.credentials)
print('success2')
session['user_id'] = uid
session['user_email'] = email
cur_user = UserMixin()
cur_user.id = email
login_user(cur_user)
#注册成功,跳转到登陆页面
return redirect(url_for('index'))
except:
error = "Some fields failed"
return render_template('signup.html', error_signup=error)
