def changepasswd():
session_id = request.cookies.get(SESSION_ID)
if session_id is None:
return redirect(url_for('logout'))
if not session_db.exists(session_id):
return redirect(url_for('logout'))
form = PasswordChangeForm()
hidden = request.cookies.get('login')
if hidden is None:
return render_template('problem.html')
form.hidden = hidden
if form.validate_on_submit():
ssid = request.cookies.get(SESSION_ID)
user = session_db.get(ssid)
user_data = dbc.getUserByLogin(user)
user_id = user_data[0]
dbc.updatePassword(user_id, hash_password(form.newpassword.data))
return render_template('changegood.html')
return render_template('changepasswd.html', form=form)
