def register(username, passwd):
if re.search(disallowed_chars,
username) or len(username) > 20 or get_user(username):
raise Forbidden
user = User(username, passwd)
session.commit()
return user
def login(request):
type = request.form.get('do')
token = request.form.get('token')
username = request.form.get('user')
passwd = request.form.get('pw')
if not (username and passwd and type and token) or not is_valid_token(
type, token):
return serve_text('')
user = get_user(username)
if type == 'reg' and user is None:
user = register(username, passwd)
if user and user.is_valid_pw(passwd):
request.login(username)
todo = request.form.get('reason')
if not todo:
response = serve_text('ok')
else:
response = exec_todo(request, user, todo)
#remember user for n hours
hours = 24 * (30 if request.form.get('rem') == 'on' else 1)
request.session.save_cookie(response,
expires=cookie_expires(hours),
max_age=cookie_lifespan(hours))
return response
return serve_text('')
def login_form(request):
username = request.form.get('username')
password = request.form.get('passwd')
user = get_user(username)
if user and user.is_valid_pw(password):
request.login(username)
return redirect(url_for('index'))
flashMsg = 'Invalid credentials.'
return serve_response('login.html', flashMsg=flashMsg)
def user_exists(request):
name = request.args.get('name')
if not name:
raise Forbidden
user = get_user(name)
if user is not None:
return serve_text('username taken.')
else:
return serve_text('')
def login_form(request):
username = request.form.get('username')
password = request.form.get('passwd')
user = get_user(username)
if user and user.is_valid_pw(password):
request.login(username)
return redirect(url_for('index'))
flashMsg = 'Invalid credentials.'
return serve_response('login.html', flashMsg=flashMsg)
def user_exists(request):
name = request.args.get('name')
if not name:
raise Forbidden
user = get_user(name)
if user is not None:
return serve_text('username taken.')
else:
return serve_text('')
def register_form(request):
# getting and checking input
username = request.form.get('username', None)
pw1 = request.form.get('passwd', None)
pw2 = request.form.get('passwd2', None)
if not (username and pw1 and pw2):
return serve_response('login.html', flashMsg='All fields are required.')
if ' ' in username:
return serve_response('login.html', flashMsg='Username cannot contain spaces.')
if get_user(username):
return serve_response('login.html', flashMsg='Username exists! Please choose another username.')
if pw1 != pw2:
return serve_response('login.html', flashMsg='Passwords don\'t match.')
# create user
user = User(username, pw1)
session.commit()
return login_form(request)
def register_form(request):
# getting and checking input
username = request.form.get('username', None)
pw1 = request.form.get('passwd', None)
pw2 = request.form.get('passwd2', None)
if not (username and pw1 and pw2):
return serve_response('login.html',
flashMsg='All fields are required.')
if ' ' in username:
return serve_response('login.html',
flashMsg='Username cannot contain spaces.')
if get_user(username):
return serve_response(
'login.html',
flashMsg='Username exists! Please choose another username.')
if pw1 != pw2:
return serve_response('login.html', flashMsg='Passwords don\'t match.')
# create user
user = User(username, pw1)
session.commit()
return login_form(request)
def login(request):
type = request.form.get('do')
token = request.form.get('token')
username = request.form.get('user')
passwd = request.form.get('pw')
if not (username and passwd and type and token) or not is_valid_token(type, token):
return serve_text('')
user = get_user(username)
if type == 'reg' and user is None:
user = register(username, passwd)
if user and user.is_valid_pw(passwd):
request.login(username)
todo = request.form.get('reason')
if not todo:
response = serve_text('ok')
else:
response = exec_todo(request, user, todo)
#remember user for n hours
hours = 24 * (30 if request.form.get('rem') == 'on' else 1)
request.session.save_cookie(response, expires=cookie_expires(hours), max_age=cookie_lifespan(hours))
return response
return serve_text('')
def register(username, passwd):
if re.search(disallowed_chars, username) or len(username)>20 or get_user(username):
raise Forbidden
user = User(username, passwd)
session.commit()
return user
