def post_admin_login(): email = request.forms.get('email').decode('utf-8') password = request.forms.get('password').decode('utf-8') try: user = Author.get(email=email) except Author.DoesNotExist: redirect('/auth/login') enpass = user.password if is_password(password, enpass): response.set_cookie("user", user.id, secret=SECRET, path="/", max_age=30 * 24 * 60 * 60) redirect('/admin') else: redirect('/auth/login')
def admin_changepass(): oldpass = request.forms.get('oldpass').decode('utf-8') pass1 = request.forms.get('newpass').decode('utf-8') pass2 = request.forms.get('newpass2').decode('utf-8') try: user = Author.get(id=1) except Author.DoesNotExist: redirect('/admin') enpass = user.password if (is_password(oldpass, enpass) and pass1 == pass2): newpass = hexpassword(pass1) Author.update(password=newpass).where(id=1).execute() redirect('/admin') redirect('/admin/settings')