Beispiel #1
0
def login():
    # redirect to home if already logged in
    if session.get('user_id'):
        return redirect(url_for('ph_bp.home'))
    if request.method == 'POST':
        token = md5(request.form['password'] +
                    session.get('nonce', '')).hexdigest()
        if token == request.form['token']:
            query = "SELECT * FROM users WHERE username='******' AND password_hash='{}'"
            username = request.form['username']
            password_hash = xor_encrypt(request.form['password'],
                                        current_app.config['PW_ENC_KEY'])
            user = db.session.execute(query.format(username,
                                                   password_hash)).first()
            if user and user['status'] == 1:
                session['user_id'] = user.id
                path = os.path.join(current_app.config['UPLOAD_FOLDER'],
                                    md5(str(user.id)).hexdigest())
                if not os.path.exists(path):
                    os.makedirs(path)
                session['upload_folder'] = path
                session.rotate()
                return redirect(
                    request.args.get('next') or url_for('ph_bp.home'))
            return redirect(
                url_for('ph_bp.login', error='Invalid username or password.'))
        return redirect(url_for('ph_bp.login', error='Bot detected.'))
    session['nonce'] = get_token(5)
    return render_template('login.html')
Beispiel #2
0
def login():
    # redirect to home if already logged in
    if session.get('user_id'):
        return redirect(url_for('home'))
    if request.method == 'POST':
        query = "SELECT * FROM users WHERE username='******' AND password_hash='{}'"
        username = request.form['username']
        password_hash = xor_encrypt(request.form['password'], app.config['PW_ENC_KEY'])
        user = db.session.execute(query.format(username, password_hash)).first()
        if user and user['status'] == 1:
            session['user_id'] = user.id
            path = os.path.join(app.config['UPLOAD_FOLDER'], md5(str(user.id)).hexdigest())
            if not os.path.exists(path):
                os.makedirs(path)
            session['upload_folder'] = path
            session.rotate()
            return redirect(request.args.get('next') or url_for('home'))
        return redirect(url_for('login', error='Invalid username or password.'))
    return render_template('login.html')
Beispiel #3
0
 def password(self, password):
     self.password_hash = xor_encrypt(password, current_app.config['PW_ENC_KEY'])
Beispiel #4
0
 def check_password(self, password):
     if self.password_hash == xor_encrypt(password, current_app.config['PW_ENC_KEY']):
         return True
     return False
Beispiel #5
0
 def check_password(self, password):
     if self.password_hash == xor_encrypt(password, app.config['PW_ENC_KEY']):
         return True
     return False
Beispiel #6
0
 def password(self, password):
     self.password_hash = xor_encrypt(password, app.config['PW_ENC_KEY'])