Ejemplo n.º 1
0
def login():
    '''This routine verifies that the user is an administrator and, if so,
    puts them in admin mode and redirects them to the admin resource they
    originally requested. It sends them back to the main page if their
    requested URL is unsafe. The username and password are stored in
    the database.
    '''
    if is_logged_in():
        return redirect(url_for('web.display_admin'))
    target_url = request.values.get('next') or url_for('web.display_admin')
    if not is_safe_url(target_url):
        return redirect(url_for('web.display_index'))
    form = Users()
    if form.is_submitted():
        # Check if the cancel button has been pressed; the form value will be
        # 'Cancel' but this doesn't need to be checked.
        if request.form.get('cancel'):
            return redirect(url_for('web.display_index'))
        if form.validate():
            user = Users.read_unit(form.nameField.data)
            if (user is not None) and \
                   (custom_app_context.verify(form.passwordField.data,
                                          user['password'])):
                session['logged_in'] = True
                return redirect(target_url)
        flash('invalid login...', 'error')
    return display_content(
        form=form,
        next=target_url,
        title='Login',
        breadcrumbs=get_breadcrumbs('login')
    )
def login():
    form = LoginForm()
    if form.validate_on_submit():
        user = validate_username_password(form.email.data, form.password.data)
        if user:
            login_user(user, form.remember_me.data)
            next = request.args.get('next')
            if not is_safe_url(next):
                return abort(400)
            return redirect(next or url_for('main.dashboard'))
        flash('Invalid username or password.')
    return render_template('auth/login.html', form=form)
Ejemplo n.º 3
0
def logout():
    '''This routine logs the user out. If they were on a administrator page
    it returns them to the main site index file. If they were on an
    unrestricted page, it returns them to the page they were on.
    '''
    session.pop('logged_in', None)
    target_url = request.values.get('next')
    if target_url is not None and \
            not is_admin_page(target_url) and \
            is_safe_url(target_url):
        return redirect(target_url)
    return redirect(url_for('web.display_index'))
def login():

    form = LoginForm()
    if request.method == 'GET':  # if not form.validate_on_submit():
        return render_template('login2.html', form=form)

    elif request.method == 'POST':

        print(url_for('landing_page'))
        user = User.query.filter(
            User.username == request.form['username']).first()

        pw_correct = user.verify_password(request.form['password'])
        if (pw_correct and user is not None):
            login_user(user)
            next = request.args.get('next') or request.form['next'] or ""
            if not is_safe_url(next):
                return flask.abort(400)
            return redirect(next or url_for('landing_page'))
        else:
            return u"اطلاعات وارد شده معتبر نیستند"