def login():
if request.method == 'POST':
user = request.form.to_dict()
#incomplete data
#incomplete data
errors = {}
user['username'] = user['username'].strip().lower()
if len(user['username']) == 0:
errors['username'] = '******'t be blank'
if len(user['password']) == 0:
errors['password'] = '******'
user_found = db.users.find_one({
'username': user['username'],
'password': user['password']
})
#username or password incorrect
if not user_found:
errors['not_valid'] = 'username or password is not valid'
return render_template('login.html', user=user, errors=errors)
user = UserMixin()
user.username = user_found['username']
user.id = user_found['_id'].__str__()
login_user(user)
g.user = user
return redirect(request.args.get("next") or url_for("index"))
return render_template('login.html', user={'username': '', 'password': ''})
def connexion():
if request.method == 'GET':
if current_user.is_anonymous:
return render_template("connexion.html")
else:
return redirect(url_for('main'))
elif request.method == 'POST':
email = request.form['email']
password = request.form['password']
results = c.execute(
"SELECT prenom, password FROM utilisateur WHERE email=?",
(email, )).fetchone()
if results:
passwordEnBase = results[1]
if sha256_crypt.verify(password, passwordEnBase):
user = UserMixin()
user.id = email
user.prenom = results[0]
login_user(user)
return redirect(url_for('main'))
else:
flash(
"Votre email et/ou votre mot de passe est incorrect. Veuillez les saisir à nouveau ",
"danger")
return render_template("connexion.html")
else:
flash(
"Votre email et/ou votre mot de passe est incorrect. Veuillez les saisir à nouveau ",
"danger")
return render_template("connexion.html")
def login():
if current_user.is_authenticated:
return redirect('/')
try:
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
if not (email and password):
error="Empty field detected"
return render_template('login.html',error=error)
cursor=g.conn.execute("SELECT password FROM Users WHERE email='%s'"%email)
real=''
for result in cursor:
real=result['password']
cursor.close()
if real==password:
cur_user = UserMixin()
cur_user.id=email
login_user(cur_user)
print("login successfully")
#_next=request.args.get('next')
#print(_next)
#if not next_is_valid(_next):
# return abort(400)
return redirect('/')
else:
error="Email and password don't match"
return render_template('login.html',error=error)
else:
return render_template('login.html')
except:
return redirect('/login')
def get_user(user_id=None, username=None):
global _users_data
if not _users_data:
_users_data = {}
with open(os.path.join(const.DATA_DIR, "users.csv")) as f:
user_dict = util.csv_to_array_of_dicts(f)
for user in user_dict:
new_user = UserMixin()
new_user.id = user["id"]
new_user.username = user["name"]
new_user.password = user["password"]
_users_data[new_user.get_id()] = new_user
if user_id is None:
for user in _users_data.values():
if user.username == username:
return user
if user_id in _users_data:
return _users_data[user_id]
else:
return False
def register():
if request.method == 'POST':
new_user = request.form.to_dict()
#incomplete data
errors = {}
new_user['username'] = new_user['username'].strip().lower()
if len(new_user['username']) == 0:
errors['username'] = '******'t be blank'
if len(new_user['password']) == 0:
errors['password'] = '******'
#user already registered
if db.users.find_one({'username':new_user['username']}):
errors['username'] = '******' % new_user['username']
if len(errors) > 0:
return render_template('register.html', new_user=new_user, errors=errors)
db.users.save(new_user)
user = UserMixin()
user.username = new_user['username']
user.id = new_user['_id'].__str__()
login_user(user)
return redirect(request.args.get("next") or url_for("index"))
elif request.method == 'GET':
return render_template('register.html', new_user= {'username':'', 'password':'', 'email':''})
def user_loader(login):
db_manager = DbManager.Manager()
if db_manager.get_user(login) is None:
return
user = UserMixin()
user.id = login
return user
def create_root(config):
from flask_login import UserMixin
import pickle
root_user = UserMixin()
root_user.id = 1
with open(config['ROOT_FILE'], 'wb') as f:
pickle.dump(root_user, f)
def login():
if request.method == 'POST':
user = request.form.to_dict()
#incomplete data
#incomplete data
errors = {}
user['username'] = user['username'].strip().lower()
if len(user['username']) == 0:
errors['username'] = '******'t be blank'
if len(user['password']) == 0:
errors['password'] = '******'
user_found = db.users.find_one({'username':user['username'], 'password':user['password']})
#username or password incorrect
if not user_found:
errors['not_valid'] = 'username or password is not valid'
return render_template('login.html', user = user, errors = errors)
user = UserMixin()
user.username = user_found['username']
user.id = user_found['_id'].__str__()
login_user(user)
g.user = user
return redirect(request.args.get("next") or url_for("index"))
return render_template('login.html', user= {'username':'', 'password':''})
def login():
if request.method == "GET":
next_ = '/' if ("next" not in request.args) else request.args.get("next")
params = {
'formAction': url_for("login_api.login"),
'next': next_
}
return render_template("login.html", **params) # unpack the params dictionary, using its values as named parameters
elif request.method == "POST":
data = request.form
password = str(data["password"])
username = str(data["username"])
next_ = str(data["next"])
# find the hashed password associated with the given username
passwordHash = database.getPasswordHash(username)
# error if there is no such username, or the password is incorrect
if passwordHash == -1 or not util.checkHash(passwordHash, password):
flash("Invalid username or password", "error")
return redirect(url_for(".login"))
userId = database.getUserByName(username)['id']
user = UserMixin()
user.id = userId
login_user(user)
flash("Log in successful", "success")
# don't render a template directly off of a POST request; redirect to a GET request, avoiding problems if the user manually reloads the page
return redirect(next_)
def load_user(userid):
#get the user 3
user_found = db.users.find_one({'_id': ObjectId(userid)})
user = UserMixin()
user.username = user_found['username']
user.id = user_found['_id'].__str__()
g.user = user
return user
def load_user(userid):
#get the user 3
user_found = db.users.find_one({'_id': ObjectId(userid)})
user = UserMixin()
user.username = user_found['username']
user.id = user_found['_id'].__str__()
g.user = user
return user
def load_user(user_id):
userDansLaBase = c.execute("SELECT email, prenom, pro FROM utilisateur WHERE email=?", (user_id,)).fetchone()
if userDansLaBase is None:
return None
user = UserMixin()
user.id = user_id
user.prenom = userDansLaBase[1]
user.pro = userDansLaBase[2]
return user
def user_loader(user_id): # user_id為表單資料的['user_id']
# user_loader是特殊method,雖然接受的是UserMixin() 但會自動取出其中的.id屬性
print("檢查登入狀態")
user = UserMixin()
user.id = user_id # 產生新的UserMixin()預設是沒有.id這個東西,但在自身的method中卻需要用到, 要補給他才會在current_user.id有紀錄
# user.is_anonymous 匿名用戶為T 登入用戶為 F
# user.is_active 帳號啟用 且 登入成功
# user.get_id() == user.id
# .is_authenticated是個T/F 這個是辨認有無登入的關鍵 為T時才可以使用@login_required method
return user
def load_user(user_id):
with db_connection.cursor() as cursor:
cursor.execute('SELECT username FROM "user" WHERE username=%s', (user_id,))
entry = cursor.fetchone()
if not entry:
return None
user = User()
user.id = entry[0]
return user
def login():
if request.method == 'GET':
logged_in = 'true' if current_user.get_id(
) == ADMIN_USERNAME else 'false'
return render_template('login.html', logged_in=logged_in)
if request.form['username'] == ADMIN_USERNAME and request.form[
'password'] == ADMIN_PASSWORD:
user = UserMixin()
user.id = request.form['username']
login_user(user)
print(f'Logged in as {user.id}')
return redirect('/browse.html')
return render_template('login.html')
def load_user(editor_id):
# looks for extra info in session, and updates the user object with that.
# If session isn't loaded/valid, should return None
if (not session.get('editor')) or (not session.get('api_token')):
return None
editor = session['editor']
token = session['api_token']
user = UserMixin()
user.id = editor_id
user.editor_id = editor_id
user.username = editor['username']
user.is_admin = editor['is_admin']
user.token = token
return user
def load_user(editor_id: str) -> UserMixin:
# looks for extra info in session, and updates the user object with that.
# If session isn't loaded/valid, should return None
if (not session.get("editor")) or (not session.get("api_token")):
return None
editor = session["editor"]
token = session["api_token"]
user = UserMixin()
user.id = editor_id
user.editor_id = editor_id
user.username = editor["username"]
user.is_admin = editor["is_admin"]
user.token = token
return user
def login():
error = None
user = UserMixin()
user.id = "admin"
#User[user] = 1
if request.method == 'POST':
if request.form['username'] != 'admin' or request.form['password'] != '123':
error = 'Invalid Credentials. Please try again.'
else:
#session['username'] = request.form['username']
#session.add(user)
login_user(user)
return redirect(url_for('home_page'))
return render_template('login.html', error=error)
def verify():
print('try login')
user_id = request.form['user_id'] # Flask.request
if ((user_id in usersinfo['user_id'])
and (request.form['password']
== users[usersinfo['user_id'].index(user_id)][1])):
# 如果帳密符合資料庫內容 就產生一個UserMixin()紀錄Session 存取id
user = UserMixin()
user.id = user_id
# 會將Session送到@login_manager.user_loader 將其激活
login_user(user) #需要@login_manager.user_loader來接收資料
print('驗證成功')
return redirect(url_for('success')) # 這裡的from_start是指method名稱
else:
return redirect(url_for('fail'))
def signup():
if flask.request.method == 'GET':
if flask_login.current_user.is_authenticated:
return flask.redirect(f'/users/{flask_login.current_user.id}')
return flask.render_template('signup.html')
else:
error_flag, bday, bmonth, byear, email, first_name, last_name, password, re_password, username = \
validate_form_data()
if error_flag:
return flask.redirect(flask.request.referrer)
with db_connection:
with db_connection.cursor() as cursor:
cursor.execute('SELECT username FROM "user" WHERE username=%s', (username,))
if cursor.fetchone():
flask.flash('Username already in use')
return flask.redirect(flask.request.referrer)
if password != re_password:
flask.flash('Passwords don\'t match')
return flask.redirect(flask.request.referrer)
password_hash = hashlib.sha256(password.encode()).hexdigest()
birth_date = datetime.date(int(byear), int(bmonth), int(bday))
# If this fails, it's a programming error and should be detected, the user will get an internal
# server error
cursor.execute('INSERT INTO'
' "user" ('
' username, '
' password_hash, '
' first_name, '
' last_name, '
' email, '
' birth_date)'
'VALUES(%s, %s, %s, %s, %s, %s)',
(username, password_hash, first_name, last_name, email, birth_date))
user = User()
user.id = username
flask_login.login_user(user)
return flask.redirect(f'/users/{username}')
def login_view():
users = {'testteam': '123321a', 'dev': 'dev2016', 'admin': 'admin.com'}
for k, v in request.args.iteritems():
print(k, v)
result = None
form = LoginForm()
if form.validate_on_submit():
if form.user.data in users and form.password.data == users.get(form.user.data):
user = UserMixin()
user.id = form.user.data
login_user(user=user, remember=True)
flash(u"登录成功.")
return redirect(request.args.get("next") or "/")
else:
result = u'登录失败,账号不存在或者密码错误'
return render_template('home/login.html', form=form, result=result)
def login():
if request.method == 'GET':
return render_template('login.html')
else:
email = request.form.get('email')
password = request.form.get('password')
print(email, password)
SQL = """
SELECT password
FROM `movie.users`
WHERE email='%s'
""" % (email)
try:
df = pandas_gbq.read_gbq(SQL)
print('success')
print(df)
if len(df) > 0:
if df.iloc[0].password == password:
#print('iam here')
cur_user = UserMixin()
cur_user.id = email
login_user(cur_user)
session['user_email'] = email
SQL = """
SELECT uid
FROM `movie.users`
WHERE email='%s'
""" % (email)
df = pandas_gbq.read_gbq(SQL)
session['user_id'] = int(df.iloc[0].uid)
session.permenant = True
return redirect(url_for('index'))
else:
error = 'email or password is wrong, try again'
return render_template('login.html', error=error)
else:
error = 'user does not exist'
return render_template('login.html', error=error)
except:
error = 'something wrong try again'
return render_template('login.html', error=error)
def register():
if request.method == 'POST':
new_user = request.form.to_dict()
#incomplete data
errors = {}
new_user['username'] = new_user['username'].strip().lower()
if len(new_user['username']) == 0:
errors['username'] = '******'t be blank'
if len(new_user['password']) == 0:
errors['password'] = '******'
#user already registered
if db.users.find_one({'username': new_user['username']}):
errors[
'username'] = '******' % new_user[
'username']
if len(errors) > 0:
return render_template('register.html',
new_user=new_user,
errors=errors)
db.users.save(new_user)
user = UserMixin()
user.username = new_user['username']
user.id = new_user['_id'].__str__()
login_user(user)
return redirect(request.args.get("next") or url_for("index"))
elif request.method == 'GET':
return render_template('register.html',
new_user={
'username': '',
'password': '',
'email': ''
})
def login():
if flask.request.method == 'GET':
if flask_login.current_user.is_authenticated:
return flask.redirect(f'/users/{flask_login.current_user.id}')
return flask.render_template('login.html')
else:
username = flask.request.form['username']
password = flask.request.form['password']
with db_connection.cursor() as cursor:
try:
cursor.execute('SELECT username, password_hash FROM "user" WHERE username=%s', (username,))
except psycopg2.DatabaseError:
flask.flash('Invalid credentials supplied')
return flask.redirect(flask.request.referrer)
entry = cursor.fetchone()
if not entry:
flask.flash('The specified user does not exist')
return flask.redirect(flask.request.referrer)
password_hash = hashlib.sha256(password.encode()).hexdigest()
if password_hash == entry[1]:
user = User()
user.id = username
flask_login.login_user(user)
if username == 'admin':
return flask.redirect('/admin')
else:
return flask.redirect(f'/users/{username}')
else:
flask.flash('Wrong password, contact the admin to implement "Forgot your password"')
return flask.redirect(flask.request.referrer)
def signup():
if request.method == 'POST':
uid=request.form['userid']
first=request.form['firstname']
last=request.form['lastname']
age=request.form['age']
gender=request.form['gender']
age=request.form['age']
email=request.form['email']
password=request.form['password']
if not (uid and first and last and age and gender and age and email and password):
error="Empty fields detected"
return render_template('login.html',error_signup=error)
try:
g.conn.execute("INSERT INTO Users VALUES ('%s','%s','%s','%s','%s','%s',%s)"%(email,last,first,gender,uid,password,age))
cur_user = UserMixin()
cur_user.id=email
login_user(cur_user)
return redirect('/')
except:
error="Some fields failed"
return render_template('login.html',error_signup=error)
else:
return redirect('login')
def login():
db_manager = DbManager.Manager()
if current_user.is_authenticated:
return redirect(url_for('store.download'))
if request.method == 'GET':
return render_template('login.html')
login = request.form['login']
match = db_manager.check_validity(
login,
request.form['password']
)
if match:
user = UserMixin()
user.id = login
login_user(user)
return redirect(url_for('store.download'))
return render_template(
'login.html',
)
def load_user(user_id):
users = {'testteam': '123321a', 'dev': 'dev2016', 'admin': 'admin.com'}
if user_id in users:
user = UserMixin()
user.id = user_id
return user
def load_user(user_id): user=UserMixin() user.id=user_id return user
def load_user(user_id):
if user_id == app.config['ADMIN_LOGIN']:
user = UserMixin()
user.id = user_id
return user
return None
def signup():
if request.method == 'GET':
return render_template('signup.html')
else:
email = request.form.get('email')
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
gender = request.form.get('gender')
age = request.form.get('age')
password1 = request.form.get('password1')
password2 = request.form.get('password2')
print(type(email), first_name, last_name, gender, age)
#查看是否有未填写
if not (email and first_name and last_name and gender and age
and password1 and password2):
error = "Empty fields detected"
return render_template('signup.html', error_signup=error)
#验证密码是否相等
if password1 != password2:
return '2 passwords not matched'
#'email'验证,是否被注册过
SQL1 = """
SELECT email
FROM `movie.users`
WHERE email='%s'
""" % (email)
SQL2 = """
SELECT uid
FROM `movie.users`
"""
try:
df1 = pandas_gbq.read_gbq(SQL1,
project_id=g.project_id,
credentials=g.credentials)
df2 = pandas_gbq.read_gbq(SQL2,
project_id=g.project_id,
credentials=g.credentials)
print('success')
if len(df1) > 0:
error = "email already exists, please change an email"
print(error)
return render_template('signup.html', error_signup=error)
else:
print('heloo')
uid = df2.uid.unique().max() + 1
print('uid', uid)
print('i am here')
SQL3 = """
INSERT INTO movie.users VALUES (%d,'%s','%s','%s',%d,'%s','%s')
""" % (int(uid), first_name, last_name, gender, int(age),
email, password1)
pandas_gbq.read_gbq(SQL3,
project_id=g.project_id,
credentials=g.credentials)
print('success2')
session['user_id'] = uid
session['user_email'] = email
cur_user = UserMixin()
cur_user.id = email
login_user(cur_user)
#注册成功,跳转到登陆页面
return redirect(url_for('index'))
except:
error = "Some fields failed"
return render_template('signup.html', error_signup=error)
def get_user(user_id): user = UserMixin() user.id = user_id user.is_authenticated = lambda: user.id in app.config['ALLOWED_USERS'] return user
def load_user(username):
userId = database.getUser(username)['id']
user = UserMixin()
user.id = userId
return user
