def update(): """ Function updates user profile. """ id = int(request.form['id']) _profile = models.Profile.query_db().get(id) if not _profile: abort(404) form = forms.Profile() form.process(request.form) if form.validate(): salt = current_app.config['PASSWORD_SALT'] old_password_hash = _profile.passwd new_password_hash = md5x2(form.password.data, salt) # update entry form.populate_obj(_profile) if form.password.data == PSWD_substitute: _profile.passwd = old_password_hash else: _profile.passwd = new_password_hash g.db.add(_profile) g.db.flush() # inform front-end that it`s all OK return 'OK' context = { 'profile' :_profile, 'action': 'update', 'form': form, } return render_template('profiles_create.html', **context)
def login(): """Logs the user in.""" login = request.form.get('email') password = request.form.get('password') profile = models.Profile.get_by_email(login) if not login or not password or not profile: flash('Incorrect login/password') return redirect(request.referrer) salt = current_app.config['PASSWORD_SALT'] password_hash = md5x2(password, salt) if profile.passwd != password_hash: flash('Incorrect login/password') return redirect(url_for('profiles.lst')) session['user_id'] = profile.id session['is_authenticated'] = True return redirect(request.referrer)
def create(): """ Function performs user creation. """ form = forms.Profile() form.process(request.form) if form.validate(): # get password hash salt = current_app.config['PASSWORD_SALT'] password_hash = md5x2(form.password.data, salt) # make new entry _profile = models.Profile() form.populate_obj(_profile) _profile.passwd = password_hash g.db.add(_profile) g.db.flush() # inform that it`s all OK return 'OK' context = { 'action': 'create', 'form': form, } return render_template('profiles_create.html', **context)