def login():
form = LoginForm()
if hasattr(current_user, 'login'):
form.login.data = current_user.login
wrong_login = False
if form.validate_on_submit():
user = User.query.filter_by(login=form.login.data).first()
try:
ldap_user = check_ldap_credentials(form.login.data, form.password.data)
except:
ldap_user = None
print "Błąd połączenie z LDAP!"
if user is not None and (pwd_context.verify(form.password.data, user.password) or ldap_user):
if ldap_user:
if user.display_name != ldap_user['display_name']:
user.display_name = ldap_user['display_name']
db.session.commit()
login_user(user, remember=form.remember)
flask.flash('Logged in successfully.')
return form.redirect()
else:
wrong_login = True
return render_template('login.html', form=form, wrong_login=wrong_login)
def verify_password(self, password):
"""
takes password and verifies if hash of it is same with hash stored in db
:param password: input password
:return: True if it same else False
"""
return pwd_context.verify(password, self.password_hash)
def validate_python(self, field_dict, state):
try:
encrypted_password = field_dict[self.field_names[0]]
except TypeError: # Generally because field_dict isn't a dict
raise validators.Invalid(self.message('notDict', state), field_dict, state)
except KeyError:
encrypted_password = None
if encrypted_password:
errors = {}
for name in self.field_names[1:]:
raw_password = field_dict.get(name)
# Values are validated both before and after conversion, so we check to
# see if the raw values match or if the raw password can be verified against
# encrypted one.
ok = False
if raw_password == encrypted_password:
ok = True
else:
try:
ok = pwd_context.verify(raw_password, encrypted_password)
except ValueError:
pass
if not ok:
errors[name] = self.message('invalidNoMatch', state)
if errors:
error_list = errors.items()
error_list.sort()
lines = ['%s: %s' % (name, value) for name, value in error_list]
raise validators.Invalid(
'<br>\n'.join(lines),
field_dict,
state,
error_dict=errors
)
def post(self):
user = json.loads(self.request.body)
user_name = user["user_name"]
pwd = user["pass_word"]
select_user_name = """SELECT `user_name` FROM `User` WHERE `user_name` = "%s" """\
% (user_name)
result = self.application.db.get(select_user_name)
if result is None:
self.write({"success": "unregistered-user"})
self.finish()
return
select_pwd = """SELECT `password` FROM `User` WHERE `user_name` = "%s" """\
% (user_name)
result = self.application.db.get(select_pwd)
if pwd_context.verify(pwd, result["password"]):
self.write({"success": "success"})
user["pass_word"] = "hidden"
self.set_secure_cookie("bwitter", tornado.escape.json_encode(user))
self.finish()
return
else:
self.write({"success": "useremail-error"})
self.finish()
return
def POST(self):
i = web.input()
accountinfo = json.loads(i.data)
username = accountinfo['username']
password = accountinfo['password']
passwordhash = pwd_context.encrypt(password)
with connection() as conn:
if not "@" in username:
queryString = r.db(RDB_CONFIG['db']).table(tables['users']).filter(r.row['username'] == username)
else:
queryString = r.db(RDB_CONFIG['db']).table(tables['users']).filter(r.row['email'] == username)
findAccount = list(queryString.run(conn))
returndata = {}
if(len(findAccount) == 1):
for index,item in enumerate(findAccount):
ok = pwd_context.verify(password, item['password'])
if(ok):
returndata['userdata'] = {}
returndata['userdata']['id'] = item['id']
returndata['userdata']['username'] = item['username']
returndata['userdata']['email'] = item['email']
returndata['success'] = True
else:
returndata['error'] = {}
returndata['error']['message'] = 'There was a problem logging in, password or username didn\'t match.'
returndata['success'] = False
else:
returndata['success'] = False
returndata['message'] = {}
returndata['error'] = {}
returndata['error']['message'] = 'I\'m sorry, we cannot find an account with that username';
return json.dumps(returndata)
def authenticate(cls, username, password):
admin = Admin.query.filter_by(username=username).first()
if admin is not None and pwd_context.verify(password, admin.password):
login_user(admin)
return True
else:
return False
def authenticate(self):
user = User.query.filter(User.account == self.account).first()
if user is not None and pwd_context.verify(self.password, user.password):
login_user(user)
return True
else:
return False
def login(request):
"""Display form and handle login.
Puts up a view with a simple login form then validates the password
against stored sha-512 password hashes in the 'user' table.
"""
from passlib.apps import custom_app_context as pwd_context
session = request.dbsession
login_url = request.route_url("login")
referrer = request.url
if referrer == login_url:
referrer = "/" # never use the login form itself as came_from
came_from = request.params.get("came_from", referrer)
message = ""
login_name = ""
password = ""
if "form.submitted" in request.params:
login_name = request.params["login"]
password = request.params["password"]
this_user = session.query(User).filter_by(loginname=login_name).first()
if this_user and pwd_context.verify(password, this_user.password):
headers = remember(request, login_name)
return HTTPFound(location=came_from, headers=headers)
message = "Failed login"
return dict(
message=message,
url=request.application_url + "/login",
came_from=came_from,
login=login_name,
password=password,
)
def login():
# if g.user is not None and g.user.is_authenticated:
# return redirect(url_for('tickets'))
form = LoginForm()
if form.validate_on_submit():
print "ok"
# flash('Login requested for username="******", password="******"' % (form.username.data, form.password.data))
username = form.username.data
password = form.password.data
if "username" in locals():
result = models.User.query.filter_by(username=username).first()
if result:
password_in_db = result.password
res = pwd_context.verify(password, password_in_db)
if res:
login_user(result)
# flash('Login successful')
print "successful login "
return redirect(request.args.get("next") or url_for("index"))
else:
# flash('invalid password')
print "failed : invalid password"
return render_template("login.html", result="failed", form=form)
return render_template("login.html", title="Sign in", form=form)
def login(self, username, password, session_login=True):
"""
@param username is the username of an account
@param password is the password of an account
@returns a single record from the database as a Storage object
"""
log.loggit("AccountDB.login()")
# Try to login
account = self.review_account(username)
if not account:
return False
if not pwd_context.verify(password, account["password"]):
return False
account = wputil.clean_account(account)
if session_login:
# Update the account information
data = {}
data["last_ip"] = web.ctx.ip
data["last_login"] = str(int(time.time()))
account = self._set_account_info(account, data)
# Put account information in session key
for key, value in account.items():
value = str(value)
web.ctx.session[key] = (value[:50] + "...") if len(value) > 50 else value
return account
def authenticate_existing_user( users, form ):
if ( 'username' in form.keys() and
'password' in form.keys() ):
username = form['username']
password = form['password']
if ( username != None and password != None ):
user_cursor = users.find( { 'username' : username },
{ '_id' : 0, 'password_hash' : 1 } )
if user_cursor.count() != 0:
return pwd.verify( password, user_cursor.next().pop( 'password_hash' ) )
pass
else:
# Error : username doesn't exist
abort( 405 )
pass
pass
else:
# Error : either username or password is None
abort( 400 )
pass
pass
else:
# Error: Both username and password not supplied
abort( 400 )
pass
pass
def login():
'''This routine verifies that the user is an administrator and, if so,
puts them in admin mode and redirects them to the admin resource they
originally requested. It sends them back to the main page if their
requested URL is unsafe. The username and password are stored in
the database.
'''
if is_logged_in():
return redirect(url_for('web.display_admin'))
target_url = request.values.get('next') or url_for('web.display_admin')
if not is_safe_url(target_url):
return redirect(url_for('web.display_index'))
form = Users()
if form.is_submitted():
# Check if the cancel button has been pressed; the form value will be
# 'Cancel' but this doesn't need to be checked.
if request.form.get('cancel'):
return redirect(url_for('web.display_index'))
if form.validate():
user = Users.read_unit(form.nameField.data)
if (user is not None) and \
(custom_app_context.verify(form.passwordField.data,
user['password'])):
session['logged_in'] = True
return redirect(target_url)
flash('invalid login...', 'error')
return display_content(
form=form,
next=target_url,
title='Login',
breadcrumbs=get_breadcrumbs('login')
)
def change_password(self,old,new):
if pwd_context.verify(old, self.Password):
self.Password=pwd_context.encrypt(new)
self.save()
return True
else:
return False
def verify_password(self, password):
"""
arguments: password
return True / False
验证密码是否正确
"""
return custom_app_context.verify(password, self.password)
def sign_in(self, login, password):
if self.signed_in():
record = 'You are already signed in. Please sign out first'
self.log_manager.log_record(record=record, category='Warning')
return False
user = self.session.query(User).filter(User.login == str(login)).all()
email = self.session.query(User).filter(User.email == str(login)).all()
if user:
user = user[0]
elif email:
user = email[0]
else:
record = 'Login failed. Username: @%s' % str(login)
self.log_manager.log_record(record=record, category='Warning')
return False
if pwd_context.verify(password, user.password_hash):
self.user = user
self.session_data = self._generate_session_data()
self.session.add(self.session_data)
self.session.commit()
self.log_manager = LogManager(self)
record = '@%s signed in (#%s)' % (self.user.login, self.session_data.token)
self.log_manager.log_record(record=record, category='Information')
self.project_manager.session_data = self.session_data
self.project_manager.user = self.user
return True
else:
record = 'Login failed. Username: @%s' % str(login)
self.log_manager.log_record(record=record, category='Warning')
return False
def login():
data = request.get_json()
user = User.query.filter_by(email=data['email']).one()
if custom_app_context.verify(data['password'], user.pw_hash):
session['email'] = user.email
return jsonify({"email":user.email})
return jsonify({"status":"error"})
def verify_token(username, token):
"""
Verify validity of token
"""
s = TimedJWSSerializer(app.config['SECRET_KEY'])
try:
ut.pretty_print("Trying to load the token")
data = s.loads(token)
except SignatureExpired:
ut.pretty_print("ERROR: Expired Token")
return False
except BadSignature:
ut.pretty_print("ERROR: Invalid Token")
return False
else:
ut.pretty_print("Token successfully loaded")
stored = db.sessions.find_one(
filter={'username': data['username']}, sort=[('_id', -1)])
if not stored:
return False
result = json_util.loads(json_util.dumps(stored))
return pwd_context.verify(
data['password'],
result['password_hash']) and data['username'] == username
def login(self):
userpw = wx.GetPasswordFromUser('Enter root password', 'Root Password')
loggedin = False
if not isUserSet():
conf = wx.GetPasswordFromUser('Please confirm root password', 'Root Password')
while conf != userpw:
print 'Passwords do not match'
userpw = wx.GetPasswordFromUser('Enter root password', 'Root Password')
conf = wx.GetPasswordFromUser('Please confirm root password', 'Root Password')
print 'Initializing user'
password = pwd_context.encrypt(userpw)
setUser(password)
return True
else:
tries = 2
while not loggedin:
loggedin = pwd_context.verify(userpw, getUser())
if not loggedin:
print 'Wrong password'
userpw = wx.GetPasswordFromUser('Enter root password', 'Root Password')
tries -=1
if tries == 0:
self.ResetApplication()
return False
return True
def login():
if request.method == 'GET':
if 'username' in session:
# logged in already
return redirect('orders.html')
else:
html = '''
<form action="%s" method="post">
<p><input type=text name=username>
<p><input type=password name=passwd>
<p><input type=submit value=Login>
</form>
''' % url_for('login')
return render_template('login.html')
elif request.method == 'POST':
user = request.form['username']
pwd = request.form['passwd']
# lookup user, hash in db
init_resources()
with g.db:
application.logger.debug("logging in %s" % user)
# get cursor and setup to close cursor on completion of suite
with g.db.cursor() as cur:
cur.execute("SELECT passwd from em_users WHERE username = %s", (user, ))
row = cur.fetchone()
hash = row[0]
if pwd_context.verify(pwd, hash):
# match, set user
session['username'] = user
return redirect('orders.html')
else:
# failed, redirect back to login with message
flash('Login failed')
return redirect(url_for('login'))
def login():
"""Log user in."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
# ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password")
# query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))
# ensure username exists and password is correct
if len(rows) != 1 or not pwd_context.verify(request.form.get("password"), rows[0]["hash"]):
return apology("invalid username and/or password")
# remember which user has logged in
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("index"))
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
def login(self,
session,
messages,
username,
password):
''' Tries to authenticate the session.
@param username: the name of the user to authenticate
@param password: the password for the user
'''
user = self[username]
if not user or not pwd.verify(password, user.password):
messages.error('The username or password you entered was incorrect.')
return False
elif not user.active:
messages.error('This account has not yet been activated.')
return False
else:
session.username = username
session.save()
messages.success('Welcome, %s' % username)
return True
def login():
"""Log user in."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
# ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password")
# query database for username
user = User.query.filter(User.username == request.form.get("username")).first()
# ensure username exists and password is correct
if user == None or not pwd_context.verify(request.form.get("password"), user.hash):
return apology("invalid username and/or password")
# remember which user has logged in
session["user_id"] = user.id
# redirect user to home page
return redirect(url_for("index"))
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
def private_profile():
"""
The settings page for current_user. Here current_user may toggle suggestions, private, delete or report names,
change about & photo with a shoddy ChangeDetailsForm, change password with an acceptable ChangePasswordForm, or
permanently delete the account.
:return: profile.html rendered with list of suggested names for current_user amd forms
"""
names = Name.query.filter_by(userID=current_user.get_id()).all()
# TODO: implement a new form to change account details you lazy trashbag
form_d = ChangeDetailsForm(csrf_enabled=False)
form_p = ChangePasswordForm()
if form_p.validate_on_submit():
if pwd_context.verify(form_p.current_password.data, current_user.password):
user = User.query.get(current_user.id)
user.password = pwd_context.encrypt(form_p.new_password.data)
db.session.commit()
flash("Changes saved.")
return redirect(url_for("private_profile"))
else:
flash("Incorrect password.")
return redirect(url_for("private_profile"))
if form_d.validate_on_submit():
user = User.query.get(current_user.id)
if form_d.about.data != "":
user.about = form_d.about.data
app.logger.debug("result: "+user.about)
if form_d.url.data != "":
user.photo_url = form_d.url.data
db.session.commit()
flash("Changes saved.")
return redirect(url_for("private_profile"))
return render_template("profile.html", names=names, form_d=form_d, form_p=form_p)
def route_passwd():
checklogout()
uid = checksesval()
if uid is None:
return u"error: et ole kirjautunut sisään", 400
if request.method == 'POST':
if "new" not in request.form or len(request.form["new"]) < 6:
flash(u"Uusi salasana ei täyttänyt vaatimuksia")
return redirect("/passwd")
c.execute(("SELECT * FROM sanotut_users "
"WHERE email = (%s)"),
(session["email"],))
res = c.fetchone()
if res == None or not pwd_context.verify(request.form.get("old", ""), res[2]):
flash(u"Vanha salasana väärin")
return redirect("/passwd")
c.execute("UPDATE sanotut_users SET password = (%s) WHERE id = (%s)",
(pwd_context.encrypt(request.form["new"]), uid))
db.commit()
flash(u"Salasana vaihdettu.")
return redirect("/")
return render("passwd.html")
def old_password_check(form, field):
"""check old password input is valide"""
old_password = field.data
password = current_user.password
r = pwd_context.verify(old_password, current_user.password)
if not r:
raise validators.ValidationError('old password is wrong')
def route_login():
checklogout()
if request.method == 'POST':
if "email" not in request.form or "password" not in request.form:
flash(u"Anna sposti ja salasana.")
return redirect("/login")
c.execute(("SELECT * FROM sanotut_users "
"WHERE email = (%s)"),
(request.form["email"],))
res = c.fetchone()
if res == None or not pwd_context.verify(request.form["password"], res[2]):
flash(u"Ei moista sposti/salasana paria!")
return redirect("/login")
allchoice = string.lowercase + string.uppercase + string.digits
sesval = ''.join(random.choice(allchoice) for i in range(64))
c.execute("UPDATE sanotut_users SET session = (%s) WHERE id = (%s)",
(sesval, res[0],))
db.commit()
session["sesval"] = sesval
session["email"] = request.form["email"]
session["logged_in"] = True
flash(u"Kirjauduit sisään.")
return redirect("/")
return render("login.html", name="login")
def loginWithRealDb(db):
if (request.method == "POST"):
username = request.form["username"]
passwordHash = db.getUser(username)
if (passwordHash == ""):
print("No User Found")
return badCredsHtml
else:
if (db.userIsLockedOut(username)[0][0]):
return lockedOutHtml
else:
print("Checking password...")
if (pwd_context.verify(request.form["password"], passwordHash)):
db.updateNumberOfAttempts(username, 4)
print("password is correct!")
session['logged_in'] = True
print("logged_in set")
session["current_user"] = username
print(username + " Logged in")
session["friend_error"] = ""
return redirect("/")
else:
attempts = db.getNumberOfAttempts(username)[0][0]
if (attempts < 1 or attempts > 4):
db.lockOutUser(username)
db.enterLogMessage("User ~" + username + "~ is now locked out")
else:
db.updateNumberOfAttempts(username, attempts - 1)
print("Wrong password!!")
return badCredsHtml
else:
return loginHtml
def add():
if request.method == "POST":
if not request.form.get("passwd"):
return apology("must provide your password")
elif not request.form.get("login"):
return apology("must provide a username to encrypt")
elif not request.form.get("password"):
return apology("must provide a password to encrypt")
else:
rows = db.execute("SELECT * FROM users WHERE id = :id", id=session["user_id"])
if len(rows) != 1 or not pwd_context.verify(request.form.get("passwd"), rows[0]["hash"]):
return apology("invalid password!!")
else:
login = request.form.get("login")
password = request.form.get("password")
passwd = request.form.get("passwd")
comment = request.form.get("comment")
if not login:
return apology("login required")
elif not password:
return apology("login required")
gnupghome = '/usr/bin/gpg'
gpg = gnupg.GPG(gnupghome)
afile = str(gpg.encrypt(password,
symmetric='AES256', passphrase=passwd, encrypt=False))
db.execute("INSERT INTO portfolio (login, mfile, name, key) VALUES(:login, :mfile, :name, :key)", login=request.form.get("login"), mfile=afile, name=session["user_id"], key=comment)
return redirect(url_for("index"))
else:
return render_template("add.html")
def verify_password(self, password):
"""
Verify the user's password
:param str password: The password to verify
:return: True if the password is correct, else False
:rtype: bool
"""
return pwd_context.verify(password, self.password_hash)
def test_edit_user_with_token_and_edit_with_valid_username_and_password(self):
headers = {'Authentication-Token' : self.token}
response = self.jput('/api/users/edit', data={'username': '******', 'password': '******'}, headers=headers)
self.assertOk(response)
user = self.get_user_from_db(id=1)
self.assertEquals(user.username, 'jane')
self.assertTrue(pwd_context.verify('roe', user.password))
def verify_password(self, password):
return phash.verify(password, self.password_hash)
def verify_password(password, hashed):
return pwd_context.verify(password, hashed)
def verify_password_against_hash(password, password_hash):
return pwd_context.verify(password, password_hash)
def home_page():
events = select_all_events()
eventList = []
firstEvent = None
for eventNum, eventSelect in enumerate(events):
if eventNum == 0: #Create event objects
firstEvent = Events(select=eventSelect)
else:
eventList.append(Events(select=eventSelect))
newList = get_all_news()
newList = reversed(newList)
if request.method == 'GET':
return render_template('home/index.html',
firstEvent=firstEvent,
eventDic=eventList,
news=newList)
else:
input_mail = request.form['InputEmail']
input_password = request.form['InputPassword']
if input_mail in current_app.config[
'ADMIN_USERS'] and pwd_context.verify(
input_password, current_app.config['PASSWORD'][0]) is True:
user = load_user(input_mail)
login_user(user)
session['logged_in'] = True
flash('You have successfully logged in!', 'user_login')
return render_template('home/index.html',
firstEvent=firstEvent,
eventDic=eventList,
news=newList)
with dbapi2.connect(current_app.config['dsn']) as connection:
cursor = connection.cursor()
statement = """SELECT MAIL FROM USERS WHERE MAIL = %s"""
cursor.execute(statement, [input_mail])
db_mail = cursor.fetchone()
if db_mail is not None: # check whether the user exists
user = load_user(db_mail)
statement = """SELECT PASSWORD FROM USERS WHERE MAIL = %s"""
cursor.execute(statement, [db_mail])
if pwd_context.verify(input_password, user.Password) is True:
login_user(user)
session['logged_in'] = True
flash('You have successfully logged in!', 'user_login')
return render_template('home/index.html',
firstEvent=firstEvent,
eventDic=eventList,
news=newList)
else:
flash('Either mail or password is wrong!', 'user_login')
return render_template('home/index.html',
firstEvent=firstEvent,
eventDic=eventList,
news=newList) #Couldn't login
else:
flash('Either mail or password is wrong!', 'user_login')
return render_template('home/index.html',
firstEvent=firstEvent,
eventDic=eventList,
news=newList)
def change_password(self, req: r.PasswordChange):
if not pwd.verify(req.old, self.passhash):
raise e.BadPassword(name=self.name)
self.passhash = pwd.hash(req.n1)
self.save()
def verify_password(
self, password
): #This method is called whenever the user provides credentials and they need to be validated.
return pwd_context.verify(password, self.password.hash)
def verify_password(password, password_hash):
"""
compare hash password with thereof in db
"""
return pwd_context.verify(password, password_hash)
def verify_password(self, password):
"""
vérifier le mot de passe
"""
return pwd_context.verify(password, self.password_hash)
def verify_password(password,password_hash):
return pwd_context.verify(password, password_hash)
def verifyPassword(self, password):
return beepastePWD.verify(password, self.password)
def verify_password(self, password):
return custom_app_context.verify(password, self.password)
def pwd_verify(password, hashV):
return pwd_context.verify(password, hashV)
def verify_password(self, password):
return pwd_context.verify(password, self.PassWord)
def verify_password(password1, password2):
return pwd_context.verify(password1, password2)
def verify_pass(self, password):
return flask_user_context.verify(password, self.password)
def check_password(self, password, dbpassword):
return pwd_context.verify(password, dbpassword)
def is_authenticated(username, password):
"""Check if the user's username and password are good."""
if username == os.environ.get('AUTH_USERNAME', ''):
if pwd_context.verify(password, os.environ.get('AUTH_PASSWORD', '')):
return True
return False
def verify_password(self, password):
return pwd_context.verify(password, self.password_hash)
def authenticate(self, password: str) -> bool:
return pwd.verify(password, self.passhash)
def login():
"""Log user in."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
action = request.form.get("action")
if action == "login":
# ensure username was submitted
if not request.form.get("username"):
flash("ERROR: You must provide a username to login",
"alert-danger")
return render_template("login.html", flash=flash)
# ensure password was submitted
elif not request.form.get("password"):
flash("ERROR: You must provide a password to login",
"alert-danger")
return render_template("login.html", flash=flash)
# query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# ensure username exists and password is correct
if len(rows) != 1 or not pwd_context.verify(
request.form.get("password"), rows[0]["hash"]):
flash("ERROR: Invalid username and/or password",
"alert-danger")
return render_template("login.html", flash=flash)
# remember which user has logged in
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("profile"))
elif action == "register":
if not request.form.get("username"):
flash(
"ERROR: You must provide a username: Account not registered, please try again",
"alert-danger")
return render_template("login.html", flash=flash)
#ensure that password and the re entered pass word both have content
elif not request.form.get("password") or not request.form.get(
"password2"):
flash(
"ERROR: You must provide a new password: Account not registered, please try again",
"alert-danger")
return redirect(url_for("login"))
#ensure that both passwords match
elif request.form.get("password") != request.form.get("password2"):
flash(
"ERROR: Passwords do not match: Account not registered, please try again",
"alert-danger")
return render_template("login.html", flash=flash)
#check to ensure username does not exist
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
if len(rows) > 0:
flash(
"ERROR: Passwords do not match: Account not registered, please try again",
"alert-danger")
return render_template("login.html", flash=flash)
else:
#hash the password and insert the username and password into the DB
hash = pwd_context.encrypt(request.form.get("password"))
db.execute(
"INSERT INTO users (username, hash) VALUES (:username, :hash)",
username=request.form.get("username"),
hash=hash)
flash("Account registered, please login", "alert-success")
return render_template("login.html", flash=flash)
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
return render_template("login.html")
def check_passwords_equal(password, encrypted_password):
return pwd_context.verify(password, encrypted_password)
def profile():
userinfo = db.execute("SELECT * FROM users WHERE id = :user_id",
user_id=session["user_id"])
users_name = userinfo[0]["username"]
active = db.execute(
"SELECT * FROM courses WHERE users_name = :users_name AND complete = 'false'",
users_name=users_name)
completed = db.execute(
"SELECT * FROM courses WHERE users_name = :users_name AND complete = 'true'",
users_name=users_name)
ttlactive = len(active)
ttlcompleted = len(completed)
user = {}
user["username"] = users_name
user["firstName"] = userinfo[0]["firstName"]
user["lastName"] = userinfo[0]["lastName"]
user["title"] = userinfo[0]["title"]
user["quote"] = userinfo[0]["quote"]
user["active"] = ttlactive
user["completed"] = ttlcompleted
a_courses = []
c_courses = []
for row in active:
course = {}
course["name"] = row["name"]
a_courses.append(course)
for row in completed:
course = {}
course["name"] = row["name"]
c_courses.append(course)
if request.method == "POST":
action = request.form.get("action")
if action == "profedit":
fname = request.form.get("firstName")
lname = request.form.get("lastName")
title = request.form.get("title")
quote = request.form.get("quote")
db.execute("UPDATE users SET firstName = :fname, lastName = :lname, title = :title, quote = :quote "\
"WHERE username = :users_name", fname = fname, lname = lname, title = title, quote = quote, users_name = users_name)
flash("Profile Updated!", "alert-success")
return redirect(url_for("profile"))
elif action == "passedit":
rows = db.execute("SELECT * FROM users WHERE id = :user_id",
user_id=session["user_id"])
#ensure user enters current valid password
if not pwd_context.verify(request.form.get("curr_password"),
rows[0]["hash"]):
flash(
"ERROR: Current password is incorrect: Password not change, please try again",
"alert-danger")
return redirect(url_for("profile"))
#ensure the user has entered a value for both new password fields
elif not request.form.get("newpass1") or not request.form.get(
"newpass2"):
flash(
"ERROR: You must provide a new password: Password not change, please try again",
"alert-danger")
return redirect(url_for("profile"))
#ensure that both new passwords match
elif request.form.get("newpass1") != request.form.get("newpass2"):
flash(
"ERROR: New Passwords do not match: Password not change, please try again",
"alert-danger")
return redirect(url_for("profile"))
#hash the password and insert the username and password into the DB
hash = pwd_context.encrypt(request.form.get("newpass1"))
db.execute("UPDATE users SET hash = :hash", hash=hash)
flash("Password has been updated!", "alert-success")
return redirect(url_for("profile"))
return render_template("profile.html",
user=user,
a_courses=a_courses,
c_courses=c_courses)
def verify_password(self, password):
"""Verify a plaintext password against its stored hash value."""
return pwd_context.verify(password, self.password_hash)
def verify_password(self, password):
#verifies password through encryption
return pwd_security.verify(password, self.password_hash)
def verify_password(self, password):
return pwd_security.verify(password, self.password_hash)
def is_valid_password(username, password):
user_obj = USER_COLLECTION.find_one({'username': username})
hashVal = user_obj['password']
return pwd_context.verify(password, hashVal)
def authenticate(self, password):
return pwd_context.verify(password, self.passhash)
def check_password(self, password):
return pwd_context.verify(password, self.passhash)
def check_password(self, password):
"""检查密码"""
return pwd_context.verify(password, self.secret)
def login():
"""Log user in."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure username was submitted
if not request.form.get("email"):
flash("Must provide Email")
return redirect(url_for('login', _external=True, _scheme='https'))
# ensure password was submitted
elif not request.form.get("password"):
flash("Must provide password")
return redirect(url_for('login', _external=True, _scheme='https'))
if request.form.get('email') == '*****@*****.**' and request.form.get(
"password") == 'iamnarenbakshi':
session["user_id"] = '007'
flash("Welcome Admin!")
return redirect(url_for('admin', _external=True, _scheme='https'))
# query database for username
rows = Users.query.filter_by(email=request.form.get("email")).first()
encrypted = (request.form.get("password"))
# ensure username exists and password is correct
if not rows:
flash("Email not registered")
return redirect(url_for("login", _external=True, _scheme='https'))
elif not pwd_context.verify(encrypted, rows.password):
flash("Invalid password")
return redirect(url_for('login', _external=True, _scheme='https'))
# remember which user has logged in
session["user_id"] = rows.id
# redirect user to home page
flash("Logged In successfully!")
notify = Notification.query.filter_by(user_id=session["user_id"],
status="unread").all()
history = Notification.query.filter_by(
user_id=session["user_id"],
status="read").order_by(desc(Notification.id)).all()
if notify:
count = Notification.query.filter_by(user_id=session["user_id"],
status="unread").count()
return render_template('index.html',
notifications=notify,
number=count,
history=history,
_external=True,
_scheme='https')
return render_template('index.html',
history=history,
_external=True,
_scheme='https')
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html", _external=True, _scheme='https')
