def authenticate(username, password):
user = db.get_user_by_username(username)
if (user and password_utils.verify_password(password.encode("utf-8"),
user[2].encode('utf-8'))):
return True, user[0]
else:
return False, None
def change_password(username, old, new, new2):
user = db.get_user(username)
if (password_utils.verify_password(old, user[2]) and new == new2):
success = db.change_user_password(username, new)
if success:
return True
else:
return False
def authenticate(username, password):
user = db.get_user(username)
if (user and password_utils.verify_password(password, user[2])):
return True, user[0]
else:
return False, None
username = params.getvalue("username")
password = params.getvalue("password")
password_repeat = params.getvalue("password_repeat")
secret_question = params.getvalue("secret_question")
secret_answer = params.getvalue("secret_answer")
validation_error = False
success = False
user = db.get_user(username)
if not user:
password_change_error += "<br>User with username " + username + " does not exist!"
validation_error = True
elif not password_utils.verify_password(secret_answer, user[5]):
password_change_error += "<br>Wrong secret answer!"
validation_error = True
if password != password_repeat:
password_change_error += "<br>Passwords must match!"
validation_error = True
if validation_error == False:
authentication.change_password(user[1], password)
print('Location: login.py')
print("")
base.start_html()
print('''
<form method="POST">
