def edit_user(name):
if request.method == 'POST' and user.is_admin():
password = request.form.get('password', None)
error = 'Passwords not the same.'
if password == request.form.get('password2', None):
result = database.update_user(name,
password,
request.form['email'],
request.form['privilege'],
request.form['active'])
if result[0]:
flash('User updated.')
return redirect(url_for('display_admin_users'))
else:
error=result[1]
return render_admin_page('edit_user.html', error=error)
elif user.is_admin():
result = database.get_user(name)
if result[0]:
theUser = dict(name=name, email=result[1][1],
privilege=result[1][2], active=result[1][3])
return render_admin_page('edit_user.html', user=theUser)
else:
return render_admin_page('edit_user.html', error=result[1])
else:
return redirect(url_for('display_news'))
def auto_log_in():
name = request.cookies.get('persist_name', None)
token = request.cookies.get('persist_token', None)
series_id = request.cookies.get('persist_id', None)
if name and token and series_id:
logins = database.get_persist_logins(name)
for login in logins:
if token == login[1] and series_id == login[2]:
user = database.get_user(name)
log_in(name, user[1][1], user[1][2], user[1][4])
new_token = b64encode(urandom(64))
database.update_persist_login(token, new_token)
return new_token
elif series_id == login[2]:
database.delete_persist_login(series_id)
flash('It appears your user session has been hijacked, \
please ensure that your browser is secure.')
return None
