def edit_user(name): if request.method == 'POST' and user.is_admin(): password = request.form.get('password', None) error = 'Passwords not the same.' if password == request.form.get('password2', None): result = database.update_user(name, password, request.form['email'], request.form['privilege'], request.form['active']) if result[0]: flash('User updated.') return redirect(url_for('display_admin_users')) else: error=result[1] return render_admin_page('edit_user.html', error=error) elif user.is_admin(): result = database.get_user(name) if result[0]: theUser = dict(name=name, email=result[1][1], privilege=result[1][2], active=result[1][3]) return render_admin_page('edit_user.html', user=theUser) else: return render_admin_page('edit_user.html', error=result[1]) else: return redirect(url_for('display_news'))
def auto_log_in(): name = request.cookies.get('persist_name', None) token = request.cookies.get('persist_token', None) series_id = request.cookies.get('persist_id', None) if name and token and series_id: logins = database.get_persist_logins(name) for login in logins: if token == login[1] and series_id == login[2]: user = database.get_user(name) log_in(name, user[1][1], user[1][2], user[1][4]) new_token = b64encode(urandom(64)) database.update_persist_login(token, new_token) return new_token elif series_id == login[2]: database.delete_persist_login(series_id) flash('It appears your user session has been hijacked, \ please ensure that your browser is secure.') return None