def change_password(request):
user_id = request.session.get('user_id')
if user_id is not None:
if request.method == "POST":
current_password = request.POST.get('current_password').encode(
'utf-8')
new_password = request.POST.get('new_password').encode('utf-8')
stored_password = User.get_password_from_id(user_id)
hashed_pass = stored_password.encode('utf-8')
if bcrypt.checkpw(current_password, hashed_pass):
new_password_hash = bcrypt.hashpw(new_password,
bcrypt.gensalt())
new_password_hash = new_password_hash.decode('utf-8')
User.update_user_password(user_id, new_password_hash)
response = json.dumps({'status': 200, 'message': '/account/'})
return HttpResponse(response, content_type='application/json')
else:
response = json.dumps({
'status': 0,
'message': 'Incorrect password'
})
return HttpResponse(response, content_type='application/json')
context = {'user': User.objects.get(pk=user_id)}
return render(request, 'account/change_password.html', context)
else:
return render(request,
'login/index.html',
context={'page_login': '******'})
