def insert_user():
'''
inserting a user, only available for admin
'''
if 'admin' in session:
if request.method == 'POST':
existing_user = DB_USERS.find_one({'email': request.form['email']})
existing_username = DB_USERS.find_one(
{'name': request.form['username']})
if existing_user is None and existing_username is None:
hashpass = bcrypt.hashpw(
request.form['password'].encode('utf-8'), bcrypt.gensalt())
DB_USERS.insert({
'name': request.form['username'],
'password': hashpass,
'email': request.form['email'],
'admin': False
})
DB_COUNTER.update({'counter_name': 'counter'},
{'$inc': {
'number_users': 1
}})
return redirect(url_for('admin_tab_users'))
return render_template('fail_sign_up.html')
return render_template('sign_up.html')
def sign_up():
'''
Sign up and Login pages and authentication
'''
if request.method == 'POST':
existing_user = DB_USERS.find_one({'email': request.form['email']})
existing_username = DB_USERS.find_one(
{
'name': request.form['username']
})
if existing_user is None and existing_username is None:
hashpass = bcrypt.hashpw(
request.form['password'].encode('utf-8'),
bcrypt.gensalt())
DB_USERS.insert(
{
'name': request.form['username'],
'password': hashpass,
'email': request.form['email'],
'admin': False
})
session['username'] = request.form['username']
DB_COUNTER.update(
{
'counter_name': 'counter'
}, {
'$inc': {
'number_users': 1
}})
session['admin'] = False
return redirect(url_for('index'))
return render_template('fail_sign_up.html')
return render_template('sign_up.html')
def register():
""" Renders the registration template and adds users credentials to the database
:param
user name (str) and password (str - hashed) received from the form element
:return
register.html if it is a GET request or if the username already exists
profile.html if the username and password is sufficient
"""
# REFERENCE CREDITS:
# Login System ->
# https://www.youtube.com/watch?v=vVx1737auSE, https://www.youtube.com/watch?v=PYILMiGxpAU
#
# Password Hashing ->
# https://stackoverflow.com/questions/27413248/why-can-bcrypt-hashpw-be-used-both-for-hashing-and-verifying-passwords
if request.method == 'POST':
if request.form.get('confirm-password') != request.form.get(
'password'):
return render_template('register.html',
exists=False,
mismatch_pw=True)
# does user exist
existing_user = DB_USERS.find_one(
{'username': request.form['username']})
# user does not already exist
if existing_user is None:
# Hash the password for better security
hashpass = bcrypt.hashpw(
request.form.get('password').encode('utf-8'), bcrypt.gensalt())
# Add the user to the database
DB_USERS.insert({
'username': request.form.get('username'),
'password': hashpass,
'profile_image':
'https://res.cloudinary.com/dajuujhvs/image/upload/v1592578019/wbzphoxefkdid3kheuqd.png',
'profile_image_id': 'wbzphoxefkdid3kheuqd',
'favorites': []
})
# create a session cookie
session['USERNAME'] = request.form.get('username')
# redirect to profile page
return redirect(url_for('profile'))
# User already exists
else:
return render_template('register.html', exists=True)
# GET request
return render_template('register.html', exists=False)