def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = request.form.get("user" or '')
password = request.form.get("password" or '')
# check if user with these credentials exists
user_object = db.session.query(User).filter(User.name == user)
if user_object.first():
if user_object.first().check_password(password):
# import ipdb; ipdb.set_trace()
login_user(user_object.first())
return redirect(request.args.get("next") or "/")
return render_template("/login",
options=app.options,
form=form,
fail=1)
return render_template("/login",
options=app.options,
form=form,
fail=0)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = request.form.get("user" or '')
password = request.form.get("password" or '')
if (user == app.options.login_name and password == app.options.login_passwd):
login_user(User(user))
return redirect(request.args.get("next") or url_for("dispenser"))
return render_template("/admin/login", options=app.options, form=form, fail=1)
return render_template("/admin/login", options=app.options, form=form, fail=0)
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
user = request.form.get("user" or "")
password = request.form.get("password" or "")
if user == "scotty" and password == "boozemeup":
login_user(User(user))
flash("Logged in successfully.")
return redirect(request.args.get("next") or url_for("dispenser"))
flash("Invalid login.")
return render_template("/admin/login", form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = request.form.get("user" or '')
password = request.form.get("password" or '')
if (user == app.options.login_name and password == app.options.login_passwd):
login_user(User(user))
flash("Logged in successfully.")
return redirect(request.args.get("next") or url_for("dispenser"))
flash("Invalid login.")
return render_template("/admin/login", form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = request.form.get("user" or '')
password = request.form.get("password" or '')
if (user == 'scotty' and password == 'boozemeup'):
login_user(User(user))
flash("Logged in successfully.")
return redirect(request.args.get("next") or url_for("dispenser"))
flash("Invalid login.")
return render_template("/admin/login", form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
username = request.form.get("user" or '')
password = request.form.get("password" or '')
dbUser = db.session.query(Users).filter(Users.username == username, Users.password == password).first()
if dbUser is not None:
loginUser = dbUser.username
loginPassword = dbUser.password
if (dbUser.administrator == 1):
administrator = True
if (username == loginUser and password == loginPassword):
login_user(User(username))
return redirect(request.args.get("next") or url_for("index"))
flash("Invalid login.")
return render_template("/admin/login", options=app.options, form=form)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = request.form.get("user" or '')
password = request.form.get("password" or '')
if (user == app.options.login_name
and password == app.options.login_passwd):
login_user(User(user))
return redirect(request.args.get("next") or url_for("dispenser"))
return render_template("/admin/login",
options=app.options,
form=form,
fail=1)
return render_template("/admin/login",
options=app.options,
form=form,
fail=0)
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = request.form.get("user" or '')
password = request.form.get("password" or '')
# check if user with these credentials exists
user_object = db.session.query(User).filter(User.name == user)
if user_object.first():
if user_object.first().check_password(password):
login_user(user_object.first())
""" TODO: next_is_valid should check if the user has valid permission to access the `next` url
if not the application will be vulnerable to open redirects. """
next_args = request.args.get("next")
if next_args:
print("Redirect to {}".format(next_args))
return redirect(next_args)
else:
print("Redirect to index")
return redirect(url_for("index"))
next_args = request.args.get("next")
print("Show login failed")
return render_template("/login",
options=app.options,
form=form,
fail=1,
allowed_to_pour=is_ip_allowed_to_pour_drinks(request.remote_addr),
next=next_args)
next_args = request.args.get("next")
print("Show login")
return render_template("/login",
options=app.options,
form=form,
fail=0,
allowed_to_pour=is_ip_allowed_to_pour_drinks(request.remote_addr),
next=next_args)
