def recover():
if request.method == 'POST':
username = request.form['username']
db = get_db()
error = None
if db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is None:
error = 'No user associated with {}.'.format(username)
if error is None:
code = generate_code()
db.execute('DELETE FROM recovery WHERE email = ?', (username, ))
db.execute('INSERT INTO recovery (email, code) VALUES(?, ?)',
(username, generate_password_hash(code)))
print(code)
# TODO: Send email
db.commit()
return redirect(
url_for('auth.recover_sent',
email=username,
search=get_search(request)))
flash(error)
return render_template('auth/recover.html', search=get_search(request))
def recover_sent():
email = request.args['email']
if request.method == 'POST':
code = request.form['code']
passworda = request.form['passworda']
passwordb = request.form['passwordb']
db = get_db()
error = None
correct_code = db.execute('SELECT code FROM recovery WHERE email = ?',
(email, )).fetchone()['code']
if not check_password_hash(correct_code, code):
error = 'Incorrect code.'
elif passworda is not passwordb:
error = 'The passwords must match.'
if error is not None:
flash(error)
else:
db.execute('UPDATE user SET password = ? WHERE username = ?',
(generate_password_hash(passworda), email))
db.commit()
return redirect(url_for('auth.login', search=get_search(request)))
return render_template('auth/recover_sent.html',
email=email,
search=get_search(request))
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
password2 = request.form['password2']
db = get_db()
error = None
if db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
elif not username:
error = 'Email is required.'
elif "@" not in username:
error = 'Please enter a valid email.'
elif not password:
error = 'Password is required.'
elif password != password2:
error = 'The passwords are not the same.'
if error is None:
db.execute(
'INSERT INTO user (username, password, admin) VALUES (?, ?, ?)',
(username, generate_password_hash(password), 0))
db.commit()
return redirect(url_for('auth.login', search=get_search(request)))
flash(error)
return render_template('auth/register.html', search=get_search(request))
def delete():
user_id = session.get('user_id')
db = get_db()
db.execute('DELETE FROM post WHERE author_id = ?', (user_id, ))
db.execute('DELETE FROM user WHERE id = ?', (user_id, ))
db.commit()
return redirect(url_for('entry.index', search=get_search(request)))
def profile():
db = get_db()
entries = db.execute('SELECT p.id, name'
' FROM post p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC').fetchall()
return render_template('profile/index.html',
email=g.user['username'],
entries=entries,
search=get_search(request))
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index', search=get_search(request)))
flash(error)
return render_template('auth/login.html', search=get_search(request))
def wrapped_view(**kwargs):
if g.user is None:
return redirect(url_for('auth.login', search=get_search(request)))
return view(**kwargs)
def logout():
session.clear()
return redirect(url_for('index', search=get_search(request)))
def settings():
return render_template('profile/settings.html', search=get_search(request))