def ajax_login(request):
email = validate_email(request.POST["email"], for_login=True)
password = validate_password(request.POST["password"])
user = authenticate(email=email, password=password)
if user == None:
sso = AuthRecord.objects.filter(user__email=email)
if len(sso) >= 1: # could also be the password is wrong
return {
"status":
"fail",
"msg":
"You use an identity service provider to log in. Click the %s log in button to sign into this site."
% " or ".join(
set([
providers.providers[p.provider]["displayname"]
for p in sso
]))
}
return {
"status":
"fail",
"msg":
"That's not a username and password combination we have on file."
}
elif not user.is_active:
return {"status": "fail", "msg": "Your account has been disabled."}
else:
login(request, user)
return {"status": "success"}
def ajax_login(request):
email = validate_email(request.POST["email"], for_login=True)
password = validate_password(request.POST["password"])
user = authenticate(email=email, password=password)
if user == None:
sso = AuthRecord.objects.filter(user__email=email)
if len(sso) >= 1: # could also be the password is wrong
return { "status": "fail", "msg": "You use an identity service provider to log in. Click the %s log in button to sign into this site." % " or ".join(set([providers.providers[p.provider]["displayname"] for p in sso])) }
return { "status": "fail", "msg": "That's not a username and password combination we have on file." }
elif not user.is_active:
return { "status": "fail", "msg": "Your account has been disabled." }
else:
login(request, user)
return { "status": "success" }
def profile(request):
errors = { }
if request.method == "POST":
email = None
if request.POST.get("email", "").strip() != request.user.email:
try:
email = validate_email(request.POST.get("email", ""))
except Exception, e:
errors["email"] = validation_error_message(e)
password = None
if request.POST.get("password", "").strip() != "":
try:
password = validate_password(request.POST.get("password", ""))
except Exception, e:
errors["email"] = validation_error_message(e)
def change_password():
"""change password"""
if request.method == "GET":
return render_template("cpw.html")
# reached via POST, change password
else:
# get username
if not request.form.get("username"):
return apology("Missing username!", 400)
# get old password
elif not request.form.get("oldPassword"):
return apology("Missing old password!", 400)
# get new password
elif not request.form.get("newPassword"):
return apology("Missing new password!", 400)
# confirm new password
elif not request.form.get("confirmation"):
return apology("Missing confirmation!", 400)
# validate new password
elif not validate_password(request.form.get("newPassword")):
return apology("Password too simple", 400)
# check new password == confirmation
elif not request.form.get("newPassword") == request.form.get(
"confirmation"):
return apology("Password and confirmation doesn't match", 400)
# generate password hash
hash = generate_password_hash(request.form.get("newPassword"))
# update hash
db.execute("UPDATE users SET hash=:hash WHERE username=:username",
hash=hash,
username=request.form.get("username"))
# login homepage
user = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
session["user_id"] = user[0]["id"]
return redirect("/")
def profile(request):
errors = {}
success = []
if request.method == "POST":
email = None
if request.POST.get("email", "").strip() != request.user.email:
try:
email = validate_email(request.POST.get("email", ""))
except Exception, e:
errors["email"] = validation_error_message(e)
password = None
if request.POST.get("password", "").strip() != "":
try:
password = validate_password(request.POST.get("password", ""))
except Exception, e:
errors["password"] = validation_error_message(e)
def register():
"""Register user"""
if request.method == "POST":
if not request.form.get("username"):
return apology("Missing username!", 400)
elif not request.form.get("password"):
return apology("Missing password!", 400)
elif not request.form.get("confirmation"):
return apology("Missing confirmation!", 400)
# validate new password
elif not validate_password(request.form.get("password")):
return apology("Password too simple", 400)
elif not request.form.get("password") == request.form.get(
"confirmation"):
return apology("Password and confirmation doesn't match", 400)
hash = generate_password_hash(request.form.get("password"))
result = db.execute(
"SELECT username FROM users WHERE username = :username",
username=request.form.get("username"))
if result:
return apology("Username already exists", 400)
else:
db.execute(
"INSERT INTO users(username,hash) VALUES(:username, :hash)",
username=request.form.get("username"),
hash=hash)
user = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
session["user_id"] = user[0]["id"]
return redirect("/")
else:
return render_template("register.html")
def changepassword():
if session.get("username") == None:
return redirect("/login")
if request.method == "GET":
return render_template("changepassword.html",
username=session["username"])
password = request.form.get("password")
password1 = request.form.get("password1")
if not password or not password1:
return render_template(
"changepassword.html",
username=session["username"],
change_password_error="password or confirm password missing")
if password != password1:
return render_template("changepassword.html",
username=session["username"],
change_password_error="passwords don't match")
if not validate_password(password):
return render_template(
"changepassword.html",
username=session["username"],
change_password_error="min 6 character alpha-numeric password")
user = User.query.filter_by(username=session["username"]).first()
if not user:
session.clear()
return redirect("/login")
password = generate_password_hash(password)
user.password = password
db.session.commit()
sendmail(user.email, "Security Information",
"Password Changed for 'paris-flack'")
return redirect("/")
def register():
if session.get("username") != None:
return redirect("/")
session.clear()
if request.method == "GET":
return render_template("register.html")
username = request.form.get("username")
password = request.form.get("password")
password1 = request.form.get("password1")
email = request.form.get("email")
if not username or not password or not email or not password1:
return render_template(
"register.html",
register_error="Input in all fields marked with *.")
if not validate_email(email):
return render_template("register.html",
register_error="Invalid Email Address")
if not validate_password(password):
return render_template(
"register.html", register_error="Alpha-numeric Password Required")
if password != password1:
return render_template("register.html",
register_error="Passwords Don't Match")
if not validate_username(username):
return render_template("register.html",
register_error="Invalid Username")
username = username.strip()
password = password.strip()
email = email.strip()
user = User.query.filter_by(username=username).first()
if user != None:
return render_template("register.html",
register_error="This Username already exists.")
user = User.query.filter_by(email=email).first()
if user != None:
return render_template(
"register.html",
register_error="This Email is associated with another account.")
password = generate_password_hash(password)
code = str(random.randint(100000, 999999))
session["user_registration"] = {
"username": username,
"password": password,
"email": email,
"code": code
}
try:
sendmail(email, "Verify Email", code)
except:
return redirect("/process_verification")
return redirect("/verification")
elif request.method == "POST" and settings.REGISTRATION_ASK_USERNAME:
errors["username"] = "******"
if email:
try:
email = validate_email(email)
except Exception, e:
errors["email"] = validation_error_message(e)
elif request.method == "POST":
errors["email"] = "Provide an email address."
password = None
if not provider:
if request.method == "POST":
try:
password = validate_password(request.POST.get("password", ""))
except Exception, e:
errors["password"] = validation_error_message(e)
if len(errors) > 0 or request.method != "POST":
# Show the form again with the last entered field values and the
# validation error message.
return render_to_response('registration/register.html',
{
"provider": provider,
"username": username,
"ask_username": settings.REGISTRATION_ASK_USERNAME,
"email": email,
"errors": errors,
"site_name": settings.APP_NICE_SHORT_NAME,
},
elif request.method == "POST" and REGISTRATION_ASK_USERNAME:
errors["username"] = "******"
if email:
try:
email = validate_email(email)
except Exception, e:
errors["email"] = validation_error_message(e)
elif request.method == "POST":
errors["email"] = "Provide an email address."
password = None
if not provider:
if request.method == "POST":
try:
password = validate_password(request.POST.get("password", ""))
except Exception, e:
errors["password"] = validation_error_message(e)
if len(errors) > 0 or request.method != "POST":
# Show the form again with the last entered field values and the
# validation error message.
return render_to_response('registration/register.html', {
"provider": provider,
"username": username,
"ask_username": REGISTRATION_ASK_USERNAME,
"email": email,
"errors": errors,
"site_name": APP_NICE_SHORT_NAME,
},
context_instance=RequestContext(request))
