def update():
""" Function updates user profile. """
id = int(request.form['id'])
_profile = models.Profile.query_db().get(id)
if not _profile: abort(404)
form = forms.Profile()
form.process(request.form)
if form.validate():
salt = current_app.config['PASSWORD_SALT']
old_password_hash = _profile.passwd
new_password_hash = md5x2(form.password.data, salt)
# update entry
form.populate_obj(_profile)
if form.password.data == PSWD_substitute:
_profile.passwd = old_password_hash
else:
_profile.passwd = new_password_hash
g.db.add(_profile)
g.db.flush()
# inform front-end that it`s all OK
return 'OK'
context = {
'profile' :_profile,
'action': 'update',
'form': form,
}
return render_template('profiles_create.html', **context)
def login():
"""Logs the user in."""
login = request.form.get('email')
password = request.form.get('password')
profile = models.Profile.get_by_email(login)
if not login or not password or not profile:
flash('Incorrect login/password')
return redirect(request.referrer)
salt = current_app.config['PASSWORD_SALT']
password_hash = md5x2(password, salt)
if profile.passwd != password_hash:
flash('Incorrect login/password')
return redirect(url_for('profiles.lst'))
session['user_id'] = profile.id
session['is_authenticated'] = True
return redirect(request.referrer)
def create():
""" Function performs user creation. """
form = forms.Profile()
form.process(request.form)
if form.validate():
# get password hash
salt = current_app.config['PASSWORD_SALT']
password_hash = md5x2(form.password.data, salt)
# make new entry
_profile = models.Profile()
form.populate_obj(_profile)
_profile.passwd = password_hash
g.db.add(_profile)
g.db.flush()
# inform that it`s all OK
return 'OK'
context = {
'action': 'create',
'form': form,
}
return render_template('profiles_create.html', **context)
