def login(request):
error = ""
redirect_to = request.REQUEST.get('next', '')
if request.method == "POST":
form = blogForms.LoginForm(request.POST)
if form.is_valid():
try:
#Gets the user from the db if it exists
u = User.objects.get(username=request.POST['username'])
#Compares password user gave with pass stored in db
if util.valid_pw(request.POST['username'], request.POST['password'], u.password):
#Sets cookie if login is valid
uid = u.id
val = util.make_secure_val(str(uid))
# if request.REQUEST.get('next', ''):
if redirect_to:
response = HttpResponseRedirect(redirect_to)
else:
response = HttpResponseRedirect('/')
# else:
# response = HttpResponseRedirect('/')
response.set_cookie("user",val, max_age=2629740)
return response
#If the user doesn't exist
except ObjectDoesNotExist:
error = "Invalid Login"
else:
error = "Invalid Login"
else:
error = "Invalid Login"
else:
form = blogForms.LoginForm()
return render_to_response("login.html", {"form": form, "error": error, "redirect_to": redirect_to}, context_instance=RequestContext(request))
def signup(request):
error = ""
if request.method == 'POST':
form = blogForms.SignupForm(request.POST)
#Auth prevents arbitrary users from signing up,
#guarantees only poeple that wanted to post can create an account
if form.is_valid() and request.POST['auth'] == 'connectedwiresignup':
if not util.comparePassword(request.POST['password'], request.POST['verify']):
error = "Passwords did not match"
else:
password = util.make_pw_hash(request.POST['username'], request.POST['password'])
user = User(username = request.POST['username'], password = password)
user.save()
#UID is used to store the user in a cookie
uid = user.id
#Gets a hashed value for the user to prevent anyone from setting a cookie and logging in
val = util.make_secure_val(str(uid))
response = HttpResponseRedirect('/')
response.set_cookie("user",val, max_age=2629740)
return response
else:
error = "Invalid Information"
else:
form = blogForms.SignupForm()
return render_to_response("signup.html", {"form": form, "error": error}, context_instance=RequestContext(request))
def post(self):
user_username = self.request.get('username')
user_password = self.request.get('password')
user_verify = self.request.get('verify')
user_email = self.request.get('email')
errors = util.check_signup(user_username, user_password, user_verify, user_email)
if errors:
self.render("register.html",error = errors[0],error2 = errors[1],error3 = errors[2],error4 = errors[3],username = user_username)
else:
u = User(username = user_username, password = util.make_pw_hash(user_username,user_password), email = user_email)
u.put()
user_id = u.key().id()
new_cookie_val = util.make_secure_val(str(user_id))
self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)
self.redirect("/blog/welcome")
def post(self):
user_username = self.request.get('username')
user_password = self.request.get('password')
err1 = ""
users = db.GqlQuery("SELECT * FROM User")
user_exist = None
for user in users:
if util.valid_pw(user_username,user_password,user.password):
user_exist = user
if user_exist:
user_id = user_exist.key().id()
new_cookie_val = util.make_secure_val(str(user_id))
self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)
self.redirect("/blog/welcome")
else:
err1 = "Invalid login"
self.render("login.html",error = err1)
def post(self):
username = self.request.get("username")
password = self.request.get("password")
query = User.fetchByName(username)
user = query.fetch(1)
if user and util.check_pw_hash(password, user[0].password):
#user login
user_id = str(user[0].key().id())
cookie = util.make_secure_val(user_id)
self.response.headers.add_header('Set-Cookie','user_id=%s'%cookie)
self.redirect("/")
else:
error="Invalid username or password"
self.render_front(error= error, username= username, password= password)
def post(self):
#get all the parameters
username = self.request.get("username")
password = self.request.get("password")
verifypw = self.request.get("verify")
email = self.request.get("email")
#process all the possible error
error_username = self.check_username(username)
error_password = self.check_password(password)
error_verifypw = self.check_verifypw(password, verifypw)
error_email = self.check_email(email)
#print out the error
if error_username:
self.render_front(error_username=error_username)
elif error_password:
self.render_front(username = username, error_password = error_password)
elif error_verifypw:
self.render_front(username = username, password= password, error_verifypw = error_verifypw)
elif error_email:
self.render_front(username=username, password = password, verifypw = verifypw,
error_email = error_email)
else:
#hash the password
password = util.make_pw_hash(password)
#everything is right on its way
if email:
user = User(username = username, password = password, email= email)
else:
user= User(username = username, password = password)
#here should be some technique to prevent collision
user.put()
user_id = str(user.key().id())
cookie = util.make_secure_val(user_id)
self.response.headers.add_header('Set-Cookie','user_id=%s'%cookie)
#redirect to the HomePage
self.redirect("/")
def set_cookie(self, name, val):
secure_val = make_secure_val(val)
self.response.headers.add_header(
'Set-Cookie',
'%s=%s; Path=/' % (name, secure_val))
def login(self, user_id):
cookie = 'user_id={0};Path=/'.format(util.make_secure_val(
str(user_id)))
self.response.headers.add_header('Set-Cookie', cookie)
def login(self, user_id):
cookie = "user_id={0};Path=/".format(util.make_secure_val(str(user_id)))
self.response.headers.add_header("Set-Cookie", cookie)
def set_secure_cookie(self, name, value):
hashed_val = util.make_secure_val(value)
cookie_value = '{name}={value}; Path=/'.format(name=name,
value=hashed_val)
self.response.headers.add_header('Set-Cookie', cookie_value)
def set_secure_cookie(self, name, val):
cookie_val = util.make_secure_val(val)
web.setcookie(name, cookie_val)
def set_secure_cookie(self, name, val):
cookie_val = make_secure_val(val)
self.response.headers.add_header(
'Set-Cookie',
'%s=%s; Path=/' % (name, cookie_val))
def set_secure_cookie(self, name, value):
hashed_val = util.make_secure_val(value)
cookie_value = '{name}={value}; Path=/'.format(name=name,
value=hashed_val)
self.response.headers.add_header('Set-Cookie', cookie_value)
def set_user_cookie(self, val):
secureVal = util.make_secure_val(str(val))
web.setcookie(name='user', value=secureVal,
expires=7200, secure=False)
