def post_admin_login():
email = request.forms.get('email').decode('utf-8')
password = request.forms.get('password').decode('utf-8')
try:
user = Author.get(email=email)
except Author.DoesNotExist:
redirect('/auth/login')
enpass = user.password
if is_password(password, enpass):
response.set_cookie("user", user.id, secret=SECRET, path="/",
max_age=30 * 24 * 60 * 60)
redirect('/admin')
else:
redirect('/auth/login')
def admin_changepass():
oldpass = request.forms.get('oldpass').decode('utf-8')
pass1 = request.forms.get('newpass').decode('utf-8')
pass2 = request.forms.get('newpass2').decode('utf-8')
try:
user = Author.get(id=1)
except Author.DoesNotExist:
redirect('/admin')
enpass = user.password
if (is_password(oldpass, enpass) and pass1 == pass2):
newpass = hexpassword(pass1)
Author.update(password=newpass).where(id=1).execute()
redirect('/admin')
redirect('/admin/settings')
