def forgot_password(): """ No route, as this is triggered from the `login` view, if the user presses the 'forgot password' button """ form = LoginForm(request.form) form.validate_on_submit() # Trigger email validation if form.email.errors: form.password.errors = () # Ignore password field for forgot-password else: email = form.email.data user = User.query.filter_by(email=email).first() if user: send_password_reset_email(user) # Don't notify whether we found a user, to prevent fishing for valid # email addresses flash( _('An email has been sent with ' 'instructions for resetting your password')) form = LoginForm() # Reset the form return render_template('users/login.html', form=form)
def login(): """ Login form """ if 'user_id' in session: return redirect(url_for('users.home')) form = LoginForm(request.form) # make sure data are valid, but doesn't validate password is right if request.method == 'POST': if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() # we use werzeug to validate user's password if user and verify_password(form.password.data, user.password): # the session can't be modified as it's signed, # it's a safe place to store the user id authorize(user) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(gettext(u'Welcome') + " " + user.name) if not user.is_confirmed(): return redirect(url_for('users.pleaseconfirm', next=url_for('home.home'))) return redirect(url_for('home.home')) flash(gettext(u'Wrong email or password'), 'error-message') return render_template('users/login.html', form=form)
def login(path): # define login form here form = LoginForm(request.form) # Flask message injected into the page, in case of any errors msg = None # custommize your page title / description here page_title = 'Login - ipNX vCPE' page_description = 'Online ipNX virtual Customer Premises Equipment.' # check if both http method is POST and form is valid on submit if form.validate_on_submit(): # assign form data to variables username = request.form.get('username', '', type=str) password = request.form.get('password', '', type=str) # filter User out of database through username user = User.query.filter_by(user=username).first() if user: if bcrypt.check_password_hash(user.password, password): login_user(user) return redirect(url_for('main.index')) else: msg = "Wrong password. Please try again." else: msg = "Unknown user. Check again and re-enter." # try to match the pages defined in -> themes/light-bootstrap/pages/ return render_template('layouts/logindefault.html', title=page_title, content=render_template('pages/' + path, form=form, msg=msg))
def login(): form = LoginForm(next=request.args.get('next')) if form.validate_on_submit(): u = User.find_by_identity(request.form.get('email')) if u and u.authenticated(password=request.form.get("password")): print(" YOU MADE IT") login_user(u) #handle optional redirecting next_url = request.form.get('next') print(next_url) #caution checking path of url if next_url: return redirect(safe_next_url(next_url)) return redirect(url_for('core.index')) else: flash("Email or password is incorrect.", "warning") print("error") return render_template('users/login.html', form=form)
def register(): form_r = RegistrationForm() form_l = LoginForm() if form_r.validate_on_submit(): user = User(username=form_r.username.data, email=form_r.email.data, password=form_r.password.data) db.session.add(user) db.session.commit() return redirect(url_for('controla.index')) if form_l.validate_on_submit(): user = User.query.filter_by(email=form_l.email_l.data).first() if user.check_password( password=form_l.password_l.data) and user is not None: login_user(user) flash('Log in success!') next = request.args.get('next') if next == None or not next[0] == '/': next = url_for('controla.index') return redirect(next) return render_template('register.html', form_r=form_r, form_l=form_l)
def dispatch_request(self): if user_authenticated(): return redirect(url_for('users.Dashboard')) form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): username = form.username.data password = form.password.data try: if credential_valid(username, password): current_user = db_user(username=username) session['active_user'] = { 'id': current_user.id, 'username': current_user.username, 'is_authenticated': True } return redirect(url_for('users.Dashboard')) else: flash( f'Login Unsuccessful. Please check username and password again.', 'error') return redirect(url_for(request.endpoint)) except Exception as e: flash( 'Login Unsuccessful. Please check username and password again.', 'error') return redirect(url_for(request.endpoint)) return render_template('login.html', form=form)
def login(): """ Login authorization will be handled by flask_login package , it will generate user_id withing flask session""" form = LoginForm() if form.validate_on_submit(): # Query user table with email data sent by post request after submiting and form validation. user = User.query.filter_by(email=form.email.data).first() if user is None: flash(Markup('Vaša email adresa nije registrovana molimo Vas da izvršite registraciju , kliknite link <a href="/register" class="alert-link">here</a>!')) return redirect(url_for('users.login')) # Checking the user query , if there is an user registered with the submited email adress # We proceed to check his password with verify_password method if user is not None and user.verify_password(form.password.data): # Using flask_login login_user(user) flash('Uspješno ste se logovali !') next = request.args.get('next') if next is None or not next.startswith('/'): next = url_for('users.profile') return redirect(next) flash('Pogrešna lozinka ili email !') return render_template('users/login.html', form=form)
def login(): form = LoginForm(request.form) return render_template( 'users/login.html', form=form, )
def login(): if current_user.is_authenticated and login_fresh(): return redirect(url_for("main.home")) form = LoginForm() picture = generate_header_picture() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data.lower()).first() if not form.validate_email(form.email): flash("Email does not exist. Please try again", "danger") elif not bcrypt.check_password_hash(user.password, form.password.data): flash("Incorrect password. Please try again", "danger") else: login_user(user, remember=form.remember.data) next_page = request.args.get('next') if next_page: return redirect(next_page) else: return redirect(url_for("main.home")) return render_template("login.html", form=form, picture=picture, current_login_type="personal account", needed_login_type="company")
def login(): """ Login form """ form = LoginForm(request.form) # make sure data are valid, but doesn't validate password is right if form.validate_on_submit(): #user = User.query.filter_by(email=form.email.data).first() try: user = User.objects.get(username=form.username.data) # we use werzeug to validate user's password if check_password_hash(user.password, form.password.data): #optional: bool(user) # the session can't be modified as it's signed, # it's a safe place to store the user id session['user_id'] = str(user.id) session['user'] = user.username # user.current_user = True # user.save() #flash('Success! Welcome %s!' % user.name) return redirect(url_for('home')) except errors.DoesNotExist: #raise#flash('Wrong email or password', 'error-message') return render_template("users/login.html", doesnt_exist=True, form=form, user=None) return render_template("users/login.html", form=form, user=None)
def login(): # If user already logged in redirect to homepage if current_user.is_authenticated: return redirect(url_for('main.home')) form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): # Finds and returns the user with the specified email address user = User.query.filter_by(email=form.email.data.lower()).first() # Verbose error messages vulnerability if user is None: flash( f'Failed login. No account exists with the provided email address', 'danger') elif user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember_me.data) session['_id'] = '123abc' # weak session ids ! next_page = request.args.get( 'next') # get next value from url query string if next_page: return redirect(url_for(next)) else: return redirect(url_for('main.home')) else: # Verbose error messages vulnerability flash(f'Failed login. Password invalid', 'danger') return render_template('login.html', title='Login', form=form)
def login(): # Pressed 'forgot password' button if 'forgot_password' in request.form: return forgot_password() form = LoginForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user: if check_password_hash(user.password, form.password.data): login_user(user, remember=True) after_login = request.args.get('next') or url_for('home') return redirect(after_login) form.password.errors = (_("Invalid email or password"), ) # Ambiguate which field has the error if form.email.errors or form.password.errors: form.email.errors = (_("Invalid email or password"), ) form.password.errors = () return render_template('users/login.html', form=form)
def login(): form = LoginForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and check_password_hash(user.password, form.password.data): login_user(user=user, remember=request.form.get("remember")) return redirect(url_for('auth.profile')) return render_template("auth/sign_in.html", form=form)
def login(): if current_user.is_authenticated: return redirect( url_for('main.home') ) # Redirect to home page -- Prevent's already logged in user's from logging in again! form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first( ) # Look for user email in db, and store it as user if user.blacklisted == True and user.chance == True: # Basically what this does: IF the user is on the BL, but he/she has ONE last chance to do some final processing ... if user and bcrypt.check_password_hash( user.password, form.password.data ): # If the provided email exists AND Password Hash matches with user input from the form login_user( user, remember=form.remember.data ) # The user is logged in for that session as normal! next_page = request.args.get('next') user.chance = False # We set this to False so that they can never log in AGAIN afterwards!!!! db.session.commit() # commit changes into DB flash('This is your Last chance to do some final processing!', 'danger') return redirect(next_page) if next_page else redirect( url_for('main.home') ) # And redirected to the home page, ONE LAST TIME! else: flash('Login Unsuccessful. Please check username and password', 'danger') if user.blacklisted == True and user.chance == False: flash( 'Login Unsuccessful. You have been black listed!', 'danger' ) # A black listed user with no chances can never log in again! if user.blacklisted == False: if user and bcrypt.check_password_hash( user.password, form.password.data ): # If the provided email exists AND Password Hash matches with user input from the form login_user( user, remember=form.remember.data ) # login_user is part of flask_login, and like UserMixin it's really useful, it accepts two paramters, the user object, and the remember form data which is a boolean next_page = request.args.get( 'next' ) # using .get prevents us from getting a null pointer exception return redirect(next_page) if next_page else redirect( url_for('main.home') ) # If the next page exists redirect to the next page, if it doesn't exist redirect to Home page else: flash( 'Login Unsuccessful. Please check username and password', 'danger' ) # For anyone wondering 'danger' is just a bootstrap class, it gives a red-ish/pink-ish hue for an error message return render_template('login.html', title='Login', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user) flash('Welcome to Home Money!') return redirect(url_for('users.index')) flash('Wrong email or password', "error") return render_template("login.html", form=form, title='Sign In')
def login(): error = None form = LoginForm(request.form) if request.method == "POST" and form.validate(): name = form.name.data password = form.password.data #u = User.query.filter_by(name=name,password=password).first() u = db.session.query(User).filter_by(name=name, password=password).first() if u is None: error = 'Invalid Credentials. Please try again.' else: session['logged_in'] = True session['user_id'] = u.id flash('You are logged in. Go Crazy.') return redirect(url_for('tasks.tasks')) return render_template('/login.html', form=LoginForm(request.form), error=error)
def login(): if g.user is not None and g.user.is_authenticated: return redirect(url_for('index')) form = LoginForm() if form.validate_on_submit(): user = Users.query.filter_by(email=form.email.data).first() login_user(user) flash('Logged in successfully.', category='success') return redirect(request.args.get('next') or url_for('index')) return render_template('signin.html', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): login_user(current_app.config['USERS'][form.username.data]) return (redirect( request.args.get('next') or url_for(current_app.config['USERS_REDIRECT_LOGIN']))) return render_template('users/login.html', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(name=form.name.data).first() if user is not None and user.verify_password(form.password.data): login_user(user, form.remember_me.data) flash('Logged in successfully.') next_page = form.next_page.data return redirect(next_page or abort(HTTPStatus.BAD_REQUEST)) flash('Invalid email or password.') return render_template('users/login.html', form=form)
def login(): """ Login page with form (handled on POST). """ form = LoginForm(request.form) if request.method == 'POST' and _validate_login_form(form): return redirect(url_for('users.home')) return render_template( 'users/login.html', form=form, is_admin=User.is_admin(g.user))
def login_post(): if request.method == 'POST': form = LoginForm(request.form) if form.validate_on_submit(): user = db.session\ .query(User)\ .filter_by(user_name=form.user_name.data)\ .first() if user is not None: if User.decryptpassword(pwdhash=user.password_hash, password=form.password_hash.data): if user.locked == 0: user.fails = 0 db.session.add(user) db.session.commit() login_user(user) current_user.is_authenticated() current_user.is_active() return redirect(url_for('index')) else: return redirect(url_for('users.account_locked')) else: x = user.fails y = x + 1 user.fails = y db.session.add(user) db.session.commit() if int(user.fails) >= 5: user.locked = 1 db.session.add(user) db.session.commit() return redirect(url_for('users.account_locked')) else: flash("Please retry user name or password.", category="danger") return redirect(url_for('users.login')) else: flash("Please retry user name or password", category="danger") return redirect(url_for('users.login')) else: flash("Please retry user name or password.", category="danger") return redirect(url_for('users.login')) else: flash("Incorrect form.", category="danger") return redirect(url_for('index'))
def login(): login_form = LoginForm() # import pdb; pdb.set_trace() if login_form.validate_on_submit(): user = User.query.filter_by(email=login_form.email.data).first() # import pdb; pdb.set_trace() if user is not None and user.verify_password(login_form.password.data): login_user(user, login_form.remember.data) return redirect(request.args.get('next') or url_for('main.home')) else: flash('Invalid Username or Password') return render_template('login.html', form=login_form)
def login(): login_form = LoginForm() # import pdb; pdb.set_trace() if login_form.validate_on_submit(): user = User.query.filter_by(email=login_form.email.data).first() # import pdb; pdb.set_trace() if user is not None and user.verify_password(login_form.password.data): login_user(user, login_form.remember.data) return redirect(request.args.get('next') or url_for('main.home')) else: flash('Login Unsuccessful. Please check email and password', 'danger') return render_template('login.html', title='Login', form=login_form)
def login(): if g.user is not None and g.user.is_authenticated(): return redirect(url_for('users.home')) form = LoginForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and check_password_hash(user.password, form.password.data): session['user_id'] = user.id flash('Welcome %s' % user.nickname) login_user(user, False) return redirect(request.args.get('next') or url_for('users.home')) flash('Wrong email or password', 'error-message') return render_template("users/login.html", form=form)
def login(): """ Login form """ form = LoginForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and check_password_hash(user.password, form.password.data): session['user_id'] = user.id flash('Welcome %s' % user.name) return redirect(url_for('users.home')) flash('Wrong email or password', 'error-message') return render_template("users/login.html", form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect(url_for('main.index')) else: flash('Login unsuccessful. Please check your email and password', 'danger') return render_template('login.html', title='Login', form=form)
def login(): try: if current_user.is_authenticated: return redirect(url_for("main.home")) form = LoginForm() if form.validate_on_submit(): if access.login(form.username.data, form.password.data): return redirect(url_for("main.home")) else: flash("Неправильный логин или пароль!", 'danger') return render_template("authorisation.html", form=form) except Exception as e: print(e)
def login(): if current_user.is_authenticated: return redirect(url_for('main.home')) form=LoginForm() if form.validate_on_submit(): user=User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) #if the user checks the remember me box, then it'll be true, else false. next_page=request.args.get('next') #if user checks profile without logging in. return redirect(next_page) if next_page else redirect(url_for('main.home')) else: flash("Unsuccessful login",'danger') return render_template('login.html',title='Login',form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('users.home')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect(url_for('users.home')) flash('You have been logged in!', 'success') else: flash('login Unsuccessful. Please check your email and password', 'danger') return render_template('user/login.html', form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('main.index')) login = LoginForm() if login.validate_on_submit(): user_login = UserLogin.query.filter_by( username=login.username.data).first() if user_login and bcrypt.check_password_hash(user_login.password, login.password.data): login_user(user_login, remember=login.remember.data) return redirect(url_for('main.index')) else: flash('Login unsuccessful', 'danger') return render_template("login.html", login=login)