def login(request): error = "" redirect_to = request.REQUEST.get('next', '') if request.method == "POST": form = blogForms.LoginForm(request.POST) if form.is_valid(): try: #Gets the user from the db if it exists u = User.objects.get(username=request.POST['username']) #Compares password user gave with pass stored in db if util.valid_pw(request.POST['username'], request.POST['password'], u.password): #Sets cookie if login is valid uid = u.id val = util.make_secure_val(str(uid)) # if request.REQUEST.get('next', ''): if redirect_to: response = HttpResponseRedirect(redirect_to) else: response = HttpResponseRedirect('/') # else: # response = HttpResponseRedirect('/') response.set_cookie("user",val, max_age=2629740) return response #If the user doesn't exist except ObjectDoesNotExist: error = "Invalid Login" else: error = "Invalid Login" else: error = "Invalid Login" else: form = blogForms.LoginForm() return render_to_response("login.html", {"form": form, "error": error, "redirect_to": redirect_to}, context_instance=RequestContext(request))
def signup(request): error = "" if request.method == 'POST': form = blogForms.SignupForm(request.POST) #Auth prevents arbitrary users from signing up, #guarantees only poeple that wanted to post can create an account if form.is_valid() and request.POST['auth'] == 'connectedwiresignup': if not util.comparePassword(request.POST['password'], request.POST['verify']): error = "Passwords did not match" else: password = util.make_pw_hash(request.POST['username'], request.POST['password']) user = User(username = request.POST['username'], password = password) user.save() #UID is used to store the user in a cookie uid = user.id #Gets a hashed value for the user to prevent anyone from setting a cookie and logging in val = util.make_secure_val(str(uid)) response = HttpResponseRedirect('/') response.set_cookie("user",val, max_age=2629740) return response else: error = "Invalid Information" else: form = blogForms.SignupForm() return render_to_response("signup.html", {"form": form, "error": error}, context_instance=RequestContext(request))
def post(self): user_username = self.request.get('username') user_password = self.request.get('password') user_verify = self.request.get('verify') user_email = self.request.get('email') errors = util.check_signup(user_username, user_password, user_verify, user_email) if errors: self.render("register.html",error = errors[0],error2 = errors[1],error3 = errors[2],error4 = errors[3],username = user_username) else: u = User(username = user_username, password = util.make_pw_hash(user_username,user_password), email = user_email) u.put() user_id = u.key().id() new_cookie_val = util.make_secure_val(str(user_id)) self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val) self.redirect("/blog/welcome")
def post(self): user_username = self.request.get('username') user_password = self.request.get('password') err1 = "" users = db.GqlQuery("SELECT * FROM User") user_exist = None for user in users: if util.valid_pw(user_username,user_password,user.password): user_exist = user if user_exist: user_id = user_exist.key().id() new_cookie_val = util.make_secure_val(str(user_id)) self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val) self.redirect("/blog/welcome") else: err1 = "Invalid login" self.render("login.html",error = err1)
def post(self): username = self.request.get("username") password = self.request.get("password") query = User.fetchByName(username) user = query.fetch(1) if user and util.check_pw_hash(password, user[0].password): #user login user_id = str(user[0].key().id()) cookie = util.make_secure_val(user_id) self.response.headers.add_header('Set-Cookie','user_id=%s'%cookie) self.redirect("/") else: error="Invalid username or password" self.render_front(error= error, username= username, password= password)
def post(self): #get all the parameters username = self.request.get("username") password = self.request.get("password") verifypw = self.request.get("verify") email = self.request.get("email") #process all the possible error error_username = self.check_username(username) error_password = self.check_password(password) error_verifypw = self.check_verifypw(password, verifypw) error_email = self.check_email(email) #print out the error if error_username: self.render_front(error_username=error_username) elif error_password: self.render_front(username = username, error_password = error_password) elif error_verifypw: self.render_front(username = username, password= password, error_verifypw = error_verifypw) elif error_email: self.render_front(username=username, password = password, verifypw = verifypw, error_email = error_email) else: #hash the password password = util.make_pw_hash(password) #everything is right on its way if email: user = User(username = username, password = password, email= email) else: user= User(username = username, password = password) #here should be some technique to prevent collision user.put() user_id = str(user.key().id()) cookie = util.make_secure_val(user_id) self.response.headers.add_header('Set-Cookie','user_id=%s'%cookie) #redirect to the HomePage self.redirect("/")
def set_cookie(self, name, val): secure_val = make_secure_val(val) self.response.headers.add_header( 'Set-Cookie', '%s=%s; Path=/' % (name, secure_val))
def login(self, user_id): cookie = 'user_id={0};Path=/'.format(util.make_secure_val( str(user_id))) self.response.headers.add_header('Set-Cookie', cookie)
def login(self, user_id): cookie = "user_id={0};Path=/".format(util.make_secure_val(str(user_id))) self.response.headers.add_header("Set-Cookie", cookie)
def set_secure_cookie(self, name, value): hashed_val = util.make_secure_val(value) cookie_value = '{name}={value}; Path=/'.format(name=name, value=hashed_val) self.response.headers.add_header('Set-Cookie', cookie_value)
def set_secure_cookie(self, name, val): cookie_val = util.make_secure_val(val) web.setcookie(name, cookie_val)
def set_secure_cookie(self, name, val): cookie_val = make_secure_val(val) self.response.headers.add_header( 'Set-Cookie', '%s=%s; Path=/' % (name, cookie_val))
def set_user_cookie(self, val): secureVal = util.make_secure_val(str(val)) web.setcookie(name='user', value=secureVal, expires=7200, secure=False)