def login_user(): if request.method == 'POST': form = request.form email = form['email'] password = form['password'] cur = mysql.connection.cursor() usercheck = cur.execute("SELECT * FROM user WHERE email=%s", ([email])) if usercheck > 0: user = cur.fetchone() checker = check(user[-2], password) if checker: session['logged_in'] = True session['full_name'] = user[1] session['district'] = user[3] session['id'] = user[0] flash( f"Welcome {session['full_name']}!! Your Login is Successful", 'success') else: cur.close() flash('Wrong Password!! Please Check Again.', 'danger') return render_template('login.html') else: cur.close() flash('User Does Not Exist!! Please Enter Valid Username.', 'danger') return render_template('login.html') cur.close() return redirect('/home/') return render_template('login.html', role='user')
def is_account_valid(): username = request.form['username'] config = configparser.ConfigParser() config.read(conf) if config['auth']['method'] == 'ldap': server = config['ldap']['server'] port = int(config['ldap']['port']) base_dn = config['ldap']['base_dn'] user_dn = 'uid=' + username + ',' + base_dn s = Server(server, port=port, get_info=ALL) try: Connection(s, auto_bind=True, client_strategy=SYNC, user=user_dn, password=request.form['password'], authentication=SIMPLE, check_names=True) return True except: return False if config['auth']['method'] == 'local': con = sqlite3.connect(db) cur = con.cursor() sql = 'SELECT password FROM user WHERE username=(?)' cur.execute(sql, (username, )) fetched = cur.fetchone() if fetched is not None and check(fetched[0], request.form['password']): return True return False
def is_account_valid(): username = request.form['username'] config = configparser.ConfigParser() config.read(conf) if config['auth']['method'] == 'ldap': server = config['ldap']['server'] port = int(config['ldap']['port']) base_dn = config['ldap']['base_dn'] user_dn = 'uid=' + username + ',' + base_dn s = Server(server, port=port, get_info=ALL) try: Connection(s, auto_bind=True, client_strategy=SYNC, user=user_dn, password=request.form['password'], authentication=SIMPLE, check_names=True) return True except: return False if config['auth']['method'] == 'local': con = sqlite3.connect(db) cur = con.cursor() sql = 'SELECT password FROM user WHERE username=(?)' cur.execute(sql, (username,)) fetched = cur.fetchone() if fetched is not None and check(fetched[0], request.form['password']): return True return False
def update_password_by_id(id_user, old_pass, new_pass): """ Mettre a jour le mot de passe d'un utilisateur. Pour verification, on utilise son ancien mot de passe :param id_user: user id_user :param old_pass: ancien mot de passe, doit être vérifié pour voir si on a le droit d'update (mieux qu'un fresh login) :param new_pass: nouveau mot de passe :rtype : bool :return : True si ok, False si nok """ result = False res = __select_user_by_id(id_user) if old_pass is None: old_pass = "" if res is not None and new_pass is not None: row = res.first() if row is not None and check(row['password'], old_pass) and new_pass is not None: up = __utilisateur.update( ).where( __utilisateur.c.id_utilisateur == id_user ).values( password = gen(new_pass,'pbkdf2:sha512:1000', 12) ) engine.execute(up) result = True return result
def login(): """ Login Router Function. Returns ------- str HTML content to be displayed. """ if request.method == 'POST': db = database.getdb() user = db.execute("SELECT * FROM flaskuser WHERE username=?", (request.form['username'],)).fetchone() if check(user["pword"], request.form["password"]): session.clear() session["user_id"] = 'admin' return redirect(url_for('index')) return render_template('login.html', title='Log In')
def confirm_password(id_user, password): """ verifier que l'utilisateur a bien saisi le bon mot de passe :params : id_user -- user id password -- pass :return : True si c'est le bon pass, False si c'est le mauvais """ result = False if password is None: password = "" res = __select_user_by_id(id_user) if res is not None: row = res.first() if row is not None and check(row['password'], password): result = True return result
def find_user_by_mail_and_password(mail, password, actif_only=True): """ Rechercher un utilisateur dans l'annuaire :param form: request form :rtype: Utilisateur :return: un utilisateur """ res = None if password is None: password = "" if mail is not None: condition = __utilisateur.c.mail == mail.lower() if actif_only: condition &= __utilisateur.c.actif sel = select([__utilisateur]).where(condition) res = engine.execute(sel) if res is not None: row = res.first() if row is not None and check(row['password'], password): return Utilisateur(row['id_utilisateur'], row['mail'], row['id_ancien'], row['actif'], row['admin']) return None