Esempio n. 1
0
def edit_user(name):
    if request.method == 'POST' and user.is_admin():
        password = request.form.get('password', None)
        error = 'Passwords not the same.'
        if password == request.form.get('password2', None):
            result = database.update_user(name,
                                          password,
                                          request.form['email'],
                                          request.form['privilege'],
                                          request.form['active'])
            if result[0]:
                flash('User updated.')
                return redirect(url_for('display_admin_users'))
            else:
                error=result[1]
        return render_admin_page('edit_user.html', error=error)
    elif user.is_admin():
        result = database.get_user(name)
        if result[0]:
            theUser = dict(name=name, email=result[1][1],
                           privilege=result[1][2], active=result[1][3])
            return render_admin_page('edit_user.html', user=theUser)
        else:
            return render_admin_page('edit_user.html', error=result[1])
    else:
        return redirect(url_for('display_news'))
Esempio n. 2
0
def auto_log_in():
    name = request.cookies.get('persist_name', None)
    token = request.cookies.get('persist_token', None)
    series_id = request.cookies.get('persist_id', None)
    if name and token and series_id:
        logins = database.get_persist_logins(name)
        for login in logins:
            if token == login[1] and series_id == login[2]:
                user = database.get_user(name)
                log_in(name, user[1][1], user[1][2], user[1][4])
                new_token = b64encode(urandom(64))
                database.update_persist_login(token, new_token)
                return new_token
            elif series_id == login[2]:
                database.delete_persist_login(series_id)
                flash('It appears your user session has been hijacked, \
                       please ensure that your browser is secure.')
    return None