def post(self):
user_name = cgi.escape(self.request.get('username'), quote=True)
user_pass = cgi.escape(self.request.get('password'), quote=True)
user_vpass = cgi.escape(self.request.get('vpassword'), quote=True)
user_email = cgi.escape(self.request.get('email'), quote=True)
username_err = ""
password_err = ""
vpassword_err = ""
email_err = ""
if not (valid_username(user_name) and valid_password(user_pass)
and valid_vpassword(user_pass, user_vpass)
and valid_email(user_email)):
if len(user_name) == 0:
username_err = "please type in a username"
elif not valid_username(user_name):
username_err = "invalid username"
if not valid_password(user_pass):
password_err = "invalid password"
if not valid_vpassword(user_pass, user_vpass):
vpassword_err = "the passwords don't match"
if not valid_email(user_email):
email_err = "invalid email address"
self.write_form("Sign me up!", "sign me up", "", user_name,
user_email, username_err, password_err,
vpassword_err, email_err)
else:
self.redirect("/welcome?user_name=" + user_name)
def register():
if request.method == "GET":
return render_template("register.html")
else:
username = request.form.get("username")
password = generate_password_hash(request.form.get("password"))
if username == "" or not username.isalnum():
return apology("must provide valid username", 400)
elif len(
db.execute("SELECT * FROM users WHERE username = :username",
username=username)) != 0:
return apology("username already exists", 400)
elif not request.form.get("password") or not check_password_hash(
password, request.form.get("confirmation")):
return apology("invalid password or passwords don't match", 400)
elif not valid_password(request.form.get("password")):
return apology(
"Password must contain 6 to 12 characters, one letter, one numeric digit and no special digits",
400)
else:
db.execute(
"INSERT INTO users (username, hash) VALUES (:username, :hash_)",
username=username,
hash_=password)
session["user_id"] = db.execute(
"SELECT * FROM users WHERE username = :username",
username=username)[0]["id"]
flash('Registered!')
return redirect("/")
def signup():
""" Creates a new User """
data = request.get_json()
# make sure all required data is present
message = {}
success = ''
username = data['username']
password = data['password']
email = data['email']
# check for missing data
if username == '':
message['error_username'] = "******"
success = False
if password == '':
message['error_password'] = "******"
success = False
if email == '':
message['error_email'] = "email is required"
success = False
if success is False:
message['success'] = False
return jsonify(errors=message), 200
# check for valid data
if not helpers.valid_username(str(username)):
message['error_username'] = "******"
success = False
if helpers.user_by_name(username) is not None:
message['error_username'] = "******"
success = False
if not helpers.valid_password(password):
message['error_password'] = "******"
success = False
if not helpers.valid_email(email):
message['error_email'] = "Email is not valid"
success = False
if helpers.user_by_email(str(email)) is not None:
message['error_email'] = "Email already in use"
if success is False:
message['success'] = False
return jsonify(errors=message), 200
# hash the password for db storage
pw_hash = helpers.make_pw_hash(username, password)
# create new instance of user
new_user = User(username, email, pw_hash)
db_session.add(new_user)
db_session.commit()
db_session.refresh(new_user)
message['success'] = True
message['user'] = new_user.serialize
return jsonify(message), 201
def post(self):
username = self.request.get("username")
valid_username = helpers.valid_username(username)
password = helpers.valid_password(self.request.get("psw"))
verify_password = helpers.valid_verifypsw(self.request.get("psw"), self.request.get("vpsw"))
email = self.request.get("email")
valid_email = helpers.valid_email(email)
if not (valid_username):
self.write_form("Please enter valid username", username, email)
elif not (password):
self.write_form("Please enter valid password", username, email)
elif not (verify_password):
self.write_form("Passwords do not match", username, email)
else:
self.response.out.write("Welcome, %s!" %username)
def post(self):
name = self.request.get("name")
email = self.request.get("email")
pass1 = self.request.get("pass1")
pass2 = self.request.get("pass2")
messages = {}
if not helpers.valid_username(name):
messages['error_name'] = "Enter a valid name"
if not helpers.valid_email(email):
messages['error_email'] = "That's not a valid email"
if not helpers.valid_password(pass1):
messages['error_pass1'] = "Enter a valid password"
if pass1 != pass2:
messages['error_pass2'] = "password doesn't match"
if len(messages):
self.render("signup.html", **messages)
else:
self.render('signup.html', register="true")
def post(self):
name = self.request.get("name")
email = self.request.get("email")
pass1 = self.request.get("pass1")
pass2 = self.request.get("pass2")
messages = {}
if not helpers.valid_username(name):
messages['error_name'] = "Enter a valid name"
if not helpers.valid_email(email):
messages['error_email'] = "That's not a valid email"
if not helpers.valid_password(pass1):
messages['error_pass1'] = "Enter a valid password"
if pass1 != pass2:
messages['error_pass2'] = "password doesn't match"
if len(messages):
self.render("signup.html", **messages)
else:
self.render('signup.html', register="true")
def password():
if request.method == "GET":
return render_template("password.html")
else:
old_password = db.execute("SELECT hash FROM users WHERE id = ?",
session.get("user_id"))[0]["hash"]
if not check_password_hash(old_password,
request.form.get("old_password")):
return apology("Old password incorrect", 400)
elif not valid_password(request.form.get("new_password")):
return apology(
"Password must contain 6 to 12 characters, one letter, one numeric digit and no special digits",
400)
elif request.form.get("new_password") != request.form.get(
"confirmation"):
return apology("Password and confirm password don't match", 400)
else:
db.execute(
"UPDATE users SET hash = ? WHERE id = ?",
generate_password_hash(request.form.get("new_password")),
session.get("user_id"))
flash('Password Changed!')
return redirect("/")