def NewUserLogin(request):
if request.method == "POST":
userid = request.POST['userid']
passwd = request.POST['passwd']
loginType = request.POST['oAuthType']
try:
res = Login.objects.get(userId=userid)
return render(request, 'oAuthSignup.html', {
"error": "userId Already Exists...",
"loginType": loginType
})
except:
if loginType == "fbLogin":
ins = Login(userId=userid,
password=passwd,
username=request.session['fbName'],
fbId=request.session['fbId'])
ins.save()
res = Login.objects.get(fbId=request.session['fbId'])
request.session['uID'] = res.id
request.session['uName'] = res.username
return viewDetails(request)
else:
ins = Login(userId=userid,
password=passwd,
username=request.session['goggleName'],
email=request.session['gId'])
ins.save()
res = Login.objects.get(email=request.session['gId'])
request.session['uID'] = res.id
request.session['uName'] = res.username
return viewDetails(request)
else:
return viewDetails(request)
def signUp():
if(request.method == 'GET'):
return render_template('showSignUp.html')
elif(request.method == 'POST'):
DataPipelineSignUpObj = DataPipeline() # DataPipeline object
try:
username = request.json['username']
userPassword = request.json['userPassword']
userNIC = request.json['userNIC']
userType = request.json['userType']
user = DataPipelineSignUpObj.fetch_data(userType,userNIC) #fetch data
newLoginUser = Login(username, userPassword,userType) #Create new user
if(user.count() != 0):
result = DataPipelineSignUpObj.isUsernameExists(userType, username) #fetch login data from the database
if(result.count() != 0): #if usernae alredy exists
return jsonify({'status':"Username already exists"})
DataPipelineSignUpObj.insert_data(newLoginUser) #if new user insert data to the database
for u in user:
DataPipelineSignUpObj.update_table(u,username) #update the user tables(teacher and admin)
return jsonify({'status':"Sign up successfully"})
return jsonify({'status':"You are not a registered user"}) # if not registred person
except:
return jsonify({'status':"Fill the required details"}) #if required details are not filled
else:
abort(405)
def studentRegistration():
if(session['logged_in'] == True): #if user login
if(request.method == 'GET'):
return render_template('studentRegistration.html')
elif(request.method == 'POST'):
try:
userId = request.json['user_id']
name = request.json['name']
grade = request.json['grade']
student = Student(userId, name, grade)
newUser = Login(userId, userId,"student") #Create new user
DataPipelineObj.insert_data(newUser) #Add details to the database (Into login table)
DataPipelineObj.insert_data(student)#Add details to the database(Into Student table
return jsonify({'status':"Student successfully registered"})
except:
return jsonify({'status':"Fill the required details"})
else:
abort(405)
else: #if user not login
return render_template('showSignIn.html')
def MainMenu():
print("1. Register")
print("2. Login")
print("3. Exit")
#code
option = int(input("Enter Your Choice: "))
if (option == 1):
username = input("Enter Username: "******"Enter password: "******"Enter Type (L/T/S): ")
login = Login(username=username, password=password, usertype=usertype)
dl.AddLogin(login)
elif (option == 2):
username = input("Username: "******"Password: "******"Invalid Usename or password")
return False
def signup():
error = None
successful = None
if request.method == 'POST':
userN = request.form['username']
passwN = request.form['password']
keyN = request.form['key']
try:
# check errors - duplicate user
if userN == (Login.query.filter(
Login.users == userN).first()).users:
# print(test.users)
error = 'duplicate user name'
# check errors - invalid secret key
except:
if keyN == (Login.query.filter(
Login.users == 'secretkey').first()).password:
# newUser = Login(users=userN, password=passwN)
harshpass = bcrypt.generate_password_hash(passwN).decode(
'utf-8')
newUser = Login(users=userN, password=harshpass)
db.session.add(newUser)
db.session.commit()
successful = 'user created'
else:
error = 'invalid secret key'
return render_template('createUser.html',
error=error,
successful=successful)
def login2(request):
m = Login.objects.all()
if request.method == "POST":
form = LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password1 = form.cleaned_data['password1']
password2 = form.cleaned_data['password2']
name = form.cleaned_data['name']
email = form.cleaned_data['email']
idnumber = form.cleaned_data['idnumber']
home = form.cleaned_data['home']
if password1 != password2:
return render(request, 'login2.html')
else:
login = Login()
login.username = username
login.password1 = password1
login.password2 = password2
login.name = name
login.email = email
login.idnumber = idnumber
login.home = home
login.save()
#return render(request, 'login2.html')
return render_to_response('login2.html', {'m': m})
else:
return HttpResponse("error!")
else:
form = LoginForm()
return render_to_response('login2.html', {'m': m})
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm(meta={'csrf_context': session})
user = User.query.filter_by(login=form.login.data).first()
if user and form.password.data: # A login attempt
ip = request.remote_addr
login = Login(successful=form.validate(), ip=ip, user=user)
db.session.add(login)
db.session.commit()
# Slow down brute force attempts
time_boundary = datetime.utcnow() - timedelta(minutes=5)
recent_login_attempts = len(
[a for a in user.login_attempts if a.timestamp > time_boundary and not a.successful])
sleep(calculate_login_delay(recent_login_attempts))
if form.validate_on_submit():
login_user(user)
next_page = session.get('next', None)
session['next'] = None
if not next_page:
next_page = url_for('notes.view_notes')
return redirect(next_page)
return render_template('login.html', form=form)
def index():
form = Login()
if form.validate_on_submit():
session['username'] = form.username.data
session['room'] = form.room.data
return redirect(url_for('chat'))
elif request.method == 'GET':
form.username.data = session.get('username', '')
form.room.data = session.get('room', '')
return render_template('index.html', form=form, username=session.get('username'))
def post(self):
account = self.get_body_argument('email')
password = self.get_body_argument('password')
login = Login(account, password)
if login.login():
url = '/detail/'
name = login.emailToname(account)[0][0]
self.set_cookie("user", name)
self.set_cookie('email', account)
self.redirect(url)
else:
self.render('login.html', flag=True)
def login(request):
form = Loginform()
if request.method == 'POST':
form = Loginform(request.POST)
if form.is_valid():
Usr = request.POST.get('Username')
pwd = request.POST.get('Password')
p = Login(Username=Usr, Password=pwd)
p.save()
return HttpResponseRedirect(reverse('Done'))
else:
form = Loginform()
return render(request, 'login/login.html', {'form': form})
def register_route():
if request.method == 'POST':
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
user = User(name=username, email=email)
db.session.add(user)
db.session.commit()
login = Login(user_id=user.id, password=password)
db.session.add(login)
db.session.commit()
flash('User created')
return redirect(url_for('login_route'))
return render_template('register.html', hide_logout=True)
def login():
if not 'nonce' in session:
session['nonce'] = hashlib.sha256(
str(random.randint(0, 0xFFFFFFF)).encode('ascii')).hexdigest()
csrf_token = hashlib.sha256(session['nonce'].encode('ascii')).hexdigest()
if request.method == 'GET':
return render_template("login.html", csrf_token=csrf_token)
csrf = request.form['csrf']
if csrf != csrf_token:
return render_template("login.html",
message="Incorrect",
csrf_token=csrf_token)
uname = request.form['uname']
pw = request.form['pword'].encode('utf-8')
phone = request.form['2fa'].encode('utf-8')
hash = hashlib.sha256(phone + pw[::-1]).hexdigest()[::-1]
u = User.query.filter_by(uname=uname).first()
if not u:
return render_template("login.html",
message="Incorrect",
csrf_token=csrf_token)
u = User.query.filter_by(uname=uname).filter_by(
phone=request.form['2fa']).first()
if not u:
return render_template("login.html",
message="Two-factor failure",
csrf_token=csrf_token)
u = User.query.filter_by(uname=uname).filter_by(
phone=request.form['2fa']).filter_by(hash=hash).first()
if not u:
return render_template("login.html",
message="Incorrect",
csrf_token=csrf_token)
ses_num = hashlib.sha256(
str(random.randint(0, 0xFFFFFFF)).encode('ascii')).hexdigest()
l = Login(u, ses_num + session['nonce'])
session['token'] = ses_num
db.session.add(l)
db.session.commit()
db.session.refresh(l)
return render_template("login.html",
message="success",
csrf_token=csrf_token)
def post(self):
try:
data = request.json
login = Login(username=data['username'], password=data['password'])
login.save()
response = {'message': 'User {} was created successfully'.format(login.id),
'id': login.id,
'username': login.username,
'password': login.password
}
except KeyError:
response = {
'status': 'error',
'message': 'API error, consult the administrator'
}
return response
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm(meta={'csrf_context': session})
user = User.query.filter_by(login=form.login.data).first()
if user and form.password.data: # podejście do logowania
ip = request.remote_addr
login = Login(successful=form.validate(), ip=ip, user=user)
db.session.add(login)
db.session.commit()
# opóźnienie w przypadku brute force
time_boundary = datetime.utcnow() - timedelta(minutes=5)
tries = len([
a for a in user.login_attempts
if a.timestamp > time_boundary and not a.successful
])
delay = 0
if tries > 3:
delay = 3
if tries > 10:
delay = 5
if tries > 30:
delay = 15
sleep(delay)
if form.validate_on_submit():
login_user(user)
next_page = session.get('next', None)
session['next'] = None
if not next_page:
next_page = url_for('view_notes')
return redirect(next_page)
return render_template('login.html', form=form)
def sign_up(request):
name = request.POST.get('txt_name')
email = request.POST.get('txt_email')
password = request.POST.get('txt_password')
confirm_pwd = request.POST.get('txt_confirm_pwd')
me = "*****@*****.**"
you = email
msg = MIMEMultipart('alternative')
msg['Subject'] = "Confirmation Email"
msg['From'] = me
msg['To'] = you
text = "Hi!\nHow are you?\nHere is the link you wanted:\nhttps://www.python.org"
html = """\
<html>
<head>
</head>
<body>
<p><font color="Blue"><h1>Hello !!!<h1></font><br>
<h2><font color="Blue">This is the verification message....</font</h2><br>
<h2><font color="Black">Click to verify :</font></h2>
<button type="submit"><a href="http://127.0.0.1:8000/single_photon/email/">VERIFY</a></button></p>
</body>
</html>
"""
part1 = MIMEText(text, 'plain')
part2 = MIMEText(html, 'html')
msg.attach(part1)
msg.attach(part2)
s = smtplib.SMTP('smtp.gmail.com', 587)
s.starttls()
s.login(me, 'dingu@123')
s.sendmail(me, you, msg.as_string())
s.quit()
try:
check_email_exist = Login.objects.filter(login_username=email).exists()
if check_email_exist == False:
a = Login(login_username=email, login_password=password)
a.save()
fk_id = a.id
#----c is the object created here------
c = Login.objects.get(id=fk_id)
request.session['loginid'] = fk_id
b = Signup(name=name, login=c)
b.save()
template = loader.get_template('login.html')
context = {"Email": "PLEASE VERIFY YOUR EMAIL !!!"}
else:
template = loader.get_template('sign_up.html')
context = {"email_err": "Email already Exists"}
except Exception, e:
template = loader.get_template('sign_up.html')
context = {"error": "Invalid Login Credentials"}
print("########## This is the error ############")
print e
