def post(self, *args, **kwargs): ''' Attempts to create an account, with shitty form validation ''' form = Form( account="Please enter an account name", handle="Please enter a handle", team="Please select a team to join", pass1="Please enter a password", pass2="Please confirm your password", token="Please enter a registration token" ) if form.validate(self.request.arguments): config = ConfigManager.Instance() account = self.get_argument('account').lower() handle = self.get_argument('handle').lower() rtok = self.get_argument('token', '__none__').lower() passwd = self.get_argument('pass1') if User.by_account(account) is not None: self.render('public/registration.html', errors=['Account name already taken'] ) elif account == handle: self.render('public/registration.html', errors=['Account name and hacker name must differ'] ) elif User.by_handle(handle) is not None: self.render('public/registration.html', errors=['Handle already taken'] ) elif not passwd == self.get_argument('pass2'): self.render('public/registration.html', errors=['Passwords do not match'] ) elif not 0 < len(passwd) <= config.max_password_length: self.render('public/registration.html', errors=['Password must be 1-%d characters' % config.max_password_length] ) elif Team.by_uuid(self.get_argument('team', '')) is None: self.render('public/registration.html', errors=["Please select a team to join"] ) elif RegistrationToken.by_value(rtok) is None and not config.debug: self.render('public/registration.html', errors=["Invalid registration token"] ) else: self.create_user(account, handle, passwd, rtok) self.render('public/successful_reg.html', account=account) else: self.render('public/registration.html', errors=form.errors)
def post(self, *args, **kwargs): ''' Checks submitted username and password ''' form = Form( account="Enter an account name", password="******", ) if form.validate(self.request.arguments): user = User.by_account(self.get_argument('account')) password_attempt = self.get_argument('password') if user is not None and user.validate_password(password_attempt): if not user.locked: self.successful_login(user) self.redirect('/user') else: self.render('public/login.html', errors=["Your account has been locked"] ) else: self.failed_login() else: self.render('public/login.html', errors=form.errors)