def forgot_password():
""" No route, as this is triggered from the `login` view, if the user
presses the 'forgot password' button
"""
form = LoginForm(request.form)
form.validate_on_submit() # Trigger email validation
if form.email.errors:
form.password.errors = () # Ignore password field for forgot-password
else:
email = form.email.data
user = User.query.filter_by(email=email).first()
if user:
send_password_reset_email(user)
# Don't notify whether we found a user, to prevent fishing for valid
# email addresses
flash(
_('An email has been sent with '
'instructions for resetting your password'))
form = LoginForm() # Reset the form
return render_template('users/login.html', form=form)
def login():
"""
Login form
"""
if 'user_id' in session:
return redirect(url_for('users.home'))
form = LoginForm(request.form)
# make sure data are valid, but doesn't validate password is right
if request.method == 'POST':
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
# we use werzeug to validate user's password
if user and verify_password(form.password.data, user.password):
# the session can't be modified as it's signed,
# it's a safe place to store the user id
authorize(user)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(gettext(u'Welcome') + " " + user.name)
if not user.is_confirmed():
return redirect(url_for('users.pleaseconfirm', next=url_for('home.home')))
return redirect(url_for('home.home'))
flash(gettext(u'Wrong email or password'), 'error-message')
return render_template('users/login.html', form=form)
def login(path):
# define login form here
form = LoginForm(request.form)
# Flask message injected into the page, in case of any errors
msg = None
# custommize your page title / description here
page_title = 'Login - ipNX vCPE'
page_description = 'Online ipNX virtual Customer Premises Equipment.'
# check if both http method is POST and form is valid on submit
if form.validate_on_submit():
# assign form data to variables
username = request.form.get('username', '', type=str)
password = request.form.get('password', '', type=str)
# filter User out of database through username
user = User.query.filter_by(user=username).first()
if user:
if bcrypt.check_password_hash(user.password, password):
login_user(user)
return redirect(url_for('main.index'))
else:
msg = "Wrong password. Please try again."
else:
msg = "Unknown user. Check again and re-enter."
# try to match the pages defined in -> themes/light-bootstrap/pages/
return render_template('layouts/logindefault.html',
title=page_title,
content=render_template('pages/' + path,
form=form,
msg=msg))
def login():
form = LoginForm(next=request.args.get('next'))
if form.validate_on_submit():
u = User.find_by_identity(request.form.get('email'))
if u and u.authenticated(password=request.form.get("password")):
print(" YOU MADE IT")
login_user(u)
#handle optional redirecting
next_url = request.form.get('next')
print(next_url)
#caution checking path of url
if next_url:
return redirect(safe_next_url(next_url))
return redirect(url_for('core.index'))
else:
flash("Email or password is incorrect.", "warning")
print("error")
return render_template('users/login.html', form=form)
def register():
form_r = RegistrationForm()
form_l = LoginForm()
if form_r.validate_on_submit():
user = User(username=form_r.username.data,
email=form_r.email.data,
password=form_r.password.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('controla.index'))
if form_l.validate_on_submit():
user = User.query.filter_by(email=form_l.email_l.data).first()
if user.check_password(
password=form_l.password_l.data) and user is not None:
login_user(user)
flash('Log in success!')
next = request.args.get('next')
if next == None or not next[0] == '/':
next = url_for('controla.index')
return redirect(next)
return render_template('register.html', form_r=form_r, form_l=form_l)
def dispatch_request(self):
if user_authenticated():
return redirect(url_for('users.Dashboard'))
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
username = form.username.data
password = form.password.data
try:
if credential_valid(username, password):
current_user = db_user(username=username)
session['active_user'] = {
'id': current_user.id,
'username': current_user.username,
'is_authenticated': True
}
return redirect(url_for('users.Dashboard'))
else:
flash(
f'Login Unsuccessful. Please check username and password again.',
'error')
return redirect(url_for(request.endpoint))
except Exception as e:
flash(
'Login Unsuccessful. Please check username and password again.',
'error')
return redirect(url_for(request.endpoint))
return render_template('login.html', form=form)
def login():
""" Login authorization will be handled by flask_login package , it will generate user_id withing flask session"""
form = LoginForm()
if form.validate_on_submit():
# Query user table with email data sent by post request after submiting and form validation.
user = User.query.filter_by(email=form.email.data).first()
if user is None:
flash(Markup('Vaša email adresa nije registrovana molimo Vas da izvršite registraciju , kliknite link <a href="/register" class="alert-link">here</a>!'))
return redirect(url_for('users.login'))
# Checking the user query , if there is an user registered with the submited email adress
# We proceed to check his password with verify_password method
if user is not None and user.verify_password(form.password.data):
# Using flask_login
login_user(user)
flash('Uspješno ste se logovali !')
next = request.args.get('next')
if next is None or not next.startswith('/'):
next = url_for('users.profile')
return redirect(next)
flash('Pogrešna lozinka ili email !')
return render_template('users/login.html', form=form)
def login():
form = LoginForm(request.form)
return render_template(
'users/login.html',
form=form,
)
def login():
if current_user.is_authenticated and login_fresh():
return redirect(url_for("main.home"))
form = LoginForm()
picture = generate_header_picture()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if not form.validate_email(form.email):
flash("Email does not exist. Please try again", "danger")
elif not bcrypt.check_password_hash(user.password, form.password.data):
flash("Incorrect password. Please try again", "danger")
else:
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
if next_page:
return redirect(next_page)
else:
return redirect(url_for("main.home"))
return render_template("login.html",
form=form,
picture=picture,
current_login_type="personal account",
needed_login_type="company")
def login():
"""
Login form
"""
form = LoginForm(request.form)
# make sure data are valid, but doesn't validate password is right
if form.validate_on_submit():
#user = User.query.filter_by(email=form.email.data).first()
try:
user = User.objects.get(username=form.username.data)
# we use werzeug to validate user's password
if check_password_hash(user.password, form.password.data): #optional: bool(user)
# the session can't be modified as it's signed,
# it's a safe place to store the user id
session['user_id'] = str(user.id)
session['user'] = user.username
# user.current_user = True
# user.save()
#flash('Success! Welcome %s!' % user.name)
return redirect(url_for('home'))
except errors.DoesNotExist:
#raise#flash('Wrong email or password', 'error-message')
return render_template("users/login.html",
doesnt_exist=True,
form=form,
user=None)
return render_template("users/login.html", form=form, user=None)
def login():
# If user already logged in redirect to homepage
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
# Finds and returns the user with the specified email address
user = User.query.filter_by(email=form.email.data.lower()).first()
# Verbose error messages vulnerability
if user is None:
flash(
f'Failed login. No account exists with the provided email address',
'danger')
elif user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember_me.data)
session['_id'] = '123abc' # weak session ids !
next_page = request.args.get(
'next') # get next value from url query string
if next_page:
return redirect(url_for(next))
else:
return redirect(url_for('main.home'))
else:
# Verbose error messages vulnerability
flash(f'Failed login. Password invalid', 'danger')
return render_template('login.html', title='Login', form=form)
def login():
# Pressed 'forgot password' button
if 'forgot_password' in request.form:
return forgot_password()
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
if check_password_hash(user.password, form.password.data):
login_user(user, remember=True)
after_login = request.args.get('next') or url_for('home')
return redirect(after_login)
form.password.errors = (_("Invalid email or password"), )
# Ambiguate which field has the error
if form.email.errors or form.password.errors:
form.email.errors = (_("Invalid email or password"), )
form.password.errors = ()
return render_template('users/login.html', form=form)
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.password, form.password.data):
login_user(user=user, remember=request.form.get("remember"))
return redirect(url_for('auth.profile'))
return render_template("auth/sign_in.html", form=form)
def login():
if current_user.is_authenticated:
return redirect(
url_for('main.home')
) # Redirect to home page -- Prevent's already logged in user's from logging in again!
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first(
) # Look for user email in db, and store it as user
if user.blacklisted == True and user.chance == True: # Basically what this does: IF the user is on the BL, but he/she has ONE last chance to do some final processing ...
if user and bcrypt.check_password_hash(
user.password, form.password.data
): # If the provided email exists AND Password Hash matches with user input from the form
login_user(
user, remember=form.remember.data
) # The user is logged in for that session as normal!
next_page = request.args.get('next')
user.chance = False # We set this to False so that they can never log in AGAIN afterwards!!!!
db.session.commit() # commit changes into DB
flash('This is your Last chance to do some final processing!',
'danger')
return redirect(next_page) if next_page else redirect(
url_for('main.home')
) # And redirected to the home page, ONE LAST TIME!
else:
flash('Login Unsuccessful. Please check username and password',
'danger')
if user.blacklisted == True and user.chance == False:
flash(
'Login Unsuccessful. You have been black listed!', 'danger'
) # A black listed user with no chances can never log in again!
if user.blacklisted == False:
if user and bcrypt.check_password_hash(
user.password, form.password.data
): # If the provided email exists AND Password Hash matches with user input from the form
login_user(
user, remember=form.remember.data
) # login_user is part of flask_login, and like UserMixin it's really useful, it accepts two paramters, the user object, and the remember form data which is a boolean
next_page = request.args.get(
'next'
) # using .get prevents us from getting a null pointer exception
return redirect(next_page) if next_page else redirect(
url_for('main.home')
) # If the next page exists redirect to the next page, if it doesn't exist redirect to Home page
else:
flash(
'Login Unsuccessful. Please check username and password',
'danger'
) # For anyone wondering 'danger' is just a bootstrap class, it gives a red-ish/pink-ish hue for an error message
return render_template('login.html', title='Login', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user)
flash('Welcome to Home Money!')
return redirect(url_for('users.index'))
flash('Wrong email or password', "error")
return render_template("login.html", form=form, title='Sign In')
def login():
error = None
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
name = form.name.data
password = form.password.data
#u = User.query.filter_by(name=name,password=password).first()
u = db.session.query(User).filter_by(name=name,
password=password).first()
if u is None:
error = 'Invalid Credentials. Please try again.'
else:
session['logged_in'] = True
session['user_id'] = u.id
flash('You are logged in. Go Crazy.')
return redirect(url_for('tasks.tasks'))
return render_template('/login.html',
form=LoginForm(request.form),
error=error)
def login():
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
user = Users.query.filter_by(email=form.email.data).first()
login_user(user)
flash('Logged in successfully.', category='success')
return redirect(request.args.get('next') or url_for('index'))
return render_template('signin.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
login_user(current_app.config['USERS'][form.username.data])
return (redirect(
request.args.get('next')
or url_for(current_app.config['USERS_REDIRECT_LOGIN'])))
return render_template('users/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(name=form.name.data).first()
if user is not None and user.verify_password(form.password.data):
login_user(user, form.remember_me.data)
flash('Logged in successfully.')
next_page = form.next_page.data
return redirect(next_page or abort(HTTPStatus.BAD_REQUEST))
flash('Invalid email or password.')
return render_template('users/login.html', form=form)
def login():
"""
Login page with form (handled on POST).
"""
form = LoginForm(request.form)
if request.method == 'POST' and _validate_login_form(form):
return redirect(url_for('users.home'))
return render_template(
'users/login.html',
form=form,
is_admin=User.is_admin(g.user))
def login_post():
if request.method == 'POST':
form = LoginForm(request.form)
if form.validate_on_submit():
user = db.session\
.query(User)\
.filter_by(user_name=form.user_name.data)\
.first()
if user is not None:
if User.decryptpassword(pwdhash=user.password_hash,
password=form.password_hash.data):
if user.locked == 0:
user.fails = 0
db.session.add(user)
db.session.commit()
login_user(user)
current_user.is_authenticated()
current_user.is_active()
return redirect(url_for('index'))
else:
return redirect(url_for('users.account_locked'))
else:
x = user.fails
y = x + 1
user.fails = y
db.session.add(user)
db.session.commit()
if int(user.fails) >= 5:
user.locked = 1
db.session.add(user)
db.session.commit()
return redirect(url_for('users.account_locked'))
else:
flash("Please retry user name or password.",
category="danger")
return redirect(url_for('users.login'))
else:
flash("Please retry user name or password", category="danger")
return redirect(url_for('users.login'))
else:
flash("Please retry user name or password.", category="danger")
return redirect(url_for('users.login'))
else:
flash("Incorrect form.", category="danger")
return redirect(url_for('index'))
def login():
login_form = LoginForm()
# import pdb; pdb.set_trace()
if login_form.validate_on_submit():
user = User.query.filter_by(email=login_form.email.data).first()
# import pdb; pdb.set_trace()
if user is not None and user.verify_password(login_form.password.data):
login_user(user, login_form.remember.data)
return redirect(request.args.get('next') or url_for('main.home'))
else:
flash('Invalid Username or Password')
return render_template('login.html', form=login_form)
def login():
login_form = LoginForm()
# import pdb; pdb.set_trace()
if login_form.validate_on_submit():
user = User.query.filter_by(email=login_form.email.data).first()
# import pdb; pdb.set_trace()
if user is not None and user.verify_password(login_form.password.data):
login_user(user, login_form.remember.data)
return redirect(request.args.get('next') or url_for('main.home'))
else:
flash('Login Unsuccessful. Please check email and password',
'danger')
return render_template('login.html', title='Login', form=login_form)
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('users.home'))
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.password, form.password.data):
session['user_id'] = user.id
flash('Welcome %s' % user.nickname)
login_user(user, False)
return redirect(request.args.get('next') or url_for('users.home'))
flash('Wrong email or password', 'error-message')
return render_template("users/login.html", form=form)
def login():
"""
Login form
"""
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.password, form.password.data):
session['user_id'] = user.id
flash('Welcome %s' % user.name)
return redirect(url_for('users.home'))
flash('Wrong email or password', 'error-message')
return render_template("users/login.html", form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(url_for('main.index'))
else:
flash('Login unsuccessful. Please check your email and password', 'danger')
return render_template('login.html', title='Login', form=form)
def login():
try:
if current_user.is_authenticated:
return redirect(url_for("main.home"))
form = LoginForm()
if form.validate_on_submit():
if access.login(form.username.data, form.password.data):
return redirect(url_for("main.home"))
else:
flash("Неправильный логин или пароль!", 'danger')
return render_template("authorisation.html", form=form)
except Exception as e:
print(e)
def login():
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form=LoginForm()
if form.validate_on_submit():
user=User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data) #if the user checks the remember me box, then it'll be true, else false.
next_page=request.args.get('next') #if user checks profile without logging in.
return redirect(next_page) if next_page else redirect(url_for('main.home'))
else:
flash("Unsuccessful login",'danger')
return render_template('login.html',title='Login',form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('users.home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(url_for('users.home'))
flash('You have been logged in!', 'success')
else:
flash('login Unsuccessful. Please check your email and password', 'danger')
return render_template('user/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
login = LoginForm()
if login.validate_on_submit():
user_login = UserLogin.query.filter_by(
username=login.username.data).first()
if user_login and bcrypt.check_password_hash(user_login.password,
login.password.data):
login_user(user_login, remember=login.remember.data)
return redirect(url_for('main.index'))
else:
flash('Login unsuccessful', 'danger')
return render_template("login.html", login=login)
