def LoginPage():
form = LoginForm(request.form)
try:
if request.method == "POST" and form.validate():
username = request.form['username']
password = request.form['password']
#c, conn = connection()
c,conn = confconnection()
try:
data = c.execute("SELECT Password FROM users WHERE Login = (%s)",(thwart(username)))
data = c.fetchone()[0]
passw = hashlib.sha1(password)
if passw.hexdigest() == str(data):
session['logged_in'] = True
session['user'] = username
SetPermissions(username)
conn.close()
return redirect(url_for('Profile'))
else:
flash("Error, wrong username or password!")
except Exception as e:
return (str(e))
except Exception as e:
return (str(e))
return render_template('login.html', form=form)
def AddUser():
try:
form = AddUserForm(request.form)
c,conn = confconnection()
if request.method == "POST" and form.validate():
passwd = hashlib.sha1(thwart(request.form['password']))
passwd = passwd.hexdigest()
x = c.execute("INSERT INTO users (Login, Password, Name, Email, access, developer, edit_card_detail, guest_card_edit,guest_search, show_code,edit_card,add_card,user_edit) VALUES(%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)",
(thwart(request.form['username']),
passwd,
thwart(request.form['name']),
thwart(request.form['email']),
thwart(request.form['access']),
'0', #developer
'1', #edit_card_detail
'0', #guest_card_edit
'1', #guest_search
'1', #show_code
'0', #edit_card
'0', #add_card
'0' #user_edit
))
conn.commit()
conn.close()
return "Brukeren er lagt til, husk rettighetsetting"
return render_template('admin/adduser.html', form=form)
except Exception as e:
return (str(e))
def LoginPage():
form = LoginForm(request.form)
try:
if request.method == "POST" and form.validate():
username = thwart(request.form['username'])
c,conn = confconnection()
data = c.execute("SELECT password, username FROM new_users WHERE username =(%s)",(username))
#CheckForOldPass(username,request.form['password'])
data = c.fetchone()
passw = request.form['password']
if c.rowcount == 0:
return CheckForOldPass(username,passw)
elif(bcrypt.verify(passw,data[0])):
session['logged_in'] = True
session['user'] = username
setUserName = username #For use in logging
SetPermissions(username)
CreateLog("Login",username)
conn.close()
return redirect(url_for('Profile'))
else:
CreateLog('Wrong password',setUserName)
return "Feil brukernavn eller passord"
except Exception as e:
return (str(e))
return render_template('login.html', form = form, usrUpdate = userUpdate, userMessage="Det ble utført en nødvendig brukeroppdatering, venligst logg inn igjen")
def FindPass(username):
#c,conn = connection()
c,conn = confconnection()
data = c.execute("SELECT * FROM users WHERE username = (%s)",(thwart(username)))
data = c.fetchone()[2]
passw = hashlib.sha1(data)
conn.close()
return passw.hexdigest()
def CreateLog(site,detail):
try:
c,conn = confconnection()
c.execute("INSERT INTO log (date,time,user,site,ip,detail_id) VALUES (%s,%s,%s,%s,%s,%s)",(datetime.now().strftime('%Y/%m/%d'),datetime.now().strftime('%H:%M'),session['user'],site,request.remote_addr,detail))
conn.commit()
conn.close()
except Exception as e:
return (str(e))
def ListUsers():
try:
c,conn = confconnection()
data = c.execute("SELECT * FROM users")
data = c.fetchall()
conn.close()
return render_template('admin/listusers.html',data=data)
except Exception as e:
return (str(e))
def UserExec():
try:
c,conn = confconnection()
if request.method == "POST":
c.execute("UPDATE users SET Name=%s,Login=%s,access=%s,canLogin=%s,developer=%s,edit_card_detail=%s,guest_card_edit=%s,show_code=%s,user_edit=%s WHERE id=%s",(thwart(request.form['name']),thwart(request.form['login']),thwart(request.form['access']),thwart(request.form['canLogin']),thwart(request.form['developer']),thwart(request.form['guest_edit']),thwart(request.form['guestcard_edit']),thwart(request.form['show_code']),thwart(request.form['user_edit']),thwart(request.form['userid'])))
conn.commit()
conn.close()
return redirect(url_for('ListUsers'))
except Exception as e:
return (str(e))
def EditUser():
try:
selectedUser = request.args["id"]
c,conn = confconnection()
data = c.execute("SELECT * FROM users WHERE id=%s",thwart(selectedUser))
data = c.fetchall()
conn.close()
return render_template('admin/edituser.html',data=data)
except Exception as e:
return (str(e))
def EmptyLog():
try:
c,conn = confconnection()
c.execute("TRUNCATE TABLE log")
conn.commit()
conn.close()
CreateLog('Empty log','Everything')
return redirect(url_for('UserLog'))
except Exception as e:
return (str(e))
def CheckForOldPass(username,oldpass):
try:
c,conn = confconnection()
data = c.execute("SELECT * FROM users WHERE Login=%s",(username))
data = c.fetchone()
SetNewPass(username,data[2],oldpass,data[6],data[17],data[13],data[43],data[27],data[29],data[24],data[11],data[9],data[21])
userUpdate = 1
return redirect(url_for('LoginPage'))
except Exception as e:
return (str(e))
def SetNewPass(username,name,password, access,developer,deliver_card,guest_edit,guestcard_edit,guest_search,show_code,edit_card,add_card,user_edit):
#form = SetPassClass(request.form)
try:
c,conn = confconnection()
c.execute("INSERT INTO new_users (username,name, password, access,developer,deliver_card,guest_edit,guestcard_edit,guest_search,show_code,edit_card,add_card,user_edit) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)",(username,name,bcrypt.encrypt(password),access,developer,deliver_card,guest_edit,guestcard_edit,guest_search,show_code,edit_card,add_card,user_edit))
conn.commit()
conn.close()
CreateLog('Convert pass to bcrypt',username)
return redirect(url_for('LoginPage',userMessage="Det ble utført en nødvendig brukeroppdatering, venligst logg inn igjen"))
except Exception as e:
return (str(e))
def UserLog():
try:
c,conn = confconnection()
data = c.execute("SELECT * FROM log")
data = c.fetchall()
conn.close()
CreateLog('Userlog','All')
return render_template('admin/userlog.html', data=data)
except Exception as e:
return (str(e))
return render_template('admin/userlog.html', data=data)
def SetPermissions(username):
#c, conn = connection()
c,conn = confconnection()
c.execute("SELECT * FROM users WHERE Login=(%s)",(thwart(username)))
datas = c.fetchall()
for data in datas:
session['developer'] = data[17] #Set developer
session['access'] = data[6] #Set accessgroup
session['lever_inn'] = data[38] #card_out - lever inn kort
session['guest_edit'] = data[43] #edit_Card_detail - endrer besøksprofilene
session['guestcard_edit'] = data[27] #guest_card_edit - endrer besøkskortene
session['guest_search'] = data[29] #guest_search - søk etter besøkskort
session['show_code']= data[24] #show_code
session['edit_card'] = data[11] #endrer PID
session['add_card'] = data[9] #add_Card
session['user_edit'] = data[21] #User_Edit - Legger til og registrerer nye brukere.
def SetPermissions(username):
#c, conn = connection()
c,conn = confconnection()
c.execute("SELECT * FROM new_users WHERE username=(%s)",(thwart(username)))
datas = c.fetchall()
for data in datas:
session['developer'] = data[5] #Set developer
session['access'] = data[4] #Set accessgroup
session['deliver_card'] = data[6] #deliver_card - lever inn kort
session['guest_edit'] = data[7] #eguest_edit - endrer besOksprofilene
session['guestcard_edit'] = data[8] #guest_card_edit - endrer besOkskortene
session['guest_search'] = data[9] #guest_search - sok etter besOkskort
session['guestcard_delete'] = data[14] #Sletting av gjestekort
session['show_code']= data[10] #show_code
session['edit_card'] = data[11] #endrer PID
session['add_card'] = data[12] #add_Card
session['user_edit'] = data[13] #User_Edit - Legger til og registrerer nye brukere.