def user_questions(username):
db = Database()
try:
userId = db.get_user_id(username)
questionsID = db.get_user_questionsId(userId)
for i in range(len(questionsID)):
questionsID[i] = questionsID[i]['question_id']
questions = db.get_questions(questionsID)
for j in range(len(questions)):
questions[j] = questions[j]['question']
questions_guess = db.get_user_questions_guess(userId)
question = questions[questions_guess - 1]
if request.method.upper() == 'GET':
if questions_guess > 0:
return render_template('questions.html',
question=question,
username=username,
questions_guess=questions_guess)
else:
flash(
'No additional password recovery mechanism attempts remaining.',
'danger')
flash(
'Please contact your system administrator to reset your password.',
'danger')
return redirect('/')
elif request.method.upper() == 'POST':
req = request.form
userAnswer = req.get('answer')
realAnswer = db.get_user_answer(questionsID[questions_guess - 1],
userId)
if (userAnswer == realAnswer):
session['userId'] = userId
return redirect('/reset_password')
else:
if (questions_guess < 1):
flash('Failed security questions too many times', 'danger')
flash('Contact administrator at: [email protected]', 'danger')
return redirect('/')
else:
flash('The answer you gave is incorrect', 'danger')
db.update_user_question_guess(userId, questions_guess - 1)
return redirect('/questions/' + username)
return render_template('questions.html',
question=question,
username=username,
questions_guess=questions_guess + 1)
except Exception as e:
flash('Username not found', "danger")
print(e, file=sys.stderr)
return redirect('/questions')
def reset_password():
if request.method.upper() == 'GET':
return render_template('reset_password.html')
else:
db = Database()
userId = session['userId']
password = request.form['password']
password2 = request.form['confirm_password']
if len(password) > 0 and len(password2) > 0:
if password == password2:
db.update_user_question_guess(userId, 3)
db.update_user_password(userId, password)
flash('Password was successfully updated', 'success')
return redirect('/')
else:
flash('There was an issue; passwords were not updated',
'danger')
return redirect(request.url)
return render_template('questions.html')
def login():
if request.method.upper() == 'GET':
return render_template('/session/viewall.html')
elif request.method.upper() == 'POST':
username = request.form['username']
password = request.form['password']
db = Database()
user = db.get_user(username, password)
if user is None:
flash('Invalid Credentials.', 'danger')
return redirect('/error')
else:
for key in user.keys():
flask_session[key] = user[key]
flash('Successfully logged in', "success")
db.update_user_question_guess(user['user_id'], 3)
return redirect('/session/viewall')
else:
redirect_to_referrer()