def index(): if request.method == 'POST': log_newline(2) logger.info('New contact-us form received!') logger.info('Site: %s', str(request.referrer)) form_dict = dict(request.form) logger.info('Form: %s', str(form_dict)) data_fields = ['name', 'phone', 'email', 'subject', 'message'] data = dict() try: for k,v in form_dict.iteritems(): if k in data_fields and bool(v[0]): data[k] = unicode(v[0]).decode('utf-8') logger.info('Form->Dict Serialize: %s', str(data)) except Exception, e: #print 'Failed to handle form:\n\t%r' % request.form # DEBUG logger.error('Serialize Fail!', exc_info=True) return render_template('failure.html', goto=request.referrer, message="There was an error. Your message was not sent. Please try again." ) if data.get('email'): source_url = validate_and_get_domain(request.referrer) try: # get delivery email from site as stored in DB recp = db_ops.ret_val(db_ops.Site, dict(url=source_url)).email logger.info('Site found in records!') except Exception, e: logger.error('Error retrieving site data from DB!', exc_info=True) recp = None #message = '{subj}\n\n{msg}'.format(subj=data.get('subject', ''), msg=data.get('message', '')).strip() analytics_store(source_url, **data) # store received data for future analytics # For debug purposes if app.config.get('DEBUG', False): logger.debug('Sending mail to debug email: %s', config.MAIL_SENDER) recp = config.MAIL_SENDER if recp is not None: message = format_msg_html(**data) logger.info('Email HTML formatted') if send_email(app, recp=recp, message=message, sender=config.MAIL_SENDER, subject="ContactForm: New message from your website."): logger.info('Email sent to %s', recp) return render_template('success.html', goto=request.referrer, message="Your message was sent successfully." ) else: logger.error('Site not found in records!')
def signup(): form = RegForm() ####TODO: ADD CODE TO PROPERLY VALIDATE FORM FIELDS if form.validate_on_submit(): param_dict = {} # dict to map keywords to values retrieved from registration form # retrieve user registration data from form param_dict['username'] = form.username_fld.data.lower().decode('utf-8') # username converted to all-lower case param_dict['email'] = form.email_fld.data.decode('utf-8') ####TODO: IMPLEMENT PASSWORD HASHING param_dict['password'] = form.password_fld.data.decode('utf-8') or '' db_ops.insert_val(db_ops.User, param_dict) # insert new values into DB param_dict.pop('email') # clear dictionary key: email param_dict.pop('password') # clear dictionary key: password user = db_ops.ret_val(db_ops.User, param_dict) # retrieve user object from DB using username param_dict.clear() #if user is not None: # notify user of signup #notif_msg = 'Welcome to Afraisr, <span href="%s">%s</span>!' %(url_for('profile', username=user.username), user.username) #utils.notify(user, notif_msg) #param_dict['user_id'] = user.user_id # get user_id from user object #param_dict['profile_img_name'] = app.config['DEFAULT_SILHOUETTE_UNKNOWN'] # set default user profile image for new user #param_dict['reg_time'] = datetime.datetime.utcnow() # set user account creation date and time #db_ops.insert_val(db_ops.UserDetails, param_dict) # save user details flash('Successfully Registered!') return redirect(url_for('login_auth')) else: if request.method=='POST': flash('Check your Details!') session['in_session'] = False return render_template('sign_up.html', form = form)
def index(): if request.method == 'POST': log_newline(2) logger.info('New contact-us form received!') logger.info('Site: %s', str(request.referrer)) form_dict = dict(request.form) logger.info('Form: %s', str(form_dict)) data_fields = ['name', 'phone', 'email', 'subject', 'message'] data = dict() try: for k, v in form_dict.iteritems(): if k in data_fields and bool(v[0]): data[k] = unicode(v[0]).decode('utf-8') logger.info('Form->Dict Serialize: %s', str(data)) except Exception, e: #print 'Failed to handle form:\n\t%r' % request.form # DEBUG logger.error('Serialize Fail!', exc_info=True) return render_template( 'failure.html', goto=request.referrer, message= "There was an error. Your message was not sent. Please try again." ) if data.get('email'): source_url = validate_and_get_domain(request.referrer) try: # get delivery email from site as stored in DB recp = db_ops.ret_val(db_ops.Site, dict(url=source_url)).email logger.info('Site found in records!') except Exception, e: logger.error('Error retrieving site data from DB!', exc_info=True) recp = None #message = '{subj}\n\n{msg}'.format(subj=data.get('subject', ''), msg=data.get('message', '')).strip() analytics_store(source_url, **data) # store received data for future analytics # For debug purposes if app.config.get('DEBUG', False): logger.debug('Sending mail to debug email: %s', config.MAIL_SENDER) recp = config.MAIL_SENDER if recp is not None: message = format_msg_html(**data) logger.info('Email HTML formatted') if send_email( app, recp=recp, message=message, sender=config.MAIL_SENDER, subject="ContactForm: New message from your website."): logger.info('Email sent to %s', recp) return render_template( 'success.html', goto=request.referrer, message="Your message was sent successfully.") else: logger.error('Site not found in records!')
def login_auth(): form = LoginForm() ####TODO: ADD CODE TO PROPERLY VALIDATE FORM FIELDS if form.validate_on_submit(): ####TODO: ADD CODE TO HANDLE INVALID LOGIN # code to enable login with username or email param_dict={} if form.username_fld.data.find('@') > -1: # user entered email not username param_dict['email'] = form.username_fld.data # create email key ins session dictionary else: # user entered username not email param_dict['username'] = form.username_fld.data # create username key ins session dictionary user = db_ops.ret_val(db_ops.User, param_dict) # retrieve 'user' object with usernam or email, depending on which is provided if user is not None: # user with username/email was found param_dict.clear() # retrieve full user details from DB using 'user_id' #param_dict['user_id'] = user.user_id #user_det = db_ops.ret_val(db_ops.UserDetails, param_dict) ####TODO: ADD CODE TO PROPERLY VALIDATE PASSWORD CORRECTNESS; FIND A MORE SECURE APPROACH # begin password verification if form.password_fld.data == user.password: # Validate correctness of password; dumb procedure though, but should suffice session['in_session'] = True # login was successful; a user is now in session # get active user's username and email details session['username'] = user.username session['email'] = user.email # get active user's name details if available #if user_det is not None: #if user_det.f_name is not None: #session['f_name'] = user_det.f_name #if user_det.l_name is not None: #session['l_name'] = user_det.l_name ####TODO: NEED TO IMPLEMENT BETTER SECURITY HERE form.username_fld.data = '' # clear username field data in form form.password_fld.data = '' # clear password field data in form flash("User '%s' has been logged-in; Remember_me=%s" %(session.get('username'), str(form.remember_me_chkbx.data))) #DEBUG # notify user of login operation #notif_msg = 'You logged in at '+ str(datetime.datetime.utcnow()) #utils.notify(user, notif_msg) return redirect(url_for('profile', username = session.get('username'))) #end: password verification else: # incorrect password entry flash('You may have entered the wrong password! Try again') #DEBUG # notify user of login operation #notif_msg = 'An attempt was made to log into your account at: '+ str(datetime.datetime.utcnow()) #utils.notify(user, notif_msg) #end: if: form fields validated else: # incorrect email or username entry flash('Username or Email not found in our records!') #DEBUG else: # Login Failed! ..... clear session credentials if request.method=='POST': flash('Check your Details!') #DEBUG session.pop('username', '') session.pop('email', '') #session.pop('f_name', '') #session.pop('l_name', '') session['in_session'] = False # no user is in session return render_template('login.html', form = form)