def signup():
def check_email(email):
cur = g.db.execute('select 1 from user where email=?', [email])
row = cur.fetchone()
return True if row else False
error = None
if request.method == 'POST':
username = request.form['username']
email = request.form['email']
raw_password = request.form['password']
raw_password2 = request.form['password2']
if get_user_id(username):
error = 'username exists!'
elif check_email(email):
error = 'email exists!'
elif raw_password != raw_password2:
error = '2 password dont match'
else:
salt = gen_salt()
salted_pwd = salt + '.' + hash_password(username, raw_password,
salt)
g.db.execute('''insert into user(username, salted_pwd, email)
values(?,?,?)''', [username, salted_pwd, email])
g.db.commit()
return redirect(url_for('signin'))
return render_template('signup.html', error=error)
def modify_password():
raw_password = request.form['password']
raw_password2 = request.form['password2']
if raw_password != raw_password2:
flash('2 password dont match.')
else:
salt = gen_salt()
salted_pwd = salt + '.' + hash_password(session['username'],
raw_password, salt)
g.db.execute('update user set salted_pwd=? where user_id=?',
[salted_pwd, g.user['user_id']])
g.db.commit()
flash('Password update successful.')
return redirect(url_for('user_setting'))
def signin(redirect_url=None):
error = None
if request.method == 'POST':
error = 'email/password error'
email = request.form['email']
password = request.form['password']
cur = g.db.execute('select username, salted_pwd from user where email=?', [email])
result = cur.fetchone()
if result:
username, salted_pwd = result
salt, hashed_password = salted_pwd.split('.')
if hash_password(username, password, salt) == hashed_password:
session['username'] = username
return redirect_back('index')
return render_template('signin.html', error=error)
