def password(user_id):
user = User.query.get(user_id)
if not user or (current_user != user):
return redirect(url_for('Common.index'))
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
old_password = form.old_password.data
new_password = form.new_password.data
confirm_password = form.confirm_password.data
old_password = hashlib.md5(old_password).hexdigest()
if old_password != user.password:
flash('旧密码错误', 'error')
elif new_password != confirm_password:
flash('密码不一致', 'error')
else:
new_password = hashlib.md5(new_password).hexdigest()
user.password = new_password
user.save()
flash('修改密码成功', 'success')
else:
flash('请按格式填写表单', 'error')
return render_template('user/password.html', user=user, form=form)
def password_reset(payload=None):
client=currentSession()
form = PasswordForm(request.form)
if request.method == 'POST':
decrypted = ""
reset_id = form["reset_id"].data
if not form.validate():
return render_template('passwordreset.html', form=form, client=client, msg=None, decrypted=decrypted)
else:
# update password
if reset_id:
client.user = client.getUserById(reset_id)
client.user.set_password(form.password.data)
database.db_session.add(client.user)
database.db_session.commit()
client.saveSession()
msg = "password has been changed. please login again."
else:
msg = "user not found."
return render_template('passwordreset.html', form=form, client=client, msg=msg, decrypted=decrypted)
else:
msg = None
e = Crypto()
decrypted = e.decrypt(payload, True)
if utilities.validate_uuid4(decrypted) == False:
# timestamp has expired.
msg = decrypted
return render_template('passwordreset.html', form=form, client=client, msg=msg, decrypted=decrypted)
def setPassword():
form = PasswordForm(request.form)
if request.method == "POST" and form.validate():
hashedpwd = hashpw(form.pwd.data, gensalt(log_rounds=13))
current_user.update(set__pwd=hashedpwd)
current_user.save()
flash("Password was changed successfully")
return redirect('/settings')
return render_template("newpassword.html", form=form, upform=UploadForm())
def password():
form = PasswordForm()
if request.method == 'POST':
if form.validate():
session['admin'] = 1
return redirect(url_for('rsvp'))
else:
#session.pop('admin', None)
#return redirect(url_for('index'))
return redirect(url_for('logout'))
return render_template('password.html', form=form)
def change_password(username):
"""Change/Update password"""
form = PasswordForm(request.form)
if request.method =='GET':
return render_template("password.html")
if request.method == 'POST' and form.validate():
current_user = User.query.filter(User.user_id==session['id']).first()
current_user.password = form.password.data
picture = current_user.picture
db.session.commit()
return render_template('password.html', form=form)
def reset_password():
if request.method == "POST":
form = PasswordForm(request.form)
if form.validate():
ul = serv.login(g.user['email'],form.oldpassword.data)
if ul:
ul.reset_password(form.newpassword.data)
try:
g.db.flush()
g.db.commit()
success = u"重设密码成功"
except Exception, e:
g.db.rollback()
log.error(e.message)
errors = [u"未知异常"]
else:
errors = [u"登陆密码输入不正确"]
else:
errors = [v[0] for k, v in form.errors.iteritems()]
def password_reset(payload=None):
form = PasswordForm()
if request.method == 'POST':
if not form.validate():
return render_template('passwordreset.html', form=form, user=get_user(), msg=None)
else:
# update password
reset_id = form.reset_id.data
user = User.query.get(reset_id)
if user:
user.set_password(form.password.data)
db.session.commit()
msg = "password has been changed. please login again."
else:
msg = "user not found."
return render_template('passwordreset.html', form=form, user=get_user(), msg=msg)
else:
e = crypto.crypto()
decrypted = e.decrypt(payload, True)
p = User.query.get(decrypted)
if p:
return render_template('passwordreset.html', form=form, user=p, msg=None)
else:
return render_template('passwordreset.html', form=form, user=get_user(), msg=decrypted)
