def change_password(type, id):
if type == "Student":
user = Student.query.get(id)
# if user.is_authenticated:
# return redirect(url_for('index', type="Student", id=id))
form = PasswordForm()
if form.validate_on_submit():
if user is None or not password_manager.verify_password(
form.password.data, user.password):
flash('Invalid password')
return redirect(
url_for('change_password', type='Student', id=id))
user.password = password_manager.hash_password(form.np.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('index', type='Student', id=id))
return render_template('student_password.html', form=form)
elif type == "Professor":
user = Professor.query.get(id)
# if user.is_authenticated:
# return redirect(url_for('index', type="Student", id=id))
form = PasswordForm()
if form.validate_on_submit():
if user is None or not password_manager.verify_password(
form.password.data, user.password):
flash('Invalid password')
return redirect(
url_for('change_password', type='Professor', id=id))
user.password = password_manager.hash_password(form.np.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('index', type='Professor', id=id))
return render_template('prof_password.html', form=form)
elif type == "Administrator":
user = Administrator.query.get(id)
# if user.is_authenticated:
# return redirect(url_for('index', type="Student", id=id))
form = PasswordForm()
if form.validate_on_submit():
if user is None or not password_manager.verify_password(
form.password.data, user.password):
flash('Invalid password')
return redirect(
url_for('change_password', type='Administrator', id=id))
user.password = password_manager.hash_password(form.np.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('index', type='Administrator', id=id))
return render_template('admin_password.html', form=form)
else:
return render_template('error.html')
def activate(key, token):
"""Activate Method."""
try:
element = User.objects.filter(deleted=False, id=key,
code=token).first()
except Exception:
flash("Usuario no Existe", "error")
return redirect(url_for("index"))
if element.state == 'confirmed':
flash(u"Contraseña Actualizada Anteriormente", "info")
return redirect(url_for('auth.login'))
if element.state == "email_reset":
element.state = "confirmed"
element.save()
flash(u"Correo Actualizado", "success")
return redirect(url_for('auth.login'))
form = PasswordForm(request.form, element)
if request.method == 'GET':
return render_template("auth/password.html", form=form)
if form.validate_on_submit():
state = element.state
password = form.password.data
element.password = password
element.generate_password()
element.state = "confirmed"
element.save()
flash(u"Contraseña Actualizada", "success")
if state == 'confirm':
flash(u"Cuenta Activada", "info")
return redirect(url_for('auth.login'))
return render_template("auth/password.html", form=form)
def changePassword():
form = PasswordForm()
if session['type'] == 'Student' or session['type'] == 'Faculty':
if form.validate_on_submit():
with sql.connect('courseSystem.db') as db:
c = db.cursor()
if session['type'] == 'Student':
find_users = """SELECT * FROM Student S WHERE S.email = ?"""
else:
find_users = """SELECT * FROM Professor P WHERE P.email = ?"""
c.execute(find_users, (session['user'], ))
results = c.fetchall()
if results and checkpw(str.encode(form.password.data), results[0][1]) and\
(form.newPassword.data == form.confirm.data):
if session['type'] == 'Student':
changePassword = """UPDATE Student
SET password=?
WHERE email=?"""
else:
changePassword = """UPDATE Professor
SET password=?
WHERE email=?"""
print(form.newPassword.data)
c.execute(changePassword,
(hashpw(str.encode(form.newPassword.data),
gensalt(4)), session['user']))
db.commit()
c.close()
return redirect(url_for('userhome'))
return render_template('changePassword.html', form=form)
elif session['type'] == 'Admin':
return render_template('changePassword.html')
else:
return render_template('home.html')
def change_pass():
form = PasswordForm()
if form.validate_on_submit():
flash(f'Your password was updated successfully.', 'success')
return redirect(url_for('user.home'))
return render_template('user-change-pass.html', form=form)
def process_password_reset_token(token):
try:
password_reset_serializer = URLSafeTimedSerializer(
current_app.config['SECRET_KEY'])
email = password_reset_serializer.loads(token,
salt='password-reset-salt',
max_age=3600)
except BadSignature as e:
flash('The password reset link is invalid or has expired.', 'danger')
return redirect(url_for('users.login'))
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
if user is None:
flash('Invalid email address!', 'danger')
return redirect(url_for('users.login'))
user.set_password(form.password.data)
database.session.add(user)
database.session.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('users.login'))
return render_template('users/reset_password_with_token.html', form=form)
def update_password(itsid):
password_details = Password.query.get_or_404(itsid)
if password_details.user != current_user:
abort(403)
form = PasswordForm()
if form.validate_on_submit():
message = form.password.data # Users real password
message = message.encode('latin-1') # processed
encrypted_text = CIPHER.encrypt(message) # Got the value
encrypted_text = encrypted_text.decode()
password_details.site = form.site.data
password_details.password = encrypted_text
password_details.hint = form.hint.data
db.session.commit()
flash("Password Updated Successfully!", 'success')
return redirect(url_for('passwords'))
elif request.method == "GET":
form.site.data = password_details.site
form.hint.data = password_details.hint
return render_template("create_passwords.html",
title='Update Password',
form=form,
legend='Update')
def login3():
if 'pno' not in session.keys():
flash('enter pno first')
return redirect(url_for('login'))
for key in ['firstname', 'lastname']:
if key not in session.keys():
flash('enter name first')
return redirect(url_for('login2'))
form = PasswordForm()
if form.validate_on_submit():
password = form.password.data
pno = session['pno']
firstname = session['firstname']
lastname = session['lastname']
user = User.get_by_pno(pno)
user.firstname = firstname
user.lastname = lastname
user.password = password
db.session.add(user)
db.session.commit()
login_user(user)
remove_ban(request_obj=request.remote_addr)
return redirect(url_for('index'))
return render_template('login.html', form=form)
def change_password(user_id):
form = PasswordForm()
cursor = g.db.execute('SELECT * FROM user WHERE id=? ', [user_id])
res = cursor.fetchone()
if res is None:
return render_template('404.html') # 没有改用户 404
if int(session.get('user_id')) == int(user_id):
if request.method == 'POST' and form.validate_on_submit():
old_password = request.form.get('old_password')
new_password = request.form.get('new_password')
new_password_repeat = request.form.get('new_password_repeat')
if new_password != new_password_repeat:
flash(
message=
'Please enter the same password in both new password fields.'
)
return render_template('change_password.html', form=form)
if md5_user_psw(res[1], old_password) == res[2]: # 密码正确
g.db.execute('UPDATE user SET pass_hash=? WHERE id=?',
[md5_user_psw(res[1], new_password), user_id])
return redirect(
url_for('user_profile', user_id=session['user_id']))
else:
flash(message='Password error')
return render_template('change_password.html', form=form)
else:
return render_template('change_password.html', form=form)
def reset_with_token(token):
""" Resets a user's password, verifying that their token is correct, and
then encrypting their new password and logging them in. """
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
#get form data
form = PasswordForm()
if form.validate_on_submit():
user = model.User.query.filter_by(email=email).first_or_404()
password = form.password.data
# securely store password
password_hash = pbkdf2_sha256.encrypt(password,
rounds=200000,
salt_size=16)
user.password = password_hash
model.db.session.add(user)
model.db.session.commit()
# login user
login_user(user)
return redirect("/")
else:
return render_template("/reset_with_token.html",
form=form,
token=token)
def login():
form = PasswordForm()
if form.validate_on_submit():
session.clear()
session['admin_logged'] = True
return redirect(url_for('admin.home'))
return render_template('admin/login.html', form=form)
def makePasswordQRcode():
form = PasswordForm()
if form.validate_on_submit():
s = str(form.password.data)
QR = pyqrcode.create(s)
myfile = os.path.join(app.static_folder, "QR.png")
QR.png(myfile, scale=5)
return redirect(url_for('QRcodedisplay'))
return render_template('makePasswordQRcode.html', title='Maker', form=form)
def password():
form = PasswordForm()
if form.validate_on_submit():
form.populate_obj(user)
user.password = form.new_password.data
db.session.commit()
flash('Password updated.', 'success')
return render_template('user/password.html', form=form)
def password():
form = PasswordForm()
if form.validate_on_submit():
form.populate_obj(user)
user.password = form.new_password.data
db.session.commit()
flash('Password updated.', 'success')
return render_template('user/password.html', form=form)
def password():
form = PasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.current_password.data):
flash('Current Password wrong', 'danger')
return redirect(url_for('password.password'))
current_user.set_password(form.new_password.data)
current_user.save()
commit()
logout_user()
flash('Password change successful. Please login again', 'success')
return redirect(url_for('login.login'))
return render_template('password.html', form=form)
def reset_with_token(token):
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if form.validate_on_submit():
user = mongo_db.users.User.find_one({'email' : email})
user.password = generate_password_hash(form.password.data)
user.save()
return redirect(url_for('login'))
return render_template('reset_with_token.html', form=form, token=token)
def index():
form = PasswordForm()
if form.validate_on_submit():
print(form.password.data)
if form.password.data == "password":
return redirect(url_for("home"))
else:
message = "wrong password"
return render_template("password.html", form=form, message=message)
return render_template("password.html", form=form)
def intern_profile():
"""Profile page with ability to change password"""
form = PasswordForm()
# Form submitted?
if form.validate_on_submit():
# Fetch current user's data
user_data = User.query.filter_by(id = g.user.id).first()
# Check if old password was correct
if check_password_hash(user_data.password, form.password.data):
# Generate new password
user_data.password = generate_password_hash(form.newpassword.data)
# Done, commit to database
db.session.commit()
flash('Password changed!')
return redirect(url_for('intern_profile'))
return render_template('intern/profile.html', form = form)
def view_password():
user_name = session.get('user_name')
if not user_name:
flash('Unauthorized access!', 'danger')
return redirect(url_for('view_index'))
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(name=user_name).first()
if user.verify_password(form.current_password.data):
user.set_password(form.new_password.data)
db.session.commit()
flash('Password update successful!', 'success')
return redirect(url_for('view_home'))
else:
flash('Incorrect password!', 'warning')
return render_template('password.html', form=form)
def auth(username):
""" Log in """
if 'username' in session and session['username'] == username:
return redirect(url_for('home')+username+'/edit')
else:
person = PeopleModel.get_by_key_name(username.lower())
if person:
form = PasswordForm()
if form.validate_on_submit():
if check_password_hash(person.password, form.password.data):
session['username'] = username
return redirect(url_for('home')+username+'/edit')
else:
flash(u'Das eingegebene Passwort war leider Falsch. Probier es noch einmal')
return redirect(url_for('home')+username+'/auth')
return render_template('auth.html', name=username, form=form)
else:
abort(404)
def reset_with_token(token):
try:
email = security.ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first_or_404()
user.pwdhash = form.password.data
user.set_password(user.pwdhash)
db.session.add(user)
db.session.commit()
return redirect(url_for('signin'))
return render_template('reset_with_token.html', form=form, token=token)
def reset_with_token(token):
"""
reset password with email token
@param token: unique token
@type token: str
@return: refreshed page indicating success or failure
"""
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if form.validate_on_submit():
user = User.get(email)
password = form.password.data
user.change_password(user.set_password(password))
login_user(user)
flash('Password changed successfully!')
return redirect(url_for('main'))
return render_template('reset_with_token.html', form=form, token=token)
def cambiar_pass():
if 'username' in session:
nombre_usuario=session['username']
formulario = PasswordForm()
if formulario.validate_on_submit():
if formulario.password_new.data == formulario.password_check.data:
datos=[nombre_usuario,formulario.password_new.data]
with open('usuarios') as archivo:
filereader=csv.reader(archivo.readlines())
with open('usuarios','r+') as archivo:
filewriter=csv.writer(archivo)
for fila in filereader:
if fila[0]==datos[0]:
filewriter.writerow(datos)
else:
filewriter.writerow(fila)
flash('La contraseña fue cambiada con éxito')
return redirect(url_for('ingresar'))
else:
flash('Las passwords no matchean')
return render_template('cambiar_contra.html', formulario=formulario)
def delete_user(username):
user = User.query.filter_by(username=username).first()
if user:
form = PasswordForm()
password = form.password.data
if form.validate_on_submit():
if User.authenticate(username, password):
session.pop("user_id")
db.session.delete(user)
db.session.commit()
flash("User has been deleted.")
return redirect("/")
else:
flash("Invalid password, loser.")
return render_template("delete.html", form=form)
else:
return render_template("delete.html", form=form)
else:
flash("Thou must be logged in to do that.")
return redirect("/"), 401
def new_password():
form = PasswordForm()
if form.validate_on_submit():
message = form.password.data # Users real password
message = message.encode('latin-1') # processed
encrypted_text = CIPHER.encrypt(message) # Got the value
encrypted_text = encrypted_text.decode()
password = Password(site=form.site.data,
password=encrypted_text,
hint=form.hint.data,
user=current_user)
db.session.add(password)
db.session.commit()
flash("Password Added", 'success')
return redirect(url_for('passwords'))
return render_template("create_passwords.html",
title="New Password",
form=form,
legend='Add')
def details():
#Form for changing password
form = PasswordForm()
if form.validate_on_submit():
currentPass = form.currentPass.data
newPass = form.newPass.data
newPassAgain = form.newPassAgain.data
#Getting the current user's password
db = get_db()
user_id = g.user
user = db.execute(
''' SELECT * FROM users
WHERE user_id = ?;''', (user_id, )).fetchone()
#Ensuring that a user_id exists
if currentPass is None:
form.currentPass.errors.append("Unknown user id")
#Check if your new password confirmation is correct
if not newPass == newPassAgain:
form.newPass.errors.append("Passwords do not match.")
elif not check_password_hash(user["password"], currentPass):
form.newPass.errors.append("Your password is incorrect.")
#SQL UPDATE statement for updating the password in the database
else:
db.execute(
'''UPDATE users
SET password = ?
WHERE user_id = ?;''',
((generate_password_hash(newPass)), user_id))
db.commit()
form.newPassAgain.errors.append("Password updated.")
return render_template("details.html", form=form)
def view(slug):
paste = Paste.get_or_404(slug)
password = None
if paste.password:
form = PasswordForm()
if form.validate_on_submit():
if not paste.verify_password(form.password.data):
flash('비밀번호가 일치하지 않습니다.', 'error')
return render_template('password.html', form=form)
password = form.password.data
else:
form.flash_errors()
return render_template('password.html', form=form)
viewed = session.setdefault('viewed', [])
if paste.slug not in viewed:
viewed.append(paste.slug)
session.permanent = True
session.modified = True
paste.view_count += 1
db.session.add(paste)
db.session.commit()
lexer = get_lexer_by_name(paste.lexer)
formatter = HtmlFormatter(
linenos=True,
linespans='line',
lineanchors='line',
anchorlinenos=True,
)
return render_template(
'view.html',
styles=formatter.get_style_defs(),
highlighted_source=highlight(paste.source, lexer, formatter),
lexer=lexer,
paste=paste,
password=password,
)
def index():
form = PasswordForm()
if form.validate_on_submit():
return redirect(url_for('/sent'))
return render_template('index.html', title='Password Generator', form=form)
