def login():
if current_user.is_authenticated:
return redirect('/')
form = LoginForm()
form1 = ResetForm()
if form.validate_on_submit():
user = db.session.query(models.User).filter_by(email=(form.email.data).lower()).first()
if user:
if check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
return redirect('/')
flash("Invalid email or/and password!")
return redirect(url_for('login'))
if form1.validate_on_submit():
if not db.session.query(models.User).filter_by(email=form1.email.data.lower()).first():
flash("User with email you entered not found!")
return redirect(url_for('login'))
else:
new_password = getrandompassword()
curr = db.session.query(models.User).filter_by(email=form1.email.data.lower()).first()
curr.password = generate_password_hash(new_password, method='sha256')
db.session.commit()
msg = Message('Password reset', sender='*****@*****.**', recipients=[form1.email.data])
msg.html = 'Your new password is <b>{}</b>, you can change it in account settings'.format(new_password)
Thread(target=send_async_email, args=(app, msg)).start()
flash('Check your email for further instructions')
return redirect(url_for('login'))
return render_template("login.html", form=form, form1=form1)
def reset():
if current_user.is_authenticated:
return redirect(url_for('/'))
form = ResetForm()
if form.validate_on_submit():
if not models.User.query.filter_by(
email=form.email.data.lower()).first():
flash("User with email you entered not found!")
return redirect(url_for('reset'))
else:
new_password = getrandompassword()
curr = db.session.query(
models.User).filter_by(email=form.email.data.lower()).first()
curr.password = generate_password_hash(new_password,
method='sha256')
db.session.commit()
msg = Message('Password reset',
sender='*****@*****.**',
recipients=[form.email.data])
msg.html = 'Your new password is <b>{}</b>, you can change it in account settings'.format(
new_password)
mail.send(msg)
flash("Check your email for further instructions")
return redirect(url_for('reset'))
return render_template('reset.html', form=form)
def forgot():
form = ResetForm()
if (form.validate_on_submit()):
user = User.query.filter_by(email=str(form.email.data)).first()
forgotpassword(user)
flash('Email sent', 'info ')
return redirect(url_for('login'))
return render_template('forgot.html', title='forgot', form=form)
def resetpasswd():
form = ResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and user.username==form.username.data:
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
return redirect('signin')
else:
flash('Authentication failed: username does not match email','danger')
return render_template('forget.html', title="ResetPasswd", form=form)
def reset_user_password():
form = ResetForm()
if form.validate_on_submit():
form = ResetForm()
user_exist = User.query.filter_by(
user_first_name=form.user_first_name.data).first()
if user_exist and user_exist.user_second_name == form.user_second_name.data and user_exist.user_email == form.user_email.data:
user_exist.user_password = form.new_password.data
db.session.commit()
flash(message="password successful changed for {}".format(
form.user_first_name.data))
return redirect(url_for('login'))
else:
flash(message="your first name,second name or email doesn't exist")
return redirect(url_for('reset_user_password'))
return render_template('reset_password.html', form=form)
def render_reset_page():
form = ResetForm()
if form.validate_on_submit():
authCode = form.authCode.data
password = form.password.data
matricID = form.matricID.data
query = "SELECT * FROM student WHERE matric_no = '{}'".format(matricID)
exists_students = db.session.execute(query).fetchone()
if not exists_students:
form.matricID.errors.append(
"{} is not a valid matricID.".format(matricID))
else:
if not authCode:
query = "UPDATE student SET authCode = f_random_str(10) WHERE matric_no = '{}'".format(
matricID)
print(query)
db.session.execute(query)
db.session.commit()
query = "SELECT authcode FROM student WHERE matric_no = '{}'".format(
matricID)
auth_code = db.session.execute(query).fetchone()[0]
query = "SELECT nusnetid FROM studentinfo WHERE matric_no = '{}'".format(
matricID)
email = db.session.execute(query).fetchone()[0] + "@u.nus.edu"
print(auth_code, email)
send_mail(email, auth_code, matricID)
form.authCode.errors.append(
"authCode has been sent to your email, please check.")
else:
query = "SELECT authcode FROM student WHERE matric_no = '{}'".format(
matricID)
print(query)
correct_authCode = db.session.execute(query).fetchone()[0]
if authCode == correct_authCode:
query = "UPDATE users SET password = '******' WHERE uname = (SELECT uname FROM student WHERE matric_no = '{}')".format(
password, matricID)
db.session.execute(query)
query = "UPDATE student SET authCode = f_random_str(10) WHERE matric_no = '{}'".format(
matricID)
db.session.execute(query)
db.session.commit()
return "<meta http-equiv=\"refresh\" content=\"3;url = /login\" />password-changing successful, you will be redirected to login page in three seconds!"
else:
form.authCode.errors.append("authcode is invalid")
return render_template("reset.html", form=form)
def reset(reset_key):
user = get_user_by_reset_key(reset_key)
if user is None:
flash(_(u'Invalid password reset link'), 'error')
return redirect(url_for('troikas'))
resetform = ResetForm()
reseterrors = []
if resetform.validate_on_submit():
user.password = hash_password(resetform.password.data)
user.password_reset_key = None
user.password_reset_expire = None
session['email'] = user.email
save_user(user)
flash(_(u'Password reset successful, you were logged in'))
return redirect(url_for('troikas'))
if resetform.errors:
for key, value in resetform.errors.items():
reseterrors.append(key + ': ' + value[0])
return render_template('reset.html', resetform=resetform, reseterrors=reseterrors)
def reset():
form = ResetForm()
if form.validate_on_submit():
if request.method == 'POST':
global a
results = request.form
values = list(results.values())
if values[1] == values[2]:
cursor = connection1.cursor()
update = ("UPDATE signin SET password =? where empid ='" + a +
"'")
hashed_password = bcrypt.generate_password_hash(
values[1]).decode('utf-8')
values = [hashed_password]
cursor.execute(update, values)
connection1.commit()
return redirect(url_for('login'))
else:
flash('Please enter same password in both fields', 'danger')
return render_template('reset.html', form=form)
def reset():
form = ResetForm()
print(form.errors)
if form.is_submitted():
print("submitted")
print(form.errors)
print('Estoy acá1')
# print(form.validate_on_submit())
if form.validate_on_submit():
print('Estoy acá2')
return redirect(
url_for(
'routes.output',
msg="<h4>Por el momento el sistema de recuperación de \
contraseña no esta implementado y no creo que \
lo este en por un tiempo largo</h4>"
)
)
return render_template('auth/reset.html', form=form)
def reset_password():
form = ResetForm()
connection = get_connection()
cursor = get_cursor()
if session['reset_ok'] and session[
'reset_user_id'] is not None and form.validate_on_submit():
with connection:
with cursor:
try:
cursor.execute(
"UPDATE user_account SET password = %s WHERE id = %s",
(generate_password_hash(
form.password.data), session['reset_user_id']))
flash("Reset successful!", 'success')
return redirect(url_for("auth.login"))
except Exception as e:
error = "Something went wrong. Please try again later"
current_app.logger.error(e)
flash(error, 'error')
return render_template("auth/password_reset.html", form=form)
def reset():
form = ResetForm()
if form.validate_on_submit():
flash('Password is restored', 'success')
return redirect(url_for('login'))
return render_template('reset.html', title='Reset password', form=form)