def login():
loginform = LoginForm(prefix='login')
if request.method == 'POST' and loginform.validate_on_submit():
username = loginform.username.data
password = loginform.password.data
user = User.query.filter(User.username == username).first()
if user is not None and user.username == username and bcrypt.check_password_hash(user.password, password):
login_user(User(user.user_id, user.username, user.password))
return redirect(request.args.get("next"))
else:
flash(u"Wrong username or password or both or maybe none of them and I just don't want you to log in.", 'error')
return redirect('/login?next=' + request.args.get("next"))
else:
return render_custom_template('login.html', loginform=loginform)
def admin(current=-1):
data = None
if request.method == 'GET' and current >= 0:
data = Post.query.filter_by(post_id=current).first()
postform = PostForm(obj=data)
# Check if the default credentials have been changed
if current_user.username == app.config['DEFAULT_USERNAME'] and bcrypt.check_password_hash(current_user.password, app.config['DEFAULT_PASSWORD']):
flash(u'Please change admin credentials.', 'error')
if request.method == 'POST' and postform.validate_on_submit():
if current >= 0:
post = Post.query.filter_by(post_id=current).first()
if postform.delete.data:
db.session.delete(post)
else:
post.title = postform.title.data
post.text = postform.text.data
post.draft = (not postform.publish.data)
post.static = (postform.static.data)
else:
post = Post(
postform.title.data,
postform.text.data,
current_user.fullname,
(not postform.publish.data),
postform.static.data,
datetime.datetime.now()
)
db.session.add(post)
db.session.commit()
return redirect(url_for('admin'))
posts = Post.query.filter(Post.static==False).order_by(db.desc(Post.timestamp))
statics = Post.query.filter(Post.static==True).order_by(db.desc(Post.timestamp))
return render_custom_template('admin.html', posts=posts, statics=statics, postform=postform, current_user=current_user)
