def login():
if request.method == 'POST':
user_name = request.form['user-name']
user_password = request.form['user-password']
user = User.find(user_name)
if user and user.authenticate(user_password):
session['username'] = user_name
return redirect(session['url'])
return render_template('login.html')
def show_user(name):
user = User.find(name)
if request.method == 'POST':
if 'remove-user' in request.form:
user.remove()
return redirect(url_for('.list_users'))
elif 'change-password' in request.form:
user_password = request.form['user-password']
user.password = user_password
user.save()
return render_template('user.html', user=user)
def list_users():
if request.method == 'POST':
if 'add-user' in request.form:
user_name = request.form['user-name']
user_password = request.form['user-password']
user = User.find(user_name)
if not user:
user = User(user_name)
user.password = user_password
user.save()
users = User.find_all()
return render_template('users.html', users=users)
def check_auth(auth):
user = User.find(auth.username)
if not user or not user.authenticate(auth.password):
return False
return True