def customer_login(self):
""" KB: [2012-09-24]: Log this guy in and redirect him to the
location specified in the POST """
uid = self.request.POST.get('username')
pwd = self.request.POST.get('password')
if uid and pwd and Customer.authenticate(uid, pwd, self.request.ctx.site.company):
self.session['username'] = uid
cust = Customer.find_by_company(uid, self.request.ctx.site.company)
self.session['customer_id'] = cust.customer_id
return self.find_redirect()
else:
self.flash('Invalid User or Password')
return self.raise_redirect(self.request.referrer)
def customer_forgot_password(self):
""" KB: [2011-03-13]: Try to be at least a little sneaky. Don't give any hints as to valid user accounts, etc.
If we don't find that email address then just redir back to /.
"""
uid = self.request.params['username']
cust = Customer.find_by_company(uid, self.request.ctx.site.company)
if not cust:
self.flash('No user %s on file. Please create a new account.' % uid)
raise HTTPFound(self.request.referrer if self.request.referrer else '/')
# reset the customer's password to something random.
cust.password = '******' % (chr(random.randint(65, 90)),
chr(random.randint(97, 122)),
str(random.randint(100000, 999999)))
cust.save()
self.request.ctx.campaign.send_forgot_password_comm(cust)
self.flash('Your new password has been sent to the email address you provided.')
return self.find_redirect()
