def customer_login(self): """ KB: [2012-09-24]: Log this guy in and redirect him to the location specified in the POST """ uid = self.request.POST.get('username') pwd = self.request.POST.get('password') if uid and pwd and Customer.authenticate(uid, pwd, self.request.ctx.site.company): self.session['username'] = uid cust = Customer.find_by_company(uid, self.request.ctx.site.company) self.session['customer_id'] = cust.customer_id return self.find_redirect() else: self.flash('Invalid User or Password') return self.raise_redirect(self.request.referrer)
def customer_forgot_password(self): """ KB: [2011-03-13]: Try to be at least a little sneaky. Don't give any hints as to valid user accounts, etc. If we don't find that email address then just redir back to /. """ uid = self.request.params['username'] cust = Customer.find_by_company(uid, self.request.ctx.site.company) if not cust: self.flash('No user %s on file. Please create a new account.' % uid) raise HTTPFound(self.request.referrer if self.request.referrer else '/') # reset the customer's password to something random. cust.password = '******' % (chr(random.randint(65, 90)), chr(random.randint(97, 122)), str(random.randint(100000, 999999))) cust.save() self.request.ctx.campaign.send_forgot_password_comm(cust) self.flash('Your new password has been sent to the email address you provided.') return self.find_redirect()