def pwd_change(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params if 'change.submit' in params: current_password = params.get('current_password', None) password1 = params.get('password1', None) password2 = params.get('password2', None) if password1 != password2: request.response.status_int = 500 msg = ('The password you entered does not match') request.session.flash(msg, 'error') return _build_response(request) user_dao = UserDao(None) user_id = authenticated_userid(request) if user_id is None: request.session.flash('Unidentified user', 'error') return _build_response(request) user = user_dao.get_by_id(user_id) if user and check_password(current_password, user.password): user_dao.set_new_pwd(user_id, generate_password(password1)) request.session.flash('Password Successfully changed', 'success') return _build_response(request) request.session.flash('Incorrect password', 'error') return _build_response(request)
def login(request): login_url = request.route_url('login') referrer = request.url if referrer == login_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) username = '' password = '' if 'login.submit' in request.params: username = request.params['username'] password = request.params['password'] user_dao = UserDao(None) user = user_dao.get_by_username(username) if user and check_password(password, user.password): headers = remember(request, user.id) return HTTPFound(location=came_from, headers=headers) request.session.flash('Login failed', 'error') response_ = _build_response(request) response_.update( came_from=came_from, username=username, password=password, ) return response_
def login(request): login_url = request.route_url("login") referrer = request.url if referrer == login_url: referrer = "/" # never use the login form itself as came_from came_from = request.params.get("came_from", referrer) username = "" password = "" if "login.submit" in request.params: username = request.params["username"] password = request.params["password"] user_dao = UserDao(None) user = user_dao.get_by_username(username) if user and check_password(password, user.password): headers = remember(request, user.id) return HTTPFound(location=came_from, headers=headers) request.session.flash("Login failed", "error") response_ = _build_response(request) response_.update(came_from=came_from, username=username, password=password) return response_