def post(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is already logged in if current_session.get_id() is not None: self.redirect("/") # Language task Language.language(self) # Load form template = JINJA_ENVIRONMENT.get_template('static/templates/login.html') # Check user and password submitted_username = cgi.escape(self.request.get("username")) submitted_password = hashlib.sha1(cgi.escape(self.request.get("password"))).hexdigest() user = database.UserManager.select_by_username(submitted_username) # Check user exists if user is not None: # Check if user account is blocked or not if user.attempts < 3: # Check if user and password matches if submitted_username == user.name and submitted_password == user.password: # Session initialization current_session.set(self, user.key.id()) # Login attempts to zero database.UserManager.modify_user(user.key, attempts=0) # Redirection to initial page self.redirect("/") else: # Add an attempt to user login database.UserManager.modify_user(user.key, attempts=user.attempts+1) self.response.write(template.render(error=_("InvalidUsernameOrPassword"))) else: self.response.write(template.render(error=_("AccountBlocked"))) else: self.response.write(template.render(error=_("InvalidUsernameOrPassword")))
def post(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is already logged in if current_session.get_id() is not None: self.redirect("/") return None # Retrieve request data username = cgi.escape(self.request.get('username')) password1 = cgi.escape(self.request.get('password1')) password2 = cgi.escape(self.request.get('password2')) email = cgi.escape(self.request.get('email')) # Load success and fail templates register_template = JINJA_ENVIRONMENT.get_template('static/templates/register.html') registered_template = JINJA_ENVIRONMENT.get_template('static/templates/registered.html') # Check email is well formed if not re.match(r"[^@]+@[^@]+\.[^@]+", email): self.response.write(register_template.render(error=_("BadEmail."))) return None # Check passwords min size is 6 if len(password1) < 6: self.response.write(register_template.render(error=_("PasswordMinLengthNotReached."))) return None # Check passwords match if password1 != password2: self.response.write(register_template.render(error=_("PasswordMissmatch"))) return None # Username not empty if len(username) < 1: self.response.write(register_template.render(error=_("EmptyUsername."))) return None # Check user exists user = database.UserManager.select_by_username(username) if user is not None: self.response.write(register_template.render(error=_("UsernameExists"))) return None # Check email exists user = database.UserManager.select_by_email(email) if user is not None: self.response.write(register_template.render(error=_("EmailExists"))) return None # Save new user in DB user_key = database.UserManager.create(username, password1, email) if user_key: # Create activation token token_key = database.TokenManager.create_token(user_key) # Send activation email email_handler.Email.send_activation(username, str(token_key.id()), email) # Autologin new user current_session.set(self, user_key.id()) JINJA_ENVIRONMENT.globals['session'] = current_session self.response.write(registered_template.render(username=username)) else: self.response.write(register_template.render(error=_("DatabaseError"))) return None