def create_user(self, username, password, perm_level):
salt = getsalt()
passhash = createhash(salt,password)
if perm_level == "Admin":
db.session.add(User(username, salt, passhash, perm_level, 1))
else:
db.session.add(User(username, salt, passhash, perm_level, 0))
db.session.commit()
def init_db():
'Initializes the SQL tables using SqlAlchemy\'s declarative system.'
# import the ORM classes
from app.dbmodels import User, CarFeatures, Car, CarPics, \
CustomerInfo, OrderInfo, ServiceInfo
# create the SQL tables
db.create_all()
# create an administrator account
if User.query.filter_by(uname="admin").first() == None:
salt = getsalt()
passhash = createhash(salt,"Mko0!")
admin = User("admin", salt, passhash, "Admin", 1)
db.session.add(admin)
db.session.commit()
def login():
'Login the user by setting the session object.'
# redirect signed in user to home page (already login)
if 'username' in session: return redirect(url_for("home"))
# user has submitted credentials
if request.method == "POST":
if validate_table(accountlog_ft, request.form):
# extract form entries
username = request.form[accountlog_ft[0]]
password = request.form[accountlog_ft[1]]
status = 0x0000
# check whether the fields are empty
if not 5 <= len(username) <= 25: status += 0x0001 # username must be 5 - 25 characters long
if not 5 <= len(password) <= 25: status += 0x0002 # password must be 5 - 25 characters long
# check whether the user exist
try:
user_exists = User.query.filter_by(uname=username).first()
except Exception, e:
user_exists = None
if user_exists:
# check whether the password matches
if createhash(user_exists.salt,password) == user_exists.password:
session['username'] = user_exists.uname
session['role'] = user_exists.role
if user_exists.isadmin:
session['isadmin'] = True
else:
session['isadmin'] = False
status += 0x0010
else:
status += 0x0008
else:
status += 0x0004
if status & 0x0001 or status & 0x0002:
return redirect(url_for("login", message = 'Short username or password; must be at least length 5 or greater.'))
elif status & 0x0004 or status & 0x0008:
return redirect(url_for("login", message = 'Invalid username or password.'))
elif status & 0x0010:
return redirect(url_for("home"))
def register():
# TODO: Add template logic for trying to register an existing user
if request.method == 'POST':
if validate_table(register_form, request.form):
username = request.form['username_register']
email = request.form['email']
password = request.form['password_register']
confirm = request.form['confirm']
if username == "" or email == "" or \
password == "" or confirm == "":
return redirect(url_for('login'))
if password != confirm:
# Add template logic for invalid registration.
return redirect(url_for('login'))
user_exists = User.query.filter(
User.uname == username
).scalar()
if user_exists is None:
salt = getsalt()
passhash = createhash(salt, password)
new_user = User(username, email, salt, passhash)
db.session.add(new_user)
db.session.commit()
return render_template(
'index.html',
message='Registration successful'
)
else:
message = 'Error account already exists'
return render_template(
'index.html',
message=message
)
else:
return redirect(url_for('login'))
else:
return render_template('login.html')
def register():
'Register the user by adding an entry to the User table.'
# redirect signed in user to home page (already register)
if 'username' in session: return redirect(url_for("home"))
# user has submitted a registration form
if request.method == "POST":
if validate_table(accountreg_ft, request.form):
# extract form entries
username = request.form[accountreg_ft[0]]
password = request.form[accountreg_ft[1]]
verified = request.form[accountreg_ft[2]]
status = 0x0000
# validate registration
if not 5 <= len(username) <= 25: status += 0x0002 # username must be 5 - 25 characters long
if set(username) - chars: status += 0x0004 # username must contain only letters and digits
if not 5 <= len(password) <= 25: status += 0x0008 # password must be 5 - 25 characters long
if len(set(password) & set(digit)) < 1: status += 0x0010 # must contain digit character
if len(set(password) & set(upper)) < 1: status += 0x0020 # must contain capital character
if len(set(password) & set(speci)) < 1: status += 0x0040 # must contain special character
if password != verified: status += 0x0080 # password is not verified
if User.query.filter_by(uname=username).first() != None: status += 0x0100 # username already exist
# create the user if it does not exist
if not status:
salt = getsalt()
passhash = createhash(salt,password)
newuser = User(username, salt, passhash, "Guest", 0)
db.session.add(newuser)
db.session.commit()
return redirect(url_for("login", message="Registration successful, please sign in!"))
# report password does not match
elif status & 0x0080: return redirect(url_for("register", message = "Unable to verified password, please re-enter password."))
# report username already exist
elif status & 0x0100: return redirect(url_for("register", message = "{} has already been taken, please choose another username.".format(username)))
# report validation error
else: return redirect(url_for("register", message = "Invalid username or password, please re-read the registration form rules."))
# present user with initial registration
return render_template('accounttemps/register.html')
def login():
if request.method == 'POST':
if validate_table(login_form, request.form):
username = request.form['username_login']
password = request.form['password_login']
if username == "" or password == "":
empty_message = 'Error: Empty username or password'
return render_template(
'login.html',
message=empty_message,
username=username
)
user_exists = User.query.filter_by(uname=username).first()
if user_exists:
if createhash(user_exists.salt, password) ==\
user_exists.password:
session['logged_in'] = True
session['username'] = username
session['uid'] = str(user_exists.uid)
next_url = request.form.get('next', '')
if next_url:
return redirect(next_url)
return render_template(
'index.html',
message='Login successful'
)
return render_template(
'login.html',
message='Error: Bad Login',
username=username
)
else:
return render_template('login.html', next=request.args.get('next', ""))