def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): user = request.form.get("user" or '') password = request.form.get("password" or '') # check if user with these credentials exists user_object = db.session.query(User).filter(User.name == user) if user_object.first(): if user_object.first().check_password(password): # import ipdb; ipdb.set_trace() login_user(user_object.first()) return redirect(request.args.get("next") or "/") return render_template("/login", options=app.options, form=form, fail=1) return render_template("/login", options=app.options, form=form, fail=0)
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): user = request.form.get("user" or '') password = request.form.get("password" or '') if (user == app.options.login_name and password == app.options.login_passwd): login_user(User(user)) return redirect(request.args.get("next") or url_for("dispenser")) return render_template("/admin/login", options=app.options, form=form, fail=1) return render_template("/admin/login", options=app.options, form=form, fail=0)
def login(): form = LoginForm(request.form) if request.method == "POST" and form.validate(): user = request.form.get("user" or "") password = request.form.get("password" or "") if user == "scotty" and password == "boozemeup": login_user(User(user)) flash("Logged in successfully.") return redirect(request.args.get("next") or url_for("dispenser")) flash("Invalid login.") return render_template("/admin/login", form=form)
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): user = request.form.get("user" or '') password = request.form.get("password" or '') if (user == app.options.login_name and password == app.options.login_passwd): login_user(User(user)) flash("Logged in successfully.") return redirect(request.args.get("next") or url_for("dispenser")) flash("Invalid login.") return render_template("/admin/login", form=form)
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): user = request.form.get("user" or '') password = request.form.get("password" or '') if (user == 'scotty' and password == 'boozemeup'): login_user(User(user)) flash("Logged in successfully.") return redirect(request.args.get("next") or url_for("dispenser")) flash("Invalid login.") return render_template("/admin/login", form=form)
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): username = request.form.get("user" or '') password = request.form.get("password" or '') dbUser = db.session.query(Users).filter(Users.username == username, Users.password == password).first() if dbUser is not None: loginUser = dbUser.username loginPassword = dbUser.password if (dbUser.administrator == 1): administrator = True if (username == loginUser and password == loginPassword): login_user(User(username)) return redirect(request.args.get("next") or url_for("index")) flash("Invalid login.") return render_template("/admin/login", options=app.options, form=form)
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): user = request.form.get("user" or '') password = request.form.get("password" or '') # check if user with these credentials exists user_object = db.session.query(User).filter(User.name == user) if user_object.first(): if user_object.first().check_password(password): login_user(user_object.first()) """ TODO: next_is_valid should check if the user has valid permission to access the `next` url if not the application will be vulnerable to open redirects. """ next_args = request.args.get("next") if next_args: print("Redirect to {}".format(next_args)) return redirect(next_args) else: print("Redirect to index") return redirect(url_for("index")) next_args = request.args.get("next") print("Show login failed") return render_template("/login", options=app.options, form=form, fail=1, allowed_to_pour=is_ip_allowed_to_pour_drinks(request.remote_addr), next=next_args) next_args = request.args.get("next") print("Show login") return render_template("/login", options=app.options, form=form, fail=0, allowed_to_pour=is_ip_allowed_to_pour_drinks(request.remote_addr), next=next_args)