def admin_index(self):
bcrypt = Bcrypt(app)
"""For GET requests, display the login form. For POSTS, login the current user
by processing the form."""
form = LoginForm()
next = request.args.get('next')
if form.validate():
user = User.query.filter(
User.username == form.username.data).first()
if user:
a = bcrypt.generate_password_hash(form.password.data)
if bcrypt.check_password_hash(user.password,
form.password.data):
user.authenticated = True
db.session.add(user)
db.session.commit()
login_user(user, remember=True, force=True)
next = request.args.get('next')
print("You have successfully logged in")
return redirect(next or url_for('admin.admin_index'))
else:
print "bad password"
else:
print "user mismatch"
return self.render('admin/index.html', form=form)
def signup_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
data_nascimento = request.form.get('text')
numero = request.form.get('numero')
user = User.query.filter_by(email=email).first(
) # if this returns a user, then the email already exists in database
if user: # if a user is found, we want to redirect back to signup page so user can try again
return redirect(url_for('Usuario_2.index'))
# create a new user with the form data. Hash the password so the plaintext version isn't saved.
new_user = User(email=email,
name=name,
data_nascimento=data_nascimento,
numero=numero,
password=Bcrypt.generate_password_hash(password,
method='sha256'))
auth_senha = Bcrypt
new_user.check_password_hash(new_user.select(password), auth_senha)
# add the new user to the database
db.session.add(new_user)
db.session.commit()
return redirect(url_for('auth.base_2'))
def save(self, force_insert=False, validate=True, clean=True,
write_concern=None, cascade=None, cascade_kwargs=None,
_refs=None, **kwargs):
crypt = Bcrypt()
hash = crypt.generate_password_hash(self.passHash)
self.passHash = hash
super(User, self).save()
def create_admin(self):
if not self.check_duplicate():
try:
conn = Connect(host=HOST, user=USER, password=PASSWORD, database=DATABASE)
except ConnectionError as e:
print(e)
return False
cur = conn.cursor()
bcrypt = Bcrypt()
query = ("INSERT INTO "
"`administrator`(name, user_name, password, street, city, state, zipcode, phone, email, join_date)"
"VALUES ('{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}')"
"".format(self.name, self.user_name, bcrypt.generate_password_hash(self.password),
self.address['street'], self.address['city'], self.address['state'],
self.address['zipcode'], self.phone, self.email, self.join_date))
try:
cur.execute(query)
except errors.ProgrammingError as e:
print(e)
return False
conn.commit()
conn.close()
return True
return False
def signup():
if request.method == "POST":
email = request.form.get("email", "")
username = request.form.get("username", "")
password = request.form.get("password", "")
try:
bc = Bcrypt(None)
hashed_pw = bc.generate_password_hash(password)
# Open a cursor to perform database operations
conn = db.get_db()
cur = conn.cursor()
sql_query = "SELECT * FROM users WHERE email = %s;"
sql_data = (email, )
cur.execute(sql_query, sql_data)
old_email = cur.fetchone()
if old_email:
errs.append("Email already exists.")
else:
sql_query = "INSERT INTO users (email, password, username) VALUES (%s, %s, %s) RETURNING userid;"
sql_data = (email, hashed_pw, username)
cur.execute(sql_query, sql_data)
userid = cur.fetchone()[0]
# sql_query = "INSERT INTO email_confirmation (userid, token) VALUES (%s, %s);"
# sql_data = (userid, token)
# cur.execute( sql_query, sql_data )
conn.commit()
cur.close()
tools.setCookie(email, username, userid)
except db.psycopg2.DatabaseError, e:
# if I have a connection
print e
if conn:
conn.rollback()
return redirect("/welcome/")
def signup():
if request.method == "POST":
email = request.form.get("email", "")
username = request.form.get("username", "")
password = request.form.get("password", "")
try:
bc = Bcrypt(None)
hashed_pw = bc.generate_password_hash( password )
# Open a cursor to perform database operations
conn = db.get_db()
cur = conn.cursor()
sql_query = "SELECT * FROM users WHERE email = %s;"
sql_data = ( email, )
cur.execute( sql_query, sql_data )
old_email = cur.fetchone()
if old_email:
errs.append("Email already exists.")
else:
sql_query = "INSERT INTO users (email, password, username) VALUES (%s, %s, %s) RETURNING userid;"
sql_data = ( email, hashed_pw, username )
cur.execute( sql_query, sql_data )
userid = cur.fetchone()[0]
# sql_query = "INSERT INTO email_confirmation (userid, token) VALUES (%s, %s);"
# sql_data = (userid, token)
# cur.execute( sql_query, sql_data )
conn.commit()
cur.close()
tools.setCookie( email, username, userid )
except db.psycopg2.DatabaseError, e:
# if I have a connection
print e
if conn:
conn.rollback()
return redirect("/welcome/")
def main():
"""Main entry point for script."""
with app.app_context():
bcrypt = Bcrypt(app)
if User.query.all():
print('A user already exists! Create another? (y/n):'),
create = input()
if create == 'n':
return
print('Enter email address: '),
email = input()
password = getpass()
assert password == getpass('Password (again):')
user = User(email=email, password=bcrypt.generate_password_hash(password))
db_session.add(user)
db_session.commit()
print('User added.')
try:
app.config.from_pyfile(app.config['CFG_FILE'])
except IOError:
pass
from fileStore import *
db = fileStore(app.config['CACHE_ROOT'] + '/db')
# load config from the database
conf = None
try:
conf = json.loads(db.get('conf/bradmin'))
except IOError:
# load default config
conf = {'password': bcrypt.generate_password_hash('default')}
db.store('conf/bradmin', json.dumps(conf, sort_keys=True, indent=4))
application = app
import bradmin.login
import bradmin.push
#web pages
import bradmin.frontpage
import bradmin.radio
import bradmin.mesh
#API
import bradmin.br
import bradmin.coap
@app.route('/create_user', methods=['POST'])
def create_user():
email = request.form['email']
username = request.form['username']
password = request.form['password']
# run validations and if they are successful we can create the password hash with bcrypt
pw_hash = bcrypt.generate_password_hash(password)
# now we insert the new user into the database
insert_query = "INSERT INTO users (email, username, pw_hash, created_at) VALUES (:email, :username, :pw_hash, NOW())"
query_data = { 'email': email, 'username': username, 'pw_hash': pw_hash }
mysql.query_db(insert_query, query_data)
# redirect to success page
# check_password_hash
password = '******'
pw_hash = bcrypt.generate_password_hash(password)
test_password_1 = 'thisiswrong'
bcrypt.check_password_hash(pw_hash, test_password_1) # this will return false
test_password_2 = 'password'
bcrypt.check_password_hash(pw_hash, test_password_2) # this will return true
# login
@app.route('/login', methods=['POST'])
def login():
email = request.form['email']
password = request.form['password']
user_query = "SELECT * FROM users WHERE email = :email LIMIT 1"
query_data = { 'email': email }
user = mysql.query_db(user_query, query_data) # user will be returned in a list
if bcrypt.check_password_hash(user[0]['pw_hash'], password):
# login user
etiquetadas=etiquetadas,
numquerys=numquerys)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='consultas')
parser.add_argument('--addUser',
help='add user to the App',
action='store_true')
parser.add_argument('--name', help='the user name to add if --addUser')
parser.add_argument('--pwd', help='the user name to add if --addUser')
args = parser.parse_args()
config = ConfigParser.ConfigParser()
config.read('consultas.cfg')
if args.addUser:
consultas = DB(dbName=config.get('DB', 'dbname'),
host=config.get('DB', 'host'),
user=config.get('DB', 'user'),
pwd=config.get('DB', 'pwd'))
pw_hash = bcrypt.generate_password_hash(args.pwd)
consultas.createUser(args.name, pw_hash)
print 'usuario creado o actualizado'
else:
app.run(host=config.get('APP', 'host'),
port=int(config.get('APP', 'port')))
from flask import Flask
from flask.ext.bcrypt import Bcrypt
app = Flask(__name__)
bcrypt = Bcrypt(app)
# to generate bcrypt hash.
pw_hash = bcrypt.generate_password_hash('idfumg')
# to compare with an existing hash.
bcrypt.check_password_hash(pw_hash, 'idfumg')
def create_user(self, newuser):
EMAIL_REGEX = re.compile(
r'^[a-zA-Z0-9\.\+_-]+@[a-zA-Z0-9\._-]+\.[a-zA-Z]+$')
any_nonletter_regex = re.compile('[^a-z A-Z]')
error = False
fname = newuser['fname']
lname = newuser['lname']
email = newuser['email']
password = newuser['password']
password2 = newuser['password2']
print '***** create_user'
print fname
print lname
print email
print password
print password2
if len(fname) < 1:
error = True
flash('First name cannot be blank', 'error')
if len(lname) < 1:
error = True
flash('Last name cannot be blank', 'error')
if len(email) < 1:
error = True
flash('Email cannot be blank', 'error')
elif not EMAIL_REGEX.match(email):
error = True
flash('Invalid email address', 'error')
#*****************************************
# check if email is already registered
#*****************************************
results = self.db.query_db(
"SELECT * FROM users WHERE email = '{}' LIMIT 1".format(email))
if results != []:
error = True
flash('Email is already registered', 'error')
if len(password) < 4:
error = True
flash('Password must be at least 4 chars', 'error')
if len(password2) < 4:
error = True
flash('Password confirmation must be at least 4 chars', 'error')
if password != password2:
error = True
flash('Password and password confirmation must be the same',
'error')
if not error:
# encrypt password
app = Flask(__name__)
app.secret_key = 'KeepItSecretKeepItSafe'
bcrypt = Bcrypt(app)
pw_hash = bcrypt.generate_password_hash(password)
query = "INSERT INTO users (fname, lname, email, pw_hash, created_at, updated_at) VALUES ('{}', '{}', '{}', '{}', NOW(), NOW() )".format(
fname, lname, email, pw_hash)
print query
self.db.query_db(query)
# registration was successful, so let's automatically
# log in the user
session['fname'] = fname
session['lname'] = lname
session['email'] = email
# get user_id (since this is a new user it will be the largest id)
query = "select * from users order by id desc limit 1"
result = self.db.query_db(query)
print '*** get session id'
print result[0]['id']
session['id'] = result[0]['id']
# flash('Successful registration', 'success')
return True
else:
return False
from flask import Flask
from flask.ext.bcrypt import Bcrypt
app = Flask(__name__)
bcrypt = Bcrypt(app)
pw_hash = bcrypt.generate_password_hash('insert awesome password here')
print pw_hash
print bcrypt.check_password_hash(pw_hash, 'insert awesome password here') # returns True
from flask import Flask, url_for, render_template, redirect, abort, session, request
from pymongo import MongoClient
from flask.ext.bcrypt import Bcrypt
app = Flask(__name__, static_url_path='/static')
mongo = MongoClient()
bcrypt = Bcrypt(app)
# new database
db = mongo.tutorial
db.users.insert_one({"name": "Devin"})
# bcrypt
pw_hash = bcrypt.generate_password_hash('hunter2')
print bcrypt.check_password_hash(pw_hash, 'hunter2')
# db
'''
db.users.find(json_data)
db.users.insert_one(json_data)
db.users.remove(json_data)
db.users.update(json_data)
'''
# getting post
class Auth:
GHOST = 0
USER = 1
ADMIN = 2
SUPER_ADMIN = 3
class Anonymous(AnonymousUserMixin):
def __init__(self):
self._id = None
def get_id(self):
return unicode('')
def __init__(self):
self.__login_manager = LoginManager()
self.config = {}
def init_app(self, app, config):
print 'Attaching LoginManager to app.'
self.__login_manager.init_app(app)
self.__login_manager.anonymous_user = Auth.Anonymous
self.config = config
def load_user(user_id):
if user_id == '':
return None
Users = Database['Users']
try:
return Users.User.find_one({'_id': ObjectId(user_id)})
except:
return None
def unauthorized():
return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED
self.__login_manager.user_loader(load_user)
self.__login_manager.unauthorized_handler(unauthorized)
self.__bcrypt = Bcrypt(app)
def login_manager(self):
return self.__login_manager
def require(self, user_level):
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if current_user.is_authenticated() and current_user.get_access_level() >= user_level:
return f(*args, **kwargs)
return self.__login_manager.unauthorized()
return decorated_function
return login_required
def login(self, user_object, password):
if user_object is not None:
if self.__bcrypt.check_password_hash(user_object['password'], password):
if not login_user(user_object):
return resource_strings["USER_NOT_ACTIVATED"]
else:
return 'Invalid password'
else:
return 'Invalid email'
return None
def login_social(self, login_type, token):
user_object = None
try:
user_object = SocialSignin.verify(login_type, token)
except SocialSignin.Invalid as e:
return str(e)
login_user(user_object)
def logout(self):
logout_user()
def hash_password(self, password):
return self.__bcrypt.generate_password_hash(password)
# decorator that protects other users from PUT/POST/DELETE on you stuff
# user_id _must_ be passed in as 'user_id'
def only_me(self, function):
@wraps(function)
def inner(*args, **kwargs):
if kwargs['user_id'] != 'me':
return '{}', HTTP_401_UNAUTHORIZED
return function(*args, **kwargs)
return inner
class Auth:
GHOST = 0
USER = 1
ADMIN = 2
SUPER_ADMIN = 3
class Anonymous(AnonymousUserMixin):
def __init__(self):
self._id = None
def get_id(self):
return unicode('')
def __init__(self):
self.__login_manager = LoginManager()
self.config = {}
def init_app(self, app, config):
print 'Attaching LoginManager to app.'
self.__login_manager.init_app(app)
self.__login_manager.anonymous_user = Auth.Anonymous
self.config = config
def load_user(user_id):
if user_id == '':
return None
Users = Database['Users']
try:
return Users.User.find_one({'_id': ObjectId(user_id)})
except:
return None
def unauthorized():
return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED
self.__login_manager.user_loader(load_user)
self.__login_manager.unauthorized_handler(unauthorized)
self.__bcrypt = Bcrypt(app)
def login_manager(self):
return self.__login_manager
def require(self, user_level):
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if current_user.is_authenticated(
) and current_user.get_access_level() >= user_level:
return f(*args, **kwargs)
return self.__login_manager.unauthorized()
return decorated_function
return login_required
def login(self, user_object, password):
if user_object is not None:
if self.__bcrypt.check_password_hash(user_object['password'],
password):
if not login_user(user_object):
return resource_strings["USER_NOT_ACTIVATED"]
else:
return 'Invalid password'
else:
return 'Invalid email'
return None
def login_social(self, login_type, token):
user_object = None
try:
user_object = SocialSignin.verify(login_type, token)
except SocialSignin.Invalid as e:
return str(e)
login_user(user_object)
def logout(self):
logout_user()
def hash_password(self, password):
return self.__bcrypt.generate_password_hash(password)
# decorator that protects other users from PUT/POST/DELETE on you stuff
# user_id _must_ be passed in as 'user_id'
def only_me(self, function):
@wraps(function)
def inner(*args, **kwargs):
if kwargs['user_id'] != 'me':
return '{}', HTTP_401_UNAUTHORIZED
return function(*args, **kwargs)
return inner
def set_password(self, password):
bcrypt = Bcrypt()
self.password = bcrypt.generate_password_hash(password, 12)
def set_password(self, clear):
bcrypt = Bcrypt(current_app)
self.password = bcrypt.generate_password_hash(clear.encode('utf-8'))
def set_password(self, password):
bcrypt = Bcrypt()
self.password = bcrypt.generate_password_hash(password, 12)
def create_user(self, newuser):
EMAIL_REGEX = re.compile(r"^[a-zA-Z0-9\.\+_-]+@[a-zA-Z0-9\._-]+\.[a-zA-Z]+$")
any_nonletter_regex = re.compile("[^a-z A-Z]")
error = False
fname = newuser["fname"]
lname = newuser["lname"]
email = newuser["email"]
password = newuser["password"]
password2 = newuser["password2"]
print "***** create_user"
print fname
print lname
print email
print password
print password2
if len(fname) < 1:
error = True
flash("First name cannot be blank", "error")
if len(lname) < 1:
error = True
flash("Last name cannot be blank", "error")
if len(email) < 1:
error = True
flash("Email cannot be blank", "error")
elif not EMAIL_REGEX.match(email):
error = True
flash("Invalid email address", "error")
# *****************************************
# check if email is already registered
# *****************************************
results = self.db.query_db("SELECT * FROM users WHERE email = '{}' LIMIT 1".format(email))
if results != []:
error = True
flash("Email is already registered", "error")
if len(password) < 4:
error = True
flash("Password must be at least 4 chars", "error")
if len(password2) < 4:
error = True
flash("Password confirmation must be at least 4 chars", "error")
if password != password2:
error = True
flash("Password and password confirmation must be the same", "error")
if not error:
# encrypt password
app = Flask(__name__)
app.secret_key = "KeepItSecretKeepItSafe"
bcrypt = Bcrypt(app)
pw_hash = bcrypt.generate_password_hash(password)
query = "INSERT INTO users (fname, lname, email, pw_hash, created_at, updated_at) VALUES ('{}', '{}', '{}', '{}', NOW(), NOW() )".format(
fname, lname, email, pw_hash
)
print query
self.db.query_db(query)
# registration was successful, so let's automatically
# log in the user
session["fname"] = fname
session["lname"] = lname
session["email"] = email
# get user_id (since this is a new user it will be the largest id)
query = "select * from users order by id desc limit 1"
result = self.db.query_db(query)
print "*** get session id"
print result[0]["id"]
session["id"] = result[0]["id"]
# flash('Successful registration', 'success')
return True
else:
return False
app.config.from_pyfile(app.config['CFG_FILE'])
except IOError:
pass
from fileStore import *
db = fileStore(app.config['CACHE_ROOT'] + '/db')
# load config from the database
conf = None
try:
conf = json.loads(db.get('conf/bradmin'))
except IOError:
# load default config
conf = {
'password': bcrypt.generate_password_hash('default')
}
db.store('conf/bradmin', json.dumps(conf, sort_keys=True, indent=4))
application = app
import bradmin.login
import bradmin.push
#web pages
import bradmin.frontpage
import bradmin.radio
import bradmin.mesh
#API
import bradmin.br
def hash_result(user):
bcrypt = Bcrypt(None)
password_hash = bcrypt.generate_password_hash(user["password"])
user["password"] = password_hash
return user
# make sure admin account is setup
from models import User, Role, Permission
"""
@app.context_processor
def inject_permissions():
return dict(Permission=Permission)
"""
# will throw an error if database or the table doesnt exist yet
try:
# initialize roles
Role.insert_roles()
# add admin if not yet added
admin_email = ADMINS[0]
# this returns result object
admin_user = User.query.filter_by(email=admin_email).first()
# this returns object values
admin_role = db.session.query(Role).filter(Role.permissions==Permission.ADMINISTER).first()
if not admin_user:
defaultpassword = bcrypt.generate_password_hash('1234')
user = User(username='******', email=admin_email, role=admin_role, password = defaultpassword)
db.session.add(user)
db.session.commit()
# follow yourself
db.session.add(user.follow(user))
db.session.commit()
except:
pass
from inspect import stack
from flask import Flask, render_template, request, redirect, url_for, flash, make_response
from flask.ext.bcrypt import Bcrypt
from flask.ext.mail import Mail, Message
from mysql.connector import errors
from models import Item, Costumer, Business, Invoice, Employee, Admin, Security
from tools import prepare_items
app = Flask(__name__)
b = Bcrypt()
SK = 'F*CM)@_!($":.@!#$E++)_-_;A"S;'
SK_hash = b.generate_password_hash(SK)
app.secret_key = SK
sec = Security()
app.config["MAIL_SERVER"] = "smtp.gmail.com"
app.config["MAIL_PORT"] = 465
app.config["MAIL_USE_SSL"] = True
app.config["MAIL_USERNAME"] = '******'
app.config["MAIL_PASSWORD"] = '******'
mail = Mail()
mail.init_app(app)
@app.route('/')
def home():
