def changepassword():
form = PasswordChangeForm()
if request.method == 'GET':
return render_template('changepassword.html',
form=form,
name=current_user.email)
else:
if form.validate_on_submit():
if current_user.validate_password(form.currentpassword.data):
local_object = db.session.merge(current_user)
local_object.password = current_user.update_password(
form.newpassword.data)
db.session.add(local_object)
db.session.commit()
Mail_Service.send_email(current_user.email, "Password Changed",
current_user, request.remote_addr)
flash("Password Sucessfully Changed")
else:
flash("Incorrect Current Password")
return render_template('changepassword.html',
form=form,
name=current_user.email)
else:
flash("Error with form")
return render_template('changepassword.html',
form=form,
name=current_user.email)
return redirect(url_for('account'))
def passwordChange():
form = PasswordChangeForm()
if form.validate_on_submit():
old_pass = form.old_password.data
new_pass = form.new_password.data
conf_pass = form.new_password_confirm.data
# Password change
if new_pass == conf_pass and check_password_hash(current_user.password, old_pass):
user = current_user
user.password = generate_password_hash(new_pass)
db.session.add(user)
db.session.commit()
flash(gettext('User password successfully changed.'))
else:
if new_pass != conf_pass:
flash(gettext('New password must match confirmation!'))
elif not check_password_hash(current_user.password, old_pass):
flash(gettext('Current password is incorrect!'))
return redirect(url_for('passwordChange'))
return redirect(url_for('user'))
return render_template('/settings/passwordchange.html',
title=gettext("Password Change"),
form=form)
def settings():
pw_form = PasswordChangeForm()
set_form = SettingsForm()
if 'pw_change' in request.form and pw_form.validate_on_submit():
try:
g.user.set_password(pw_form.new_password.data)
db.session.commit()
flash(u'Passwort wurde geändert.')
except:
flash(u'Passwort konnte nicht geändert werden.')
if 'settings_change' in request.form and set_form.validate_on_submit():
g.user.name = set_form.name.data
db.session.commit()
flash(u'Einstellungen wurde geändert.')
return render_template('user/settings.html', pw_form=pw_form, set_form=set_form)
def changepassword(secretstring):
form = PasswordChangeForm()
if form.validate_on_submit():
if form.password.data:
s = URLSafeSerializer('12fe454t')
uname, uemail = s.loads(secretstring)
user = Users.query.filter_by(username=uname).first()
db.session.add(user)
user.pwdhash = bcrypt.generate_password_hash(form.password.data)
db.session.commit()
flash('succsessful password reset')
return redirect(url_for('login'))
else:
flash('Try again')
return redirect(url_for('resetpassword'))
return render_template('general/change_password.html', form=form)
def edit_user_password(user_id_number):
# This form allows the administrator to change a user's password.
error = None
# Grabs user information from database based on user_id_number and assigns it to user
user = User.query.get(user_id_number)
form = PasswordChangeForm()
if form.validate_on_submit() and request.method == 'POST':
# Calls method to allow password to be changed based on form input.
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash("Password has been updated.")
return render_template('edit_user_password.html', form=form, user=user)
def change_password(secretstring):
form = PasswordChangeForm()
if form.validate_on_submit():
if form.password.data:
s = URLSafeSerializer('serliaizer_code')
uname, uemail = s.loads(secretstring)
user = Users.query.filter_by(username=uname).first()
db.session.add(user)
user.pwdhash = bcrypt.generate_password_hash(form.password.data)
db.session.commit()
flash(u'succsessful password reset')
return redirect(url_for('login'))
else:
flash('Try again!')
return redirect(url_for('reset_password'))
return render_template('change_password.html', form=form)
def change_password(secretstring):
form = PasswordChangeForm()
if form.validate_on_submit():
if form.password.data:
s = URLSafeSerializer("serliaizer_code")
uname, uemail = s.loads(secretstring)
user = Users.query.filter_by(username=uname).first()
db.session.add(user)
user.pwdhash = bcrypt.generate_password_hash(form.password.data)
db.session.commit()
flash(u"succsessful password reset")
return redirect(url_for("login"))
else:
flash("Try again!")
return redirect(url_for("reset_password"))
return render_template("change_password.html", form=form)
def changepasswd():
session_id = request.cookies.get(SESSION_ID)
if session_id is None:
return redirect(url_for('logout'))
if not session_db.exists(session_id):
return redirect(url_for('logout'))
form = PasswordChangeForm()
hidden = request.cookies.get('login')
if hidden is None:
return render_template('problem.html')
form.hidden = hidden
if form.validate_on_submit():
ssid = request.cookies.get(SESSION_ID)
user = session_db.get(ssid)
user_data = dbc.getUserByLogin(user)
user_id = user_data[0]
dbc.updatePassword(user_id, hash_password(form.newpassword.data))
return render_template('changegood.html')
return render_template('changepasswd.html', form=form)
def password_change():
form = PasswordChangeForm()
if form.validate_on_submit():
user_id = current_user.get_id()
user = User.query.get(user_id)
if user and not bcrypt.check_password_hash(user.Password,
form.old_password.data):
flash('Old password is incorrect.', 'danger')
else:
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.Password = hashed_password
db.session.add(user)
db.session.commit()
flash('Your password has been changed.', 'success')
return render_template('password-change.html',
title='Change Password',
form=form)
def password_reset():
from datetime import datetime
form = PasswordChangeForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
reset_timer = user.reset_timer
current_time = datetime.now()
reset_check = (current_time.day + 100) - reset_timer
print "*" * 30
print "Reset Check: ", reset_check
print "*" * 30
if (reset_check <= 3):
user.set_password(form.password.data)
user.reset_key = ""
user.reset_timer = ""
db.session.commit()
return redirect(url_for('login'))
return render_template('password_reset.html', form=form)
def account():
# Get basic database and forms ready to return
bsdb = get_bsdb()
acct = AccountSettings(session['user_num'])
account_settings_change_form = AccountSettingsChangeForm()
password_change_form = PasswordChangeForm()
account_settings = bsdb.get_account_settings(session["user_num"])
show_account_modal = False
show_password_modal = False
# Check against requests to change account settings
if (req.method == 'POST' and
account_settings_change_form.submit_account_change.data):
show_account_modal = True
app.logger.info(f"request received to change user settings for " +
f"user {session['user_num']}")
# Check to make sure form was valid, return form if it was not
if not account_settings_change_form.validate_on_submit():
app.logger.warning(f"Settings change form failed validation")
flash("Your information wouldn't work. Try again?", "warning")
return render_template(
'user/user-home.html',
account_settings=account_settings,
account_settings_change_form=account_settings_change_form,
password_change_form=password_change_form,
show_account_modal=show_account_modal,
show_password_modal=show_password_modal
)
# Check that the username isn't changing or is available
if acct.is_username_valid(session['user_num'],
account_settings_change_form.username.data):
app.logger.info("username is valid")
try:
acct.set_account_information(
session['user_num'], account_settings_change_form)
flash("Account information updated.", "success")
app.logger.info("returning new account info:")
account_settings = bsdb.get_account_settings(
session["user_num"])
show_account_modal = False
account_settings = bsdb.get_account_settings(
session["user_num"])
except Exception:
flash("Error updating your information. Try again?",
"warning")
else:
flash("Username is already taken", "warning")
# Check against request to change password
elif req.method == 'POST' and password_change_form.submit.data:
show_password_modal = True
app.logger.info(f"request received to change password for " +
f"user {session['user_num']}")
if not password_change_form.validate_on_submit():
app.logger.warning(f"Password change form failed verification")
flash("Your infromation wouldn't work. Try again?", "warning")
return render_template(
'user/user-home.html',
account_settings=account_settings,
account_settings_change_form=account_settings_change_form,
password_change_form=password_change_form,
show_account_modal=show_account_modal,
show_password_modal=show_password_modal
)
try:
correct_password = acct.is_password_correct(session["user_num"],
password_change_form)
if not correct_password:
flash("Original password was not correct. Please try again.",
"warning")
else:
app.logger.info("Original password was entered correctly.")
try:
acct.set_password(session["user_num"],
password_change_form)
app.logger.info("New Password set")
flash("New Password Sucessfully Set.", "success")
show_password_modal = False
except Exception:
app.logger.error("Error setting new password")
flash("Error setting new password. Try again?", "warning")
except Exception:
flash("Error determining if the original password is correct. Try again?", "warning")
app.logger.error("Error checking original password.")
# We got here either by being GET or succeeding making changes.
# Refill account_setting and account_settings_change_form
account_settings_change_form = acct.fill_account_settings_change_form()
account_settings = bsdb.get_account_settings(session["user_num"])
return render_template(
'user/user-home.html',
account_settings=account_settings,
account_settings_change_form=account_settings_change_form,
password_change_form=password_change_form,
show_account_modal=show_account_modal,
show_password_modal=show_password_modal
)
