def post(self):
email = self.get_request("email", "")
user_url = self.get_request("personal_url", "")
displayName = self.get_request("display_name", "")
password = self.get_request("password", "")
crsf = self.get_request("_xsrf","")
user_crsf = self.get_cookie("_xsrf","unknown")
self.clear_cookie("_xsrf")
if crsf != user_crsf or user_crsf =="unknown":
self.print_result(False, "Xsrf protected!")
return
if user_url != "":
tmp = user_url.lower()
if not tmp.startswith("http"):
user_url = "http://"+user_url
if not pyUtility.isURL(user_url):
self.print_result(False, "The Format of URL is wrong!")
return
if email == "":
self.print_result(False, "Email Cannot be blank!")
return
if not pyUtility.isEmail(email):
self.print_result(False, "Email Format is incorrect!")
return
current = self.get_current_user()
if current['user_email'] != email:
"""
Check if email has been taken or not
"""
if not User().isEmailUnique(email):
self.print_result(False, "Email Has been used")
return
user = User().getByID(current['ID'], False)
if user:
if not password == "":
newPwd = user.getEncodeStr(password)
if newPwd != user.user_pass:
user.user_pass = newPwd
user.user_email = email
user.user_url = user_url
user.display_name = displayName
newUserData = user.row2dict()
if user.update():
self.set_current_user(newUserData)
self.print_result(True, "Done")
else :
self.print_result(False, "Failed to Update DB")
else:
# find failed
self.print_result(False, "Can not find any record")
def post(self):
username = self.get_request("Login[username]", None)
nextmove = self.get_request("nextmove", "")
pwd = self.get_request("Login[password]", None)
remember = self.get_request("Login[remember]", None)
validcode = self.get_request("Login[validcode]", "")
if not pyUtility.isAccountLegal(username):
self.print_result(False, "User Or Password is incorrect!!")
return
if "validcode" in self.session:
if validcode != self.session['validcode']:
self.print_result(False, "ValidCode is incorrect!!", True)
return
else:
self.print_result(False, "ValidCode is incorrect!!", True)
return
if not remember is None and remember:
self.set_cookie("login_name", url_escape(username))
else:
self.clear_cookie("login_name")
# login process
if not username or not pwd or username is None or pwd is None:
self.print_result(False, "UserName Or Password Is Empty!")
return
user = User().Login(username, pwd)
if user:
# login success
# save session
if user.user_status==2:
self.print_result(False,"Account has been locked")
return
self.set_current_user(user.row2dict())
self.print_result(True, "Authorized", nextmove)
else:
# login failed
self.print_result(False, "User Or Password Is Wrong", self.get_webroot_url()+"auth?next=" + url_escape(nextmove))