def useraccount():
form = LoginForm(request.form)
correct = False
errorResponse=''
if request.method == 'POST':
errorResponse='User does not exist'
if form.validate():
correct = False
id = 0
usersDict = {}
db = shelve.open('storage.db', 'r')
try:
usersDict = db['Users']
for key in usersDict:
user = usersDict[key]
if user.get_username()==form.username.data:
id = user.get_userID()
correct = user.get_password()==form.password.data;
if not correct:
errorResponse='Invalid password'
except:
print("Error in retrieving Users from storage.db.")
if correct:
return render_template("Retrieveaccount.html",name=form.username.data,id=id)
return render_template("useraccount.html",form=form,errorResponse=errorResponse)
def login():
form = LoginForm(request.form)
errorResponse=''
if request.method == 'POST':
errorResponse='Invalid Credentials'
correct = False
if form.validate():
if form.username.data=='staff':
if form.password.data=='staff890':
return redirect(url_for('retrieveUsers'))
return render_template("login2.html",form=form,errorResponse=errorResponse)
def loginMenu():
login_form = LoginForm(request.form)
# login if user already logged in before
temp_exist = main.db.check_exist('TEMP')
if temp_exist == True:
session = main.db.get_storage('TEMP')
s_keys = session.keys()
if "username" in s_keys:
username = session['username']
return redirect(url_for('users', choice=1, username=username))
# When a button is clicked
if request.method == 'POST':
btn_pressed = request.form['submit']
# Login clicked
# Validate only on a POST request
if login_form.validate() and btn_pressed == "Login":
login_name = login_form.username.data.lower()
admin_acc = main.db.get_storage("ADMIN")
temp = main.db.return_keys("Users")
if admin_acc.get_username() == login_name:
print("Admin Login")
return redirect(url_for('admin'))
elif temp != None and login_name in temp:
temp2 = main.db.get_storage("Users")
user = temp2[login_name]
# create temporary storage
main.db.get_storage("TEMP", True, True)
main.db.add_item('TEMP', "username", user.get_username())
return redirect(
url_for('users', choice=1, username=user.get_username()))
else:
print("ERRORRRRRR")
# Sign up clicked
elif btn_pressed == "Sign Up":
return redirect(url_for('sign_up'))
# Get request will be skipped to this
return render_template('userLogin.html', form=login_form)
def login():
form = LoginForm()
if request.method == 'POST':
if form.validate() == False:
return render_template('login.html', form=form, session=False)
else:
session['email'] = form.email.data
# session['username'] = db.session.username;
session['logged_in'] =True
return redirect(url_for('profile', success=True, session=True))
elif request.method == 'GET':
return render_template('login.html', form=form, session=False)
def login():
form = LoginForm(request.form)
msg = ''
if request.method == "POST" and form.validate():
session.pop('user', None)
email = request.form['email']
password = request.form['password']
print(email)
print(password)
statement = text('SELECT * FROM users WHERE email ="' + email +
'" AND password ="******"')
result = db.engine.execute(statement).fetchone()
if result == None:
statement2 = text('SELECT * FROM users WHERE email ="' + email +
'"')
result2 = db.engine.execute(statement2).fetchone()
print(result2)
print("AHhhhhhhhhhhhh")
print(email)
if result2 == None:
msg = 'Error: Email does not exist!'
print('no mail')
return render_template("login.html", form=form, msg=msg), 401
# abort(401)
else:
msg = 'Error: Password is wrong!'
print('no pass')
return render_template("login.html", form=form, msg=msg), 401
# abort(401)
else:
session['id'] = result[0]
session['user'] = result[3]
session['name'] = result[1]
session['is_authenticated'] = result[5]
#if result[3] == "*****@*****.**":
if result[5] == "True":
#blah blah blah whatever admin needs to be diff
resp = make_response(redirect('/admin'))
else:
resp = make_response(redirect('/'))
name = result[1] + result[2]
resp.set_cookie('username', name, httponly=False, secure=False)
print(session['id'])
print(session['is_authenticated'])
return resp
return render_template("login.html", form=form, msg=msg)
def login():
form = LoginForm(request.form)
msg = ''
if request.method == "POST" and form.validate():
session.pop('user', None)
email= request.form['email']
password = request.form['password']
print(email)
print(password)
# fix
#1st method for login
statement = text('SELECT * FROM users WHERE email = :a AND password = :b')
result = db.engine.execute(statement,a=str(email),b=str(password)).fetchone()
#2nd method
# blacklist=[',','<','>','"',"'",'=']
# for i in email:
# if i in blacklist:
# msg = 'Error: invalid email/password'
# return render_template("login.html", form=form, msg=msg),401
# for o in password:
# if o in blacklist:
# msg = 'Error: invalid email/password'
# return render_template("login.html", form=form, msg=msg),401
# statement = text('SELECT * FROM users WHERE email ="' + email + '" AND password ="******"')
# result = db.engine.execute(statement).fetchone()
# endfix
if result == None:
msg = 'Error: Email/Password does not exist!'
return render_template("login.html", form=form, msg=msg),401
else:
session['id'] = result[0]
session['user']= result[3]
session['name'] = result[1]
session['is_authenticated'] = result[5]
#if result[3] == "*****@*****.**":
if result[5] == "True":
#blah blah blah whatever admin needs to be diff
resp = make_response(redirect('/admin'))
else:
resp = make_response(redirect('/'))
name = result[1]+result[2]
resp.set_cookie('username', name, httponly=False, secure=False)
print(session['id'])
print(session['is_authenticated'])
return resp
return render_template("login.html", form=form, msg=msg)
def login():
"""For GET requests, display the login form. For POSTS, login the current user
by processing the form."""
form = LoginForm(csrf_enabled=True)
if form.is_submitted():
if form.validate():
user = User.query.get(form.username.data)
if user and bcrypt.check_password_hash(user.password, form.password.data):
user.authenticated = True
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
return redirect("/appConfig")
else:
return render_template("login.html", form=form, message="Invalid Login!!!")
else:
return render_template("login.html", form=form, message="Invalid Login!!!")
else:
return render_template("login.html", form=form)
def login():
loginForm = LoginForm(request.form)
if request.method == 'POST' and loginForm.validate(
): #only runs if post button clicked
usersDict = {}
db = shelve.open(
'storage.db', 'c'
) #assign storage file to variable database, c stands for read and write
try:
usersDict = db['Users'] #assign Users storage into usersDict
except:
print("Error in retrieving Users from storage.db.")
db.close() #always close your database
for i in usersDict:
if loginForm.username.data == usersDict[i].get_username():
if loginForm.password.data == usersDict[i].get_password():
session["USERID"] = usersDict[i].get_userID()
return redirect(url_for('home'))
return render_template('login.html', form=loginForm, invalid=True)
return render_template('login.html', form=loginForm)
def login():
form = LoginForm(request.form)
msg = ''
if request.method == "POST" and form.validate():
session.pop('user', None)
email = request.form['email']
password = request.form['password']
print(email)
print(password)
statement = text('SELECT * FROM users WHERE email ="' + email +
'" AND password ="******"')
result = db.engine.execute(statement).fetchone()
print(result)
if result == None:
flash('Incorrect username/password')
else:
session['id'] = result[0]
session['user'] = result[3]
session['name'] = result[1]
session['is_authenticated'] = result[5]
if result[3] == "*****@*****.**":
# blah blah blah whatever admin needs to be diff
resp = make_response(redirect('/admin'))
else:
resp = make_response(redirect('/'))
resp.set_cookie('username',
result[1],
httponly=False,
secure=False)
print(session['id'])
print(session['is_authenticated'])
return resp
# # test = User.query.filter_by(email=email).first()
# test = User.query.filter_by(email=email, password=password).first()
# if test:
# # test2 = User.query.filter_by(password=password).first()
# # if test2:
# # return redirect(url_for('store'))
# # else:
# # msg = 'Error: Wrong Password!'
# # return render_template("login.html", form=form, msg=msg)
# # if test and check_password_hash(test.password, password):
# if email == '*****@*****.**':
# session['user'] = '******'
# # access_token = create_access_token(identity=email)
# # print("Access token is",access_token)
# # print("Admin login success")
# # session.permanent = True
# return redirect(url_for('admin'))
# else:
# session['user'] = request.form['email']
# # access_token = create_access_token(identity=email)
# # print("Access token is",access_token)
# print("User login success")
# # session.permanent = True
# return redirect(url_for('store'))
# else:
# msg = 'Error: Email does not exist!'
# abort(401)
return render_template("login.html", form=form, msg=msg)
