Exemplo n.º 1
0
def login():
    form = LogInForm()
    if request.method == 'POST' and form.validate():
        user_name = form.user_name.data
        password = form.password.data

        # user name exist in db and its password is valid
        user = db_session.query(Employee).filter_by(employee_username=user_name).first()
        if user is not None and user.is_correct_password(password) and user.employee_status == 'active':
            # user is owner -> transmit to owner panel
            if user.employee_id == 1:
                session['owner_logged_in'] = True
                session['owner_username'] = user.employee_username
                return render_template('owner_restaurant.html',
                                       base_form=RestaurantBaseForm(),
                                       opening_form=RestaurantOpeningHoursForm(),
                                       media_form=RestaurantSocialMediaForm(),
                                       owner_username=session['owner_username'])
            # user is employee -> transmit to progressive panel
            else:
                session['employee_logged_in'] = True
                session['employee_username'] = user.employee_username
                return redirect(url_for('staff.all_orders'))
    elif session.get('owner_logged_in'):
        return render_template('owner_restaurant.html',
                               base_form=RestaurantBaseForm(),
                               opening_form=RestaurantOpeningHoursForm(),
                               media_form=RestaurantSocialMediaForm(),
                               owner_username=session['owner_username'])
    elif session.get('employee_logged_in'):
        return redirect(url_for('staff.all_orders'))
    return render_template('log_in.html',
                           form=form)
Exemplo n.º 2
0
def login(request):
    if request.method == "GET":
        form = LogInForm()
        res_data = {'title': '登入', 'year': datetime.now().year, 'form': form}
        return render(request, 'app/login.html', res_data)
    if request.method == "POST":
        form = LogInForm(request.POST)
        valid_state = form.is_valid()
        username = form.cleaned_data['username']
        password = form.cleaned_data['password']
        ip_address = get_ip(request)
        failures_res = AccessAttempt.objects.filter(username=username,
                                                    ip_address=ip_address)
        # 有超過一筆資料
        if failures_res.count() > 0:
            failure_res = failures_res[0]
            failure_count = failure_res.failures
            failure_lasttime = failure_res.attempt_time.replace(tzinfo=None)
            # 超過登入次數限制
            if failure_count >= settings.AXES_FAILURE_LIMIT:
                nowtime = datetime.utcnow().replace(tzinfo=None)
                minutes_from_las_attempt = (nowtime - failure_lasttime)
                # 低於15分鐘內重複登入
                if minutes_from_las_attempt < settings.AXES_COOLOFF_TIME:
                    messages.warning(request, '您的帳戶已經被鎖定,請15分鐘後再嘗試。')
                    res_data = {'title': '帳戶鎖定', 'year': datetime.now().year}
                    return render(request, 'app/message.html', res_data)
                else:
                    failure_res.delete()

        if valid_state:
            user = authenticate(username=username, password=password)
            user_logged_in.send(sender=User, request=request, user=user)
            auth.login(request, user)
            if failures_res.count() > 0:
                failures_res[0].delete()
            return redirect("/")
        else:
            print(form.cleaned_data.get('username'))
            user_login_failed.send(
                sender=User,
                request=request,
                credentials={'username': form.cleaned_data.get('username')})
            res_data = {
                'title': 'Login',
                'year': datetime.now().year,
                'form': form
            }
            return render(request, 'app/login.html', res_data)
Exemplo n.º 3
0
def login():
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    form = LogInForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user is None or not user.check_password(form.password.data):
            flash('Invalid username or password')
            return redirect(url_for('login'))
        login_user(user, remember=form.remember_me.data)
        next_page = request.args.get('next')
        # This is to keep attackers from inserting a URL to a malicious site. This keeps URLs relative.
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('index')
        return redirect(next_page)
    return render_template('login.html', title='Sign In', form=form)
Exemplo n.º 4
0
def logout():
    form = LogInForm()
    if session.get('owner_logged_in') or session.get('employee_logged_in'):
        session.pop('owner_username', None)
        session.pop('employee_username', None)
        session.pop('owner_logged_in', None)
        session.pop('employee_logged_in', None)
    return render_template('log_in.html', form=form)
Exemplo n.º 5
0
def login():
    login_form = LogInForm()

    if login_form.validate_on_submit():
        user = User.query.filter_by(username=login_form.username.data).first()
        if user is None:
            flash('Username does not exist!', 'warning')
        elif user.password != login_form.password.data:
            flash('Incorrect password!', 'danger')
        else:
            login_user(user, force=True, remember=True)
            flash('Logged in successfully!', 'success')
            return redirect(url_for('root'))
    elif request.method == 'POST':
        flash('Authentication failed!', 'danger')

    return render_template('login.html', form=login_form)
Exemplo n.º 6
0
def login():
    if current_user.is_authenticated:
        return redirect(url_for('index'))

    form = LogInForm()
    if form.validate_on_submit():
        user = User().login(form.email_address.data, form.password.data)
        if user is None:
            flash('Invalid email address or password.', 'danger')
            return redirect(url_for('login'))
        login_user(user, remember=form.remember_me.data)
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('view_diary')
        flash('Welcome back {0}!'.format(current_user.first_name), 'success')
        return redirect(next_page)
    return render_template('log_in.html', form=form, background=url_for('static', filename='img/susan-holt-simpson-799094-unsplash.jpg'))
Exemplo n.º 7
0
def index():
    """The homepage for the website."""
    login_form = LogInForm()
    if login_form.validate_on_submit():
        username = login_form.username.data
        password = login_form.password.data
        # Look for it in the database.
        user = User.query.filter_by(username=username).first()

        # Login and validate the user.
        if user is not None and user.check_password(password):
            login_user(user)
            return redirect(url_for('upload'))
        else:
            flash('Invalid username and password combination!')

    return render_template('index.html', form=login_form)
Exemplo n.º 8
0
def login():
    log_in_form = LogInForm()

    if log_in_form.validate_on_submit():
        to_validate = User.query.filter_by(username=log_in_form.username.data).first()

        if to_validate is None or to_validate.password != log_in_form.password.data:
            flash('Incorrect username or password!', 'danger')
        else:
            login_user(to_validate)

            if 'next' in session:
                return redirect(session['next'])
            else:
                flash('Logged in successfully!', 'success')
                return redirect(url_for('user.profile'))

    return render_template('login.html', form=log_in_form)
Exemplo n.º 9
0
def login(request): 
  if request.method == 'POST':
    form = LogInForm(None, request.POST)
    next = request.POST['next']
    if form.is_valid():
      form.clean()
      user = form.user_cache
      if user is not None:
        auth.login(request, user)
        return HttpResponseRedirect(request.POST['next'])
      else:
        return render_to_response('login.html', {'form': form, 
          'user': form.user_cache,}, context_instance=RequestContext(request))
  else:
    form = LogInForm() 
    next = request.GET.get('next', '/dashboard/')
  context = {'form': form, 'user': request.user, 'next': next}
  return render_to_response('login.html', context, context_instance=RequestContext(request))
Exemplo n.º 10
0
def login_user_on():
    if current_user.is_authenticated:
        return redirect(url_for('user'))
    form = LogInForm()
    if form.validate_on_submit():
        password = str(
            hashlib.md5(
                form.password.data.strip().encode("utf-8")).hexdigest())
        username = form.username.data
        user = User.query.filter(User.username == username.strip(),
                                 User.password == password).first()
        password = User.query.filter
        if user and password:
            login_user(user, remember=form.remember.data)
            next_page = request.args.get('next')
            flash(f'Chào mừng {form.username.data}!', 'success')
            return redirect(next_page) if next_page else redirect(
                url_for('user'))
        else:
            flash('Login Unsuccessful. Please check email and password',
                  'danger')
    return render_template("user/login.html", title='Login', form=form)
Exemplo n.º 11
0
def login():
    form = LogInForm()
    return render_template('login.html', title='Sign In', form=form)