def login(): # redirect to home if already logged in if session.get('user_id'): return redirect(url_for('ph_bp.home')) if request.method == 'POST': token = md5(request.form['password'] + session.get('nonce', '')).hexdigest() if token == request.form['token']: query = "SELECT * FROM users WHERE username='******' AND password_hash='{}'" username = request.form['username'] password_hash = xor_encrypt(request.form['password'], current_app.config['PW_ENC_KEY']) user = db.session.execute(query.format(username, password_hash)).first() if user and user['status'] == 1: session['user_id'] = user.id path = os.path.join(current_app.config['UPLOAD_FOLDER'], md5(str(user.id)).hexdigest()) if not os.path.exists(path): os.makedirs(path) session['upload_folder'] = path session.rotate() return redirect( request.args.get('next') or url_for('ph_bp.home')) return redirect( url_for('ph_bp.login', error='Invalid username or password.')) return redirect(url_for('ph_bp.login', error='Bot detected.')) session['nonce'] = get_token(5) return render_template('login.html')
def init_session(user_id): session['user_id'] = user_id path = os.path.join(current_app.config['UPLOAD_FOLDER'], md5(str(user_id).encode()).hexdigest()) if not os.path.exists(path): os.makedirs(path) session['upload_folder'] = path session.rotate()
def auth(): username = request.form.get('username') password = request.form.get('password') user = User.query.filter_by(username=username).first() if user: pw_hash = hashpw(password.encode(), user.password.encode()).decode() if safe_str_cmp(pw_hash, user.password): session.rotate() session['user'] = user.id return redirect(url_for('.home'), code=303) else: flash('Incorrect password', 'error') return redirect(url_for('.login_page', username=username), code=303) else: flash('No such user', 'error') return redirect(url_for('.login_page'), code=303)
def login(): # redirect to home if already logged in if session.get('user_id'): return redirect(url_for('home')) if request.method == 'POST': query = "SELECT * FROM users WHERE username='******' AND password_hash='{}'" username = request.form['username'] password_hash = xor_encrypt(request.form['password'], app.config['PW_ENC_KEY']) user = db.session.execute(query.format(username, password_hash)).first() if user and user['status'] == 1: session['user_id'] = user.id path = os.path.join(app.config['UPLOAD_FOLDER'], md5(str(user.id)).hexdigest()) if not os.path.exists(path): os.makedirs(path) session['upload_folder'] = path session.rotate() return redirect(request.args.get('next') or url_for('home')) return redirect(url_for('login', error='Invalid username or password.')) return render_template('login.html')
def oauth(): code = request.args.get('code') try: client_id = current_app.config['GITHUB_CLIENT_ID'] client_secret = current_app.config['GITHUB_CLIENT_SECRET'] access_token = get_access_token(code, client_id, client_secret) user = get_user(access_token) except: abort(503) if not user_exists(user): create_user(user, access_token) session['user'] = user session.rotate() next = request.args.get('next', '/') if not next or not is_safe_url(next, True): next = request.host_url return redirect(next, code=302)