def change_password(type, id): if type == "Student": user = Student.query.get(id) # if user.is_authenticated: # return redirect(url_for('index', type="Student", id=id)) form = PasswordForm() if form.validate_on_submit(): if user is None or not password_manager.verify_password( form.password.data, user.password): flash('Invalid password') return redirect( url_for('change_password', type='Student', id=id)) user.password = password_manager.hash_password(form.np.data) db.session.add(user) db.session.commit() return redirect(url_for('index', type='Student', id=id)) return render_template('student_password.html', form=form) elif type == "Professor": user = Professor.query.get(id) # if user.is_authenticated: # return redirect(url_for('index', type="Student", id=id)) form = PasswordForm() if form.validate_on_submit(): if user is None or not password_manager.verify_password( form.password.data, user.password): flash('Invalid password') return redirect( url_for('change_password', type='Professor', id=id)) user.password = password_manager.hash_password(form.np.data) db.session.add(user) db.session.commit() return redirect(url_for('index', type='Professor', id=id)) return render_template('prof_password.html', form=form) elif type == "Administrator": user = Administrator.query.get(id) # if user.is_authenticated: # return redirect(url_for('index', type="Student", id=id)) form = PasswordForm() if form.validate_on_submit(): if user is None or not password_manager.verify_password( form.password.data, user.password): flash('Invalid password') return redirect( url_for('change_password', type='Administrator', id=id)) user.password = password_manager.hash_password(form.np.data) db.session.add(user) db.session.commit() return redirect(url_for('index', type='Administrator', id=id)) return render_template('admin_password.html', form=form) else: return render_template('error.html')
def password(request, user_id): if request.method == 'POST': form = PasswordForm(request.POST) if form.is_valid(): user = User.objects.get(id=user_id) user.set_password(request.POST['password']) user.save() return redirect('/') else: form = PasswordForm() user = User.objects.get(id=user_id) return render(request, 'form.html', {'form': form, 'user': user})
def login(request): password_form = PasswordForm() if request.method == "POST": password_form = PasswordForm(request.POST) if password_form.is_valid() and password_form.cleaned_data['password'] == settings.SITE_PASSWORD: response = HttpResponseRedirect('/') response.set_cookie('password', value=password_form.cleaned_data['password'], max_age=60*60*24*60) # 60 days return response context = { 'password_form': password_form , 'hide_sidebar': True } return HttpResponse(loader.get_template("login.html").render(RequestContext(request,context)))
def changePassword(request): if request.method == 'POST': form = PasswordForm(request.POST) if form.is_valid(): user = request.user user.set_password(request.POST.get('password')) return HttpResponseRedirect('/profile') else: form = PasswordForm() return render(request, 'change_password.html', context={ 'form': form, })
def login3(): if 'pno' not in session.keys(): flash('enter pno first') return redirect(url_for('login')) for key in ['firstname', 'lastname']: if key not in session.keys(): flash('enter name first') return redirect(url_for('login2')) form = PasswordForm() if form.validate_on_submit(): password = form.password.data pno = session['pno'] firstname = session['firstname'] lastname = session['lastname'] user = User.get_by_pno(pno) user.firstname = firstname user.lastname = lastname user.password = password db.session.add(user) db.session.commit() login_user(user) remove_ban(request_obj=request.remote_addr) return redirect(url_for('index')) return render_template('login.html', form=form)
def change_password(user_id): form = PasswordForm() cursor = g.db.execute('SELECT * FROM user WHERE id=? ', [user_id]) res = cursor.fetchone() if res is None: return render_template('404.html') # 没有改用户 404 if int(session.get('user_id')) == int(user_id): if request.method == 'POST' and form.validate_on_submit(): old_password = request.form.get('old_password') new_password = request.form.get('new_password') new_password_repeat = request.form.get('new_password_repeat') if new_password != new_password_repeat: flash( message= 'Please enter the same password in both new password fields.' ) return render_template('change_password.html', form=form) if md5_user_psw(res[1], old_password) == res[2]: # 密码正确 g.db.execute('UPDATE user SET pass_hash=? WHERE id=?', [md5_user_psw(res[1], new_password), user_id]) return redirect( url_for('user_profile', user_id=session['user_id'])) else: flash(message='Password error') return render_template('change_password.html', form=form) else: return render_template('change_password.html', form=form)
def reset_with_token(token): """ Resets a user's password, verifying that their token is correct, and then encrypting their new password and logging them in. """ try: email = ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) #get form data form = PasswordForm() if form.validate_on_submit(): user = model.User.query.filter_by(email=email).first_or_404() password = form.password.data # securely store password password_hash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) user.password = password_hash model.db.session.add(user) model.db.session.commit() # login user login_user(user) return redirect("/") else: return render_template("/reset_with_token.html", form=form, token=token)
def password(): form = PasswordForm() errors = [] if request.method == "POST": password = form.newPassword.data confirmPassword = form.confirmPassword.data email = session["email"] if not funcs.lengthCheck(password, MIN_LENGTH): errors.append(PASSWORD_MESSAGES["length"]) if not funcs.lowerCheck(password, MIN_LOWER): errors.append(PASSWORD_MESSAGES["lower"]) if not funcs.upperCheck(password, MIN_UPPER): errors.append(PASSWORD_MESSAGES["upper"]) if not funcs.numCheck(password, MIN_NUM): errors.append(PASSWORD_MESSAGES["num"]) if not funcs.symbolCheck(password, MIN_SYMBOL): errors.append(PASSWORD_MESSAGES["symbol"]) if not funcs.newCheck(password, email): errors.append(PASSWORD_MESSAGES["new"]) if not funcs.sameCheck(password, confirmPassword): errors.append(PASSWORD_MESSAGES["same"]) if len(errors) == 0: #assign password to user in DB funcs.addPassword(password, email) #remove the 'email' session variable since we #can use the UserID to identify the user now. session.pop("email", default=None) session["user"] = funcs.getID(email) return redirect(url_for("index")) return render_template("password.html", form=form, errors=errors, msgDict=PASSWORD_MESSAGES)
def change_pass(): form = PasswordForm() if form.validate_on_submit(): flash(f'Your password was updated successfully.', 'success') return redirect(url_for('user.home')) return render_template('user-change-pass.html', form=form)
def changePassword(): form = PasswordForm() if session['type'] == 'Student' or session['type'] == 'Faculty': if form.validate_on_submit(): with sql.connect('courseSystem.db') as db: c = db.cursor() if session['type'] == 'Student': find_users = """SELECT * FROM Student S WHERE S.email = ?""" else: find_users = """SELECT * FROM Professor P WHERE P.email = ?""" c.execute(find_users, (session['user'], )) results = c.fetchall() if results and checkpw(str.encode(form.password.data), results[0][1]) and\ (form.newPassword.data == form.confirm.data): if session['type'] == 'Student': changePassword = """UPDATE Student SET password=? WHERE email=?""" else: changePassword = """UPDATE Professor SET password=? WHERE email=?""" print(form.newPassword.data) c.execute(changePassword, (hashpw(str.encode(form.newPassword.data), gensalt(4)), session['user'])) db.commit() c.close() return redirect(url_for('userhome')) return render_template('changePassword.html', form=form) elif session['type'] == 'Admin': return render_template('changePassword.html') else: return render_template('home.html')
def update_password(itsid): password_details = Password.query.get_or_404(itsid) if password_details.user != current_user: abort(403) form = PasswordForm() if form.validate_on_submit(): message = form.password.data # Users real password message = message.encode('latin-1') # processed encrypted_text = CIPHER.encrypt(message) # Got the value encrypted_text = encrypted_text.decode() password_details.site = form.site.data password_details.password = encrypted_text password_details.hint = form.hint.data db.session.commit() flash("Password Updated Successfully!", 'success') return redirect(url_for('passwords')) elif request.method == "GET": form.site.data = password_details.site form.hint.data = password_details.hint return render_template("create_passwords.html", title='Update Password', form=form, legend='Update')
def activate(key, token): """Activate Method.""" try: element = User.objects.filter(deleted=False, id=key, code=token).first() except Exception: flash("Usuario no Existe", "error") return redirect(url_for("index")) if element.state == 'confirmed': flash(u"Contraseña Actualizada Anteriormente", "info") return redirect(url_for('auth.login')) if element.state == "email_reset": element.state = "confirmed" element.save() flash(u"Correo Actualizado", "success") return redirect(url_for('auth.login')) form = PasswordForm(request.form, element) if request.method == 'GET': return render_template("auth/password.html", form=form) if form.validate_on_submit(): state = element.state password = form.password.data element.password = password element.generate_password() element.state = "confirmed" element.save() flash(u"Contraseña Actualizada", "success") if state == 'confirm': flash(u"Cuenta Activada", "info") return redirect(url_for('auth.login')) return render_template("auth/password.html", form=form)
def changepswd(request): if (islogin(request) == False): return HttpResponseRedirect("/") emailid = request.session.get("email", None) name = request.session.get("name", None) if request.method == "POST": form = PasswordForm(request.POST) if form.is_valid(): try: user = RegisteredUsers.objects.get(email=emailid) user.pswd = form.cleaned_data["new_pswd"] user.save() c = {} c.update(csrf(request)) c.update({"emailid": emailid, "user": name}) c.update({"updated": True}) return render_to_response("changepswd.html", c) except: return HttpResponse( "Error in Connection with Database , Try again ") else: c = {} c.update(csrf(request)) c.update({"passwordform": form}) c.update({"emailid": emailid, "user": name}) #return HttpResponse(str(vars(form))) return render_to_response("changepswd.html", c) c = {} c.update(csrf(request)) c.update({"emailid": emailid}) return render_to_response("changepswd.html", c)
def process_password_reset_token(token): try: password_reset_serializer = URLSafeTimedSerializer( current_app.config['SECRET_KEY']) email = password_reset_serializer.loads(token, salt='password-reset-salt', max_age=3600) except BadSignature as e: flash('The password reset link is invalid or has expired.', 'danger') return redirect(url_for('users.login')) form = PasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=email).first() if user is None: flash('Invalid email address!', 'danger') return redirect(url_for('users.login')) user.set_password(form.password.data) database.session.add(user) database.session.commit() flash('Your password has been updated!', 'success') return redirect(url_for('users.login')) return render_template('users/reset_password_with_token.html', form=form)
def password(request, user_id): if request.method == 'POST': form = PasswordForm(request.POST) if form.is_valid(): user = User.objects.get(id=user_id) user.set_password(request.POST['password']) user.save() # 記錄系統事件 if is_event_open(request) : log = Log(user_id=request.user.id, event=u'修改<'+user.first_name+u'>密碼成功') log.save() return redirect('homepage') else: form = PasswordForm() user = User.objects.get(id=user_id) return render_to_response('account/password.html',{'form': form, 'user':user}, context_instance=RequestContext(request))
def makePasswordQRcode(): form = PasswordForm() if form.validate_on_submit(): s = str(form.password.data) QR = pyqrcode.create(s) myfile = os.path.join(app.static_folder, "QR.png") QR.png(myfile, scale=5) return redirect(url_for('QRcodedisplay')) return render_template('makePasswordQRcode.html', title='Maker', form=form)
def login(): form = PasswordForm() if form.validate_on_submit(): session.clear() session['admin_logged'] = True return redirect(url_for('admin.home')) return render_template('admin/login.html', form=form)
def password(request, template_name='django_yubico/password.html', redirect_field_name=REDIRECT_FIELD_NAME): """ Displays the password form and handles the login action. """ redirect_to = settings.LOGIN_REDIRECT_URL for key in SESSION_KEYS: # Make sure all the required session keys are present value = request.session.get(key, None) if value is None: return HttpResponseRedirect(reverse('yubico_django_login')) user_id = request.session[YUBIKEY_SESSION_USER_ID] auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND] user = User.objects.get(pk=user_id) user.backend = auth_backend if request.method == 'POST': form = PasswordForm(request.POST, user=user) if form.is_valid(): auth_login(request=request, user=user) reset_user_session(session=request.session) return HttpResponseRedirect(redirect_to) else: # Limit the number of password attempts per token request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1 if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \ YUBIKEY_PASSWORD_ATTEMPTS: # Maximum number of attemps has been reached. Require user to # start from scratch. reset_user_session(session=request.session) return HttpResponseRedirect(reverse('yubico_django_login')) else: form = PasswordForm(user=user) dictionary = {'form': form, redirect_field_name: redirect_to} return render_to_response(template_name, dictionary, context_instance=RequestContext(request))
def password(request): """ View that changes the password on the LDAP server. """ member = retrieve_member(request) if request.method == 'POST': form = PasswordForm(request.POST, request=request) if form.is_valid(): new_password = form.cleaned_data['password1'] # change the password for the Wifi member.set('sambaLMPassword', smbpasswd.lmhash(new_password)) member.set('sambaNTPassword', smbpasswd.nthash(new_password)) member.save() # change the LDAP password member.change_password(new_password) key = store_ldap_password(request, new_password) request.session.save() new_form = PasswordForm() response = render( request, 'password.html', { 'message': _('Your password was changed. Thank you!'), 'form': new_form, 'member': member.to_dict() }) response.set_cookie('sessionkey', key) return response else: return render(request, 'password.html', { 'form': form, 'member': member.to_dict() }) else: form = PasswordForm() return render(request, 'password.html', { 'form': form, 'member': member.to_dict() })
def password(): form = PasswordForm() if form.validate_on_submit(): form.populate_obj(user) user.password = form.new_password.data db.session.commit() flash('Password updated.', 'success') return render_template('user/password.html', form=form)
def password(): form = PasswordForm() if form.validate_on_submit(): if not current_user.check_password(form.current_password.data): flash('Current Password wrong', 'danger') return redirect(url_for('password.password')) current_user.set_password(form.new_password.data) current_user.save() commit() logout_user() flash('Password change successful. Please login again', 'success') return redirect(url_for('login.login')) return render_template('password.html', form=form)
def edit_password(request, pw_pk=None): new = False password = get_object_or_404(Password, pk=pw_pk) ldap_groups = get_ldap_groups(request.user.username) ldap_groups_choices = [(lg, lg) for lg in ldap_groups] if request.method == 'POST': form = PasswordForm(request.POST, instance=password, ldap_groups_choices=ldap_groups_choices) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("index")) elif request.method == 'GET': form = PasswordForm(instance=password, ldap_groups_choices=ldap_groups_choices) return direct_to_template(request, 'edit_password.html', { 'form': form, 'ldapGroups': LdapGroup.objects.all(), 'new': new })
def user_password_change(): form = PasswordForm(request.form) if request.method == 'POST': if form.validate(): user = current_user user.password = generate_password_hash(form.password.data, method='sha256') db.session.add(user) db.session.commit() flash("Password changed !", "INFO") return redirect(url_for('account')) return render_template('new-password.html', form=form)
def edit(): user = current_user form = PasswordForm() if request.method == 'POST' and form.validate(): user.password = form.password.data db_session.add(user) db_session.commit() flash('Password updated successfully!') return redirect('/') return render_template('edit_user.html', form=form)
def change_password(username): """Change/Update password""" form = PasswordForm(request.form) if request.method == 'GET': return render_template("password.html") if request.method == 'POST' and form.validate(): current_user = User.query.filter(User.user_id == session['id']).first() current_user.password = form.password.data picture = current_user.picture db.session.commit() return render_template('password.html', form=form)
def index(): form = PasswordForm() if form.validate_on_submit(): print(form.password.data) if form.password.data == "password": return redirect(url_for("home")) else: message = "wrong password" return render_template("password.html", form=form, message=message) return render_template("password.html", form=form)
def view_password(): user_name = session.get('user_name') if not user_name: flash('Unauthorized access!', 'danger') return redirect(url_for('view_index')) form = PasswordForm() if form.validate_on_submit(): user = User.query.filter_by(name=user_name).first() if user.verify_password(form.current_password.data): user.set_password(form.new_password.data) db.session.commit() flash('Password update successful!', 'success') return redirect(url_for('view_home')) else: flash('Incorrect password!', 'warning') return render_template('password.html', form=form)
def reset_with_token(token): try: email = security.ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) form = PasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=email).first_or_404() user.pwdhash = form.password.data user.set_password(user.pwdhash) db.session.add(user) db.session.commit() return redirect(url_for('signin')) return render_template('reset_with_token.html', form=form, token=token)
def reset_password(): if request.method == "POST": form = PasswordForm(request.form) if form.validate(): ul = serv.login(g.user['email'], form.oldpassword.data) if ul: ul.reset_password(form.newpassword.data) try: g.db.flush() g.db.commit() success = u"重设密码成功" except Exception, e: g.db.rollback() log.error(e.message) errors = [u"未知异常"] else: errors = [u"登陆密码输入不正确"] else: errors = [v[0] for k, v in form.errors.iteritems()]
def reset_with_token(token): """ reset password with email token @param token: unique token @type token: str @return: refreshed page indicating success or failure """ try: email = ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) form = PasswordForm() if form.validate_on_submit(): user = User.get(email) password = form.password.data user.change_password(user.set_password(password)) login_user(user) flash('Password changed successfully!') return redirect(url_for('main')) return render_template('reset_with_token.html', form=form, token=token)