def post(self):
# Authenticate
admin = AdminAuthenticate(self.request)
username = self.request.get("username")
password = self.request.get("password")
# validate form
if not username or not password:
return self.redirect("/admin/login")
adminFind = Admin.query().filter(Admin.name == username).get()
if not adminFind:
return self.redirect("/admin/login")
adminFind = adminFind[0]
pw_hash = adminFind.pw_hash
# validate admin
if not hashes.valid_pw(username, password, pw_hash):
return self.redirect("/admin/login")
# validation successful - set cookie headers
admin_id = str(adminFind.key.id())
secure_val = hashes.make_secure_val(admin_id)
self.response.headers.add_header(
'Set-Cookie', str('name_adm=%s; Path=/' % secure_val))
return self.redirect("/admin/home")
def AdminAuthenticate(request):
h = request.cookies.get('name_adm')
admin_id = hashes.check_secure_val(h)
if not admin_id:
return None
admin = Admin.get_by_id(int(admin_id))
return admin
def post(self):
# Authenticate
admin = AdminAuthenticate(self.request)
username = self.request.get("username")
password = self.request.get("password")
# validate form
if not username or not password:
return self.redirect("/admin/login")
adminFind = Admin.query().filter(Admin.name==username).get()
if not adminFind:
return self.redirect("/admin/login")
adminFind = adminFind[0]
pw_hash = adminFind.pw_hash
# validate admin
if not hashes.valid_pw(username, password, pw_hash):
return self.redirect("/admin/login")
# validation successful - set cookie headers
admin_id = str(adminFind.key.id())
secure_val = hashes.make_secure_val(admin_id)
self.response.headers.add_header('Set-Cookie', str('name_adm=%s; Path=/' % secure_val))
return self.redirect("/admin/home")
def AdminAuthenticate(request):
h = request.cookies.get('name_adm')
admin_id = hashes.check_secure_val(h)
if not admin_id:
return None
admin = Admin.get_by_id(int(admin_id))
return admin
def add_admin():
if 'id' in session and 'username' in session and 'superAdmin' in session:
if session['superAdmin'] != True:
return redirect(url_for('admin'))
if request.is_xhr:
if (request.form is not None
and request.form['username'].strip() != ""
and request.form['password'].strip() != ""):
m = hashlib.md5()
result = {}
username = request.form['username']
m.update(request.form['password'].encode('utf-8'))
password = m.hexdigest()
superAdmin = True if request.form[
'superAdmin'] == '1' else False
try:
admin = Admin(username=username,
password=password,
superAdmin=superAdmin)
database = models.models.Session()
database.add(admin)
database.commit()
result['message'] = 'success'
result['username'] = request.form['username']
except sqlalchemy.exc.IntegrityError:
result['message'] = 'username already axist'
return jsonify(result)
return render_template('admin_page/add.html')
return redirect(url_for('login'))
def AddAdmin(name, password, email):
# TODO: Validate the fields (check valid, no-duplicates).
pw_hash = hashes.make_pw_hash(name, password)
a = Admin(name=name, pw_hash=pw_hash, email=email)
a.active = True
a.put()
def AddAdmin(name, password, email):
# TODO: Validate the fields (check valid, no-duplicates).
pw_hash = hashes.make_pw_hash(name, password)
a = Admin(name=name,pw_hash=pw_hash,email=email)
a.active = True
a.put()
