def login_view(request):
# are they already logged in; if so, push them through
if request.user:
return HTTPFound(location=request.route_url('home'))
# they submitted the form
if 'login' in request.POST:
login = request.POST.get('login')
password = request.POST.get('password')
# if it has a @ in it, it's an email address
if '@' in login:
v = request.DBSession.query(User).filter(User.password == phash(password)).filter(User.email == login)
else:
v = request.DBSession.query(User).filter(User.password == phash(password)).filter(User.username == login)
# did they match?
if v.count() == 1:
request.session['user_id'] = v.one().id
return HTTPFound(location=request.route_url('home'))
# incorrect username/email/password
request.session.flash('incorrect login/password combination')
return {}
def register_view(request):
# what are you doing here?
if request.user:
return HTTPFound(location=request.route_url('home'))
# keep track of some of the register fields in case they screw up
vv = {'username' : '', 'email' : ''}
if 'username' in request.POST:
username = request.POST.get('username')
password = request.POST.get('password')
cpassword = request.POST.get('cpassword')
email = request.POST.get('email')
if username:
vv['username'] = username
if email:
vv['email'] = email
v = True
if not username or not password or not cpassword or not email:
request.session.flash('please ensure all fields are filled in')
else:
# verify username
if not username.isalnum():
v = False
request.session.flash('your username must be alphanumeric')
if len(username) > 20:
v = False
request.session.flash('your username can be at most 20 characters long')
# verify passwords
if password != cpassword:
v = False
request.session.flash('your passwords dont match')
# verify email address
if '@' not in email or len(email) > 128:
v = False
request.session.flash('your email address is invalid')
# did we win?
if v:
# is there already a user with this username/email?
q = request.DBSession.query(User).filter(or_(User.username == username, User.email == email))
if q.count() != 0:
#u = user.new(request, username, password, email)
#
#if not u:
request.session.flash('your username/email address is already in use')
else:
u = User(username=username,
password=phash(password),
email=email,
joindate=int(time.time()))
request.DBSession.add(u)
# now we have to get the user
request.session['user_id'] = request.DBSession.query(User).filter(User.username == username).one().id
# redirect to glory
request.session.flash('you have successfully registered')
return HTTPFound(location=request.route_url('home'))
return vv
def ulhash(user):
return phash(user.password[-10:] + 'i love to eat crocodiles' + user.username + 'hello there' + str(user.id))[:10]