def change_pwd():
if request.method == 'POST':
password1 = request.form['password1']
password2 = request.form['password2']
username = session.get('username')
if password1 == '' or password2 == '':
flash('password must be filled!', 'error')
return render_template('change_pwd.html')
# check password
if password1 != password2:
flash('password not match!', 'error')
return render_template('change_pwd.html')
# get user
users = User.query.filter_by(username=username).all()
if len(users) == 0:
flash('user not found!', 'error')
return render_template('change_pwd.html')
try:
user = users[0]
user.password = User.generate_hash(password1)
db.session.commit()
flash('password changed successfully!')
except Exception as e:
flash(f'db error: {e}', 'error')
return render_template('change_pwd.html')
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
email = request.form['email']
is_form_valid = True
if username.strip() == '':
is_form_valid = False
flash('username should be filled!', 'error')
if password.strip() == '':
is_form_valid = False
flash('password should be filled!', 'error')
if email.strip() == '':
is_form_valid = False
flash('email should be filled!', 'error')
if not is_form_valid:
return render_template('register.html')
# check username if already register
# get user
users = User.query.filter_by(username=username).all()
if is_form_valid and len(users) > 0:
flash('username already registered!', 'error')
print('username already registered')
return render_template('register.html')
user = User()
user.username = username
user.password = User.generate_hash(password)
user.email = email
user.role = 'user'
user.is_active = False
db.session.add(user)
db.session.commit()
flash(
'successfully registered, please wait for admin to activate your account!'
)
return render_template('register.html')