def login(): userf = UserForm() admin = AdminForm() if userf.validate_on_submit(): comand = userf.comand_name.data username = userf.username.data password = userf.password.data db_sess = db_session.create_session() team = db_sess.query(Teams).filter(Teams.name == comand).filter( Teams.name != 'Admins').first() if team and check_password_hash(team.password_hash, password): users = db_sess.query( User.username).filter(User.team == team.name).all() users_names = [x[0] for x in users] if username in users_names: login_user( db_sess.query(User).filter(User.team == team.name).filter( User.username == username).first()) return redirect("/user") else: if len(users) < 6: us = User() us.username = username us.team = comand db_sess.add(us) db_sess.commit() login_user(us) return redirect("/user") else: return render_template('login.html', form=userf, adm_form=admin) return render_template('login.html', form=userf, adm_form=admin) if admin.validate_on_submit(): name = admin.ad_username.data password = admin.ad_password.data db_sess = db_session.create_session() admins = db_sess.query(User).filter(User.username == name).filter( User.role == 1).first() team = db_sess.query(Teams).filter(Teams.name == 'Admins').first() if admins and check_password_hash(team.password_hash, password): login_user(admins) return redirect('/admin') else: return render_template('login.html', form=userf, adm_form=admin) return render_template('login.html', title='Авторизация', form=userf, adm_form=admin)
def join(): """ Register user with given credentials if user with that username doesnt exist Otherwise redirect on /join page again :return: """ title = 'Join us' session = db_session.create_session() # Registration form form = forms.RegistrationForm() if form.validate_on_submit(): # Creating Database Session session = db_session.create_session() # checking if user already registered if session.query(User).filter( User.username == form.username.data).all(): session.close() logger.info( f'user with username {form.username.data} already registered, redirecting on /join with' f' the flash') flash('User with this username already registered', 'alert alert-danger') return render_template('join.html', form=form) # User object for database user = User() # Hashing password here password_hash = hashlib.new('md5', bytes(form.password.data, encoding='utf8')) # Filling database with user data user.username = form.username.data # Here we use not password but its hash user.hashed_password = password_hash.hexdigest() user.reg_ip = request.remote_addr user.last_ip = request.remote_addr # Adding user to database session.merge(user) # Commiting changes session.commit() session.close() logger.info( f'User {form.username.data} with IP {request.remote_addr} just registered, redirecting on /index' ) flash('Your account has been created and now you are able to log in', 'alert alert-primary') return redirect(url_for('index')) session.close() return render_template('join.html', title=title, form=form)
def store(request): # if form.is_valid(): if request.POST: role = request.POST.get('role') if role == 'p': form1 = Publisher() elif role == 'a': form1 = Advertiser() form1.name = request.POST.get('name') form1.contact = request.POST.get('contact_number') form1.email = request.POST.get('email') form1.avatar = request.FILES['image'] form1.company_name = request.POST.get('company_name') form1.company_address = request.POST.get('company_address') form1.state = request.POST.get('state') form1.city = request.POST.get('city') created_at = datetime.datetime.now() form1.save() if role == 'p': record = Publisher.objects.all().order_by('-id')[0] elif role == 'a': record = Advertiser.objects.all().order_by('-id')[0] form_user = User() form_user.username = request.POST.get('username') form_user.password = request.POST.get('password') created_at = datetime.datetime.now() form_user.role = request.POST.get('role') form_user.uid = form1.id form_user.save() # instance = form.save(commit=False) # instance.save() # form = ImageUploadForm(request.POST, request.FILES) # if form.is_valid(): # if role == 'p': # m = Publisher() # elif role == 'a': # m = Advertiser() # # m.avatar = form.cleaned_data['image'] # m.save() return render(request, 'navigation.html')