def login():
error = None
if request.method == 'POST':
username = request.form['username']
raw_password = request.form['password']
if 'forgot' in request.form:
try:
forgot_password(username)
except Exception as e:
if str(e) != "No such user/No valid email":
raise
flash("Kunne ikke sende en mail til denne bruger")
return redirect(url_for('usermanager.login'))
return render_template("usermanager/forgot.html", username=username)
user = data.execute('SELECT password, deleted FROM Users WHERE username = ?', username)
if empty(user) or not password.check(raw_password, user[0]['password']):
flash('Invalid username or password')
elif user[0]["deleted"]:
flash('Sorry, your user has been deleted')
else:
session['logged_in'] = True
session['username'] = username
groups = data.execute('SELECT groupname FROM Group_users WHERE username = ?', username)
groups = [group['groupname'] for group in groups]
session['groups'] = groups
update_password(username, raw_password)
flash("Login succesful")
return redirect(session.pop('login_origin', url_front()))
return render_template("usermanager/login.html", error=error)
def modify_news(id):
news = data.execute("SELECT * FROM News WHERE n_id = ?", id)
if empty(news) or session['username'] != news[0]['creator']:
flash("You are not permitted to edit this newsitem")
return redirect(url_front())
news = news[0]
if request.method == 'POST':
if 'cancel' in request.form:
return redirect(url_front())
b = data.Bucket(request.form)
if 'delete' in request.form:
b >> ("DELETE FROM News WHERE n_id = ?", id)
if b.title == "":
flash("Please enter a title")
return html.back()
b.text
b >> ("UPDATE News $ WHERE n_id = ?", id)
return redirect(url_front())
else:
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("title", "Overskrift")
w.textarea("text", "Tekst")
w.html('<button type="submit" name="delete" value="delete">Slet nyhed</button>', "")
form = w.create(news)
return render_template("form.html", form=form)
def new(key):
time.sleep(random.randint(2, 6))
# EXPLANATION: weed out old creation keys
delete_old_keys()
# EXPLANATION: Check if key exists/is valid
result = data.execute(
"SELECT key, email FROM User_creation_keys WHERE key = ?", key)
if empty(result):
time.sleep(random.randint(5, 21))
# TODO: Send to errorpage?
return redirect(url_front())
if request.method == "POST":
if 'cancel' in request.form:
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
flash("Oprettelse anulleret")
return redirect(url_front())
b = data.Bucket(request.form)
if not sanitize_username(b.username):
flash("Ugyldigt brugernavn")
return html.back()
if b.password1 != b.password2:
flash("Du gav to forskellige løsener, prøv igen")
return html.back()
if b.password1 == "":
flash("Du skal vælge et løsen")
return html.back()
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
create_user(b.username, b.password1, b.name, b.email)
flash("Ny bruger oprettet")
session['logged_in'] = True
session['username'] = b.username
return redirect(url_for("usermanager.settings"))
else:
wb = html.WebBuilder()
wb.form()
wb.formtable()
wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):")
wb.textfield("name", "Fulde navn:")
wb.textfield("email", "Email:", value=result[0]["email"])
wb.password("password1", "Løsen")
wb.password("password2", "Gentag løsen")
form = wb.create()
return render_template("form.html", form=form)
def new(key):
time.sleep(random.randint(2,6))
# EXPLANATION: weed out old creation keys
delete_old_keys()
# EXPLANATION: Check if key exists/is valid
result = data.execute("SELECT key, email FROM User_creation_keys WHERE key = ?", key)
if empty(result):
time.sleep(random.randint(5,21))
# TODO: Send to errorpage?
return redirect(url_front())
if request.method == "POST":
if 'cancel' in request.form:
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
flash("Oprettelse anulleret")
return redirect(url_front())
b = data.Bucket(request.form)
if not sanitize_username(b.username):
flash("Ugyldigt brugernavn")
return html.back()
if b.password1 != b.password2:
flash("Du gav to forskellige løsener, prøv igen")
return html.back()
if b.password1 == "":
flash("Du skal vælge et løsen")
return html.back()
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
create_user(b.username, b.password1, b.name, b.email)
flash("Ny bruger oprettet")
session['logged_in'] = True
session['username'] = b.username
return redirect(url_for("usermanager.settings"))
else:
wb = html.WebBuilder()
wb.form()
wb.formtable()
wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):")
wb.textfield("name", "Fulde navn:")
wb.textfield("email", "Email:", value=result[0]["email"])
wb.password("password1", "Løsen")
wb.password("password2", "Gentag løsen")
form = wb.create()
return render_template("form.html", form=form)
def login():
error = None
if request.method == 'POST':
username = request.form['username']
raw_password = request.form['password']
if 'forgot' in request.form:
try:
forgot_password(username)
except Exception as e:
if str(e) != "No such user/No valid email":
raise
flash("Kunne ikke sende en mail til denne bruger")
return redirect(url_for('usermanager.login'))
return render_template("usermanager/forgot.html",
username=username)
user = data.execute(
'SELECT password, deleted FROM Users WHERE username = ?', username)
if empty(user) or not password.check(raw_password,
user[0]['password']):
flash('Invalid username or password')
elif user[0]["deleted"]:
flash('Sorry, your user has been deleted')
else:
session['logged_in'] = True
session['username'] = username
groups = data.execute(
'SELECT groupname FROM Group_users WHERE username = ?',
username)
groups = [group['groupname'] for group in groups]
session['groups'] = groups
update_password(username, raw_password)
flash("Login succesful")
return redirect(session.pop('login_origin', url_front()))
return render_template("usermanager/login.html", error=error)
