def edit_user_password(username):
# Updates password of a user on non PubCookie setups.
message = None
errors = []
if session['user_auth_level'] >= 10000 or session['user_username'] == username: # administrator access
log_access('users/password')
if request.method == 'POST':
log_access('users/password', 'posted form')
user_id = request.form['user_id']
current_pw = request.form['cur_password'] if 'cur_password' in request.form else ''
new_pw = request.form['new_password']
again_pw = request.form['again_password']
user = model.get_user(user_id)
current_hash_pw = auth.hash_password(current_pw)
if session['user_auth_level'] >= 10000 and session['user_id'] != user_id:
current_hash_pw = user['password']
if not user['password'] == current_hash_pw:
errors.append("Current Password is incorrect")
elif new_pw == '':
errors.append("New password is empty")
elif not new_pw == again_pw:
errors.append("Passwords don't match")
else:
model.set_password(user_id, auth.hash_password(new_pw))
message = "Saved."
form=model.get_user_by_username(username)
return render_template('user_edit_password.html',
form=form,
errors=errors,
message=message)
else:
log_access('users/password', 'access_denied changing password for: ' + username)
return redirect(url_for('access_denied'))
def POST(self):
name, pwd = web.input().username, web.input().password
user = model.get_user_by_username(name)
if not user:
return render.login(is_loggedin(), True)
if bcrypt.verify(pwd, user['password']):
raise authorize(user)
return render.login(is_loggedin(), True)
def sign_up_log_in():
if request.method == 'GET':
return render_template('index.html')
#----------------------------------------------------------------------
# Find way to prevent modal from popping up if user already in session.
#----------------------------------------------------------------------
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
user = model.get_user_by_username(username)
if user == None:
model.save_user_to_db(username, password)
return "AWWW YIS"
else:
if user.password == password:
flask_session["user"] = {"username":user.username, "id":user.id}
return "AWWW YIS"
else:
return "AWWW NOO"
def create_user():
form = forms.RegisterForm(request.form)
email=request.form.get("email")
username=request.form.get("username")
password=request.form.get("password")
verify_password=request.form.get("password_verify")
if model.email_exists(email):
flash("Email already exists!")
return redirect(url_for("register"))
if model.username_exists(username):
flash("Username is already taken!")
return redirect(url_for("register"))
if password != verify_password:
flash("Passwords do not match!")
return redirect(url_for("register"))
model.create_user(email, username, password)
user = model.get_user_by_username(username)
login_user(user)
return redirect(url_for("profile", username=username))
def edit_user(username):
# Edits information of a user.
if session['user_auth_level'] >= 1000 or session['user_username'] == username:
log_access('users/edit', 'editing: ' + username)
message = None
if request.method == 'POST':
log_access('users/edit', 'posted form')
model.update_user(request.form)
message = "Saved."
form=model.get_user_by_username(username)
return render_template('user_edit.html',
form=form,
message=message,
user_auth_levels=get_authorization_levels(session['user_auth_level']),
form_action_url=url_for('edit_user', username=username),
title="Edit User",
delete_button = session['user_auth_level'] >= 1000,
change_password_button = not config.USES_PUBCOOKIE)
else:
log_access('users/edit', 'access_denied editing: ' + username)
return redirect(url_for('access_denied'))
def sign_up_log_in():
if request.method == 'GET':
return render_template('index.html')
#----------------------------------------------------------------------
# Find way to prevent modal from popping up if user already in session.
#----------------------------------------------------------------------
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
user = model.get_user_by_username(username)
if user == None:
model.save_user_to_db(username, password)
return "Oke Sip"
else:
if user.password == password:
flask_session["user"] = {
"username": user.username,
"id": user.id
}
return "Oke Sip"
else:
return "blm NOO"
def user(username):
# Shows a single user
log_access('user', 'viewed: ' + username)
form=model.get_user_by_username(username)
return render_template('user_show.html', form=form)
def validate_existing_user(item):
usernamecase = model.get_user_by_username(item.username)
emailcase = model.get_user_by_email(item.email)
return not bool(usernamecase) and not bool(emailcase)
