def post(self): # Authenticate admin = AdminAuthenticate(self.request) username = self.request.get("username") password = self.request.get("password") # validate form if not username or not password: return self.redirect("/admin/login") adminFind = Admin.query().filter(Admin.name == username).get() if not adminFind: return self.redirect("/admin/login") adminFind = adminFind[0] pw_hash = adminFind.pw_hash # validate admin if not hashes.valid_pw(username, password, pw_hash): return self.redirect("/admin/login") # validation successful - set cookie headers admin_id = str(adminFind.key.id()) secure_val = hashes.make_secure_val(admin_id) self.response.headers.add_header( 'Set-Cookie', str('name_adm=%s; Path=/' % secure_val)) return self.redirect("/admin/home")
def AdminAuthenticate(request): h = request.cookies.get('name_adm') admin_id = hashes.check_secure_val(h) if not admin_id: return None admin = Admin.get_by_id(int(admin_id)) return admin
def post(self): # Authenticate admin = AdminAuthenticate(self.request) username = self.request.get("username") password = self.request.get("password") # validate form if not username or not password: return self.redirect("/admin/login") adminFind = Admin.query().filter(Admin.name==username).get() if not adminFind: return self.redirect("/admin/login") adminFind = adminFind[0] pw_hash = adminFind.pw_hash # validate admin if not hashes.valid_pw(username, password, pw_hash): return self.redirect("/admin/login") # validation successful - set cookie headers admin_id = str(adminFind.key.id()) secure_val = hashes.make_secure_val(admin_id) self.response.headers.add_header('Set-Cookie', str('name_adm=%s; Path=/' % secure_val)) return self.redirect("/admin/home")
def add_admin(): if 'id' in session and 'username' in session and 'superAdmin' in session: if session['superAdmin'] != True: return redirect(url_for('admin')) if request.is_xhr: if (request.form is not None and request.form['username'].strip() != "" and request.form['password'].strip() != ""): m = hashlib.md5() result = {} username = request.form['username'] m.update(request.form['password'].encode('utf-8')) password = m.hexdigest() superAdmin = True if request.form[ 'superAdmin'] == '1' else False try: admin = Admin(username=username, password=password, superAdmin=superAdmin) database = models.models.Session() database.add(admin) database.commit() result['message'] = 'success' result['username'] = request.form['username'] except sqlalchemy.exc.IntegrityError: result['message'] = 'username already axist' return jsonify(result) return render_template('admin_page/add.html') return redirect(url_for('login'))
def AddAdmin(name, password, email): # TODO: Validate the fields (check valid, no-duplicates). pw_hash = hashes.make_pw_hash(name, password) a = Admin(name=name, pw_hash=pw_hash, email=email) a.active = True a.put()
def AddAdmin(name, password, email): # TODO: Validate the fields (check valid, no-duplicates). pw_hash = hashes.make_pw_hash(name, password) a = Admin(name=name,pw_hash=pw_hash,email=email) a.active = True a.put()