def change_email(): email_address = request.form.get("email_address").strip()[:100] if not email_address or email_validator.match(email_address) is None: return render_template("settings/log_in_details.html", error="invalid_email") # This is pointless. if g.user.email_verified and email_address == g.user.email_address: return redirect(url_for("settings_log_in_details", saved="email_changed")) send_email("verify", email_address) return redirect(url_for("settings_log_in_details", saved="email_address"))
def register_post(): if g.redis.exists("register:" + request.headers.get("X-Forwarded-For", request.remote_addr)): return redirect(referer_or_home() + "?register_error=ip") # Don't accept blank fields. if request.form["username"] == "" or request.form["password"] == "": return redirect(referer_or_home() + "?register_error=blank") # Make sure the two passwords match. if request.form["password"] != request.form["password_again"]: return redirect(referer_or_home() + "?register_error=passwords_didnt_match") # Check email address against email_validator. # Silently truncate it because the only way it can be longer is if they've hacked the front end. email_address = request.form.get("email_address").strip()[:100] if not email_address: return redirect(referer_or_home() + "?register_error=blank_email") if email_validator.match(email_address) is None: return redirect(referer_or_home() + "?register_error=invalid_email") # Check username against username_validator. # Silently truncate it because the only way it can be longer is if they've hacked the front end. username = request.form["username"][:50] if username_validator.match(username) is None: return redirect(referer_or_home() + "?register_error=invalid_username") # Make sure this username hasn't been taken before. # Also check against reserved usernames. if username.startswith("guest_") or g.db.query(User.id).filter( func.lower(User.username) == username.lower() ).count() == 1 or username.lower() in reserved_usernames: return redirect(referer_or_home() + "?register_error=username_taken") new_user = User( username=username, email_address=email_address, group="new", last_ip=request.headers.get("X-Forwarded-For", request.remote_addr), ) new_user.set_password(request.form["password"]) g.db.add(new_user) g.db.flush() g.redis.set("session:" + g.session_id, new_user.id, 2592000) g.redis.setex("register:" + request.headers.get("X-Forwarded-For", request.remote_addr), 86400, 1) g.user = new_user send_email("welcome", email_address) g.db.commit() redirect_url = referer_or_home() # Make sure we don't go back to the log in page. if redirect_url == url_for("register", _external=True): return redirect(url_for("home")) return redirect(redirect_url)
def change_email(): email_address = request.form.get("email_address").strip()[:100] if not email_address or email_validator.match(email_address) is None: return render_template("settings/log_in_details.html", error="invalid_email") # This is pointless. if g.user.email_verified and email_address == g.user.email_address: return redirect( url_for("settings_log_in_details", saved="email_changed")) send_email("verify", email_address) return redirect(url_for("settings_log_in_details", saved="email_address"))
def change_email(): email_address = request.form.get("email_address").strip()[:100] if not email_address or email_validator.match(email_address) is None: return render_template("settings/log_in_details.html", error="invalid_email") # No need to do anything here. if g.user.email_verified and email_address == g.user.email_address: return redirect(url_for("settings_log_in_details", saved="email_changed")) # Make sure this email address hasn't been taken before. if email_address != g.user.email_address and g.db.query(User.id).filter( func.lower(User.email_address) == email_address.lower(), ).count() != 0: return render_template("settings/log_in_details.html", error="email_taken") send_email("verify", email_address) return redirect(url_for("settings_log_in_details", saved="email_address"))
def change_email(): email_address = request.form.get("email_address").strip()[:100] if not email_address or email_validator.match(email_address) is None: return render_template("settings/log_in_details.html", error="invalid_email") # No need to do anything here. if g.user.email_verified and email_address == g.user.email_address: return redirect( url_for("settings_log_in_details", saved="email_changed")) # Make sure this email address hasn't been taken before. if email_address != g.user.email_address and g.db.query(User.id).filter( func.lower(User.email_address) == email_address.lower(), ).count() != 0: return render_template("settings/log_in_details.html", error="email_taken") send_email("verify", email_address) return redirect(url_for("settings_log_in_details", saved="email_address"))
def forgot_password_post(): if g.redis.get("reset_password_limit:%s" % request.headers.get("X-Forwarded-For", request.remote_addr)): return render_template("account/forgot_password.html", error="limit") try: user = g.db.query(User).filter(User.username == request.form["username"].lower()).one() except NoResultFound: return render_template("account/forgot_password.html", error="no_user", username=request.form['username']) if g.redis.get("reset_password_limit:%s" % user.id): return render_template("account/forgot_password.html", error="limit") if not user.email_address or not user.email_verified: return render_template("account/forgot_password.html", error="no_email") g.user = user send_email("reset", g.user.email_address) g.redis.setex("reset_password_limit:%s" % request.headers.get("X-Forwarded-For", request.remote_addr), 86400, 1) g.redis.setex("reset_password_limit:%s" % user.id, 86400, 1) return redirect(referer_or_home() + "?error=success")