def modify_user(user_id):
db = DBSession(engine)
user = db.get('User', {'id': user_id})
if request.method == 'PUT':
pass
elif request.method == 'DELETE':
if isadmin():
pass
return render_template('user_editor.html', user=user)
def login():
next_url = request.args.get('next') or request.form.get('next')
if request.method == 'POST' and request.form.get('userid') and request.form.get('password'):
userid = request.form.get('userid')
password = request.form.get('password')
db = DBSession(engine)
user_details = db.get('User', {'userid': userid})
logger.debug('attempting log in for user : %s' % (userid))
if user_details:
if password == user_details['password']:
logger.debug('login successful for user %s' % (userid))
session['logged_in'] = True
session['user'] = user_details
session.permanent = False # use Cookie to store session. (or not!?)
flash('You are now logged in.', 'success')
return redirect(next_url or url_for('index'))
else:
logger.debug('unsuccessful login attempt for user %s' % (userid))
flash('Incorrect password.', 'danger')
else:
flash('Incorrect UserId or Password.', 'danger')
return render_template('login.html', next_url=next_url)
