def modify_user(user_id): db = DBSession(engine) user = db.get('User', {'id': user_id}) if request.method == 'PUT': pass elif request.method == 'DELETE': if isadmin(): pass return render_template('user_editor.html', user=user)
def login(): next_url = request.args.get('next') or request.form.get('next') if request.method == 'POST' and request.form.get('userid') and request.form.get('password'): userid = request.form.get('userid') password = request.form.get('password') db = DBSession(engine) user_details = db.get('User', {'userid': userid}) logger.debug('attempting log in for user : %s' % (userid)) if user_details: if password == user_details['password']: logger.debug('login successful for user %s' % (userid)) session['logged_in'] = True session['user'] = user_details session.permanent = False # use Cookie to store session. (or not!?) flash('You are now logged in.', 'success') return redirect(next_url or url_for('index')) else: logger.debug('unsuccessful login attempt for user %s' % (userid)) flash('Incorrect password.', 'danger') else: flash('Incorrect UserId or Password.', 'danger') return render_template('login.html', next_url=next_url)