def profile():
page = request.args.get('page', default=1, type=int)
reviews = Review.query\
.with_entities(User.username, Review.grade, Review.feelings, Review.thoughts,
Review.timestamp, Review.user_id, Review.movie_id, User.image, Movie.title, Movie.year)\
.filter(Review.user_id == current_user.id)\
.join(User)\
.join(Movie)\
.order_by(Review.timestamp.desc())\
.paginate(page, 4, False)
change_pw_form = ChangePasswordForm()
profile_pic_form = ProfileImageForm()
if change_pw_form.validate_on_submit():
if current_user.check_password(change_pw_form.oldpassword.data):
current_user.set_password(change_pw_form.password.data)
db.session.add(current_user)
db.session.commit()
flash('Password changed!')
return redirect(url_for('main.profile'))
else:
change_pw_form.oldpassword.errors.append('Incorrect old password')
links = construct_page_links('main.profile', reviews)
return render_template('profile.html',
title='profile',
current_page=reviews.page,
total_pages=reviews.pages,
next_page=links[0],
prev_page=links[1],
first_page=links[2],
last_page=links[3],
change_pw_form=change_pw_form,
profile_pic_form=profile_pic_form,
reviews=reviews.items)
def change_password(token):
email = confirm_token(token)
user = UserInfo.query.filter(UserInfo.email == email).first_or_404()
if user.password_token is not None:
form = ChangePasswordForm(request.form)
if form.validate_on_submit():
user = UserInfo.query.filter_by(email=email).first()
if user:
user.password = sha256_crypt.encrypt(str(form.password.data))
user.password_token = None
subject = 'Password has been updated'
html = render_template('pwchange_confirm.html',
username=user.username)
send_email(user.email, subject, html)
db.session.commit()
flash('Password successfully updated.', 'success')
return redirect(url_for('login'))
# else:
# flash('Password change was unsuccessful.', 'danger')
# return redirect(url_for('login'))
else:
flash('Please enter your new password.', 'success')
return render_template('change_password.html', form=form)
else:
flash('unable to reset the password, try again.', 'danger')
return redirect(url_for('login'))
def change_password():
change_password_form = ChangePasswordForm()
if request.method == 'GET':
return render_template('change_password.html',
user=current_user.name,
user_role=current_user.role.name,
change_password_form=change_password_form)
if request.method == 'POST':
if change_password_form.validate_on_submit():
new_password = change_password_form.new_password.data
old_password = change_password_form.old_password.data
if not User.query.filter_by(email=current_user.email).first(
).verify_password(old_password):
flash('Old password is invalid')
return redirect(url_for('change_password'))
if not utilities.password_is_valid(new_password):
flash(
'Password is not strong enough.\nNeeds to contain lower case and upper case letters, numericals and punctuation.\nLength must be between 8 and 12 characters.'
)
return redirect(url_for('change_password'))
User.query.filter_by(
email=current_user.email).first().password = new_password
db.session.commit()
flash('Password changed successfully')
return redirect(url_for('index'))
else:
return redirect(url_for('change_password'))
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
return redirect(url_for('profile'))
return render_template('change_password.html',
title='Change Password',
form=form)
def private_profile():
"""
The settings page for current_user. Here current_user may toggle suggestions, private, delete or report names,
change about & photo with a shoddy ChangeDetailsForm, change password with an acceptable ChangePasswordForm, or
permanently delete the account.
:return: profile.html rendered with list of suggested names for current_user amd forms
"""
names = Name.query.filter_by(userID=current_user.get_id()).all()
# TODO: implement a new form to change account details you lazy trashbag
form_d = ChangeDetailsForm(csrf_enabled=False)
form_p = ChangePasswordForm()
if form_p.validate_on_submit():
if pwd_context.verify(form_p.current_password.data, current_user.password):
user = User.query.get(current_user.id)
user.password = pwd_context.encrypt(form_p.new_password.data)
db.session.commit()
flash("Changes saved.")
return redirect(url_for("private_profile"))
else:
flash("Incorrect password.")
return redirect(url_for("private_profile"))
if form_d.validate_on_submit():
user = User.query.get(current_user.id)
if form_d.about.data != "":
user.about = form_d.about.data
app.logger.debug("result: "+user.about)
if form_d.url.data != "":
user.photo_url = form_d.url.data
db.session.commit()
flash("Changes saved.")
return redirect(url_for("private_profile"))
return render_template("profile.html", names=names, form_d=form_d, form_p=form_p)
def change_password():
"""
User logged can change the password
GET -> requests server change password page
POST -> requests validate form & user info
"""
# Hard bypass if admin_email try to change password
if current_user.email == current_app.config['ADMIN_EMAIL']:
flash(
'Esta cuenta no puede cambiar de contraseña. Utiliza tu cuenta personal.'
)
current_app.logger.error('{} try to change password.'.format(
current_user.email))
return redirect(url_for('dashboard.home'))
form = ChangePasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=current_user.email).first()
if user and user.check_password(password=form.password.data):
# Actual password correct. Updating
user.set_password(form.new_password.data)
db.session.add(user)
db.session.commit()
current_app.logger.info('{} updated her password.'.format(user))
flash('Contraseña actualizada. Vuelve a hacer login.')
return redirect(url_for('auth.logout'))
flash('Invalid password. Recheck inputs.')
return redirect(url_for('auth.change_password'))
return render_template('auth/change_password.html', form=form)
def changePassword():
cursor.execute(
'select name, login, passwordHash from account where id = %s',
(current_user.id, ))
user = cursor.fetchone()
form = ChangePasswordForm()
if form.validate_on_submit():
if check_password_hash(
user[2], form.passwordOld.data
) and form.passwordNew1.data == form.passwordNew2.data:
cursor.execute(
'update account set passwordHash = %s where id = %s', (
generate_password_hash(form.passwordNew1.data),
current_user.id,
))
conn.commit()
flash('Пароль был успешно изменен')
return redirect(url_for('account'))
else:
flash('Старый пароль введен неверно или новые пароли не совпадают')
return redirect(url_for('changePassword'))
return render_template('changePassword.html',
title='Сменить пароль',
form=form,
user=user)
def changePassword():
form = ChangePasswordForm()
form.username = current_user.username
if form.validate_on_submit():
AccountQuery.update_password(current_user.username,
form.new_password.data)
return jsonify(action="success")
return jsonify(action="failed", error=form.errors)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
current_user.set_password(form.password.data)
db.session.commit()
flash('Password updated!')
return redirect(url_for('account'))
return render_template('change_password.html', form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.old_password.data):
current_user.password = form.password.data
db.session.add(current_user)
flash(u'您的密码已被更新')
return redirect(url_for('index'))
else:
flash(u'密码不正确')
return render_template("change_password.html", form=form)
def changePassword():
"""Admin change password"""
form = ChangePasswordForm()
if form.validate_on_submit():
current_user.set_password(form.password.data)
db.session.add(current_user)
db.session.commit()
flash('Password updated')
return render_template('changePassword.html',
title='Change Password',
form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.old_password.data):
current_user.password = form.password.data
db.session.add(current_user)
flash('您的密码已经修改!')
return redirect(url_for('main.index'))
else:
flash('原密码错误,操作无效!')
return render_template('user/change_password.html', form=form)
def settings():
form = ChangePasswordForm()
timezone = User.query.filter_by(id=current_user.id).first().timezone
if form.validate_on_submit():
UserActions().change_password(current_user.id, form.old_password.data,
form.password.data)
return render_template('settings.html',
title='Settings',
timezones=pytz.common_timezones,
user_timezone=timezone,
form=form)
def change_pwd():
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.old_password.data):
current_user.password = form.new_password.data
db.session.add(current_user)
db.session.commit()
flash("修改密码成功")
return redirect(url_for('main.index'))
else:
flash("修改失败")
return render_template('user/change_pwd.html', form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
old_password = form.current_password.data
user = User.from_login(current_user.email, old_password)
if user.is_authenticated:
new_password = form.new_password.data
user.set_password(new_password)
flash('Password successfully changed.')
else:
flash('Old password incorrect.')
return render_template('change_password.html', form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
session = create_session()
current_user.set_password(form.new_password.data)
session.merge(current_user)
session.commit()
return redirect(f'/user/{current_user.id}')
return render_template('change_password.html',
title='Change password',
form=form,
title_form='Change password')
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.current_password.data):
flash('Your current password is wrong.')
return redirect(url_for('change_password'))
current_user.set_password(form.password.data)
db.session.commit()
flash('Your password has been changed.')
return redirect(url_for('edit_profile'))
return render_template('change_password.html', form=form)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.current.data):
flash('Password incorrect')
elif form.new.data == form.current.data:
flash('Password must be new')
else:
current_user.set_password(form.new.data)
db.session.commit()
flash('Password successfully changed')
return redirect(url_for('change_password'))
return render_template("change_password.html", form=form)
def changepassword():
form = ChangePasswordForm()
if form.validate_on_submit():
u = User.query.filter_by(username=current_user.username).first()
if u.verify_password(form.oldpassword.data):
u.password = form.newpassword.data
db.session.add(u)
flash('密码修成功')
return redirect(url_for('main.index'))
else:
flash('无效的密码')
return render_template('user/changepassword.html', form=form)
def change_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_token(token)
if not user:
return redirect(url_for('index'))
form = ChangePasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Ваш пароль успешно изменен!')
return redirect(url_for('login'))
return render_template('ChangePassword.html', form=form)
def changepassword():
if not current_user.is_authenticated:
return redirect(url_for('index'))
form = ChangePasswordForm()
if form.validate_on_submit():
user = current_user
if user.check_password(form.current_password.data):
user.set_password(form.password.data)
db.session.commit()
flash('Password changed!')
return redirect(url_for('myprofile'))
flash('Invalid password')
#return redirect(url_for('index'))
return render_template('changepassword.html', title='Change Password', form=form)
def change_password():
"""Route for logged in users to change password"""
pw_form = ChangePasswordForm()
if pw_form.validate_on_submit():
# If new password is not equal to old
if not current_user.validate_pass(pw_form.newpw.data):
current_user.password = pw_form.newpw.data
flash('Password successfuly changed!', 'info')
db.session.add(current_user)
db.session.commit()
else:
flash('Password must differ from the old.', 'danger')
return render_template('settings/change_password.html', pw_form=pw_form)
def change_password():
form = ChangePasswordForm()
# 判断密码是否合法
if form.validate_on_submit():
# 判断老密码是否正确
user = current_user._get_current_object()
if user.verify_password(form.old_password.data):
# 取出新密码 就行设置保存
user.password = form.new_password.data
db.session.add(user)
flash('修改成功')
logout_user()
# 返回登录
return redirect(url_for('users.login'))
return render_template('users/change_password.html', form=form)
def account_change_password():
form = ChangePasswordForm()
if form.new_password.data == form.confirm_new_password.data:
if form.validate_on_submit():
if bcrypt.check_password_hash(current_user.password,form.old_password.data):
hashed_password = bcrypt.generate_password_hash(form.new_password.data).decode('utf-8')
current_user.password = hashed_password
db.session.commit()
flash('Password has been changed.', 'success')
return redirect(url_for('account_change_password'))
else:
flash('Old password is incorrect.', 'danger')
else:
flash('Passwords do not match','danger')
return render_template('account_change_password.html', title='account_change_password', form=form)
def changePassword():
form = ChangePasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(username=current_user.username).first()
user.password_hash = generate_password_hash(form.password.data)
user.pwPrompted = True
db.session.commit()
flash('Password Updated!', "error")
return redirect(url_for('index'))
if not current_user.pwPrompted and request.method == 'GET':
flash("You MUST change your password to access other pages", "error")
return render_template('changePassword.html',
title='Change Password',
form=form,
template=admin_template_validation())
def reset_password(token):
template_name = 'reset_password.html'
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_token(token)
if not user:
return redirect(url_for('index'))
form = ChangePasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
user.change_password = 0
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('login'))
return render_template(template_name, form=form)
def change_password():
"""Change password Form"""
form = ChangePasswordForm()
if form.validate_on_submit():
user = UserInformation.query.filter_by(
username=form.username.data).first()
user.set_password(form.password.data)
db.session.commit()
flash('Password update successfully')
logout_user()
return redirect(url_for('login'))
form.username.data = current_user.username
return render_template('change_password.html',
title='Change password',
form=form)
def settings():
"""Show settings for authenticated user."""
chpwd = ChangePasswordForm(prefix='pwd')
chusr = ChangeUsernameForm(prefix='usr')
if chpwd.submit.data and chpwd.validate_on_submit():
current_user.change_password(chpwd.new_password.data)
db.session.commit()
flash('Changed password!', 'success')
if chusr.submit.data and chusr.validate_on_submit():
current_user.name = chusr.username.data
db.session.commit()
flash('Changed username!', 'success')
return render_template('admin/settings.html', chpwd=chpwd, chusr=chusr)
def CommonChangePassword(form: ChangePasswordForm, userId: int,
checkOld: int) -> list: # success, message
if form.validate_on_submit():
new_passwd = form.newpassword.data
ret_passwd = form.retpassword.data
user = storage.getUser(userId)
if (checkOld):
old_passwd = form.oldpassword.data
if user.password != old_passwd:
return [0, ("Incorrect old password", 'message red')]
if new_passwd != ret_passwd:
return [0, ("New passwords don't match", 'message red')]
user.password = new_passwd
storage.saveUser(user)
return [1, ("Password successfully changed", 'message green')]
return [0, ("Fill all fields", 'message blue')]
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
current_user.set_user_pw(form.user_password_new.data)
try:
with dbHelper.get_session() as session:
session.commit()
except Exception as e:
abort(500)
flash('Your changes have been saved.')
return redirect(url_for('user', user_id=current_user.user_id))
return render_template('edit_password.html', form=form)
def change_password():
"""Allow the user who did not register with a social account to change
his password.
"""
if current_user.register_with_provider:
flash('Registered with a social account, no password is required')
return redirect(url_for('mod_feed.index'))
form = ChangePasswordForm()
if form.validate_on_submit():
flash('Password changed successfully')
current_user.password = form.new_password.data
return render_template('auth/change_password.html', form=form)
def settings():
"""Show settings for authenticated user."""
chpwd = ChangePasswordForm(prefix='pwd')
chusr = ChangeUsernameForm(prefix='usr')
if chpwd.submit.data and chpwd.validate_on_submit():
current_user.change_password(chpwd.new_password.data)
db.session.commit()
flash('Changed password!', 'success')
if chusr.submit.data and chusr.validate_on_submit():
current_user.name = chusr.username.data
db.session.commit()
flash('Changed username!', 'success')
return render_template('admin/settings.html', chpwd=chpwd, chusr=chusr)
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
user = current_user
if user.check_password(
form.old_password.data
) and form.new_password.data == form.new_password2.data:
user.set_password(form.new_password.data)
db.session.commit()
logout_user()
flash('Password changed')
return redirect(url_for('login'))
flash('Incorrect password')
return render_template('change_password.html',
title='Change Password',
form=form)
def settings():
form = SettingForm(obj=current_user)
change_pwd_form = ChangePasswordForm(prefix='pwd')
if form.has_been_submitted(request):
if form.validate_on_submit():
current_user.blog_title = form.blog_title.data
current_user.blog_description = form.blog_description.data
current_user.blog_image = form.blog_image.data
current_user.blog_image_rounded = form.blog_image_rounded.data
current_user.blog_bg = form.blog_bg.data
current_user.blog_bg_public = form.blog_bg_public.data
current_user.blog_bg_everywhere = form.blog_bg_everywhere.data
current_user.blog_bg_override = form.blog_bg_override.data
current_user.blog_bg_repeat = form.blog_bg_repeat.data
current_user.blog_paginate = form.blog_paginate.data
current_user.blog_paginate_by = form.blog_paginate_by.data
current_user.blog_public = form.blog_public.data
current_user.blog_truncate_posts = form.blog_truncate_posts.data
current_user.blog_syntax_highlighter_css = form.blog_syntax_highlighter_css.data
current_user.linkedin_url = form.linkedin_url.data
current_user.gplus_url = form.gplus_url.data
current_user.github_url = form.github_url.data
current_user.twitter_url = form.twitter_url.data
saved = current_user.save()
if saved:
flash("Saved your settings.")
return redirect(url_for("blog.index", user_slug=current_user.blog_slug))
else:
flash("Something went wrong...")
elif change_pwd_form.has_been_submitted(request):
if change_pwd_form.validate_on_submit():
current_user.set_password(change_pwd_form.new_password.data)
saved = current_user.save()
if saved:
flash("Changed your password.")
else:
flash("Something went wrong...")
return render_template("settings.html", form=form, change_pwd_form=change_pwd_form)
