def change_password(): #token, old_password, new_password
token = request.headers.get('token')
email = get_email_by_token(token)
oldPW = request.form['oldPasswordChange']
newPW = request.form['newPasswordChange']
userInfo = database_helper.get_user_mail_pw(email, oldPW)
if userInfo != None: #userInfo[0] = email, userInfo[1] = pw, userInfo[2] = salt
oldHashedPW = getHashedPW(oldPW, userInfo[2])
#check old PW
if (userInfo[1] == oldHashedPW):
newHashedPW, newSalt = hashPw(newPW)
database_helper.change_pw(newHashedPW, newSalt, email)
return json.dumps({"success": "true", "message": "Password changed."})
else:
return json.dumps({"success": "false", "message": "Incorrect password."})
else:
return json.dumps({"success": "false", "message": "No user found."})
def sign_in(): #email, password
email = request.form['loginUsernameInput']
password = request.form['loginPasswordInput']
#query user db
userInfo = database_helper.get_user_mail_pw(email, password) #userInfo[0] = email, userInfo[1] = pw, userInfo[2] = salt
#check is user is found in db
if userInfo != None:
#check if password is correct
hashedPassword = getHashedPW(password, userInfo[2])
if (hashedPassword == userInfo[1]):
#get token
token = get_unique_token()
#add token and mail to active users list
active_users[token] = email
return json.dumps({"success": "true", "message": "Sign in successful.", "data": token})
else:
return json.dumps({"success": "false", "message": "Invalid password."})
else:
return json.dumps({"success": "false", "message": "Username not found."})