def reset_password_link_page(urlsafe_string):
try:
temp_url = TemporaryUrl.get_by_id(int(urlsafe_string))
except Exception as e:
logging.info(e)
return render_template('not_found_page.html'), 404
if not temp_url.isActive():
logging.info('password reset link expired')
return render_template('not_found_page.html'), 404
if not temp_url.user_key:
logging.info('Reset link with no user key')
return render_template('not_found_page.html'), 404
form = ResetPasswordForm()
if form.validate_on_submit():
user = temp_url.user_key.get()
user.password = generate_password_hash(form.password.data)
user.put()
temp_url.isValid = False
temp_url.put()
return redirect(url_for('web_app.home_page'))
return render_template('reset_password_link_page.html',
form=form,
urlsafe_string=urlsafe_string)
def resetpassword():
form = ResetPasswordForm()
if request.method == 'GET':
return render_template('modify.html', form=form)
else:
if form.validate_on_submit():
with g.db as cur:
sql2 = 'select * from usertable where user_id="{0}" and user_password="******"'.format(
form.user_id.data, form.user_password.data)
cur.execute(sql2)
infos = [dict(id=row[0]) for row in cur.fetchall()]
if infos == []:
flash('Invalid!')
else:
with g.db as cur:
sql = """update usertable set user_password= '******' where user_id='{1}'
""".format(form.user_newpassword.data, form.user_id.data)
cur.execute(sql)
flash('You have resetpassword!')
else:
flash(form.errors)
return redirect(url_for('show_todo_list'))
def password_reset(token):
email = confirm_token(token)
user = User.query.filter_by(email=email).first()
if user and user.reset:
form = ResetPasswordForm(request.form)
kwargs = {
'page_title': 'Reset Password',
'form_title': 'Reset Your Password',
'action': url_for('password_reset', token=token),
'primary_button': 'Submit',
'links': [('Need help?', '#')]
}
if form.validate_on_submit():
user.password = bcrypt.generate_password_hash(form.password.data)
user.reset = False
db.session.commit()
flash(
'Your password has been successfully reset. You can log in now.',
'success')
return redirect(url_for('homepage'))
return render_template('formbuilder.html', form=form, **kwargs)
else:
flash('The reset password link is invalid or has expired.', 'danger')
return redirect(url_for('homepage'))
def reset_token(token):
'''This function will update the new password for the user.'''
username = session['username']
valid = verify_reset_token(token)
con = mysql.connect()
cursor = con.cursor()
if valid is False:
flash('This URL has expired', 'warning')
return redirect(url_for('forgot_password'))
form = ResetPasswordForm()
userDetails = request.form
if form.validate_on_submit():
password = bcrypt.generate_password_hash(str(
userDetails['password'])).decode('utf-8')
res = cursor.execute("SELECT * from USERS WHERE Email = %s;",
(username))
if int(res) > 0:
cursor.execute("UPDATE USERS SET Password = %s WHERE Email = %s",
(password, username))
con.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('login'))
else:
print("Record Not found")
flash("Email id does not exist", "error")
con.close()
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_password():
form = ResetPasswordForm()
if form.validate_on_submit():
# Query "users" database for hash using lookup
user = db.execute("SELECT * FROM user WHERE user_id = :user_id",
user_id=session.get("user_id"))
# Ensure current password is entered correctly
if not check_password_hash(user[0]["hashed_pw"],
form.current_password.data):
flash('Current Password is invalid. Please re-enter', 'danger')
return redirect("/account_settings")
else:
# Hash new password
hashed_pw = generate_password_hash(form.new_password.data)
# Update password in "user" table
update_hash = db.execute(
"UPDATE user SET hashed_pw = :hashed_pw WHERE user_id = :user_id",
user_id=int(session.get("user_id")),
hashed_pw=hashed_pw)
# flash message
flash('Password has been updated successfully!', 'success')
else:
flash("Sorry, we're unable to reset your password.", 'danger')
return redirect("/account_settings")
def reset_password():
form = ResetPasswordForm()
if request.method == 'GET':
forgot_password_token = request.args.get('token')
user = User.query.filter(User.forgotPasswordToken == forgot_password_token).first()
if not user:
abort(404)
return render_template('reset_password.html', form=form, token=user.forgotPasswordToken)
if request.method == 'POST':
if form.validate_on_submit():
if form.password.data != form.retype_password.data:
flash("Entered passwords did not match")
user = User.query.filter(User.forgotPasswordToken == request.form.get('token').strip()).first()
if user:
user.set_password(form.retype_password.data)
user.forgotPasswordToken = ""
db.session.commit()
return redirect(url_for("api.home"))
else:
abort(404)
abort(405)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('admin'))
user = User.varify_reset_token(token)
if user is None:
flash('that is invalid or expired token ', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
register = Register(name=form.name.data,
username=form.username.data,
email=form.email.data,
password=form.password.data,
country=form.country.data,
city=form.city.data,
contact=form.contact.data,
address=form.address.data,
zipcode=form.zipcode.data)
db.session.add(register)
flash(f'Welcome {form.name.data} Thank you for registering', 'success')
db.session.commit()
return redirect(url_for('customerLogin'))
return render_template('customer/reset_token.html',
title='Reset Password',
form=form)
def reset():
token = request.args.get('token')
if not token:
log_message(f'no token attempted reset')
abort(404)
try:
user = User.deserialize(token)
except SignatureExpired:
flash('Expired Token', 'danger')
log_message('expired token reset attempt')
return redirect(url_for('main.index'))
except BadSignature:
flash('Invalid token', 'danger')
log_message('bad signature reset attempt')
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
log_message(f'user_id: {user.id} changed password')
user.change_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Password reset', 'success')
login_user(user)
return redirect(url_for('dash.index'))
return render_template('auth/reset.html.j2', form=form)
def reset_password(serialized_token):
expired, invalid, user = unserialize_token(serialized_token, 'reset')
if expired:
flash(msgs['LINK_EXPIRED'], 'error')
return redirect(url_for('.index'))
if invalid:
flash(msgs['LINK_INVALID'], 'error')
return redirect(url_for('.index'))
form = ResetPasswordForm()
form.login.data = user.login
if form.validate_on_submit():
encrypted_password = encrypt_password(form.password.data)
user.passhash = encrypted_password
db.session.add(user)
db.session.commit()
form.dispose_password()
flash(msgs['RESET_PASSWORD_SUCCESS'])
return redirect(url_for('.login'))
for field in form.errors:
flash('<strong>' + field.capitalize() + '</strong>' + ': ' + form.errors[field][0], 'error')
return render_template('reset_password.html', form=form, serialized_token=serialized_token)
def post(self,token):
headers = {'Content-Type': 'text/html'}
form = ResetPasswordForm()
if form.validate_on_submit():
#user.set_password(form.password.data)
#db.session.commit()
updatePassword(token,form.password.data)
return make_response(render_template('reset_password.html',form=form),200,headers)
def reset_password(username):
form = ResetPasswordForm()
if form.validate_on_submit():
password = form.password.data
user = User.update_password(username, password)
return redirect('/login')
def forgotten_password():
form = ResetPasswordForm()
if form.validate_on_submit():
registered_user = retrieve_user_by_name(username=form.username.data)
if registered_user != 'unknown user' and registered_user.email == form.email.data:
send_mail(form.email.data, 'reset_password')
return '<h1>A link has been sent to your registered email to reset your password</h1>'
else:
return '<h1>username or email is not registered</h1>'
return render_template('Forgotten_Password.html', form=form)
def admin_reset_password():
form = ResetPasswordForm()
if form.validate_on_submit():
admin_id = current_user.id
admin = Admin.query.get(int(admin_id))
admin.password = generate_password_hash(form.password.data)
admin.is_pw_changed = True
db.session.commit()
return redirect(url_for('admin_dashboard'))
return render_template('admin/reset_password.html', form=form)
def password_reset():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = UserData.query.filter_by(email=form.email.data).first()
if user:
token = user.generate_password_reset()
send_email(user.email, 'Forex Access Reset Your Password', 'email_password_reset', user=user, token=token)
flash('Check Your email for the instructions to reset your password')
return render_template('password_reset.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = Student.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
def profile():
password_reset_form = ResetPasswordForm()
username_reset_form = ResetUsernameForm()
existing_user = user.query.filter_by(email=current_user.email).first()
security_question = security_question_dict[existing_user.security_question]
existing_answer = existing_user.security_answer
existing_password = existing_user.password
if password_reset_form.validate_on_submit():
security_answer = password_reset_form.security_answer.data
new_password = password_reset_form.new_password.data
if not check_password_hash(existing_answer, security_answer):
flash("wrong security answer")
return redirect(url_for('auth.profile'))
print(new_password)
existing_user.password = generate_password_hash(new_password,
method='sha256')
try:
db.session.commit()
return redirect(url_for('index'))
except:
return "Update error"
if username_reset_form.validate_on_submit():
old_password = username_reset_form.old_password.data
new_username = username_reset_form.new_username.data
if not check_password_hash(existing_password, old_password):
flash("wrong password or security answer")
return redirect(url_for('auth.profile'))
user_already_exists = user.query.filter_by(
username=new_username).first()
if user_already_exists:
flash("username is taken")
return redirect(url_for('auth.profile'))
existing_user.username = new_username
try:
db.session.commit()
return redirect(url_for('index'))
except:
return "Update error"
return render_template('profile.html',
current_user=current_user,
password_reset_form=password_reset_form,
username_reset_form=username_reset_form,
security_question=security_question)
def reset_password():
# This function will reset the user password, send an email to the user at the entered email address.
from datetime import datetime
form = ResetPasswordForm()
if form.validate_on_submit():
# Checks is the entered email address is in the database and assigns to user
user = User.query.filter_by(email=form.email.data).first()
if user:
# if user email is verified, reset_key is created and the current time is stored
reset_key_request = create_random_pwd()
reset_time_request = datetime.now()
# set user reset_key and reset_timer
user.reset_key = reset_key_request
user.reset_timer = reset_time_request.day + 100 # save day as integer + 100
reset_url = 'http://safety.americanpeptide.com/password_reset?email=%s&password_reset_key=%s' % (user.email, reset_key_request)
flash("A password reset key has been created. Please check your email for the reset key to\
change your password.")
msg = Message('Your Password Reset Key.',
sender=('Safety Training Website', '*****@*****.**'),
recipients=[user.email])
msg.html = """
<h2>User Password Reset</h2>
<p>Hello %s %s.</p>
<p>You have requested to change your password for the email %s. If you did not request to change your password,
please ignore this message.</p>
<p>To change your password, click on the following link. Enter the password reset key then enter
your new password.</p>
<p>Your Password Reset Key is: <strong> %s </strong></p>
<p><a href="%s">Click here to reset your password.</a></p>
""" % (user.firstname, user.lastname, user.email, reset_key_request, reset_url)
mail.send(msg)
# db.session.add(user)
# print "session add user"
db.session.commit()
print "session commit user"
return redirect(url_for('login'))
else:
flash("The email address that was entered is not valid. Please check the email and try again.")
return render_template('reset_password.html', form=form)
def reset_password(token):
if not current_user.is_anonymous:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return redirect(url_for('main.index'))
if user.reset_password(token,form.password.data):
flash('You password have been update')
return redirect(url_for('auth.login'))
else:
return redirect(url_for('main.index'))
return render_template('auth/reset_password.html',form = form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('profile.list_bookmarks'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('home.homepage'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.password(form.password.data)
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('auth.login'))
return render_template('email/reset_password.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('signup'))
user = User.verify_reset_token(token)
if user is None:
flash('That is invalid or expired token', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
password = generate_password_hash(form.password.data)
user.password = password
db.session.commit()
flash('Yor password has been updated!', 'success')
return redirect(url_for('login'))
return render_template('reset_token.html', form=form)
def reset_token(token):
student = Student.get_verify_token(token)
if student is None:
flash('Invalid or expired tokens', 'danger')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_pass = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
student.password = hashed_pass
db.session.commit()
flash('Your password has been updated', 'success')
return redirect(url_for('login'))
return render_template('reset_token.html',
title='Reset password',
form=form)
def reset_password(token):
serializer = URLSafeTimedSerializer('asdfghjkl')
try:
email = serializer.loads(token, 86400)
except SignatureExpired:
return 'Token Expired'
user = User.query.filter_by(email=email).first()
if user:
form = ResetPasswordForm()
if form.validate_on_submit():
user.password_hash = user.hash_password(form.new_password.data)
db.session.commit()
flash('Password Changed!')
return redirect(url_for('register'))
return render_template('reset_password.html', form=form)
return 'Password Reset Link Expired'
def resetPassword(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_reset_token(token)
if user is None:
flash('Invalid or expired password reset link', 'warning')
return redirect(url_for('forgotPassword'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.password = form.new_password.data
db.session.commit()
flash('Your Password has been Updated! You can login now.', 'info')
return redirect(url_for('login'))
return render_template('resetpassword.html',
form=form,
title="ORM - Reset Password")
def reset_token(token):
if session.get('email'):
return redirect(url_for('index'))
user_x = user.verify_reset_token(token)
if user_x is None:
flash('Token is invalid or expired', 'warning')
return redirect(url_for('request_reset'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.confirm_password.data).decode('utf-8')
user_x.password = hashed_password
db.session.commit()
flash('Your password has been changed', 'success')
return redirect(url_for('login'))
return render_template('reset_token.html', form=form)
def reset_user_password(userid):
form = ResetPasswordForm()
user = User.query.filter_by(id=userid).first()
if form.validate_on_submit():
print("Resetting Password:{}".format(form.new_password.data))
user.set_password(form.new_password.data)
db.session.commit()
print("done")
flash('Password has been reset for user {}'.format(user.username))
return redirect(url_for('user_details'))
return render_template('reset-password.html',
title='Reset Password',
form=form,
user=user)
def confirm_forgot_password():
reset_password_form = ResetPasswordForm()
if reset_password_form.submit4.data and reset_password_form.validate_on_submit():
result = request.form
event = {
'username': result['username'],
'password': result['password'],
'code': result['ver_code']
}
resp = reset_password(event)
if resp['success']:
return redirect(url_for('home', msg="Password has been changed successfully."))
else:
return redirect(url_for('confirm_forgot_password', msg=resp['message']))
return render_template('confirm-forgot-password.html', resetpasswordform=reset_password_form,
msg=request.args.get('msg'), user=logged_in_user)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('data', path=path))
user = User.verify_reset_token(token)
if user is None:
flash('The link is invalid or expired. Please try again', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_pwd = hashlib.md5(form.password.data).hexdigest()
user.password = hashed_pwd
db.session.commit()
flash("Password has been changed successfully!!")
return redirect(url_for('login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.check_reset_token(token)
if user:
user.password = bcrypt.generate_password_hash(form.password.token)
db.session.commit()
flash(
'Your password reset is done,you can login now with your new passowrd',
category='info')
return redirect(url_for('login'))
else:
flash('The user is not exist.', category='info')
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
def reset_password(token):
if not current_user.is_anonymous():
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if not user:
return redirect(url_for('main.index'))
if not user.reset(token):
flash('Invalidate token')
return redirect(url_for('main.index'))
user.password = form.new_password.data
db.session.add(user)
db.session.commit()
flash('password reset successful. You can login.')
return redirect(url_for('auth.login'))
return render_template('auth/reset_password.html', form=form)
def reset_token(token):
if 'name' in session:
return redirect(url_for('home'))
#user = User.verify_reset_token(token)
form = ResetPasswordForm()
if form.validate_on_submit():
for id in db1:
b = db1.get(id)
if (b['email'] == token):
b['password'] = form.password.data
db1.save(b)
flash('Your password has been updated! You are now able to log in',
'success')
return redirect(url_for('login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_password():
login = session.get('login', None)
if not session.get('can_reset_password', None) or not login:
abort(400)
form = ResetPasswordForm(meta={'csrf_context': session})
if form.validate_on_submit():
password = form.password.data
user = User.query.filter_by(login=login).first()
user.set_password(password)
db.session.commit()
session['can_reset_password'] = False
flash('Hasło zostało zmienione', 'alert alert-success')
return redirect(url_for('account.login'))
return render_template('reset_password.html', form=form)
def reset_password(name, token):
user = User.query.filter_by(name=name).first()
if user and user.confirm_user(token):
form = ResetPasswordForm()
if request.method == 'GET':
flash('Please reset your password', 'success')
return render_template('user/reset_password.html', form=form)
if form.validate_on_submit():
user.password = form.password.data
db.session.add(user)
db.session.add(user)
db.session.commit()
flash('Password has been reset', 'success')
return redirect(url_for('.index', name=user.name))
else:
flash('Wait...Wrong token!', 'danger')
return redirect(url_for('front.index'))
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_reset_token(token)
print(user)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.password_hash = generate_password_hash(form.password.data)
user.login_attempts = 0
db.session.commit()
return redirect(url_for('login'))
return render_template('reset_token.html',
title='Reset Password 2',
form=form)
def reset(token):
if not current_user.is_anonymous:#如果用户已经登录,跳转到首页
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email = form.email.data).first()
if user is None:
flash(u'邮箱地址错误')
else:
if user.confirm(token):
user.password = form.password.data
db.session.add(user)
db.session.commit()
flash(u'你刚刚重置了密码')
return redirect(url_for('auth.login'))
else:
flash(u'错误的验证链接或链接已失效')
#return redirect(url_for('main.index'))
return render_template('auth/resetquest.html', form = form)
def reset_user_password(id):
if not g.user.is_admin():
logger.error("%s tried to access /reset-user-password/%d", g.user.email, id)
abort(403)
user = User.query.get_or_404(id)
form = ResetPasswordForm()
if form.validate_on_submit():
if request.form['button'] == 'Cancel':
return form.redirect(url_for('user_list'))
user.reset_password(form.pass2.data)
flash("User password modified successfully")
logger.info("Password for %s was modified", user.email)
return redirect(url_for('user_list'))
return render_template('admin_reset_password.html',
title = "Modify password",
user = user,
form = form)
