def is_passw_correct(login, passw):
db = __mysql_connect(cfg.DB)
cursor = db.cursor()
cursor.execute("""
SELECT user_pass FROM users WHERE user_name='%s';
""" % login)
db_passw_hash = cursor.fetchone()[0]
return hash.check_password(db_passw_hash, passw)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
user = User.query.filter_by(username=username).first()
if user and check_password(user.password, password):
session['username'] = username
flash("Logged in")
return redirect('/newpost')
else:
if not user:
flash('User does not exist, try again!', 'error')
return redirect('/login')
else:
flash('Incorrect password, try again!', 'error')
return redirect('/login')
return render_template('login.html')
parser.add_argument('-n', '--new-pass', help='New user password, min. 8 characters')
parser.add_argument('-l', '--list', help='List every user', action="store_true")
parser.add_argument('-d', '--delete', help='User login to delete', action="store_true")
parser.add_argument('-e', '--edit', help='User login to edit', action="store_true")
args = parser.parse_args()
if args.list:
for user in User.load_all_users(cur):
print(user.username)
elif args.username is not None and args.password is not None:
if args.delete:
user = User.load_user_by_email(cur, args.username)
hashed = user.hashed_password
if check_password(args.password, hashed):
user.delete(cur)
print("User: "******"deleted")
else:
print("Password incorrect")
elif args.edit:
user = User.load_user_by_email(cur, args.username)
hashed = user.hashed_password
if check_password(args.password, hashed):
if args.new_pass is not None:
if len(args.new_pass) >= 8:
user.set_password(args.new_pass)
print("Password changed")
else:
print("Password too short")
def verify_password(self, password):
return check_password(password, self.password_hash)