def ajax_login(request): email = validate_email(request.POST["email"], for_login=True) password = validate_password(request.POST["password"]) user = authenticate(email=email, password=password) if user == None: sso = AuthRecord.objects.filter(user__email=email) if len(sso) >= 1: # could also be the password is wrong return { "status": "fail", "msg": "You use an identity service provider to log in. Click the %s log in button to sign into this site." % " or ".join( set([ providers.providers[p.provider]["displayname"] for p in sso ])) } return { "status": "fail", "msg": "That's not a username and password combination we have on file." } elif not user.is_active: return {"status": "fail", "msg": "Your account has been disabled."} else: login(request, user) return {"status": "success"}
def ajax_login(request): email = validate_email(request.POST["email"], for_login=True) password = validate_password(request.POST["password"]) user = authenticate(email=email, password=password) if user == None: sso = AuthRecord.objects.filter(user__email=email) if len(sso) >= 1: # could also be the password is wrong return { "status": "fail", "msg": "You use an identity service provider to log in. Click the %s log in button to sign into this site." % " or ".join(set([providers.providers[p.provider]["displayname"] for p in sso])) } return { "status": "fail", "msg": "That's not a username and password combination we have on file." } elif not user.is_active: return { "status": "fail", "msg": "Your account has been disabled." } else: login(request, user) return { "status": "success" }
def profile(request): errors = { } if request.method == "POST": email = None if request.POST.get("email", "").strip() != request.user.email: try: email = validate_email(request.POST.get("email", "")) except Exception, e: errors["email"] = validation_error_message(e) password = None if request.POST.get("password", "").strip() != "": try: password = validate_password(request.POST.get("password", "")) except Exception, e: errors["email"] = validation_error_message(e)
def change_password(): """change password""" if request.method == "GET": return render_template("cpw.html") # reached via POST, change password else: # get username if not request.form.get("username"): return apology("Missing username!", 400) # get old password elif not request.form.get("oldPassword"): return apology("Missing old password!", 400) # get new password elif not request.form.get("newPassword"): return apology("Missing new password!", 400) # confirm new password elif not request.form.get("confirmation"): return apology("Missing confirmation!", 400) # validate new password elif not validate_password(request.form.get("newPassword")): return apology("Password too simple", 400) # check new password == confirmation elif not request.form.get("newPassword") == request.form.get( "confirmation"): return apology("Password and confirmation doesn't match", 400) # generate password hash hash = generate_password_hash(request.form.get("newPassword")) # update hash db.execute("UPDATE users SET hash=:hash WHERE username=:username", hash=hash, username=request.form.get("username")) # login homepage user = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) session["user_id"] = user[0]["id"] return redirect("/")
def profile(request): errors = {} success = [] if request.method == "POST": email = None if request.POST.get("email", "").strip() != request.user.email: try: email = validate_email(request.POST.get("email", "")) except Exception, e: errors["email"] = validation_error_message(e) password = None if request.POST.get("password", "").strip() != "": try: password = validate_password(request.POST.get("password", "")) except Exception, e: errors["password"] = validation_error_message(e)
def register(): """Register user""" if request.method == "POST": if not request.form.get("username"): return apology("Missing username!", 400) elif not request.form.get("password"): return apology("Missing password!", 400) elif not request.form.get("confirmation"): return apology("Missing confirmation!", 400) # validate new password elif not validate_password(request.form.get("password")): return apology("Password too simple", 400) elif not request.form.get("password") == request.form.get( "confirmation"): return apology("Password and confirmation doesn't match", 400) hash = generate_password_hash(request.form.get("password")) result = db.execute( "SELECT username FROM users WHERE username = :username", username=request.form.get("username")) if result: return apology("Username already exists", 400) else: db.execute( "INSERT INTO users(username,hash) VALUES(:username, :hash)", username=request.form.get("username"), hash=hash) user = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) session["user_id"] = user[0]["id"] return redirect("/") else: return render_template("register.html")
def changepassword(): if session.get("username") == None: return redirect("/login") if request.method == "GET": return render_template("changepassword.html", username=session["username"]) password = request.form.get("password") password1 = request.form.get("password1") if not password or not password1: return render_template( "changepassword.html", username=session["username"], change_password_error="password or confirm password missing") if password != password1: return render_template("changepassword.html", username=session["username"], change_password_error="passwords don't match") if not validate_password(password): return render_template( "changepassword.html", username=session["username"], change_password_error="min 6 character alpha-numeric password") user = User.query.filter_by(username=session["username"]).first() if not user: session.clear() return redirect("/login") password = generate_password_hash(password) user.password = password db.session.commit() sendmail(user.email, "Security Information", "Password Changed for 'paris-flack'") return redirect("/")
def register(): if session.get("username") != None: return redirect("/") session.clear() if request.method == "GET": return render_template("register.html") username = request.form.get("username") password = request.form.get("password") password1 = request.form.get("password1") email = request.form.get("email") if not username or not password or not email or not password1: return render_template( "register.html", register_error="Input in all fields marked with *.") if not validate_email(email): return render_template("register.html", register_error="Invalid Email Address") if not validate_password(password): return render_template( "register.html", register_error="Alpha-numeric Password Required") if password != password1: return render_template("register.html", register_error="Passwords Don't Match") if not validate_username(username): return render_template("register.html", register_error="Invalid Username") username = username.strip() password = password.strip() email = email.strip() user = User.query.filter_by(username=username).first() if user != None: return render_template("register.html", register_error="This Username already exists.") user = User.query.filter_by(email=email).first() if user != None: return render_template( "register.html", register_error="This Email is associated with another account.") password = generate_password_hash(password) code = str(random.randint(100000, 999999)) session["user_registration"] = { "username": username, "password": password, "email": email, "code": code } try: sendmail(email, "Verify Email", code) except: return redirect("/process_verification") return redirect("/verification")
elif request.method == "POST" and settings.REGISTRATION_ASK_USERNAME: errors["username"] = "******" if email: try: email = validate_email(email) except Exception, e: errors["email"] = validation_error_message(e) elif request.method == "POST": errors["email"] = "Provide an email address." password = None if not provider: if request.method == "POST": try: password = validate_password(request.POST.get("password", "")) except Exception, e: errors["password"] = validation_error_message(e) if len(errors) > 0 or request.method != "POST": # Show the form again with the last entered field values and the # validation error message. return render_to_response('registration/register.html', { "provider": provider, "username": username, "ask_username": settings.REGISTRATION_ASK_USERNAME, "email": email, "errors": errors, "site_name": settings.APP_NICE_SHORT_NAME, },
elif request.method == "POST" and REGISTRATION_ASK_USERNAME: errors["username"] = "******" if email: try: email = validate_email(email) except Exception, e: errors["email"] = validation_error_message(e) elif request.method == "POST": errors["email"] = "Provide an email address." password = None if not provider: if request.method == "POST": try: password = validate_password(request.POST.get("password", "")) except Exception, e: errors["password"] = validation_error_message(e) if len(errors) > 0 or request.method != "POST": # Show the form again with the last entered field values and the # validation error message. return render_to_response('registration/register.html', { "provider": provider, "username": username, "ask_username": REGISTRATION_ASK_USERNAME, "email": email, "errors": errors, "site_name": APP_NICE_SHORT_NAME, }, context_instance=RequestContext(request))