def login(): loginform = LoginForm(prefix='login') if request.method == 'POST' and loginform.validate_on_submit(): username = loginform.username.data password = loginform.password.data user = User.query.filter(User.username == username).first() if user is not None and user.username == username and bcrypt.check_password_hash(user.password, password): login_user(User(user.user_id, user.username, user.password)) return redirect(request.args.get("next")) else: flash(u"Wrong username or password or both or maybe none of them and I just don't want you to log in.", 'error') return redirect('/login?next=' + request.args.get("next")) else: return render_custom_template('login.html', loginform=loginform)
def admin(current=-1): data = None if request.method == 'GET' and current >= 0: data = Post.query.filter_by(post_id=current).first() postform = PostForm(obj=data) # Check if the default credentials have been changed if current_user.username == app.config['DEFAULT_USERNAME'] and bcrypt.check_password_hash(current_user.password, app.config['DEFAULT_PASSWORD']): flash(u'Please change admin credentials.', 'error') if request.method == 'POST' and postform.validate_on_submit(): if current >= 0: post = Post.query.filter_by(post_id=current).first() if postform.delete.data: db.session.delete(post) else: post.title = postform.title.data post.text = postform.text.data post.draft = (not postform.publish.data) post.static = (postform.static.data) else: post = Post( postform.title.data, postform.text.data, current_user.fullname, (not postform.publish.data), postform.static.data, datetime.datetime.now() ) db.session.add(post) db.session.commit() return redirect(url_for('admin')) posts = Post.query.filter(Post.static==False).order_by(db.desc(Post.timestamp)) statics = Post.query.filter(Post.static==True).order_by(db.desc(Post.timestamp)) return render_custom_template('admin.html', posts=posts, statics=statics, postform=postform, current_user=current_user)