def login(): error = None if request.method == 'POST': username = request.form['username'] raw_password = request.form['password'] if 'forgot' in request.form: try: forgot_password(username) except Exception as e: if str(e) != "No such user/No valid email": raise flash("Kunne ikke sende en mail til denne bruger") return redirect(url_for('usermanager.login')) return render_template("usermanager/forgot.html", username=username) user = data.execute('SELECT password, deleted FROM Users WHERE username = ?', username) if empty(user) or not password.check(raw_password, user[0]['password']): flash('Invalid username or password') elif user[0]["deleted"]: flash('Sorry, your user has been deleted') else: session['logged_in'] = True session['username'] = username groups = data.execute('SELECT groupname FROM Group_users WHERE username = ?', username) groups = [group['groupname'] for group in groups] session['groups'] = groups update_password(username, raw_password) flash("Login succesful") return redirect(session.pop('login_origin', url_front())) return render_template("usermanager/login.html", error=error)
def modify_news(id): news = data.execute("SELECT * FROM News WHERE n_id = ?", id) if empty(news) or session['username'] != news[0]['creator']: flash("You are not permitted to edit this newsitem") return redirect(url_front()) news = news[0] if request.method == 'POST': if 'cancel' in request.form: return redirect(url_front()) b = data.Bucket(request.form) if 'delete' in request.form: b >> ("DELETE FROM News WHERE n_id = ?", id) if b.title == "": flash("Please enter a title") return html.back() b.text b >> ("UPDATE News $ WHERE n_id = ?", id) return redirect(url_front()) else: w = html.WebBuilder() w.form() w.formtable() w.textfield("title", "Overskrift") w.textarea("text", "Tekst") w.html('<button type="submit" name="delete" value="delete">Slet nyhed</button>', "") form = w.create(news) return render_template("form.html", form=form)
def new(key): time.sleep(random.randint(2, 6)) # EXPLANATION: weed out old creation keys delete_old_keys() # EXPLANATION: Check if key exists/is valid result = data.execute( "SELECT key, email FROM User_creation_keys WHERE key = ?", key) if empty(result): time.sleep(random.randint(5, 21)) # TODO: Send to errorpage? return redirect(url_front()) if request.method == "POST": if 'cancel' in request.form: data.execute("DELETE FROM User_creation_keys WHERE key = ?", key) flash("Oprettelse anulleret") return redirect(url_front()) b = data.Bucket(request.form) if not sanitize_username(b.username): flash("Ugyldigt brugernavn") return html.back() if b.password1 != b.password2: flash("Du gav to forskellige løsener, prøv igen") return html.back() if b.password1 == "": flash("Du skal vælge et løsen") return html.back() data.execute("DELETE FROM User_creation_keys WHERE key = ?", key) create_user(b.username, b.password1, b.name, b.email) flash("Ny bruger oprettet") session['logged_in'] = True session['username'] = b.username return redirect(url_for("usermanager.settings")) else: wb = html.WebBuilder() wb.form() wb.formtable() wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):") wb.textfield("name", "Fulde navn:") wb.textfield("email", "Email:", value=result[0]["email"]) wb.password("password1", "Løsen") wb.password("password2", "Gentag løsen") form = wb.create() return render_template("form.html", form=form)
def new(key): time.sleep(random.randint(2,6)) # EXPLANATION: weed out old creation keys delete_old_keys() # EXPLANATION: Check if key exists/is valid result = data.execute("SELECT key, email FROM User_creation_keys WHERE key = ?", key) if empty(result): time.sleep(random.randint(5,21)) # TODO: Send to errorpage? return redirect(url_front()) if request.method == "POST": if 'cancel' in request.form: data.execute("DELETE FROM User_creation_keys WHERE key = ?", key) flash("Oprettelse anulleret") return redirect(url_front()) b = data.Bucket(request.form) if not sanitize_username(b.username): flash("Ugyldigt brugernavn") return html.back() if b.password1 != b.password2: flash("Du gav to forskellige løsener, prøv igen") return html.back() if b.password1 == "": flash("Du skal vælge et løsen") return html.back() data.execute("DELETE FROM User_creation_keys WHERE key = ?", key) create_user(b.username, b.password1, b.name, b.email) flash("Ny bruger oprettet") session['logged_in'] = True session['username'] = b.username return redirect(url_for("usermanager.settings")) else: wb = html.WebBuilder() wb.form() wb.formtable() wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):") wb.textfield("name", "Fulde navn:") wb.textfield("email", "Email:", value=result[0]["email"]) wb.password("password1", "Løsen") wb.password("password2", "Gentag løsen") form = wb.create() return render_template("form.html", form=form)
def login(): error = None if request.method == 'POST': username = request.form['username'] raw_password = request.form['password'] if 'forgot' in request.form: try: forgot_password(username) except Exception as e: if str(e) != "No such user/No valid email": raise flash("Kunne ikke sende en mail til denne bruger") return redirect(url_for('usermanager.login')) return render_template("usermanager/forgot.html", username=username) user = data.execute( 'SELECT password, deleted FROM Users WHERE username = ?', username) if empty(user) or not password.check(raw_password, user[0]['password']): flash('Invalid username or password') elif user[0]["deleted"]: flash('Sorry, your user has been deleted') else: session['logged_in'] = True session['username'] = username groups = data.execute( 'SELECT groupname FROM Group_users WHERE username = ?', username) groups = [group['groupname'] for group in groups] session['groups'] = groups update_password(username, raw_password) flash("Login succesful") return redirect(session.pop('login_origin', url_front())) return render_template("usermanager/login.html", error=error)