示例#1
0
def edit_user_password(username):
    # Updates password of a user on non PubCookie setups.
    message = None
    errors = []
    if session['user_auth_level'] >= 10000 or session['user_username'] == username: #  administrator access
        log_access('users/password')
        if request.method == 'POST':
            log_access('users/password', 'posted form')
            user_id = request.form['user_id']
            current_pw = request.form['cur_password'] if 'cur_password' in request.form else ''
            new_pw = request.form['new_password']
            again_pw = request.form['again_password']
            user = model.get_user(user_id)
            current_hash_pw = auth.hash_password(current_pw)
            if session['user_auth_level'] >= 10000 and session['user_id'] != user_id:
                current_hash_pw = user['password']

            if not user['password'] == current_hash_pw:
                errors.append("Current Password is incorrect")
            elif new_pw == '':
                errors.append("New password is empty")
            elif not new_pw == again_pw:
                errors.append("Passwords don't match")
            else:
                model.set_password(user_id, auth.hash_password(new_pw))
                message = "Saved."

        form=model.get_user_by_username(username)
        return render_template('user_edit_password.html',
                               form=form,
                               errors=errors,
                               message=message)
    else:
        log_access('users/password', 'access_denied changing password for: ' + username)
        return redirect(url_for('access_denied'))
示例#2
0
    def POST(self):
        name, pwd = web.input().username, web.input().password
        user = model.get_user_by_username(name)
        if not user:
            return render.login(is_loggedin(), True)

        if bcrypt.verify(pwd, user['password']):
            raise authorize(user)
        return render.login(is_loggedin(), True)
示例#3
0
def sign_up_log_in():
    if request.method == 'GET':
        return render_template('index.html')
    #----------------------------------------------------------------------
    # Find way to prevent modal from popping up if user already in session.
    #----------------------------------------------------------------------
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

        user = model.get_user_by_username(username)

        if user == None:
            model.save_user_to_db(username, password)
            return "AWWW YIS"
        else:
            if user.password == password:
                flask_session["user"] = {"username":user.username, "id":user.id}
                return "AWWW YIS"
            else:
                return "AWWW NOO"
示例#4
0
def create_user():
    form = forms.RegisterForm(request.form)
    email=request.form.get("email")
    username=request.form.get("username")
    password=request.form.get("password")
    verify_password=request.form.get("password_verify")

    if model.email_exists(email):
        flash("Email already exists!")
        return redirect(url_for("register"))
    if model.username_exists(username):
        flash("Username is already taken!")
        return redirect(url_for("register"))
    if password != verify_password:
        flash("Passwords do not match!")
        return redirect(url_for("register"))

    model.create_user(email, username, password)
    user = model.get_user_by_username(username)
    login_user(user)
    return redirect(url_for("profile", username=username))
示例#5
0
def edit_user(username):
    # Edits information of a user.
    if session['user_auth_level'] >= 1000 or session['user_username'] == username:
        log_access('users/edit', 'editing: ' + username)
        message = None
        if request.method == 'POST':
            log_access('users/edit', 'posted form')
            model.update_user(request.form)
            message = "Saved."

        form=model.get_user_by_username(username)
        return render_template('user_edit.html',
                               form=form,
                               message=message,
                               user_auth_levels=get_authorization_levels(session['user_auth_level']),
                               form_action_url=url_for('edit_user', username=username),
                               title="Edit User",
                               delete_button = session['user_auth_level'] >= 1000,
                               change_password_button = not config.USES_PUBCOOKIE)
    else:
        log_access('users/edit', 'access_denied editing: ' + username)
        return redirect(url_for('access_denied'))
示例#6
0
def sign_up_log_in():
    if request.method == 'GET':
        return render_template('index.html')
    #----------------------------------------------------------------------
    # Find way to prevent modal from popping up if user already in session.
    #----------------------------------------------------------------------
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

        user = model.get_user_by_username(username)

        if user == None:
            model.save_user_to_db(username, password)
            return "Oke Sip"
        else:
            if user.password == password:
                flask_session["user"] = {
                    "username": user.username,
                    "id": user.id
                }
                return "Oke Sip"
            else:
                return "blm NOO"
示例#7
0
def user(username):
    # Shows a single user
    log_access('user', 'viewed: ' + username)
    form=model.get_user_by_username(username)
    return render_template('user_show.html', form=form)
示例#8
0
def validate_existing_user(item):
    usernamecase = model.get_user_by_username(item.username)
    emailcase = model.get_user_by_email(item.email)
    return not bool(usernamecase) and not bool(emailcase)