def register(): """Register user.""" # forget any user_id session.clear() # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": # ensure username was submitted if not request.form.get("username"): return apology("must provide username") # ensure password was submitted elif not request.form.get("password"): return apology("must provide password") elif request.form.get("password")!=request.form.get("retype-password"): return apology("passwords do not match") hash1=pwd_context.hash(request.form.get("password")) result=db.execute("INSERT INTO users (username,hash) VALUES(:username, :hash)",username=request.form.get("username"),hash=hash1) if not result: return apology("username already exists") rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) session["user_id"] = rows[0]["id"] return redirect(url_for("index")) else: return render_template("register.html")
def settings_fail(): if request.method == "POST": # check that password and confirmation match if request.form.get("new_password") != request.form.get( "confirmation"): return render_template( "settings_fail.html", error="Passowrd and confirmation do not match") rows = db.execute("SELECT * FROM users WHERE id = :user_id", user_id=session['user_id']) # check if old password is correct if not pwd_context.verify(request.form.get('old_password'), rows[0]['hash']): return render_template("settings_fail.html", error="Incorrect old password") # encrypt new password hash = pwd_context.hash(request.form.get("new_password")) # update password db.execute("UPDATE users SET hash=:hash", hash=hash) return redirect(url_for("personal_profile")) else: return render_template("settings.html")
def register(): """Register user.""" # forget any user_id session.clear() # if user submitted the register form if request.method == "POST": # check if fields aren't blank if not request.form.get("username"): return apology("missing username") elif not request.form.get("username").isalpha( ) and not request.form.get("username").isdigit(): return apology("username must not contain punctuation") if not request.form.get("password"): return apology("missing password") if not request.form.get("password_confirm"): return apology("please, confirm password") # compare passwords if request.form.get("password") != request.form.get( "password_confirm"): apology("passwords don't match") # check for unique username unique_username = db.execute( "SELECT * FROM users WHERE username = :username", username=request.form.get("username")) if not unique_username: apology("username already exists") # hash the password hash_password = pwd_context.hash(request.form.get("password")) print(request.form.get("username")) print(hash_password) usernameZZZ = request.form.get("username") # save new username and password db.execute("""INSERT INTO users (username, hash) VALUES (:username, :hash_1)""", username=usernameZZZ, hash_1=hash_password) # query for new user rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) print(rows) # save user to session session["user_id"] = rows[0]["id"] # redirect user to home page return redirect(url_for("index")) # if user reaches the route via GET else: return render_template("register.html")
def register(): if request.method == 'GET': return render_template('register.html') else: registered = False alreadyUser = False try: username = request.form['username'] address = request.form['address'] fullname = request.form['fullname'] email = request.form['email'] password = passHash.hash(request.form['password']) with sql.connect("database.db") as con: con.row_factory = dict_factory cur = con.cursor() print("hello") cur.execute("SELECT * FROM users WHERE username=? OR email=?", (username, email)) users = cur.fetchall() print("hello") if users: print("already exists") registered = False alreadyUser = True else: print("inserting") cur.execute( "INSERT INTO users (fullname,address,username,email,password) VALUES (?,?,?,?,?)", (fullname, address, username, email, password)) print("inserted") con.commit() print("comitted") msg = "Record successfully added" print(msg) uploads_dir = os.path.join(app.config['UPLOAD_FOLDER'], username) pickle_dir = os.path.join(app.config['PICKLE_FOLDER'], username) os.mkdir(uploads_dir) os.mkdir(pickle_dir) registered = True alreadyUser = False except: print("Error") con.rollback() msg = "Error in insert operation" finally: con.close() if registered: session['username'] = username session['user_type'] = "std" return redirect(url_for('index')) elif alreadyUser: return redirect(url_for('index'))
def add_user(self): user_id = uuid.uuid4().int user = st.text_input('Type the name of the user. E.g., Mr. Smith') password = st.text_input('Type the password for this user.') user_class = st.selectbox('Choose the role for the user', ['Student', 'Teacher', 'Admin']) password_hash = pwd_context.hash(password) user_list = ()
def hash_password(self, password): """Create a password hash and store it in the object Args: password (str): """ self.password_hash = pwd_context.hash(password)
def _do_setup_stub_user(args): for group in args.stub_user.split(','): username, password = group.split(':') orig_pw = password if not args.hash_stub: password = pwd_context.hash(password) print('-->%s:%s' % ({username: password}, orig_pw)) #FIXME ox_herd_settings.STUB_USER_DB.update({username: password})
def new_user(): # add user to database and store password as hash registered = db.execute("INSERT INTO users (username, hash) VALUES(:username, :hash)", \ username = request.form.get("username"), \ hash = pwd_context.hash(request.form.get("password"))) return registered
def add(self, username, mac, password, barcode, admin=False): self.loadIfNewer() self.users[username] = {} self.users[username]['MAC'] = mac self.users[username]['password'] = pwd_context.hash(password) self.users[username]['admin'] = admin self.users[username]['barcode'] = barcode self.save()
def test_entry_session(): """Create a list of Stocks to be added to the database.""" stock_sample = { 'username': '******', 'password': pwd_context.hash('chris'), 'stocks': 'GOOG' } return stock_sample
def set_auth_credentials(): """Make a username/password combo for testing.""" import os from passlib.apps import custom_app_context as pwd_context os.environ["SESSION_SECRET"] = "hellothere" os.environ["AUTH_USERNAME"] = "******" os.environ["AUTH_PASSWORD"] = pwd_context.hash("testpw")
def register(): """Register user.""" # if user is already logged in if session.get("user_id"): return redirect(url_for("index")) # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": username = request.form.get("username") password = request.form.get("password") confirm_password = request.form.get("confirm-password") # ensure username was submitted if not username: flash("Please provide username.", "danger") return render_template("register.html") # ensure password was submitted if not password: flash("Please provide a password.", "danger") return render_template("register.html") # ensure password confirmation was submitted if not confirm_password: flash("Please confirm your password.", "danger") return render_template("register.html") # ensure passwords must match if password != confirm_password: flash("Passwords do not match.", "danger") return render_template("register.html") # check if user exists rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) if len(rows) > 0: flash("Username already exists.", "danger") return render_template("register.html") # encrypt password hashed_password = pwd_context.hash(password) # create new user try: db.execute( "INSERT INTO users(username, hash) VALUES(:username, :password)", username=username, password=hashed_password) return render_template("register.html", registered=True) except: return apology("registration error") # else if user reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")
def register(): """Register user.""" # forget any user_id session.clear() # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": # ensure user enters a Username if not request.form.get("username"): return apology("must provide username") # ensure user enters a new username if db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")): return apology("username already exists") # ensure password is entered elif not request.form.get("password"): return apology("must provide password") # ensure password is confirmed correctly elif not request.form.get("confirm_password") or request.form.get( "confirm_password") != request.form.get("password"): return apology("please confirm correct password") hash1 = pwd_context.hash(request.form.get("password")) #insert values into database username = request.form.get("username") rows = db.execute( "INSERT INTO users (username,hash) VALUES(:username,:hash)", username=username, hash=hash1) #create table for user portfolio upon registration db.execute( "CREATE TABLE :username (Symbol VARCHAR(5),Name VARCHAR(20),Shares INT,Price DECIMAL(15,3),TOTAL DECIMAL(15,3), PRIMARY KEY(Symbol))", username=username) #insert record with cash 10000 db.execute( "INSERT INTO :username (Symbol,Price,TOTAL) VALUES('CASH',10000,10000)", username=username) tablename = username + '_history' #create table for user history upon registration db.execute( "CREATE TABLE :table (Symbol VARCHAR(5), Shares INT, Price DECIMAL(15,3),TIME VARCHAR(21), PRIMARY KEY(TIME))", table=tablename) # redirect user to home page return redirect(url_for("index")) # else if user reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")
def change(): """change password""" # show webpage if method is GET if request.method == "GET": return render_template("change.html") # proceed to change password if method id POST if request.method == "POST": # ensure old password was submitted if not request.form.get("opassword"): flash("Must provide old password") return render_template("change.html") # ensure new password was submitted if not request.form.get("password"): flash("Must provide new password") return render_template("change.html") # ensure password was retyped if not request.form.get("cpassword"): flash("Must confirm new password") return render_template("change.html") # ensure passwords match if request.form.get("password") != request.form.get("cpassword"): flash("New passwords do not match") return render_template("change.html") try: # retrieve user info rows = db.execute("SELECT * FROM users WHERE id = :userid", userid=session["user_id"]) except: # show error if retrieve fails return apology("Could not retrieve User Details") # verify old password if not pwd_context.verify(request.form.get("opassword"), rows[0]["hash"]): return apology("Invalid old password") try: # save new hash db.execute("UPDATE users SET hash = :password WHERE id = :userid", password=pwd_context.hash(request.form.get("password")), userid=session["user_id"]) except: # show error if update fails return apology("SORRY!!\nPassword not changed") # log out current user session.clear() # redirect to login page return redirect(url_for('login'))
def register(): """Register user.""" # forget any user_id session.clear() # if user reached route via POST (as by submitting a form via POST) if request.method == "GET": return render_template("register.html") # if user reached route via GET (as by clicking a link or via redirect) else: # ensure username was submitted if not request.form.get("username"): return apology("Missing Username and/or Password") # ensure password was submitted elif not request.form.get("password"): return apology("Missing Username and/or Password") elif not request.form.get("repassword"): return apology("Re-enter Password") elif request.form.get("password") != request.form.get("repassword"): return apology("Passwords do not match.") elif not request.form.get("email"): return apology("Missing Email") elif not request.form.get("remail"): return apology("Please re-enter Email ID") elif (('@' not in request.form.get("email")) or ('@' not in request.form.get("email"))): return apology("Invalid Email") elif request.form.get("email") != request.form.get("remail"): return apology("Email IDs do not match") elif len( db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))) != 0: return apology("Username Already exists") else: hash1 = pwd_context.hash(secret=request.form.get("password")) db.execute( "INSERT INTO users (username, hash, email) VALUES (:username, :hash1, :email)", username=request.form.get("username"), hash1=hash1, email=request.form.get("email")) # remember which user has logged in rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) session["user_id"] = rows[0]["id"] # redirect user to home page return redirect(url_for("index"))
def register(): """Register user.""" # retrieve information from form full_name = request.form.get("full_name") username = request.form.get("username") password = request.form.get("password") password_control = request.form.get("password_control") # forget any user_id session.clear() # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": # ensure password was submitted if not full_name: return apology("must provide full name") # ensure username was submitted elif not username: return apology("must provide username") # ensure password was submitted elif not password: return apology("must provide password") # ensure password control was submitted elif not password_control: return apology("must provide password control") # ensures password is the same as password control elif not password == password_control: return apology("Password control must be the same as password") # hashing the password hash = pwd_context.hash(password) # inserts the new user in to the users together with the hash of the password insert_username = db.execute("INSERT INTO users (username, hash, full_name) VALUES (:username, :hash, :full_name)",\ username = username, hash = hash, full_name = full_name ) # if username is already taken in users if not insert_username: return apology("Username has been taken") # query database for username rows = db.execute("SELECT * FROM users WHERE username = :username", username=username) # remember which user has logged in session["user_id"] = rows[0]["id"] # redirect user to home page return redirect(url_for("profile_picture")) # else if user reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")
def add_user(self, added_user): # Abstraction to add user if self.ses.query(User).filter( User.Username == added_user.Username).one_or_none( ) is not None: # Check if there already exists a username return False added_user.Password = pwd_context.hash(added_user.Password) self.ses.add(added_user) self.ses.commit() return True
def registrar(): """Register user""" # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": if not request.form.get("email"): return render_template("registrar.html", message="Não há email") #ensure username was submitted elif not request.form.get("username"): return render_template("registrar.html", message="Não há nome de usuário") # ensure password was submitted elif not request.form.get("password"): return render_template("registrar.html", message="Não há senha") elif len(request.form.get("password"))<6: return render_template("registrar.html", message="Senha muito curta") elif request.form.get("password")!=request.form.get("password2"): return render_template("registrar.html", message="Senhas diferentes") #query database for username userrows = Auth.query.filter_by(username=request.form.get("username")).all() # ensure username exists and password is correct if len(userrows) != 0: return render_template("registrar.html", message="Usuário já em uso") #query database for username emailrows = User.query.filter_by(email=request.form.get("email")).all() # ensure username exists and password is correct if len(emailrows) != 0: return render_template("registrar.html", message="Email já em uso") new_user = User( email=request.form.get("email"), ) db.session.add(new_user) db.session.flush() user_id=new_user.id new_auth = Auth( user_id=new_user.id, username=request.form.get("username"), passwordhsh=pwd_context.hash(request.form.get("password")), method="Common" ) db.session.add(new_auth) db.session.commit() # redirect user to home page return redirect(url_for("entrar")) else: return render_template("registrar.html")
def from_request(user: r.User) -> "User": passhash = pwd.hash(user.password) try: return User.create( name=user.name, passhash=passhash, ) except peewee.IntegrityError: raise e.UserExists(name=user.name)
def register(): """Register user.""" if request.method == "POST": # ensure first_name was submitted if not request.form.get("first_name"): return apology("Must provide first_name") # ensure last_name was submitted elif not request.form.get("last_name"): return apology("Must provide last_name") # ensure email was submitted elif not request.form.get("email"): return apology("Must provide email") # ensure username was submitted elif not request.form.get("username"): return apology("Must provide username") #ensure username is unique rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) # ensure password was submitted if not request.form.get("password"): return apology("Must provide password") #ensure username exists and password is correct if len(rows) != 0: return apology("this username already exists") # ensure password and verified password is the same elif request.form.get("password") != request.form.get("password2"): return apology("password doesn't match") Hash=pwd_context.hash(request.form.get("password")) # insert the new user into users, storing the hash of the user's password result = db.execute("INSERT INTO users (first_name, last_name, email, username, hash) \ VALUES(:first_name, :last_name, :email, :username, :hash)", \ first_name=request.form.get("first_name"), \ last_name=request.form.get("last_name"), \ email=request.form.get("email"), \ username=request.form.get("username"), \ hash= Hash) # remember which user has logged in session["user_id"] = result # redirect user to home page return redirect(url_for("index")) else: return render_template("register.html")
def register(): """Register user.""" # forget any user_id session.clear() # show page if method is get if request.method == "GET": return render_template("register.html") # proceed registration when method is post elif request.method == "POST": # ensure username was submitted if not request.form.get("username"): flash("Must provide username!") return render_template("register.html") # ensure password was submitted if not request.form.get("password"): flash("Must provide password!") return render_template("register.html") # ensure passwords match if not request.form.get("cpassword"): flash("Must confirm password!") return render_template("register.html") row = "" try: # confirm uniqueness of username rows = db.execute( "SELECT * FROM users WHERE username LIKE :username", username=request.form.get("username")) except: return apology("Could not retrieve User Details") if len(rows) != 0: flash("username already exists!") return render_template("register.html") # register only if username is available else: # register only if passwords match if request.form.get("password") == request.form.get("cpassword"): db.execute( "INSERT INTO users (username, hash) VALUES(:username, :password)", username=request.form.get("username"), password=pwd_context.hash(request.form.get("password"))) flash("Register Success!") return redirect(url_for("login")) else: flash("Passwords do not match") return render_template("register.html") else: return render_template("login.html")
def __init__(self, username, password, email, name, rollno, user_access_level=1): self.username = username self.password_hash = pwd_context.hash(password) self.email = email if user_access_level > 5 or user_access_level < 1: user_access_level = 1 self.user_access_level = user_access_level self.name = name self.roll_number = rollno
def hash_password(self, password): """Generates hash of plain password before storing into database :param password: Plain password :type password: str :return: Hashed password :rtype: str """ return pwd_context.hash(password)
def signup(): if request.method == "GET": return render_template("index.html") elif request.method == "POST" and "signupform" and "signupbtn": """Register user.""" # ensure email was submitted if not request.form.get("email"): return apology("must provide email") # query database for email emails = db.execute("SELECT * FROM users WHERE email = :email", email=request.form.get("email")) # ensure email not taken if len(emails) != 0: return apology("Sorry, this email already taken.") # ensure username was submitted if not request.form.get("username"): return apology("must provide username") # query database for username users = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) # ensure username not taken if len(users) != 0: return apology("Sorry, this username already taken.") # ensure password was submitted elif not request.form.get("password"): return apology("must provide password") # ensure passwords match elif request.form.get("password") != request.form.get("confirmation"): return apology("password doesn't match") username = request.form.get("username") password = request.form.get("password") confirmation = request.form.get("confirmation") email = request.form.get("email") generate_password_hash = pwd_context.hash(password) # add new user info in sql database adduser = db.execute( "INSERT INTO users (username, hash, email) VALUES (:username, :hash, :email)", username=username, hash=generate_password_hash, email=email) users = db.execute("SELECT * FROM users WHERE username = :username", username=username) session["user_id"] = users[0]["id"] return redirect(url_for("index"))
def register(): """Register user.""" # forget any user_id session.clear() # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": # ensure username was submitted if not request.form.get("username"): return apology("must provide username") # ensure username doesn't exist yet if len( db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))) > 0: return apology("username already exists") # ensure password was submitted elif not request.form.get("password"): return apology("must provide password") # ensure password was repeated elif not request.form.get("password_repeat"): return apology("must repeat password") # ensure password was repeated correctly elif request.form.get("password") != request.form.get( "password_repeat"): return apology("must repeat password correctly") # insert new user into users db.execute( "INSERT INTO users (username, hash) VALUES (:username_val, :hash_val)", username_val=request.form.get("username"), hash_val=pwd_context.hash(request.form.get("password"))) # query database for username rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) # ensure username exists and password is correct if len(rows) != 1 or not pwd_context.verify( request.form.get("password"), rows[0]["hash"]): return apology("invalid username and/or password") # remember which user has logged in session["user_id"] = rows[0]["id"] # redirect user to home page return redirect(url_for("index")) # else if user reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")
def password(): if request.method == "POST": # Tests if password is correct and valid password = request.form.get("newpassword") if len(password) < 8: flash("Make sure your password is at least 8 letters") return render_template("password.html") if re.search('[0-9]', password) is None: flash("Make sure your password has a number in it") return render_template("password.html") if re.search('[A-Z]', password) is None: flash("Make sure your password has a capital letter in it") return render_template("password.html") if request.form.get("newpassword") != request.form.get( "newconfirmation"): flash("Password and confirmation password were not the same!") return render_template("password.html") if request.form.get("newpassword") == "": flash("Please fill in your password!") return render_template("password.html") if request.form.get("newconfirmation") == "": flash("Please fill in your password!") return render_template("password.html") elif not request.form.get("newpassword"): flash("Please fill in your password!") return render_template("password.html") elif not request.form.get("newconfirmation"): flash("Please fill in your password!") return render_template("password.html") # Update password wwupdate = db.execute( "UPDATE users SET hash = :password WHERE id = :ide", ide=session["user_id"], password=pwd_context.hash(request.form.get("newpassword"))) # If not possible, try again if not wwupdate: flash("The password change could not happen") return render_template("password.html") # Remember user session["user_id"] = wwupdate # If everything succeeded, return to settings return redirect(url_for("settings")) if request.method == "GET": return render_template("index.html")
def register(): """Register user.""" # forget any user_id session.clear() # if user reached route via POST (as by submitting a form via POST) if request.method == "POST": # ensure username was submitted if not request.form.get("username"): return apology("must provide username") # ensure password was submitted elif not request.form.get("password"): return apology("must provide password") elif not request.form.get("passwordConfirmation"): return apology("must confirm the password") elif request.form.get("password") != request.form.get( "passwordConfirmation"): return apology("invalid password confirmation") # query database for username rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) # ensure username exists and password is correct if len(rows) > 0: return apology("user already exists") # insert username and password in database db.execute( "INSERT INTO users (username, hash) VALUES (:username, :hash)", username=request.form.get("username"), hash=pwd_context.hash(request.form.get("password"))) # query database for username rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) # ensure username exists and password is correct if len(rows) == 1 or pwd_context.verify(request.form.get("password"), rows[0]["hash"]): # remember which user has logged in session["user_id"] = rows[0]["id"] # redirect user to home page return redirect(url_for("index")) else: return apology("error, the user is not added to the database") # else if user reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")
def dbAdd(args): db = TinyDB((args.userdb), **db_format) table = db.table('api_users') name = args.name userid = args.userid email = args.email # Validate user input... errors = list() badchars = set() # Check username: for char in userid: if char not in (string.ascii_letters + string.digits + '-_.'): badchars.add(char) if badchars: errors.append("These characters are not allowed in the user ID: " f'''"{''.join(badchars)}"''') # Check email: if not re.match('[^@\\s]+@[^@\\s\\.]+\\.[^@\\s]+', email): errors.append('That email address does not look quite right.') # Were there errors? if errors: print('\n'.join(errors)) sys.exit(1) # Generate pseudo-random string try: rng = random.SystemRandom() except NotImplementedError: rng = random password = ''.join( rng.choice(string.ascii_letters + string.digits) for _ in range(12)) # Update user record table.insert({ 'name': name, 'email': email, 'userid': userid, 'password_hash': pwd_context.hash(password) }) # Add file to Git index try: repo = Repo(os.path.dirname(args.userdb)) except NotGitRepository: repo = Repo.init(os.path.dirname(args.userdb)) git.add(repo=repo, paths=[args.userdb]) # Prepare commit information committer = f"MSCWG <{mscwg_email}>".encode('utf8') author = committer message = (f"Add API user {name}\n\nChanged by userctl".encode('utf8')) # Execute commit git.commit(repo, message=message, author=author, committer=committer) print(f"User successfully added with password {password}")
def register_user(username, password, email): """Register user into database""" db.execute( "INSERT INTO users (username, hash, email) VALUES(:username, :password, :email)", username=username, password=pwd_context.hash(password), email=email) return "Success"
async def init_superuser(app): su_credentials = app["config"]["superuser"] if await User.exists(login=su_credentials["login"]): return await User.create( login=su_credentials["login"], password_hash=pwd_context.hash(su_credentials["password"]), is_admin=True, )
def changepass(): if request.method == "POST": passwords = db.execute("UPDATE users SET hash=:password WHERE id=:id", password=pwd_context.hash( request.form.get("changepass")), id=session["user_id"]) return redirect(url_for("index")) else: return render_template("changepass.html")
def register(): """Register user.""" # if user submitted form (registration page) if request.method == "POST": # retrieve form fields info username = request.form.get("username") password = request.form.get("password") checkPass = request.form.get("passwordCheck") # ensure username was submitted if not username: return apology("Username is blank") # ensure password fields were submitted elif not password or not checkPass: return apology("Password field left blank") # ensure both password fields are same elif (password != checkPass): return apology("Passwords do not match") # create password hash hashpwd = pwd_context.hash(password) # Add new user to database result = db.execute("INSERT INTO users (username, hash) VALUES (:name, :hashpwd)", name=username, hashpwd=hashpwd) # Check if username exists if not result: return apology("Username already exists") # Get user ID and store session rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username")) session["user_id"] = rows[0]["id"] # Redirect user to index page instantly logging them in and flash message flash("Registered!") return redirect(url_for("index")) # Return registration page if accessed via GET else: return render_template("register.html")
def register(): """Register user.""" if request.method == "POST": if not request.form.get("username"): return apology("You must provide a username") elif not request.form.get("password"): return apology("You must provide a password") elif not request.form.get("password2"): return apology("You must confirm your password") else: if request.form.get("password") != request.form.get("password2"): return apology("Password don\'t match") else: db.execute("INSERT INTO users (hash, username) Values(:hash_obj, :username)", hash_obj = pwd_context.hash(request.form.get("password")), username = request.form.get("username")) return render_template("login.html") else: return render_template("register.html")
def account(): # Return settings page if accessed via GET if request.method == "GET": return render_template("account.html") # Form submitted elif request.method == "POST": # Store form fields oldPass = request.form.get("oldpass") newPass = request.form.get("newpass") checkPass = request.form.get("newpassCheck") # Get original password rows = db.execute("SELECT hash FROM users WHERE id=:uid", uid=session['user_id']) # Verify if any fields are blank if not (oldPass and newPass and checkPass): return apology("Field left blank") # Verify if old passwords match elif not pwd_context.verify(oldPass, rows[0]['hash']): return apology("Old Password doesn't match") # Verify new passwords match elif (newPass != checkPass): return apology("New password's don't match!") # Verify new password isn't same as old password elif (oldPass == newPass and oldPass == checkPass): return apology("New password must be different") # Hash new password and update database for sure hashpwd = pwd_context.hash(newPass) result = db.execute("UPDATE users SET hash=:hashpwd WHERE id=:uid", hashpwd=hashpwd, uid=session['user_id']) # Redirect to homepage and flash message flash("Settings Saved!") return redirect(url_for("index"))
def hash_password(self, password): self.password = pwd_context.hash(password)
def __init__(self, username, password): self.username = username self.hash = pwd_context.hash(password)
def password(): """Change Password.""" if request.method == "POST": if not request.form.get("password"): return apology("You must provide a password") elif not request.form.get("password2"): return apology("You must confirm your password") else: if request.form.get("password") != request.form.get("password2"): return apology("Password don\'t match") else: db.execute("UPDATE users SET hash=:hash_obj WHERE id=:id", id=session["user_id"], hash_obj = pwd_context.hash(request.form.get("password"))) return redirect(url_for("login")) else: return render_template("password.html")