def admin_user_management_togglelock(userId):
check_admin_permissions()
myUser = getUserById(userId)
if myUser:
myUser.load()
myUser.locked = not myUser.locked
log.info("[System] Lock state of '%s' was changed to: %s"
% (myUser.email, myUser.locked))
db_session.merge(myUser)
try:
runQuery(db_session.commit)
except Exception as e:
log.warning("[System] SQL Alchemy Error on Admin toggle "
"lock: %s" % (e))
return redirect(url_for('admin_user_management'))
def profile_show(do=None):
# gravatar: https://de.gravatar.com/site/implement/images/python/
if not session.get('logged_in'):
abort(401)
myUser = getUserById(session.get('userid'))
myUser.load()
userChanged = False
if request.method == 'POST':
if request.form['do'] == "pwchange":
if myUser.checkPassword(request.form['oldpassword']):
if checkPassword(request.form['newpassword1'],
request.form['newpassword2']):
myUser.setPassword(request.form['newpassword1'])
userChanged = True
else:
flash(gettext("Old password not correct!"), 'error')
elif request.form['do'] == "editprofile":
myUser.name = request.form['name']
userChanged = True
if userChanged:
db_session.merge(myUser)
try:
runQuery(db_session.commit)
except Exception as e:
log.warning("[System] SQL Alchemy Error on profile show: %s"
% (e))
flash(gettext("Profile changed"), 'success')
size = 80
gravatar_url = ("//www.gravatar.com/avatar/" +
hashlib.md5(myUser.email.lower()).hexdigest() +
"?" +
urllib.urlencode(
{'d': url_for('static',
filename='img/%s' % app.config['AVATARPLACEHOLDER'],
_external=True),
's': str(size)}))
history = runQuery(History.query.filter_by(donatorId=myUser.id).all)
return render_template('profile_show.html',
values=myUser,
userAvatar=gravatar_url,
history=sorted(history,
key=lambda x: x.date,
reverse=True))
def profile_verify(userId, verifyKey):
log.info("[System] Verify userid %s" % userId)
verifyUser = getUserById(userId)
if not verifyUser:
flash(gettext("User not found to verify.", 'error'))
elif verifyUser.verify(verifyKey):
db_session.merge(verifyUser)
try:
runQuery(db_session.commit)
except Exception as e:
log.warning("[System] SQL Alchemy Error on verify key: %s"
% (e))
if verifyUser.veryfied:
flash(gettext("Verification ok. Please log in."), 'success')
return redirect(url_for('index'))
else:
flash(gettext("Verification NOT ok. Please try again."), 'error')
return redirect(url_for('index'))
def hide_wish(wishId, userId):
if not session.get('logged_in'):
return redirect(url_for('index'))
wish = getWishById(wishId)
try:
wish.hide(session.get('userid'))
db_session.merge(wish)
log.info("Wish %s successfully hidden by %s"
% (wish.id, session.get('userid')))
except Exception as e:
flash(gettext("Unable to hide wish"), 'error')
log.warning("Unable to hide wish because %s" % (e))
try:
runQuery(db_session.commit)
except Exception as e:
log.warning("[Wish] SQL Alchemy Error on hide wish"
": %s" % (e))
return redirect(url_for('show_wishes', userId=userId))
def profile_password_reset_verify(userId, verifyKey):
if session.get('logged_in'):
return redirect(url_for('index'))
log.info('[System] Password reset request (step 2/2) for user id: %s' %
(userId))
myUser = getUserById(userId)
if myUser:
myUser.load()
if myUser.verifyKey == verifyKey:
newPassword = ''.join(random.choice(string.ascii_letters +
string.digits) for _ in range(12))
myUser.setPassword(newPassword)
myUser.verify(verifyKey)
if send_email(app, myUser.email,
gettext("%(sitetitle)s: New Password",
sitetitle=app.config['SITETITLE']),
gettext("<h3>Hello %(name)s</h3>Your new password "
"is: <b>%(password)s</b><br>Please "
"change it right after you "
"<a href='%(url)s'>logged in</a>.",
name=myUser.name,
password=newPassword,
url=url_for('profile_login',
_external=True)) +
gettext("<br><br>Have fun and see you soon ;)"),
app.config['EMAILBANNER']):
flash(gettext("Please check your mails at %(emailaddr)s",
emailaddr=myUser.email), 'info')
else:
myUser.verifyKey = ''.join(random.choice(string.ascii_letters +
string.digits) for _ in range(32))
flash(gettext("Wrong verification link. Please request a new "
"one."))
db_session.merge(myUser)
try:
runQuery(db_session.commit)
except Exception as e:
log.warning("[System] SQL Alchemy Error on password reset "
"verify key: %s" % (e))
return redirect(url_for('index'))
def profile_password_reset_request():
if session.get('logged_in'):
return redirect(url_for('index'))
log.info('[System] Password reset request (step 1/2) for email: %s' %
(request.form['email'].lower()))
myUser = getUserByEmail(request.form['email'].lower())
if myUser:
myUser.load()
myUser.verifyKey = ''.join(random.choice(string.ascii_letters +
string.digits) for _ in range(32))
db_session.merge(myUser)
try:
runQuery(db_session.commit)
except Exception as e:
log.warning("[System] SQL Alchemy Error on password "
"reset: %s" % (e))
actUrl = url_for('profile_password_reset_verify',
userId=myUser.id,
verifyKey=myUser.verifyKey,
_external=True)
if send_email(app, myUser.email,
gettext("%(sitetitle)s: Password Reset",
sitetitle=app.config['SITETITLE']),
gettext("<h3>Hello %(name)s</h3>You can reset your "
"password with <a href='%(url)s'>this link</a>."
" If you did not request this password reset, "
"you can just ignore it. Your current password "
"is still valid.</b>",
name=myUser.email,
url=actUrl) +
gettext("<br><br>Have fun and see you soon ;)"),
app.config['EMAILBANNER']):
flash(gettext("Please check your mails at %(emailaddr)s",
emailaddr=myUser.email), 'info')
else:
flash(gettext("No user found with this email address"))
return redirect(url_for('index'))
