def admin_user_management_togglelock(userId): check_admin_permissions() myUser = getUserById(userId) if myUser: myUser.load() myUser.locked = not myUser.locked log.info("[System] Lock state of '%s' was changed to: %s" % (myUser.email, myUser.locked)) db_session.merge(myUser) try: runQuery(db_session.commit) except Exception as e: log.warning("[System] SQL Alchemy Error on Admin toggle " "lock: %s" % (e)) return redirect(url_for('admin_user_management'))
def profile_show(do=None): # gravatar: https://de.gravatar.com/site/implement/images/python/ if not session.get('logged_in'): abort(401) myUser = getUserById(session.get('userid')) myUser.load() userChanged = False if request.method == 'POST': if request.form['do'] == "pwchange": if myUser.checkPassword(request.form['oldpassword']): if checkPassword(request.form['newpassword1'], request.form['newpassword2']): myUser.setPassword(request.form['newpassword1']) userChanged = True else: flash(gettext("Old password not correct!"), 'error') elif request.form['do'] == "editprofile": myUser.name = request.form['name'] userChanged = True if userChanged: db_session.merge(myUser) try: runQuery(db_session.commit) except Exception as e: log.warning("[System] SQL Alchemy Error on profile show: %s" % (e)) flash(gettext("Profile changed"), 'success') size = 80 gravatar_url = ("//www.gravatar.com/avatar/" + hashlib.md5(myUser.email.lower()).hexdigest() + "?" + urllib.urlencode( {'d': url_for('static', filename='img/%s' % app.config['AVATARPLACEHOLDER'], _external=True), 's': str(size)})) history = runQuery(History.query.filter_by(donatorId=myUser.id).all) return render_template('profile_show.html', values=myUser, userAvatar=gravatar_url, history=sorted(history, key=lambda x: x.date, reverse=True))
def profile_verify(userId, verifyKey): log.info("[System] Verify userid %s" % userId) verifyUser = getUserById(userId) if not verifyUser: flash(gettext("User not found to verify.", 'error')) elif verifyUser.verify(verifyKey): db_session.merge(verifyUser) try: runQuery(db_session.commit) except Exception as e: log.warning("[System] SQL Alchemy Error on verify key: %s" % (e)) if verifyUser.veryfied: flash(gettext("Verification ok. Please log in."), 'success') return redirect(url_for('index')) else: flash(gettext("Verification NOT ok. Please try again."), 'error') return redirect(url_for('index'))
def hide_wish(wishId, userId): if not session.get('logged_in'): return redirect(url_for('index')) wish = getWishById(wishId) try: wish.hide(session.get('userid')) db_session.merge(wish) log.info("Wish %s successfully hidden by %s" % (wish.id, session.get('userid'))) except Exception as e: flash(gettext("Unable to hide wish"), 'error') log.warning("Unable to hide wish because %s" % (e)) try: runQuery(db_session.commit) except Exception as e: log.warning("[Wish] SQL Alchemy Error on hide wish" ": %s" % (e)) return redirect(url_for('show_wishes', userId=userId))
def profile_password_reset_verify(userId, verifyKey): if session.get('logged_in'): return redirect(url_for('index')) log.info('[System] Password reset request (step 2/2) for user id: %s' % (userId)) myUser = getUserById(userId) if myUser: myUser.load() if myUser.verifyKey == verifyKey: newPassword = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(12)) myUser.setPassword(newPassword) myUser.verify(verifyKey) if send_email(app, myUser.email, gettext("%(sitetitle)s: New Password", sitetitle=app.config['SITETITLE']), gettext("<h3>Hello %(name)s</h3>Your new password " "is: <b>%(password)s</b><br>Please " "change it right after you " "<a href='%(url)s'>logged in</a>.", name=myUser.name, password=newPassword, url=url_for('profile_login', _external=True)) + gettext("<br><br>Have fun and see you soon ;)"), app.config['EMAILBANNER']): flash(gettext("Please check your mails at %(emailaddr)s", emailaddr=myUser.email), 'info') else: myUser.verifyKey = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32)) flash(gettext("Wrong verification link. Please request a new " "one.")) db_session.merge(myUser) try: runQuery(db_session.commit) except Exception as e: log.warning("[System] SQL Alchemy Error on password reset " "verify key: %s" % (e)) return redirect(url_for('index'))
def profile_password_reset_request(): if session.get('logged_in'): return redirect(url_for('index')) log.info('[System] Password reset request (step 1/2) for email: %s' % (request.form['email'].lower())) myUser = getUserByEmail(request.form['email'].lower()) if myUser: myUser.load() myUser.verifyKey = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32)) db_session.merge(myUser) try: runQuery(db_session.commit) except Exception as e: log.warning("[System] SQL Alchemy Error on password " "reset: %s" % (e)) actUrl = url_for('profile_password_reset_verify', userId=myUser.id, verifyKey=myUser.verifyKey, _external=True) if send_email(app, myUser.email, gettext("%(sitetitle)s: Password Reset", sitetitle=app.config['SITETITLE']), gettext("<h3>Hello %(name)s</h3>You can reset your " "password with <a href='%(url)s'>this link</a>." " If you did not request this password reset, " "you can just ignore it. Your current password " "is still valid.</b>", name=myUser.email, url=actUrl) + gettext("<br><br>Have fun and see you soon ;)"), app.config['EMAILBANNER']): flash(gettext("Please check your mails at %(emailaddr)s", emailaddr=myUser.email), 'info') else: flash(gettext("No user found with this email address")) return redirect(url_for('index'))