def login():
# Check if user already logged in
if ('username' in session):
return redirect('/')
# Check if post method selected therfore need to login the user
if request.method == "POST":
# Connect to database and check if user exists
con = sqlite3.connect(current_app.config['DB_NAME'])
sqlQuryLogin = "******"
sqlRes = con.execute(sqlQuryLogin, (request.form["username"], ))
record = sqlRes.fetchone()
# Check if user exists
if (record != None):
# Create user object for current selected username
usrLogin = User(record[0],
record[1],
record[2],
decryptPassword(record[3]),
record[4],
record[5],
record[6],
record[8],
email=record[9])
# Check if password is correct and user is not banned
if (usrLogin.validatePassword(request.form["password"])):
# Check if user banned
if (not usrLogin.getIsBanned()):
# Check if the user is admin or not
if (record[7] == 1):
session['admin'] = True
# Save user name in session
session['username'] = usrLogin.getUsername()
massage = "Logged in successfuly!"
return redirect('/')
# The user banned
else:
massage = "Your user is banned!"
# The password is incorrect
else:
massage = "Wrong password entered!"
else:
massage = "Wrong username entered!"
# Close the connection to DB
con.close()
return render_template('login.html', massage=massage)
# Get method mean open the page
else:
return render_template('login.html',
massage="Please fill the login form!")
def test_banned_user(self):
username = "******"
password = "******"
usr = User(username, "aaa", "aaa", "Aa123456!", 1, 1, 1, 1)
assert (usr.getIsBanned() == 1)
def test_ban_user(self):
username = "******"
usr = User(username, "aaa", "aaa", "Aa123456!", 1, 1, 1, 1)
assert usr.getIsBanned() == 1
def test_show_approved_files(self):
username = "******"
password = "******"
usr = User(username, "aaa", "aaa", "Aa123456!", 1, 1, 1, 1)
assert (usr.getIsBanned() == 1)