def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
db.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def load_logged_in_user():
"""If a user id is stored in the session, load the user object from
the database into ``g.user``."""
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def check_verification(phone, code):
service = app.config.get("VERIFICATION_SID")
try:
verification_check = client.verify \
.services(service) \
.verification_checks \
.create(to=phone, code=code)
if verification_check.valid:
db = get_db()
db.execute('UPDATE user SET verified = 1 WHERE phone_number = ?',
(phone, ))
db.commit()
flash(
'Your phone number has been verified! Please login to continue.'
)
except Exception as e:
flash("Error validating code: {}".format(e))
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
phone = request.form['full_phone']
channel = request.form['channel']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not phone:
error = 'Phone number is required'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
session['phone'] = phone
vsid = start_verification(phone, channel)
if vsid is not None:
# the verification was sent to the user and the username is valid
# redirect to verification check
db.execute(
'INSERT INTO user (username, password, phone_number) VALUES (?, ?, ?)',
(username, generate_password_hash(password), phone))
db.commit()
return redirect(url_for('auth.verify'))
flash(error)
return render_template('auth/register.html')
def check_verification(phone, code):
service = app.config.get("VERIFICATION_SID")
try:
verification_check = client.verify \
.services(service) \
.verification_checks \
.create(to=phone, code=code)
if verification_check.status == "approved":
db = get_db()
db.execute('UPDATE user SET verified = 1 WHERE phone_number = ?',
(phone, ))
db.commit()
flash(
'Your phone number has been verified! Please login to continue.'
)
return redirect(url_for('auth.login'))
else:
flash('The code you provided is incorrect. Please try again.')
except Exception as e:
flash("Error validating code: {}".format(e))
return redirect(url_for('auth.verify'))
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
# store the user id in a new session and return to secret content
session.clear()
session['user_id'] = user['id']
return redirect(url_for('secret'))
flash(error)
return render_template('auth/login.html')
def list_users():
database = db.get_db()
users = database.execute('SELECT * FROM user').fetchall()
return render_template('users.html', users=users)
