def login(): if current_user.is_authenticated: return redirect(url_for('routes.index')) form = LoginForm() print(form.errors) if form.is_submitted(): print("submitted") print(form.errors) print('Estoy acá1') if request.method == 'POST' and form.validate(): print(12341232134) user = User.query.filter_by(username=form.username.data).first() print(user) if user and checkph(user.hash_password, form.password.data): # https://flask-login.readthedocs.io/en/latest/ login_user(user, remember=form.remember.data) # Sirve para redirigir a lo que el valor de next # este seteado, por ejemplo ?next=aboutus next = request.args.get("next") # if not is_safe_url(next): # if not (next): # print("tu url no es safe: {}".format(next)) # return abort(400) # else: return redirect(next or url_for('routes.index')) else: flash("Login failed. Check your e-mail and password", "danger") msg = request.args.get('msg') return render_template('auth/login.html', form=form, msg=msg)
def ingresar(): if (request.method == 'GET'): if 'nombre' in session: return render_template('index.html') else: return render_template('login.html') else: nombre = request.form['username'] contrasena = request.form['pass'] session['nombre'] = nombre hash_contrasena = genph(contrasena) usuario = mysql.query_db( "select nombre, contrasena, rol from users where nombre =%s", [nombre]) print('usuario:', usuario) if (len(usuario) != 0): print(usuario ) #diccionario [{'nombre': 'admin', 'contrasena': 'admin'}] for row in usuario: username = row['nombre'] password = row['contrasena'] rol = row['rol'] print(username, password, rol) if (checkph(hash_contrasena, password)): if rol == 'Administrador': return redirect(url_for('busqueda_adm', usr=username)) else: return redirect(url_for('busqueda', usr=username)) else: # Flask("La contraseña es incorrecta", "alert-warning") return render_template("login.html") else: return render_template("login.html")
def delete_comment(id=None): form = DeleteCommentForm() post_id = request.args.get("id") if form.validate_on_submit(): comment = Comment.query.get(id) if checkph(comment.hash_password, form.password.data): post = Post.query.get(post_id) post.total_comments -= 1 db.session.delete(comment) db.session.commit() return redirect(url_for('routes.view', id=post_id)) # Ahora debería guardar el catalogo del negocio en la db else: return redirect( url_for('routes.output', msg="""Contraseña errónea, bro.""")) return render_template('user/delete.html', form=form)
def login(): if request.method == "POST": username = request.form["username"] password = request.form["password"] userList = getQuery( "SELECT * FROM users WHERE nameUser = '******'".format( Markup.escape(username))) if (len(userList) > 0): hashPass = userList[0][3] if (checkph(hashPass, password)): session["username"] = username session["id"] = userList[0][0] return jsonify(message="Ta bien", code=0) else: return jsonify(message="No ta bien", code=2) else: return jsonify(message="No ta bien", code=1)
def delete(id=None): form = DeleteForm() print(form.errors) if form.is_submitted(): print("submitted") print(form.errors) print('Estoy acá1') if form.validate_on_submit(): post = Post.query.get(id) if checkph(post.hash_password, form.password.data) \ or (current_user.is_authenticated and current_user.admin == 1): db.session.delete(post) db.session.commit() else: return redirect( url_for('routes.output', msg="""Contraseña errónea, bro.""")) return redirect(url_for('routes.index')) # Ahora debería guardar el catalogo del negocio en la db return render_template('user/delete.html', form=form)
def verif_clave(self, password): return checkph(self.hash_clave, password)
def verif_clave( self, clave ): #comparar la clave pasada como argumento con el hash del usuario return checkph(self.hash_clave, clave)