def login():
if session.get('user_id'):
return redirect(url_for('topic.tab_view'))
error = None
if request.method == 'POST':
if '@' in request.form['username']:
user = User.query.filter_by(email=request.form['username']).first()
if user is None:
error = u'用户名错误!'
elif not check_password_hash(user.password,request.form['password']):
error = u'密码错误!'
else:
flash(u'登录成功!')
session['user_id'] = user.id
return redirect(url_for('topic.tab_view'))
else:
user = User.query.filter_by(name=request.form['username']).first()
if user is None:
error = u'用户名错误!'
elif not check_password_hash(user.password,request.form['password']):
error = u'密码错误!'
else:
flash(u'登录成功!')
session['user_id'] = user.id
session.permanent = True
return redirect(url_for('topic.tab_view'))
return render_template('login.html', error=error)
def test_users_account_route_account(self):
"""Ensure users account actually create the user"""
# add user to database
user = User(username='******', password=generate_password_hash('a'), email='*****@*****.**')
db.session.add(user)
db.session.commit()
self.login(email='*****@*****.**', password='******')
response = self.app.post('/users/account/', data=dict(
username='******',
email='*****@*****.**',
password='******',
confirm='aaaaaa',
old_password='******'
), follow_redirects=True)
self.assertTrue(response.status_code == 200)
self.assertTemplateUsed('users/account.html')
self.assertIn(b'The changes have been saved', response.data)
updated_user = User.query.filter_by(username='******').first()
self.assertTrue(updated_user is not None)
self.assertTrue(updated_user.email == '*****@*****.**')
self.assertTrue(check_password_hash(updated_user.password, 'aaaaaa'))
old_user = User.query.filter_by(username='******').first()
self.assertTrue(old_user is None)
# SECOND USER - ONLY USERNAME
self.logout()
# add user to database
second_user = User(username='******', password=generate_password_hash('a'), email='*****@*****.**')
db.session.add(second_user)
db.session.commit()
self.login(email='*****@*****.**', password='******')
response = self.app.post('/users/account/', data=dict(
username='******',
email='*****@*****.**',
password='',
confirm='',
old_password=''
), follow_redirects=True)
self.assertTrue(response.status_code == 200)
self.assertTemplateUsed('users/account.html')
self.assertIn(b'The changes have been saved', response.data)
updated_user = User.query.filter_by(username='******').first()
self.assertTrue(updated_user is not None)
self.assertTrue(updated_user.email == '*****@*****.**')
self.assertTrue(check_password_hash(updated_user.password, 'a'))
def authenticate(self, identifier, secret):
user = User.query.filter(
db.or_(User.username == identifier, User.email == identifier)
).first()
if user is not None:
if check_password_hash(user.password, secret):
return user
return None
check_password_hash("dummy password", secret)
return None
def login():
"""Logs the user in."""
if g.user:
return redirect(url_for('timeline'))
error = None
uhash = ''
if request.method == 'POST':
try:
user = User.select() \
.where(User.username == request.form['username']).get()
except User.DoesNotExist:
user = None
#user = query_db('''select * from user where
# username = ?''', [request.form['username']], one=True)
if user is None:
error = 'Invalid username'
elif not check_password_hash(user.pw_hash,
request.form['password']):
error = 'Invalid password'
else:
flash('You were logged in')
session['user_id'] = user.user
m = hashlib.md5()
m.update(str(user.user))
uhash = m.hexdigest()
# return redirect(url_for('timeline'))
resp = make_response(render_template('login.html', error=error))
resp.set_cookie('uhash',uhash)
return resp
def validateLogin():
try:
_username = request.form['inputEmail']
_password = request.form['inputPassword']
conn = mysql.connect()
cursor = conn.cursor()
#cursor.callproc('sp_validateLogin',(_username,))
cursor.execute("SELECT * FROM tbl_user where user_username='******'")
data = cursor.fetchall()
if len(data) > 0:
row = data[0]
if check_password_hash(str(data[0][3]),_password):
session['user'] = row[0]
session['username'] = row[1]
return redirect('/showDashboard')
else:
return render_template('error.html',error = 'Wrong Email address or Password!')
else:
return render_template('error.html',error = 'Len not 0 Wrong Email address or Password!')
except Exception as e:
return render_template('error.html',error = str(e))
finally:
cursor.close()
conn.close()
def validateLogin():
try:
_email = request.form['inputEmail']
_password = request.form['inputPassword']
# connect to mysql
conn = mysql.connect()
cursor = conn.cursor()
cursor.callproc('sp_validateLogin', (_email, ))
data = cursor.fetchall()
if len(data) > 0:
for item in data:
print(item)
if check_password_hash(str(data[0][3]), _password):
session['user'] = data[0][0]
return redirect('/userHome')
else:
print("Error: ", "Password does not match")
return render_template('error.jinja.html', error = 'Wrong email address')
else:
print("Error: ", "len(data) = 0")
return render_template('error.jinja.html', error = 'Wrong email address')
except Exception as e:
print("Error = ", e)
return render_template('error.jinja.html', error=str(e))
finally:
cursor.close()
conn.close()
def manage_user():
if request.method == 'POST':
first_name = request.form['signUp_firstName']
last_name = request.form['signUp_lastName'] or None
username = request.form['signUp_username']
password = request.form['signUp_password']
# Validate values
if first_name and username and password:
hashed_password = generate_password_hash(password)
db.create_user(first_name, last_name, username, hashed_password)
return json.dumps({'html':'<span>All fields good !!</span>'})
else:
return json.dumps({'html':'<span>Enter the required fields</span>'})
elif request.method == 'DELETE':
# id = request.form['id']
username = request.form['username']
password = request.form['password']
# Secure enough?
if username and password:
user = db.find_user_by_username(username)
if check_password_hash(user.password, password):
print('Yepp they match')
db.delete_user(username)
return json.dumps({'deleted': 'ok'})
return json.dumps({'error': 'missing user or password'}), 400
def login():
start_time=time.time()
error=None
if 'logged_in_user' in session:
return redirect(url_for('home'))
if request.method == 'POST':
if 'email' not in request.form or 'password' not in request.form or request.form['email']=='':
error = 'Missing email or password for login!'
else:
time.sleep(0.2)
g.db = connect_db()
cur = g.db.cursor()
cur.execute('SELECT id,password,auth_key FROM users WHERE email='+app.sqlesc,(request.form['email'],))
result = cur.fetchall()
assert len(result) <= 1
if len(result) == 0:
error = 'Username not found!'
else:
if check_password_hash(result[0][1],request.form['password']) == True:
if result[0][2] == None:
auth_key = dec2big(random.randint(0,(2**128)))
cur.execute('UPDATE users SET auth_key='+app.sqlesc+', login_time='+app.sqlesc+' WHERE id='+app.sqlesc,(auth_key,time.time(),result[0][0]))
g.db.commit()
else:
auth_key = result[0][2]
session['logged_in_user']=(result[0][0],auth_key)
return redirect(url_for('home'))
else:
error = 'Incorrect password!'
return render_template("login.html",error=error,processtime=round(time.time()-start_time,5))
def validateLogin():
try:
_username = request.form['inputEmail']
_password = request.form['inputPassword']
# connect to mysql
con = mysql.connect()
cursor = con.cursor()
cursor.callproc('sp_validateLogin',(_username,))
data = cursor.fetchall()
if len(data) > 0:
if check_password_hash(str(data[0][3]),_password):
session['user'] = data[0][0]
return redirect('/showDashboard')
else:
return render_template('error.html',error = 'Wrong Email address or Password.')
else:
return render_template('error.html',error = 'Wrong Email address or Password.')
except Exception as e:
return render_template('error.html',error = str(e))
finally:
cursor.close()
con.close()
def changePassword():
if g.user:
try:
mysql.connect()
with mysql.cursor() as cursor:
if request.method == "POST":
oldPasswordInput = request.form['oldPassword']
newPasswordInput = request.form['newPassword']
newPasswordCheckInput = request.form['newPasswordChecker']
if check_password_hash(passwordFromDB, oldPasswordInput) and newPasswordInput == newPasswordCheckInput:
newPassword = generate_password_hash(newPasswordInput)
cursor.execute('UPDATE tbl_login SET password=%s WHERE password=%s', (newPassword,passwordFromDB))
flash("Lösenordet är nu ändrat")
mysql.commit()
else:
flash("The old password is incorrect or the new password does not match.")
except Exception as e:
return render_template('error.html',error = str(e))
else:
return ('Unauthorized Access')
finally:
cursor.close()
mysql.close()
return render_template('changePassword.html')
return redirect(url_for('login'))
def login():
if current_user.is_authenticated():
return redirect(url_for('home'))
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
user=User.query.filter(User.code_name==username).first()
if username is None or user is None:
flash(u'无效用户名!')
return redirect(url_for('login'))
else:
auth = check_password_hash(user.password, password)
if not auth:
flash(u'无效密码!')
return redirect(url_for('login'))
else:
# 用户信息放入session
login_user(user)
# navbar放入session
session['navbar'] = current_user_navbar(current_user.id)
return redirect(url_for('home'))
return render_template('index.html')
def check_password(self, password):
if self._password is None:
return False
password = password.strip()
if not password:
return False
return check_password_hash(self._password, password)
def validateLogin():
# Read values posted from page
try:
_username = request.form['inputEmail']
_password = request.form['inputPassword']
# Connect to MySQL, set cursor and call proc
cur = mysql.connection.cursor()
cur.callproc('sp_validateLogin', (_username,))
# Fetch from cursor
rv = cur.fetchall()
# If entry exists, check password matches stored hash
if len(rv) > 0:
if check_password_hash(str(rv[0][3]), _password):
# Set user session id and redirect
session['user'] = rv[0][0]
return redirect('/showFeed')
else:
return render_template('error.html', error = 'Invalid Email/Password combination.')
else:
return render_template('error.html', error = 'Invalid Email/Password combination.')
except Exception as e:
return render_template('error.html', error = str(e))
finally:
cur.close()
def login():
""" logs in the user. if the username doesn't exist creates the account """
if not request.form['username']:
flash('You have to enter a username')
elif not request.form['password']:
flash('You have to enter a password')
elif get_user_id(request.form['username']) is not None:
# username already exists, fetch all of its attributes
user = query_db('''select * from user where
username = ?''', [request.form['username']], one=True)
if check_password_hash(user['pw_hash'], request.form['password']):
# password is correct, log in the user
session['user_id'] = get_user_id(request.form['username'])
flash('User ' + request.form['username'] + ' logged in.')
else:
# incorrect password
flash('User ' + request.form['username'] + ' already exists, wrong password.')
else:
# create account and log in
creation_time = int(time.time())
g.db.execute('''insert into user (username, pw_hash, creation_time) values (?, ?, ?)''',
[request.form['username'],
generate_password_hash(request.form['password']),
creation_time])
user_id = g.db.execute('select last_insert_rowid()').fetchall()[0][0]
g.db.commit()
session['user_id'] = user_id
flash('New account %s created' % (request.form['username'], ))
return redirect(url_for('intmain'))
def validateLogin():
try:
_username = request.form["inputEmail"]
_password = request.form["inputPassword"]
# connect to mysql
con = mysql.connect()
cursor = con.cursor()
cursor.callproc("sp_validateLogin", (_username,))
data = cursor.fetchall()
if len(data) > 0:
if check_password_hash(str(data[0][3]), _password):
session["user"] = data[0][0]
return redirect("/userHome")
else:
return render_template("error.html", error="Wrong Email address or Password.")
else:
return render_template("error.html", error="Wrong Email address or Password.")
except Exception as e:
return render_template("error.html", error=str(e))
finally:
cursor.close()
con.close()
def save_user():
users = get_all_users()
if request.method == 'POST':
next_user_id = len(users) + 1
username = request.form['username']
password = request.form['password']
input_password = password
password = set_password(password)
found_user = get_user_with_username(username)
if len(found_user) != 0:
ans_password = found_user['password']
if check_password_hash(ans_password, input_password):
session['logged_in'] = True
session['user_id'] = str(next_user_id)
session['username'] = username
return redirect('/')
else :
posts = get_all_posts()
ret_posts = get_all_post_information(posts)
return render_template('/signup.html',ret_posts=ret_posts,error_message=u'비밀번호가 틀리셨어요!')
created_at = datetime.datetime.now()
s = '%d %s %s %s\n'%(next_user_id,username,password,str(created_at))
base_path = '/var/www/flask_blog/flask_blog/post/'
user_path = base_path + 'user'
with open(user_path,'a') as fp:
fp.write(s)
session['logged_in'] = True
session['user_id'] = str(next_user_id)
session['username'] = username
return redirect('/')
def login():
if current_user.is_authenticated():
return jsonify(result="Already logged in.")
if request.method == "POST" and "username" in request.json:
username = request.json["username"]
password = request.json["password"]
if not username or not password:
return jsonify(result="Empty username or password.")
else:
try:
user_record = User.objects.get(username=username)
except:
user_record = None
if user_record is None:
return jsonify(result="Please check you username or password.")
elif not check_password_hash(user_record['pw_hash'], password):
return jsonify(result="Please check you username or password.")
else:
user_record.date_logged_in = datetime.now()
user_record.save()
usr_obj = UserLogin(user_record)
if login_user(usr_obj):
return json_response(str(current_user))
# return jsonify(result="authorized")
else:
return jsonify(result="Invalid password.")
def landing_page():
if session.get('logged_in'):
return redirect(url_for('users.show_entries'))
if not session.get('logged_in'):
"""
Login form
"""
form = LoginForm(request.form)
# make sure data are valid, but doesn't validate password is right
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
# we use werzeug to validate user's password
if user and check_password_hash(user.password, form.password.data):
# the session can't be modified as it's signed,
# it's a safe place to store the user id
session['user_id'] = user.id
session['logged_in'] = True
flash('Welcome %s' % user.name)
return redirect(url_for('users.show_entries'))
flash('Wrong email or password', 'error-message')
return (
render_template(
'base.html', form=form)
)
def authenticate(self, handle, password):
"""Autenticate handle using password"""
user = self.get_user_by_handle(handle)
if user is None:
return None
if check_password_hash(user[1], password):
return {"handle": handle, "token": user[2]}
def change_password():
errors = []
old_password = request.form.get('old_password', '')
new_password = request.form.get('new_password', '')
confirm_password = request.form.get('confirm_password', '')
if old_password == '':
errors.append('Old password is required')
if new_password == '':
errors.append('New password is required')
if confirm_password == '':
errors.append('You have to confirm your password')
if new_password != '' and new_password != confirm_password:
errors.append('Password must match')
if len(errors) > 0:
return json.dumps(errors), 400
if not check_password_hash(g.user.password, old_password):
errors.append('Wrong old password')
if len(errors) > 0:
return json.dumps(errors), 400
user = User.query.get(g.user.id)
user.password = generate_password_hash(new_password)
user.password_token = ''
db.session.commit()
g.user = user
return json.dumps({'success': True}), 200
def extauth():
app.logger.info(repr(request.form))
email = request.form['email']
password = request.form['password']
eid = int(request.form['eid'])
user = User.query.filter_by(email=email).first()
if user:
if check_password_hash(user.pwdhash, password):
d = dict(user.__dict__)
d.pop('_sa_instance_state')
d['success'] = True
e = user.events.all()
eids = [i.id for i in e]
if eid in eids:
d['event_registered'] = True
else:
d['event_registered'] = False
r = Registration(user.id,eid)
db.session.add(r)
db.session.commit()
return jsonify(d)
else:
return jsonify({'success':False})
else:
return jsonify(success = False)
def check_password(user, passwd):
# return check_password_hash(self.pwdhash, passwd)
conn = sqlite3.connect(DATABASE)
c = conn.cursor()
t = (user,)
c.execute('SELECT * FROM users WHERE email=?', t)
row = stored_password = c.fetchone()
conn.close()
if row != None:
stored_password = row[1]
# valid = row[5]
if check_password_hash(stored_password, passwd):
# if (valid == 1):
return 'passed'
else:
return 'badpasswd'
else:
return 'badusernm'
return 'failed'
def login():
if request.method == 'POST':
try:
username = request.form['username']
password = request.form['password']
db = mysql.connect()
cursor = db.cursor()
cursor.callproc('validateLogin',(username))
data = cursor.fetchall()
if len(data) > 0:
if check_password_hash(str(data[0][3]),password):
session['user'] = data[0][0]
return redirect('/')
else:
return render_template('error.html',error = 'Wrong username or Password.')
else:
return render_template('error.html',error = 'Wrong username or Password.')
except Exception as e:
return render_template('error.html',error = str(e))
finally:
cursor.close()
db.close()
if session.get('user'):
return render_template('userHome.html')
else:
return render_template('signin.html')
def dangnhap():
# If user is already login then redirect user to the profile page
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('users.home'))
form = LoginForm(request.form)
# make sure data are valid, but doesn't validate password is right
if form.validate_on_submit():
# Check if the email is in the database, do not allow register
user = User.query.filter_by(email=form.email.data).first()
# we use werzeug to validate user's password
if user and check_password_hash(user.password, form.password.data):
if user.status == 2 :
# the session can't be modified as it's signed,
# it's a safe place to store the user id
session['user_id'] = user.id
session['username'] = user.nickname
session['remember_me'] = form.remember_me.data
# Get the remember_me option and save it to user, then empty it
remember_me = False
if 'remember_me' in session:
remember_me = session['remember_me']
session.pop('remember_me', None)
# log the user in using Flask-Login
login_user(user, remember = remember_me)
flash(u'Đăng nhập thành công. Xin chào %s' % user.fullname)
return redirect(url_for('users.home'))
else :
flash(u'Tài Khoan Của Bạn Chưa Xác Thực', 'error-message')
return render_template("users/login.html", form=form)
flash(u'Sai Email hoặc Mật khẩu', 'error-message')
return render_template("users/login.html", form=form)
def password_is(self, password):
if self.pw_hash is None:
return False
if self.pw_hash.startswith('sha1$'):
return check_password_hash(self.pw_hash, password)
else:
return bcrypt.hashpw(password, self.pw_hash) == self.pw_hash
def login():
"""
Login form
"""
site_title = gettext('Log in')
form = LoginForm(request.form)
# make sure data are valid, but doesn't validate password is right
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
# we first test if the user was not found
if user is None:
flash(gettext('Unknown user !'), 'error-message')
return render_template("users/login.html", form=form,
user=g.user, site_title=site_title)
# then we check the password
elif check_password_hash(user.password, form.password.data):
# the session can't be modified as it's signed,
# it's a safe place to store the user id
session['user_id'] = user.id
flash(gettext("You're logged in, %(name)s", name=user.name))
return redirect(request.args.get("next")
or url_for('users.home'))
else:
# if we get here, that means the user is in the db,
# but the entered password was wrong
flash(gettext('Wrong password'), 'error-message')
return render_template("users/login.html", form=form,
user=g.user, site_title=site_title)
return render_template("users/login.html", form=form,
user=g.user, site_title=site_title)
def login():
"""Logs the user in."""
if g.user:
return redirect(url_for('wordlist'))
error = None
if request.method == 'POST':
user = query_db('''select * from user where
username = ?''', [request.form['username']], one=True)
if user is None:
error = 'Invalid username'
elif not check_password_hash(user['pw_hash'],
request.form['password']):
error = 'Invalid password'
else:
flash('You were logged in')
session['user_id'] = user['user_id']
if user['wbtoken'] is None:
return redirect(url_for('linkwb'))
session['wbtoken'] = user['wbtoken']
session['wbtokenexpire'] = user['wbtokenexpire']
if user['dict'] is None:
return redirect(url_for('choosedict'))
session['dict']= user['dict']
session['wordnum']=100
return redirect(url_for('wordlist'))
return render_template('login.html', error=error)
def check_password(self, password):
"""
Check passwords. If passwords match it returns true, else false
"""
if self.password is None:
return False
return check_password_hash(self.password, password)
def check_user():
"""Checks to see if the username and password are valid.
"""
username = request.form['username']
password = request.form['password']
password_match = False
cur_user = User.query.filter_by(username = username).first()
if cur_user:
password_match = check_password_hash(cur_user.password, password)
if password_match:
session['user_id'] = cur_user.id
session['username'] = cur_user.username
session['site_id'] = cur_user.site_id
session['user_is_admin'] = cur_user.is_admin
session['user_is_master'] = cur_user.is_master
session['logged_in'] = True
return redirect('/admin/main')
else:
flash('Invalid Username / Password Combination', 'uu_error')
return render_template('admin/admin_login.html',
site_name = config.site_name,
powered_by_link = create_powered_by_link())
def login():
"""
We had to do some extra work to route the user back to
his or her original place before logging in
"""
if g.user:
return redirect(url_for('frontends.home'))
next = ''
if request.method == 'GET':
if 'next' in request.args:
next = request.args['next']
form = LoginForm(request.form)
# make sure data is valid, but doesn't validate password is right
if form.validate_on_submit():
# continue where we left off if so
user = User.query.filter_by(email=form.email.data).first()
# we use werzeug to validate user's password
if user and check_password_hash(user.password, form.password.data):
# the session can't be modified as it's signed,
# it's a safe place to store the user id
session['user_id'] = user.id
if 'next' in request.form and request.form['next']:
return redirect(request.form['next'])
return redirect(url_for('frontends.home'))
flash('Wrong email or password', 'danger')
return render_template("login.html", form=form, next=next)
def is_correct_password(self, password):
return check_password_hash(self.password, password)
def check_password(self, password):
password = password.strip()
if not password:
return False
return check_password_hash(self.password, password)
def check_password(self, password):
return check_password_hash(self, pwdhash, password)
def check_password(self, password):
if self.password is None:
return False
return check_password_hash(self.password, password)
def check(hash_pwd, pwd):
return check_password_hash(hash_pwd, pwd)
def check_password(self, password):
'''检查hash密码的方法,返回布尔值
'''
return check_password_hash(self.password_hash, password)
def check_password(self, password):
"""This method compares generated SHA-1 Hash to hash in database."""
return check_password_hash(self.pwdhash, password)
def check_password(self, password):
"""
Check the password of the user.
"""
return check_password_hash(self.pwdhash, password)
def check_password(self, password):
return check_password_hash(self.password, password)
def check_password(self, password):
"""Check passwords. If passwords match it returns true, else false"""
if self.password is None:
return False
return check_password_hash(self.password, password)
def login():
"""
Login form
"""
form = LoginForm(request.form)
errors = []
# make sure data are valid, but doesn't validate password is right
if form.is_submitted():
is_validated = True
#validate email
if form.email.data.strip() == '':
is_validated = False
errors.append(gettext('Email is required'))
#validate valid email
match = re.search(r'^.+@([^.@][^@]+)$', form.email.data.strip())
if not match:
is_validated = False
errors.append(gettext('Invalid email address'))
if form.password.data.strip() == '':
is_validated = False
errors.append(gettext('Password field is required'))
if is_validated:
user = User.query.filter_by(
email=form.email.data.lower()).first() # @UndefinedVariable
# we use werzeug to validate user's password
if user is None:
errors.append(gettext('Wrong email or password'))
return render_template("users/login.html",
form=form,
errors=errors)
elif user and not check_password_hash(user.password,
form.password.data):
user.last_login_attempt = datetime.datetime.now()
user.login_attempts += 1
db.session.commit()
errors.append(gettext('Wrong email or password'))
return render_template("users/login.html",
form=form,
errors=errors)
elif user and check_password_hash(
user.password, form.password.data) and user.banned == 1:
errors.append(
gettext(
'The account was banned, please contact an admin for more information'
))
return render_template("users/login.html",
form=form,
errors=errors)
elif user and check_password_hash(
user.password, form.password.data) and user.banned == 2:
errors.append(
gettext(
'The account is not activated, please check your email for verification. <a href="%(resend_activation_email)s">Resend activation email</a>',
resend_activation_email=url_for(
'users.resend_activation_email',
code=user.verification_code)))
return render_template("users/login.html",
form=form,
errors=errors)
elif user and check_password_hash(user.password,
form.password.data):
# the session can't be modified as it's signed,
# it's a safe place to store the user id
session['user_id'] = user.id
user.last_login = datetime.datetime.now()
user.last_login_attempt = None
user.login_attempts = 0
g.user = user
user_session = UserSession(user.id)
db.session.add(user_session)
db.session.commit()
response = make_response(redirect(
url_for('users.own_profile')))
cookie_value = str(user.id) + '|' + user_session.token
response.set_cookie('session_id',
cookie_value,
expires=datetime.datetime.now() +
datetime.timedelta(days=5),
path='/')
return response
else:
return render_template("users/login.html",
form=form,
errors=errors)
return render_template("users/login.html", form=form, errors=[])
def check_password(self, password):
# OAuth users do not have a password
if self.passwd_hash:
return check_password_hash(self.passwd_hash, password)
else:
return False
def check_password(self, password):
coerced = self._utf8_unicode()(password)
existing = self.hashed_password
if existing is None:
return False
return check_password_hash(existing, coerced)
def check_credentials(self, username, password):
user = query_login(username)
if check_password_hash(user['pw_hash'], password):
return True
else:
return False
def create_map():
name = request.form['name']
maptype = request.form['type'] #Scribe - Basemaps - Standard
template = request.form['template']
description = request.form['description']
ws_template = request.form['templatelocation']
expressionTemplate = r"^[*][A-Za-z0-9_-]{1,99}$"
if (ws_template == "") and (re.search(expressionTemplate, template) is None):
ws_template = session['ws_name']
elif (ws_template == ""):
ws_template = "templates"
if (ws_template != session['ws_name']) and (ws_template != "templates"):
ws_temp = query_db('''select * from workspaces where ws_name = ?''', [ws_template], one=True)
if not check_password_hash(ws_temp['password'], request.form['locationpassword']):
return 'Invalid password'
expression = r"^[A-Za-z0-9][A-Za-z0-9_-]{1,99}$"
if (re.search(expression, name) is None) or (name=="OSM - MapQuest") or (name=="OSM - Standard"):
return "Invalid name"
#check if the map name is unique for this workspace
wsmap = query_db("select map_name from maps where ws_id = ?", [get_ws_id(session['ws_name'])], one=False)
for i in range(len(wsmap)):
if name == wsmap[i]['map_name']:
return "Existing"
#Add the map in the bd
g.db.execute('insert into maps (map_name, map_type, map_desc, ws_id) values (?, ?, ?, ?)',
[name, maptype, description, get_ws_id(session['ws_name'])])
g.db.commit()
#Copy the template directory to the directory of the new map
if ws_template == "templates":
map_cur = (query_db('''select map_id from maps where map_name = ? and ws_id = "0"''',[template], one=True))['map_id']
template = template[1:]
pathTemplate = path+"workspaces/templates/"+template
else:
pathTemplate = path+"workspaces/"+ws_template+"/"+template
map_cur = get_map_id(template, ws_template)
pathMap = path+"workspaces/"+session['ws_name']+"/"+name
subprocess.call(['cp','-R', pathTemplate, pathMap])
if maptype == 'Scribe' or maptype == 'Standard':
subprocess.call(['mv', pathMap+"/map/"+template+".map", pathMap+"/map/"+name+".map"])
elif maptype == 'Basemaps':
subprocess.call(['mv', pathMap+"/osm-"+template+".map", pathMap+"/osm-"+name+".map"])
#Change the map name in the Makefile
source = open(pathMap+"/Makefile","r" )
contentS=source.read()
source.close()
contentD=contentS.replace("OUTPUT="+template,"OUTPUT="+name )
destination = open(pathMap+"/Makefile","w" )
destination.write(contentD)
destination.close()
#Add layers in the bd
groups = query_db('''select * from groups where map_id = ?''', [map_cur], one=False)
for j in range(len(groups)):
g.db.execute('insert into groups (group_name, group_index, map_id) values (?,?,?)', [groups[j]['group_name'], groups[j]['group_index'], get_map_id(name, session['ws_name'])])
g.db.commit()
return "1"
def check(credentials):
user = User.query.filter_by(username=credentials['username']).first()
pwhash = _default_comparison if user is None else user.password
result = check_password_hash(pwhash, credentials['password'])
return result
def login_customer(cust, password): if not check_password_hash(cust.pw_hash, password): return "Invalid password" session['cust_id'] = cust.user_id return None
def check_password(password, cur_password): return check_password_hash(password, cur_password)
def verify_passcode(self, passcode):
return self.passcode_hash is None or\
check_password_hash(self.passcode_hash, passcode)
def login_staff(staff, password): if not check_password_hash(staff.pw_hash, password): return "Invalid password" session['staff_id'] = staff.staff_id return None
def check_password(self, password):
if self.password is None:
return False
return check_password_hash(self.password.encode('latin-1'), password)
def login_owner(owner, password): if not check_password_hash(owner.pw_hash, password): return "Invalid password" session['owner_id'] = owner.owner_id return None
def users():
if not g.user:
return redirect(url_for('login'))
if request.method == 'GET':
if g.user['priority_levels'] < 3:
return render_template('Users.html')
else:
userinfo = query_db(
"SELECT user_id,user_name,(case priority_levels when 1 then '普通用户' when 2 then '管理员' when 3 then '超级管理员' end) as user_level from hy_pbbms_users;"
)
return render_template('Users.html', userinfo=userinfo)
elif request.method == 'POST':
if request.form.get("old_passwd"):
error = ""
err_type = 0
user = query_db(
'select * from hy_pbbms_users where user_name = %s',
[g.user['user_name']],
one=True)
if user is None:
error = u'修改密码失败,请重新登录'
err_type = 4
elif not check_password_hash(user['passwd'],
request.form['old_passwd']):
error = u'密码错误 ,重新输入'
err_type = 1
elif request.form['new_passwd'] != request.form['ensure_passwd']:
error = u'两次输入密码不一致'
err_type = 2
else:
res = query_none(
'update hy_pbbms_users set passwd=%s where user_name=%s', [
generate_password_hash(request.form['new_passwd']),
g.user['user_name']
])
if res == True:
err_type = 0
else:
err_type = 3
error = u'密码修改失败,数据库错误'
return jsonify(err_type=err_type, error=error)
if g.user['priority_levels'] < 3:
return jsonify(error=u'没有权限执行该操作', er_type=5)
if request.form.get("new_user"):
if len(request.form['passwd']) < 2:
return jsonify(error=u"密码太短", er_type=2)
if (request.form['passwd']) != (request.form['r_passwd']):
return jsonify(error=u"密码不一致", er_type=3)
user = query_db(
'select user_id from hy_pbbms_users where user_name = %s;',
[request.form['new_user']],
one=True)
if user:
return jsonify(error=u"用户名重复", er_type=1)
new_user = request.form['new_user']
level = int(request.form['user_level'])
if (level == 0):
level = 1
passwd = request.form['passwd']
res = query_none('insert into hy_pbbms_users values(0,%s,%s,%s)',
[new_user, passwd, level])
if res == True:
return jsonify(er_type=0)
else:
return jsonify(error=u'添加用户错误:数据库错误', er_type=4)
elif request.form.get("old_name"):
error = ""
err_type = 0
level = int(request.form['user_level'])
if (level == 0):
level = 1
if len(request.form['new_passwd']) > 0:
if len(request.form['new_passwd']) < 2:
error = u"密码长度太短"
err_type = 1
return jsonify(err_type=err_type, error=error)
elif request.form['new_passwd'] != request.form['new_passwd_r']:
error = u"两次输入密码不一致"
err_type = 2
return jsonify(err_type=err_type, error=error)
sql_str = 'update hy_pbbms_users set passwd=%s,priority_levels=%s where user_name=%s;'
sql_list = [
generate_password_hash(request.form['new_passwd']), level,
request.form['old_name']
]
mess = u"修改用户密码与权限成功!"
else:
sql_str = 'update hy_pbbms_users set priority_levels=%s where user_name=%s;'
sql_list = [level, request.form['old_name']]
mess = u"修改用权限成功!"
res = query_none(sql_str, sql_list)
if res == True:
err_type = 0
error = mess
else:
err_type = 3
error = u'密码修改失败,数据库错误'
return jsonify(err_type=err_type, error=error)
elif request.form.get("del_user"):
res = query_none('delete from hy_pbbms_users where user_name=%s',
[request.form['del_user']])
if res == True:
return jsonify(mess=u"成功删除用户[%s]" % (request.form['del_user']))
else:
return jsonify(error=u"删除用户失败:数据库错误")
else:
return jsonify(error=u'未知错误', er_type=10)
def check_openid(self, openid):
if self.openid is None:
return False
return check_password_hash(self.openid, openid)
def validate_user(pwdhash, password):
if check_password_hash(pwdhash, password):
return True
else:
return False
def verify_password(self, password):
return check_password_hash(self.password_hash, password)
def chkPwHash(self, password):
pwhash_str = self.pwdhash.decode()
return check_password_hash(pwhash_str, password)
def validateUserPass(inp_pass, hash_pass):
return check_password_hash(hash_pass, inp_pass)
def check_password(self, pwdhash):
'''
Check the passwords
'''
return check_password_hash(self.pwdhash, pwdhash)
def verify_password(self, password):
"""检查密码
"""
return check_password_hash(self.password, password)
