Add password update system

2024-07-06 05:26:10 +00:00 · 2017-10-05 15:17:12 +01:00 · 2017-10-05 15:17:12 +01:00 · 7763ce90cf
commit 7763ce90cf
parent 1ba261f4b3
3 changed files with 79 additions and 7 deletions
--- a/main.py
+++ b/main.py
@ -101,6 +101,49 @@ def login():
        return do_user_login(request.form['username'], request.form['pw'])
    return gen_page("login.html")

+@app.route("/logout")
+def logout():
+    session.pop('username',None)
+    return redirect(url_for('index'))
+
+@app.route("/resetpass", methods=["GET","POST"])
+def pwreset():
+    if request.method == "POST":
+        try:
+            session['username']
+        except KeyError:
+            flash("INFO: Please login first.","info")
+            return redirect(url_for("login"))
+
+        if request.form['pw'] != request.form['pw_verify']:
+            flash ("Error: New Passwords do not match!","danger")
+            return redirect(url_for("pwreset"))
+
+        try:
+            userdata = mysql_do("SELECT * FROM Users WHERE user='%s'" % (session['username']))[0]
+        except IndexError:
+            # Returned when no rows found - no user with that name
+            flash( "Error: Internal server error - user not found", "danger")
+            return redirect(url_for('index'))
+
+        if not pass_ctx.verify(request.form['current_passwd'], userdata[3]):
+            flash ("Error: Current password is incorrect", "danger")
+            return redirect(url_for("pwreset"))
+
+        mysql_do("UPDATE Users SET password=\"%s\" WHERE uid=%d;" % (pymysql.escape_string(pass_ctx.hash(request.form['pw'])), session['uid']))
+
+
+        flash("INFO: Password updated successfully!", "success")
+        return redirect(url_for("index"))
+
+    # Check if the user is authenticated
+    try:
+        session['username']
+    except KeyError:
+        flash("INFO: Please login first.","info")
+        return redirect(url_for("login"))
+    return gen_page("passwd_reset.html")
+
@app.route("/addquote", methods=['GET','POST'])
 def addquote():
    if request.method == "POST":
@ -162,12 +205,6 @@ def addquote():
        return redirect(url_for("login"))
    return gen_page("add_quote.html", get_userdb())

-
-@app.route("/logout")
-def logout():
-    session.pop('username',None)
-    return redirect(url_for('index'))
-
@app.context_processor
 def utility_processor():
    def uid_to_user(uid):
--- a/templates/layout.html
+++ b/templates/layout.html
@ -30,7 +30,8 @@
      </div>
      <div class="collapse navbar-collapse" id="mainNavbar">
    {% if user %}
-        <a href="logout" class="btn btn-primary navbar-btn navbar-right "role="button" ><span class="glyphicon glyphicon-log-out"></span> Sign Out</a>
+        <a href="logout" class="btn btn-primary navbar-btn navbar-right "role="button" ><span class="glyphicon glyphicon-log-out"></span> Sign Out</a>     
+        <a href="resetpass" class="btn btn-primary navbar-btn navbar-right "role="button" ><span class="glyphicon glyphicon-wrench"></span></a>
        <ul class="nav navbar-nav navbar-right">
          <li class="navbar-text">Hello <b> {{ user }}!</b></li>
        </ul>
--- a/templates/passwd_reset.html
+++ b/templates/passwd_reset.html
@ -0,0 +1,34 @@
+{% extends "layout.html" %}
+{% block body %}
+<h1> Password Reset: </h1>
+<form  method="post" role="form" data-toggle="validator">
+  <div class="form-group">
+    <label class="control-label col-sm-4" for="pw">Current Password:</label>
+    <div class="col-xs-4 input-group">
+      <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
+      <input type="password" class="form-control"  placeholder="Current Password" id="current_passwd" name="current_passwd">
+    </div>
+  </div>
+  <div class="form-group">
+    <label class="control-label col-sm-4" for="pw">New Password:</label>
+    <div class="col-xs-4 input-group">
+      <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
+      <input type="password" class="form-control"  placeholder="Enter password" id="pw" name="pw">
+    </div>
+  </div>
+  <div class="form-group">
+    <label class="control-label col-sm-4" for="pw">Verify Password:</label>
+    <div class="col-xs-4 input-group">
+      <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
+      <input type="password" class="form-control"  placeholder="Enter password" id="pw_verify" name="pw_verify">
+    </div>
+  </div>
+  <div class="form-group">
+    <div class="col-sm-offset-4">
+      <button type="submit" class="btn btn-primary">Submit</button>
+    </div>
+  </div>
+</form>
+
+
+{% endblock %}