From 7763ce90cfdb1fdf2c2fbe541f3872f24149ce6f Mon Sep 17 00:00:00 2001
From: Adam Dodman <adam.dodman@gmx.com>
Date: Thu, 5 Oct 2017 15:17:12 +0100
Subject: [PATCH] Add password update system

---
 main.py                     | 49 ++++++++++++++++++++++++++++++++-----
 templates/layout.html       |  3 ++-
 templates/passwd_reset.html | 34 +++++++++++++++++++++++++
 3 files changed, 79 insertions(+), 7 deletions(-)
 create mode 100644 templates/passwd_reset.html

diff --git a/main.py b/main.py
index dab29fc..df29a76 100644
--- a/main.py
+++ b/main.py
@@ -101,6 +101,49 @@ def login():
         return do_user_login(request.form['username'], request.form['pw'])
     return gen_page("login.html")
 
+@app.route("/logout")
+def logout():
+    session.pop('username',None)
+    return redirect(url_for('index'))
+
+@app.route("/resetpass", methods=["GET","POST"])
+def pwreset():
+    if request.method == "POST":
+        try:
+            session['username']
+        except KeyError:
+            flash("INFO: Please login first.","info")
+            return redirect(url_for("login"))
+
+        if request.form['pw'] != request.form['pw_verify']:
+            flash ("Error: New Passwords do not match!","danger")
+            return redirect(url_for("pwreset"))
+
+        try:
+            userdata = mysql_do("SELECT * FROM Users WHERE user='%s'" % (session['username']))[0]
+        except IndexError:
+            # Returned when no rows found - no user with that name
+            flash( "Error: Internal server error - user not found", "danger")
+            return redirect(url_for('index'))
+
+        if not pass_ctx.verify(request.form['current_passwd'], userdata[3]):
+            flash ("Error: Current password is incorrect", "danger")
+            return redirect(url_for("pwreset"))
+
+        mysql_do("UPDATE Users SET password=\"%s\" WHERE uid=%d;" % (pymysql.escape_string(pass_ctx.hash(request.form['pw'])), session['uid']))
+
+
+        flash("INFO: Password updated successfully!", "success")
+        return redirect(url_for("index"))
+
+    # Check if the user is authenticated
+    try:
+        session['username']
+    except KeyError:
+        flash("INFO: Please login first.","info")
+        return redirect(url_for("login"))
+    return gen_page("passwd_reset.html")
+
 @app.route("/addquote", methods=['GET','POST'])
 def addquote():
     if request.method == "POST":
@@ -162,12 +205,6 @@ def addquote():
         return redirect(url_for("login"))
     return gen_page("add_quote.html", get_userdb())
 
-
-@app.route("/logout")
-def logout():
-    session.pop('username',None)
-    return redirect(url_for('index'))
-
 @app.context_processor
 def utility_processor():
     def uid_to_user(uid):
diff --git a/templates/layout.html b/templates/layout.html
index a767c93..77c54c2 100644
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -30,7 +30,8 @@
       </div>
       <div class="collapse navbar-collapse" id="mainNavbar">
     {% if user %}
-        <a href="logout" class="btn btn-primary navbar-btn navbar-right "role="button" ><span class="glyphicon glyphicon-log-out"></span> Sign Out</a>
+        <a href="logout" class="btn btn-primary navbar-btn navbar-right "role="button" ><span class="glyphicon glyphicon-log-out"></span> Sign Out</a>     
+        <a href="resetpass" class="btn btn-primary navbar-btn navbar-right "role="button" ><span class="glyphicon glyphicon-wrench"></span></a>
         <ul class="nav navbar-nav navbar-right">
           <li class="navbar-text">Hello <b> {{ user }}!</b></li>
         </ul>
diff --git a/templates/passwd_reset.html b/templates/passwd_reset.html
new file mode 100644
index 0000000..9ab71f2
--- /dev/null
+++ b/templates/passwd_reset.html
@@ -0,0 +1,34 @@
+{% extends "layout.html" %}
+{% block body %}
+<h1> Password Reset: </h1>
+<form  method="post" role="form" data-toggle="validator">
+  <div class="form-group">
+    <label class="control-label col-sm-4" for="pw">Current Password:</label>
+    <div class="col-xs-4 input-group">
+      <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
+      <input type="password" class="form-control"  placeholder="Current Password" id="current_passwd" name="current_passwd">
+    </div>
+  </div>
+  <div class="form-group">
+    <label class="control-label col-sm-4" for="pw">New Password:</label>
+    <div class="col-xs-4 input-group">
+      <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
+      <input type="password" class="form-control"  placeholder="Enter password" id="pw" name="pw">
+    </div>
+  </div>
+  <div class="form-group">
+    <label class="control-label col-sm-4" for="pw">Verify Password:</label>
+    <div class="col-xs-4 input-group">
+      <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
+      <input type="password" class="form-control"  placeholder="Enter password" id="pw_verify" name="pw_verify">
+    </div>
+  </div>
+  <div class="form-group">
+    <div class="col-sm-offset-4">
+      <button type="submit" class="btn btn-primary">Submit</button>
+    </div>
+  </div>
+</form>
+
+
+{% endblock %}