from flask import render_template, flash, redirect, session, url_for, request, g from flask_login import login_user, logout_user, current_user, login_required from app import app, db, lm from .forms import LoginForm, RegisterForm from .models import User from werkzeug.security import generate_password_hash, check_password_hash from sqlalchemy import exc class DBException(Exception): pass @app.before_request def before_request(): g.user = current_user @lm.user_loader def load_user(id): return User.query.get(int(id)) @app.route('/') @app.route('/index') def index(): user = g.user return render_template('index.html', title='Home', user=user) @app.route('/login', methods=['GET', 'POST']) def login(): if g.user is not None and g.user.is_authenticated: return redirect(url_for('index')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is None: flash('Username or password is wrong. Please try again.') else: if check_password_hash(user.password, form.password.data): app.logger.info("Login: %s" % user) remember_me = form.remember_me.data if 'remember_me' in session: session.pop('remember_me', None) login_user(user, remember = remember_me) return redirect(request.args.get('next') or url_for('index')) else: flash('Username or password is wrong. Please try again') return render_template('login.html', title='Sign In', form=form) @app.route('/logout') def logout(): logout_user() return redirect(url_for('index')) @app.route('/user/') @login_required def user(username): user = User.query.filter_by(username=username).first() if user is None: flash('User %s not found.' % username) return redirect(url_for('index')) app.logger.info("Show profile: %s" % user) return render_template('user.html', title='Profile', user=user) @app.route('/register', methods=['GET', 'POST']) def register(): form = RegisterForm() if form.validate_on_submit(): if form.password.data == form.passwordchk.data: try: username=form.username.data email=form.email.data u = User.query.filter_by(username=username).first() if u: raise DBException("%s: Username exist" % username) e = User.query.filter_by(email=email).first() if e: raise DBException("%s: Email exist" % email) hashed_password = generate_password_hash(form.password.data, method='sha256') new_user = User(name=form.name.data, username=form.username.data, email=form.email.data, password=hashed_password) except DBException as ex: db.session.rollback() flash(ex) except exc.IntegrityError as ex: db.session.rollback() flash('Create user failed: %s' % ex) except: db.session.rollback() flash('Unknown error') else: db.session.add(new_user) db.session.commit() app.logger.warning("Registered: %s" % new_user) flash('You have been registered with username "%s"' % form.username.data) return redirect(url_for('login')) else: flash('Password did not match password check') return render_template('register.html', title='Register', form=form) @app.route('/resetpwd') def resetpwd(): return '

resetpwd

' @app.route('/search') def search(): return '

search

' @app.route('/admin') #@login_required def admin(): try: if g.user is not None and g.user.is_admin: app.logger.warning("Enter Admin area: %s" % g.user) return '

Admin

' except AttributeError: pass app.logger.critical("Tried to enter Admin area: %s" % g.user) return redirect(url_for('index'))