--- /dev/null
+from flask import render_template, flash, redirect, session, url_for, request, g
+from flask_login import login_user, logout_user, current_user, login_required
+from app import app, db, lm
+from .forms import LoginForm, RegisterForm
+from .models import User
+from werkzeug.security import generate_password_hash, check_password_hash
+from sqlalchemy import exc
+
+class DBException(Exception):
+ pass
+
+@app.before_request
+def before_request():
+ g.user = current_user
+
+@lm.user_loader
+def load_user(id):
+ return User.query.get(int(id))
+
+@app.route('/')
+@app.route('/index')
+def index():
+ user = g.user
+ return render_template('index.html',
+ title='Home',
+ user=user)
+
+@app.route('/login', methods=['GET', 'POST'])
+def login():
+ if g.user is not None and g.user.is_authenticated:
+ return redirect(url_for('index'))
+ form = LoginForm()
+ if form.validate_on_submit():
+ user = User.query.filter_by(username=form.username.data).first()
+ if user is None:
+ flash('Username or password is wrong. Please try again.')
+ else:
+ if check_password_hash(user.password, form.password.data):
+ app.logger.info("Login: %s" % user)
+ remember_me = form.remember_me.data
+ if 'remember_me' in session:
+ session.pop('remember_me', None)
+ login_user(user, remember = remember_me)
+ return redirect(request.args.get('next') or url_for('index'))
+ else:
+ flash('Username or password is wrong. Please try again')
+ return render_template('login.html',
+ title='Sign In',
+ form=form)
+
+@app.route('/logout')
+def logout():
+ logout_user()
+ return redirect(url_for('index'))
+
+@app.route('/user/<username>')
+@login_required
+def user(username):
+ user = User.query.filter_by(username=username).first()
+ if user is None:
+ flash('User %s not found.' % username)
+ return redirect(url_for('index'))
+ app.logger.info("Show profile: %s" % user)
+ return render_template('user.html',
+ title='Profile',
+ user=user)
+
+@app.route('/register', methods=['GET', 'POST'])
+def register():
+ form = RegisterForm()
+ if form.validate_on_submit():
+ if form.password.data == form.passwordchk.data:
+ try:
+ username=form.username.data
+ email=form.email.data
+ u = User.query.filter_by(username=username).first()
+ if u:
+ raise DBException("%s: Username exist" % username)
+ e = User.query.filter_by(email=email).first()
+ if e:
+ raise DBException("%s: Email exist" % email)
+ hashed_password = generate_password_hash(form.password.data, method='sha256')
+ new_user = User(name=form.name.data, username=form.username.data, email=form.email.data, password=hashed_password)
+ except DBException as ex:
+ db.session.rollback()
+ flash(ex)
+ except exc.IntegrityError as ex:
+ db.session.rollback()
+ flash('Create user failed: %s' % ex)
+ except:
+ db.session.rollback()
+ flash('Unknown error')
+ else:
+ db.session.add(new_user)
+ db.session.commit()
+ app.logger.warning("Registered: %s" % new_user)
+ flash('You have been registered with username "%s"' % form.username.data)
+ return redirect(url_for('login'))
+ else:
+ flash('Password did not match password check')
+ return render_template('register.html',
+ title='Register',
+ form=form)
+
+@app.route('/resetpwd')
+def resetpwd():
+ return '<h1>resetpwd</h1>'
+
+@app.route('/search')
+def search():
+ return '<h1>search</h1>'
+
+@app.route('/admin')
+#@login_required
+def admin():
+ try:
+ if g.user is not None and g.user.is_admin:
+ app.logger.warning("Enter Admin area: %s" % g.user)
+ return '<h1>Admin</h1>'
+ except AttributeError:
+ pass
+ app.logger.critical("Tried to enter Admin area: %s" % g.user)
+ return redirect(url_for('index'))
+
+