Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
6005CEM/cw1_4
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
58 lines (48 sloc)
2.14 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.route("/user/<userId>/update", methods=["GET","POST"]) | |
def updateUser(userId): | |
""" | |
Process any chances from the user settings page | |
""" | |
from flask import escape | |
#Check for user | |
if not flask.session["user"]: | |
flask.flash("You need to be logged in") | |
return flask.redirect(flask.url_for("index")) | |
if flask.session["user"] != int(userId): | |
flask.flash("Forbidden") | |
return flask.redirect(flask.url_for("index")) | |
def getHashedPasswd(plainPasswd): | |
import hashlib | |
salt='salt' | |
passwd_salt = (salt + plainPasswd).encode('utf-8') | |
hashed_password = hashlib.md5(passwd_salt).hexdigest() | |
return hashed_password | |
theQry = "Select * FROM User WHERE id = '{0}'".format(userId) | |
thisUser = query_db(theQry, one=True) | |
if not thisUser: | |
flask.flash("No Such User") | |
return flask.redirect(flask_url_for("index")) | |
#otherwise we want to do the checks | |
if flask.request.method == "POST": | |
current = flask.request.form.get("current") | |
current = getHashedPasswd(current) | |
password = flask.request.form.get("password") | |
password = getHashedPasswd(password) | |
app.logger.info("Attempt password update for %s from %s to %s", userId, current, password) | |
app.logger.info("%s == %s", current, thisUser["password"]) | |
if current: | |
if current == thisUser["password"]: | |
app.logger.info("Password OK, update") | |
#Update the Password | |
theSQL = f"UPDATE user SET password = ? WHERE id = ?" | |
print( theSQL) | |
app.logger.info("SQL %s", theSQL) | |
write_db(theSQL,(password, userId)) | |
flask.flash("Password Updated") | |
else: | |
app.logger.info("Mismatch") | |
flask.flash("Current Password is incorrect") | |
return flask.redirect(flask.url_for("settings", | |
userId = thisUser['id'])) | |
flask.flash("Update Error") | |
return flask.redirect(flask.url_for("settings", userId=userId)) |