Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from flask import Flask,request,render_template,flash,redirect,url_for,session,logging
- from flask_mysqldb import MySQL
- from wtforms import Form ,StringField,TextAreaField,PasswordField,validators
- from passlib.hash import sha256_crypt
- from functools import wraps
- app=Flask(__name__)
- app.debug=True
- #config MySQL
- app.config['MYSQL_HOST']='localhost'
- app.config['MYSQL_USER']='root'
- app.config['MYSQL_PASSWORD']=''
- app.config['MYSQL_DB']='tada'
- app.config['MYSQL_CURSORCLASS']='DictCursor'
- #initialize MYSQL
- mysql=MySQL(app)
- #Articles=Articles()
- @app.route('/')
- def index():
- return render_template('index.html')
- #register form class
- class RegisterForm(Form):
- username=StringField('Username',[validators.Length(min=4,max=25)])
- password=PasswordField('Password',[
- validators.DataRequired(),
- validators.EqualTo('confirm',message='Password do not match')
- ])
- confirm=PasswordField('Confirm Password')
- #user register
- @app.route('/register',methods=['GET','POST'])
- def register():
- form=RegisterForm(request.form)
- if(request.method == 'POST' and form.validate()):
- username=form.username.data
- password=sha256_crypt.encrypt(str(form.password.data))
- #create cursor
- cur=mysql.connection.cursor()
- x = cur.execute("SELECT * FROM users WHERE username = (%s)",
- (thwart(username)))
- if int(x) > 0:
- flash("That username is already taken, please choose another")
- return render_template('register.html', form=form)
- else:
- cur.execute("INSERT INTO users(username,password) VALUES(%s, %s)",(username,password))
- #connect to DB
- mysql.connection.commit()
- #close connection
- cur.close()
- flash('You are now registered and can log in','success')
- return redirect(url_for('index'))
- return render_template('register.html',form=form)
- #User Login
- @app.route('/login',methods=['GET','POST'])
- def login():
- if(request.method=='POST'):
- username=request.form['username']
- password_candidate=request.form['password']
- #create cursor
- cur=mysql.connection.cursor()
- #get user by username
- result=cur.execute("SELECT * FROM users WHERE username = %s",[username])
- if(result>0):
- #get shored hash
- data =cur.fetchone()
- password=data['password']
- #compare password
- if(sha256_crypt.verify(password_candidate,password)):
- app.logger.info('PASSWORD MATCHED')
- #passed
- session['logged_in']=True
- session['username']=username
- flash('You are now logged in','success')
- return redirect(url_for('index'))
- else:
- app.logger.info('PASSWORD NOT MATCHED')
- error='Incorrect Password'
- return render_template('login.html',error=error)
- cur.close()
- else:
- app.logger.info('NO USER')
- error='Username not found'
- return render_template('login.html',error=error)
- return render_template('login.html')
- #check if user is logged in
- def is_logged_in(f):
- @wraps(f)
- def wrap(*args, **kwargs):
- if 'logged_in' in session:
- return f(*args, **kwargs)
- else:
- flash('Unauthorized, Please login', 'danger')
- return redirect(url_for('login'))
- return wrap
- #logout
- @app.route('/logout')
- @is_logged_in
- def logout():
- session.clear()
- flash('You are now logged out ','success')
- return redirect(url_for('login'))
- app.secret_key="secret123"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement