#----------------
# Login / Logout
+def valid_login(username, password):
+ return username == app.config['USERNAME'] and password == app.config['PASSWORD']
+
@app.route('/login', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
- if request.form['username'] != app.config['USERNAME']:
- error = 'Invalid username'
- elif request.form['password'] != app.config['PASSWORD']:
- error = 'Invalid password'
- else:
- session['logged_in'] = True
- session['nickname'] = request.form['username']
- if session['nickname'] == 'admin':
+ if valid_login(request.form['username'], request.form['password']):
+ session['username'] = request.form['username']
+ if session['username'] == 'admin':
session['is_admin'] = True
flash('You were logged in')
return redirect(url_for('home'))
+ else:
+ error = "Invalid username/password"
return render_template('login.html', error=error)
@app.route('/logout')
def logout():
- session.pop('logged_in', None)
+ session.pop('username', None)
+ session.pop('is_admin', None)
flash('You were logged out')
return redirect(url_for('home'))
#---------------
# User settings
+@app.route('/user/settings/<username>')
+def show_settings(username):
+ if username != session['username']:
+ abort(401)
+
#------------
# User admin
@app.route('/votes/admin/new')
def new_vote():
- if not session.get('logged_in'):
+ if not session.get('is_admin'):
abort(401)
return render_template('new_vote.html')
@app.route('/votes/admin/add', methods=['POST'])
def add_vote():
- if not session.get('logged_in'):
+ if not session.get('is_admin'):
abort(401)
date_begin = date.today()
date_end = date.today() + timedelta(days=int(request.form['days']))