#----------------
# Login / Logout
+def valid_login(username, password):
+ return username == app.config['USERNAME'] and password == app.config['PASSWORD']
+
@app.route('/login', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
- if request.form['username'] != app.config['USERNAME']:
- error = 'Invalid username'
- elif request.form['password'] != app.config['PASSWORD']:
- error = 'Invalid password'
- else:
- session['logged_in'] = True
- session['nickname'] = request.form['username']
- if session['nickname'] == 'admin':
+ if valid_login(request.form['username'], request.form['password']):
+ session['username'] = request.form['username']
+ if session['username'] == 'admin':
session['is_admin'] = True
flash('You were logged in')
return redirect(url_for('home'))
+ else:
+ error = "Invalid username/password"
return render_template('login.html', error=error)
@app.route('/logout')
def logout():
- session.pop('logged_in', None)
+ session.pop('username', None)
+ session.pop('is_admin', None)
flash('You were logged out')
return redirect(url_for('home'))
#---------------
# User settings
+@app.route('/user/settings/<username>')
+def show_settings(username):
+ if username != session['username']:
+ abort(401)
+
#------------
# User admin
@app.route('/votes/admin/new')
def new_vote():
- if not session.get('logged_in'):
+ if not session.get('is_admin'):
abort(401)
return render_template('new_vote.html')
@app.route('/votes/admin/add', methods=['POST'])
def add_vote():
- if not session.get('logged_in'):
+ if not session.get('is_admin'):
abort(401)
date_begin = date.today()
date_end = date.today() + timedelta(days=int(request.form['days']))
{% endif %}
</div>
<div class="btn-group pull-right">
- {% if not session.logged_in %}
- <a class="btn btn-primary" href="{{ url_for('login') }}"><i class="icon-user icon-white"></i> Connexion</a>
- {% else %}
- <a href="#" class="btn"><i class="icon-user"></i> {{ session.nickname }}</a>
+ {% if 'username' in session %}
+ <a href="#" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
<a href="#" class="btn dropdown-toggle" data-toggle="dropdown"><b class="caret"></b></a>
<ul class="dropdown-menu pull-right">
<li><a href=""><i class="icon-comment"></i> Votes en attente</a></li>
<li class="divider"></li>
<li><a href="{{ url_for('logout') }}"><i class="icon-off"></i> Déconnexion</a></li>
</ul>
+ {% else %}
+ <a class="btn btn-primary" href="{{ url_for('login') }}"><i class="icon-user icon-white"></i> Connexion</a>
{% endif %}
</div>
</div>