+ return render_template('show_user.html')
+
+@app.route('/user/settings/<username>', methods=['GET', 'POST'])
+def user_settings(username):
+ if username != session.get('username'):
+ abort(401)
+ if request.method == 'POST':
+ g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?',
+ [request.form['email'], request.form['name'], request.form['organization'], session['userid']])
+ g.db.commit()
+ disconnect_user()
+ flash(u'Votre profil a été mis à jour !', 'success')
+ return redirect(url_for('login'))
+ return render_template('user_settings.html')
+
+@app.route('/user/password/<username>', methods=['GET', 'POST'])
+def user_password(username):
+ if username != session.get('username'):
+ abort(401)
+ if request.method == 'POST':
+ if request.form['password'] == request.form['password2']:
+ # :TODO:maethor:120528: Chiffrer le mot de passe !
+ g.db.execute('update users set password = ? where id = ?', [request.form['password'], session['userid']])
+ g.db.commit()
+ flash(u'Votre mot de passe a été mis à jour.', 'success')
+ else:
+ flash(u'Les mots de passe sont différents.', 'error')