Remove logged_in variable

diff --git a/main.py b/main.py
index d6f01db..77310af 100755 (executable)
--- a/main.py
+++ b/main.py
@@ -36,31 +36,37 @@ def home():
 #----------------
 # Login / Logout
 
+def valid_login(username, password):
+    return username == app.config['USERNAME'] and password == app.config['PASSWORD']
+
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     error = None
     if request.method == 'POST':
-        if request.form['username'] != app.config['USERNAME']:
-            error = 'Invalid username'
-        elif request.form['password'] != app.config['PASSWORD']:
-            error = 'Invalid password'
-        else:
-            session['logged_in'] = True
-            session['nickname'] = request.form['username']
-            if session['nickname'] == 'admin':
+        if valid_login(request.form['username'], request.form['password']):
+            session['username'] = request.form['username']
+            if session['username'] == 'admin':
                 session['is_admin'] = True
             flash('You were logged in')
             return redirect(url_for('home'))
+        else:
+            error = "Invalid username/password"
     return render_template('login.html', error=error)
 
 @app.route('/logout')
 def logout():
-    session.pop('logged_in', None)
+    session.pop('username', None)
+    session.pop('is_admin', None)
     flash('You were logged out')
     return redirect(url_for('home'))
 
 #---------------
 # User settings
+@app.route('/user/settings/<username>')
+def show_settings(username):
+    if username != session['username']:
+        abort(401)
+
 
 #------------
 # User admin
@@ -89,13 +95,13 @@ def show_votes(votes):
 
 @app.route('/votes/admin/new')
 def new_vote():
-    if not session.get('logged_in'):
+    if not session.get('is_admin'):
         abort(401)
     return render_template('new_vote.html')
 
 @app.route('/votes/admin/add', methods=['POST'])
 def add_vote():
-    if not session.get('logged_in'):
+    if not session.get('is_admin'):
         abort(401)
     date_begin = date.today()
     date_end = date.today() + timedelta(days=int(request.form['days']))

diff --git a/templates/layout.html b/templates/layout.html
index 78f4ece..ce4b89b 100644 (file)
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -30,10 +30,8 @@
       {% endif %}
     </div>
     <div class="btn-group pull-right">
-      {% if not session.logged_in %}
-      <a class="btn btn-primary" href="{{ url_for('login') }}"><i class="icon-user icon-white"></i> Connexion</a>
-      {% else %}
-      <a href="#" class="btn"><i class="icon-user"></i> {{ session.nickname }}</a>
+      {% if 'username' in session %}
+      <a href="#" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
       <a href="#" class="btn dropdown-toggle" data-toggle="dropdown"><b class="caret"></b></a>
       <ul class="dropdown-menu pull-right">
         <li><a href=""><i class="icon-comment"></i> Votes en attente</a></li>
@@ -41,6 +39,8 @@
         <li class="divider"></li>
         <li><a href="{{ url_for('logout') }}"><i class="icon-off"></i> Déconnexion</a></li>
       </ul>
+      {% else %}
+      <a class="btn btn-primary" href="{{ url_for('login') }}"><i class="icon-user icon-white"></i> Connexion</a>
       {% endif %}
     </div>
   </div>