flash(u"Un mail a été envoyé à " + user['email'], 'info')
return render_template('password_lost.html')
-@app.route('/login/<username>/<key>')
-def login_key(username, key):
- user = query_db('select * from users where email = ? and key = ?', [username, key], one=True)
+@app.route('/login/<userid>/<key>')
+def login_key(userid, key):
+ user = query_db('select * from users where id = ? and key = ?', [userid, key], one=True)
if user is None:
abort(404)
else:
connect_user(user)
# :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée
flash(u"Veuillez mettre à jour votre mot de passe", 'info')
- return redirect(url_for('user_password'), username=user['name'])
+ return redirect(url_for('user_password'), userid=user['userid'])
#---------------
# User settings
-@app.route('/user/<username>')
-def show_user(username):
- if username != session.get('username'):
+@app.route('/user/<userid>')
+def show_user(userid):
+ if int(userid) != session.get('userid'):
abort(401)
return render_template('show_user.html')
-@app.route('/user/settings/<username>', methods=['GET', 'POST'])
-def user_settings(username):
- if username != session.get('username'):
+@app.route('/user/settings/<userid>', methods=['GET', 'POST'])
+def user_settings(userid):
+ if int(userid) != session.get('userid'):
abort(401)
if request.method == 'POST':
g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?',
[request.form['email'], request.form['name'], request.form['organization'], session['userid']])
g.db.commit()
- disconnect_user()
+ disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D
flash(u'Votre profil a été mis à jour !', 'success')
return redirect(url_for('login'))
return render_template('user_settings.html')
-@app.route('/user/password/<username>', methods=['GET', 'POST'])
-def user_password(username):
- if username != session.get('username'):
+@app.route('/user/password/<userid>', methods=['GET', 'POST'])
+def user_password(userid):
+ if int(userid) != session.get('userid'):
abort(401)
if request.method == 'POST':
if request.form['password'] == request.form['password2']:
</div>
<div class="btn-group pull-right">
{% if 'username' in session %}
- <a href="{{ url_for('show_user', username=session.username) }}" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
+ <a href="{{ url_for('show_user', userid=session.userid) }}" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
<a href="#" class="btn dropdown-toggle" data-toggle="dropdown"><b class="caret"></b></a>
<ul class="dropdown-menu pull-right">
<li><a href=""><i class="icon-comment"></i> Votes en attente</a></li>
- <li><a href="{{ url_for('user_settings', username=session.username) }}"><i class="icon-cog"></i> Paramètres</a></li>
+ <li><a href="{{ url_for('user_settings', userid=session.userid) }}"><i class="icon-cog"></i> Paramètres</a></li>
<li class="divider"></li>
<li><a href="{{ url_for('logout') }}"><i class="icon-off"></i> Déconnexion</a></li>
</ul>
<h2>{{ session.username }}</h2>
<div class="row">
<div class="span6 well">
- <form class="form-horizontal" action="{{ url_for('user_settings', username=session.username) }}" method="post">
+ <form class="form-horizontal" action="{{ url_for('user_settings', userid=session.userid) }}" method="post">
<fieldset><legend>Mise à jour du profil utilisateur</legend>
<div class="alert"><strong>Attention :</strong> À l'issue de ce formulaire, vous devrez vous reconnecter</div>
<div class="control-group">
</div>
<div class="span5 well">
- <form class="form-horizontal" action="{{ url_for('user_password', username=session.username) }}" method="post">
+ <form class="form-horizontal" action="{{ url_for('user_password', userid=session.userid) }}" method="post">
<fieldset><legend>Modification du mot de passe</legend>
<div class="control-group">
<label class="control-label" for="password">Mot de passe</label>