diff options
Diffstat (limited to 'famille.py')
| -rw-r--r-- | famille.py | 41 |
1 files changed, 10 insertions, 31 deletions
@@ -107,7 +107,15 @@ def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if 'user_name' not in session: - return redirect(url_for('login', next=request.url)) + user = query_db('select * from users where id = ?', + (request.headers["X-Remote-User"],), True) + session['user_name'] = user['user_name'] + session['user_id'] = user['id'] + session['timezone'] = user['timezone'] or "UTC" + db = get_db() + db.execute("UPDATE users SET last_seen=? WHERE id=?", + (datetime.utcnow(), session['user_id'])) + db.commit() return f(*args, **kwargs) return decorated_function @@ -283,41 +291,12 @@ def edit_user(): return redirect(url_for('view_user', user_id=session['user_id'])) -@app.route('/login/', methods=['GET', 'POST']) -def login(): - if 'user_name' in session: - return redirect(url_for('list_news')) - - if request.method == 'POST': - username = request.form['username'] - password = hashlib.md5(request.form['password'].encode()).hexdigest() - user = query_db('select * from users where user_name = ?', - (username,), True) - if user: - if user['password'] == password: - session['user_name'] = user['user_name'] - session['user_id'] = user['id'] - session['timezone'] = user['timezone'] or "UTC" - db = get_db() - db.execute("UPDATE users SET last_seen=? WHERE id=?", - (datetime.utcnow(), session['user_id'])) - db.commit() - return redirect(url_for('list_news')) - else: - flash('Mot de passe incorrect') - return redirect(url_for('login')) - else: - flash('Utilisateur non enregistré') - return redirect(url_for('login')) - return render_template('login.html') - - @app.route('/logout/') @login_required def logout(): session.pop('user_name', None) session.pop('user_id', None) - return redirect(url_for('login')) + return redirect(url_for('list_news')) @app.route('/rss.xml') |