diff options
Diffstat (limited to 'famille.py')
| -rw-r--r-- | famille.py | 19 |
1 files changed, 14 insertions, 5 deletions
@@ -30,7 +30,7 @@ def close_db_connection(exception): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): - if 'name' not in session: + if 'user_name' not in session: return redirect(url_for('login', next=request.url)) return f(*args, **kwargs) return decorated_function @@ -43,7 +43,6 @@ def main(): @app.route('/news/') @login_required def list_news(): - print "toto" news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id") return render_template("news/list.html", news=news) @@ -54,7 +53,7 @@ def add_news(): cur = g.db.execute("INSERT INTO news ('title', 'content', 'user_id') " "VALUES (?, ?, ?)", (request.form['title'], request.form['content'], - session['user_id'])) + session['user_id'])) news_id = cur.lastrowid g.db.commit() return redirect(url_for('show_news', news_id=news_id)) @@ -68,8 +67,11 @@ def show_news(news_id): "WHERE news.id = ?", (news_id,), True) return render_template("news/show.html", news=news) -@app.route('/login', methods=['GET', 'POST']) +@app.route('/login/', methods=['GET', 'POST']) def login(): + if 'user_name' in session: + return redirect(url_for('list_news')) + error = None if request.method == 'POST': username = request.form['username'] @@ -77,7 +79,7 @@ def login(): user = query_db('select * from users where name = ?', (username,), True) if user: if user['password'] == password: - session['name'] = user['name'] + session['user_name'] = user['name'] session['user_id'] = user['id'] return redirect(url_for('list_news')) else: @@ -86,5 +88,12 @@ def login(): error = u'Utilisateur non enregistré' return render_template('login.html', error=error) +@app.route('/logout/') +@login_required +def logout(): + session.pop('user_name', None) + session.pop('user_id', None) + return redirect(url_for('login')) + if __name__=="__main__": app.run() |