login added

928b04dd · Vladislav Rykov · 0e9e4833 · 928b04dd · 928b04dd · 928b04dd
Commit 928b04dd authored Apr 07, 2020 by Vladislav Rykov
--- a/server.py
+++ b/server.py
@@ -35,16 +35,21 @@ def chk_user(name, password):
        conn = psycopg2.connect('dbname=gateway')
        cur  = conn.cursor()
        query = """
-        INSERT INTO
+        SELECT * FROM
            users
-        VALUES
+        WHERE 
-            (%s, %s)
+            name = %s
        """
-        cur.execute(query, (name, bcrypt.hashpw(password, bcrypt.gensalt())))
+        cur.execute(query, (name,))
-        conn.commit()
+        user = cur.fetchall()[0]
-        print('User added')
+        if user[1].encode('utf-8') == bcrypt.hashpw(password, user[1].encode('utf-8')):
+            session['name'] = user[0]
+            print('User logged in')
+        else:
+            suc = (False, 'Password or username do not match')
    except (Exception, psycopg2.DatabaseError) as error:
-        print('Error adding a user: ', error)
+        print('Error querying a user: ', error)
        suc = (False, error)
    finally:
        if (conn):
@@ -54,7 +59,6 @@ def chk_user(name, password):
    return suc
 @app.route('/')
 def index():
    return render_template('index.html')
@@ -65,7 +69,7 @@ def signup():
        return render_template('signup.html')
    else: 
        username = request.form['username']
-        password = request.form['password']
+        password = request.form['password'].encode('utf-8')
        if (username == '' or password == ''):
            feedback = 'Username or password fields cannot be empty'
@@ -74,18 +78,18 @@ def signup():
            res, msg = new_user(username, password)
            if (not res):
                return render_template('signup.html', feedback=msg)
+            else:
                session['name'] = username
                return redirect(url_for('index'))
 @app.route('/login', methods=['GET', 'POST'])
-def signup():
+def login():
    if request.method == 'GET':
        return render_template('login.html')
    else: 
        username = request.form['username']
-        password = request.form['password']
+        password = request.form['password'].encode('utf-8')
        if (username == '' or password == ''):
            feedback = 'Username or password fields cannot be empty'
@@ -93,13 +97,19 @@ def signup():
        else:
            res, msg = chk_user(username, password)
            if (not res):
-                return render_template('signup.html', feedback=msg)
+                return render_template('login.html', feedback=msg)
+            else:
                session['name'] = username
                return redirect(url_for('index'))
+@app.route('/logout')
+def logout():
+    session.clear()
+    return redirect(url_for('index'))
 @app.route('/apps')
 def apps():
    return '<h1>Manage your apps, ' + app.conf['username'] + '</h1>'

--- a/templates/layout.html
+++ b/templates/layout.html
@@ -21,7 +21,7 @@
 	        	</div>
        		<div id="navbar" class="collapse navbar-collapse">
 	        		<ul class="nav navbar-nav">
-        	    			<li><a href="#">Home</a></li>
+        	    			<li><a href="/index">Home</a></li>
 					{% if session['name'] %}
 	            			<li><a href="/logout">Logout</a></li>
 					{% else %}

--- a/templates/login.html
+++ b/templates/login.html
@@ -6,7 +6,7 @@
 <div class="row">
 	<div class="col-md-6 col-md-offset3">
-		<form action="signup" method="post">
+		<form action="login" method="post">
 			<div class="form-group">
 				<label>Username:</label><br>
 				<input type="text" id="username" name="username"><br>