I’ve been learning python’s flask module to create websites/apis.
I was trying to make a site where I can create a user, log into that user and change the user’s password.
Here’s my code. I wanted to send a post request with the user’s username and current password and new password from /cp_user/<username> to /cp_func
# environ and getenv have been imported from os module
def users():
with open("users", "r") as usersfile:
userslist = usersfile.read().splitlines()
return userslist
@app.route("/cp_func", methods=["POST"])
def cp_func():
username=request.form["username"].strip()
password=request.form["password"].strip()
new_password=request.form["new_password"].strip()
if username == "":
return """<h1>username cannot be empty!</h1>
<p>you have entered an empty username!</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>"""
if password == "":
return """<h1>current password cannot be empty!</h1>
<p>you have entered an empty current password!</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>"""
if new_password == "":
return """<h1>new password cannot be empty!</h1>
<p>you have entered an empty new password!</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>"""
if username in users():
if getenv(username+":PASS") == None:
environ[username+":PASS"] = new_password
success = True
elif getenv(username+":PASS") == password:
environ[username+":PASS"] = new_password
success = True
else:
success = False
if success:
return """<form action = "http://localhost:5000/home" method = "post">
<h1>Password changed!</h1>
<p>Your password for account `{0}` was changed to `{1}`</p>
<input type = "submit" value = "Goto Home">
<a href="http://127.0.0.1:5000/">Return to main site</a>
</form>""".format(username, new_password)
else:
return """<h>Access Denied</h1>
<p>you wanted to change the password of `{0}` but failed miserably by entering the wrong password, and what you entered was `{1}`</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>""".format(username, password)
else:
return """<h1>user not found</h1>
<p>you wanted to change the password of `{0}` but failed miserably by specifying a non-existing user</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>""".format(username)
@app.route("/cp_user/<username>")
def cp_user(username):
if username == "":
return """<h1>username cannot be empty!</h1>
<p>you have entered an empty username!</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>"""
if username in users():
return """
<form action="http://127.0.0.1:5000/cp_func" method="post">
<table>
<tr><td><h1>Change Password</h1></td></tr>
<tr><td><h4>Changing username for {0}</h4></td></tr>
<tr><td>Current Password</td>
<td><input type="password" name="password"></td></tr>
<tr><td>New Password</td>
<td><input type="password" name="new_password"></td></tr>
<tr><td><input type="submit" value="Change"></td></tr>
<tr><td><a href="http://127.0.0.1:5000/">Go back to the main site</a></td></tr>
</table>
</form>
""".format(username)
else:
return """<h1>user not found</h1>
<p>you wanted to change the password of `{0}` but failed miserably by specifying a non-existing user</p>
<a href="http://127.0.0.1:5000/">Return to main site</a>""".format(username)
here’s the HTML separately, if you needed it
<form action="http://127.0.0.1:5000/cp_func" method="post">
<table>
<tr><td><h1>Change Password</h1></td></tr>
<tr><td><h4>Changing username for {0}</h4></td></tr>
<tr><td>Current Password</td>
<td><input type="password" name="password"></td></tr>
<tr><td>New Password</td>
<td><input type="password" name="new_password"></td></tr>
<tr><td><input type="submit" value="Change"></td></tr>
<tr><td><a href="http://127.0.0.1:5000/">Go back to the main site</a></td></tr>
</table>
</form>
I’m still learning about HTML, and I’ve been searching for a solution for 5 hours straight but still couldn’t find a solution to my problem.
Thanks in advance for helping me.
>Solution :
The form needs an input field with the username. You can use a hidden input for this.
if username in users():
return """
<form action="http://127.0.0.1:5000/cp_func" method="post">
<table>
<tr><td><h1>Change Password</h1></td></tr>
<tr><td><h4>Changing username for {0}</h4><input type="hidden" name="username" value="{1}"></td></tr>
<tr><td>Current Password</td>
<td><input type="password" name="password"></td></tr>
<tr><td>New Password</td>
<td><input type="password" name="new_password"></td></tr>
<tr><td><input type="submit" value="Change"></td></tr>
<tr><td><a href="http://127.0.0.1:5000/">Go back to the main site</a></td></tr>
</table>
</form>
""".format(username, username)