change password fix
This commit is contained in:
118
app.py
118
app.py
@@ -13,7 +13,6 @@ from functools import wraps
|
||||
from werkzeug.utils import secure_filename
|
||||
from werkzeug.security import generate_password_hash, check_password_hash
|
||||
|
||||
|
||||
DATABASE = os.path.join(os.path.dirname(__file__), "avent.db")
|
||||
UPLOAD_FOLDER = os.path.join(os.path.dirname(__file__), "static", "uploads")
|
||||
os.makedirs(UPLOAD_FOLDER, exist_ok=True)
|
||||
@@ -22,7 +21,7 @@ ALLOWED_EXTENSIONS = {"png", "jpg", "jpeg", "gif"}
|
||||
app = Flask(__name__)
|
||||
app.secret_key = "change-me-super-secret-key-2025"
|
||||
app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER
|
||||
app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024 # Max 5 MB
|
||||
app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024 # Max 5 MB upload
|
||||
|
||||
def allowed_file(filename):
|
||||
return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
|
||||
@@ -48,7 +47,6 @@ def init_db():
|
||||
if cur.fetchone()['c'] == 0:
|
||||
hashed_admin = generate_password_hash("admin")
|
||||
db.execute("INSERT INTO user (username, password) VALUES (?, ?)", ("admin", hashed_admin))
|
||||
|
||||
|
||||
cur = db.execute("SELECT COUNT(*) AS c FROM project")
|
||||
if cur.fetchone()['c'] == 0:
|
||||
@@ -61,10 +59,14 @@ def init_db():
|
||||
24
|
||||
)
|
||||
).lastrowid
|
||||
people_list = ["User1"]
|
||||
people_list = ["Valentin", "Nicolas", "Victor", "Julie", "Louis", "Alexandre", "David", "Raphaël"]
|
||||
for name in people_list:
|
||||
db.execute("INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", (project_id, name))
|
||||
db.execute(
|
||||
"INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)",
|
||||
(project_id, name)
|
||||
)
|
||||
recalc_max_draws_for_project(project_id)
|
||||
|
||||
db.commit()
|
||||
|
||||
def get_user_by_username(username):
|
||||
@@ -78,7 +80,6 @@ def check_login(username, password):
|
||||
return user
|
||||
return None
|
||||
|
||||
|
||||
def login_required(fn):
|
||||
@wraps(fn)
|
||||
def wrapped(*args, **kwargs):
|
||||
@@ -315,48 +316,6 @@ def admin_projects():
|
||||
|
||||
projects = get_project()
|
||||
return render_template("admin_projects.html", projects=projects)
|
||||
@app.route("/admin/change-password", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def admin_change_password():
|
||||
"""Page admin pour changer le mot de passe"""
|
||||
db = get_db()
|
||||
|
||||
if request.method == "POST":
|
||||
current_password = request.form.get("current_password")
|
||||
new_password = request.form.get("new_password")
|
||||
confirm_password = request.form.get("confirm_password")
|
||||
|
||||
# Récupérer l'utilisateur connecté
|
||||
user_id = session.get("user_id")
|
||||
cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,))
|
||||
user = cur.fetchone()
|
||||
|
||||
if not user:
|
||||
flash("Erreur utilisateur.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
# Vérifier mot de passe actuel
|
||||
if not check_password_hash(user["password"], current_password):
|
||||
flash("Mot de passe actuel incorrect.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
# Vérifications
|
||||
if new_password != confirm_password:
|
||||
flash("Les nouveaux mots de passe ne correspondent pas.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
if len(new_password) < 6:
|
||||
flash("Le nouveau mot de passe doit faire au moins 6 caractères.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
# Hash et mise à jour
|
||||
hashed_password = generate_password_hash(new_password)
|
||||
db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id))
|
||||
db.commit()
|
||||
flash("✅ Mot de passe changé avec succès !")
|
||||
return redirect(url_for("admin_projects"))
|
||||
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
@app.route("/admin/project/<int:project_id>/people", methods=["GET", "POST"])
|
||||
@login_required
|
||||
@@ -381,31 +340,21 @@ def admin_project_people(project_id):
|
||||
if 'csv_file' in request.files:
|
||||
csv_file = request.files['csv_file']
|
||||
if csv_file.filename:
|
||||
# Lecture UTF-8 avec gestion BOM
|
||||
content = csv_file.read().decode('utf-8-sig')
|
||||
reader = csv.DictReader(StringIO(content))
|
||||
count = 0
|
||||
for row in reader:
|
||||
# CONSERVE les espaces INTERNES, supprime SEULEMENT avant/après
|
||||
raw_name = row.get("name", "").strip() # UNIQUEMENT les bords
|
||||
if raw_name:
|
||||
# Pas de .title() pour conserver la casse exacte
|
||||
name = raw_name # ESPACES INTERNES préservés !
|
||||
|
||||
# Vérifier doublons exacts (espaces inclus)
|
||||
cur = db.execute(
|
||||
"SELECT id FROM people WHERE name = ? AND project_id = ?",
|
||||
(name, project_id)
|
||||
)
|
||||
name = row.get("name", "").strip()
|
||||
if name:
|
||||
cur = db.execute("SELECT id FROM people WHERE name = ? AND project_id = ?",
|
||||
(name, project_id))
|
||||
if not cur.fetchone():
|
||||
db.execute(
|
||||
"INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)",
|
||||
(project_id, name)
|
||||
)
|
||||
db.execute("INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)",
|
||||
(project_id, name))
|
||||
count += 1
|
||||
recalc_max_draws_for_project(project_id)
|
||||
db.commit()
|
||||
flash(f"✅ {count} personnes importées (espaces + accents préservés !)")
|
||||
flash(f"✅ {count} personnes importées (espaces + accents préservés)")
|
||||
elif action == "delete":
|
||||
person_id = int(request.form.get("person_id"))
|
||||
db.execute("DELETE FROM people WHERE id = ? AND project_id = ?", (person_id, project_id))
|
||||
@@ -421,6 +370,44 @@ def admin_project_people(project_id):
|
||||
people = get_people_stats(project_id)
|
||||
return render_template("admin_project_people.html", project=project, people=people)
|
||||
|
||||
@app.route("/admin/change-password", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def admin_change_password():
|
||||
db = get_db()
|
||||
|
||||
if request.method == "POST":
|
||||
current_password = request.form.get("current_password")
|
||||
new_password = request.form.get("new_password")
|
||||
confirm_password = request.form.get("confirm_password")
|
||||
|
||||
user_id = session.get("user_id")
|
||||
cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,))
|
||||
user = cur.fetchone()
|
||||
|
||||
if not user:
|
||||
flash("Erreur utilisateur.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
if not check_password_hash(user["password"], current_password):
|
||||
flash("Mot de passe actuel incorrect.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
if new_password != confirm_password:
|
||||
flash("Les nouveaux mots de passe ne correspondent pas.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
if len(new_password) < 6:
|
||||
flash("Le nouveau mot de passe doit faire au moins 6 caractères.")
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
hashed_password = generate_password_hash(new_password)
|
||||
db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id))
|
||||
db.commit()
|
||||
flash("✅ Mot de passe changé avec succès !")
|
||||
return redirect(url_for("admin_projects"))
|
||||
|
||||
return render_template("admin_change_password.html")
|
||||
|
||||
@app.route("/login", methods=["GET", "POST"])
|
||||
def login():
|
||||
if request.method == "POST":
|
||||
@@ -448,4 +435,3 @@ if __name__ == "__main__":
|
||||
with app.app_context():
|
||||
init_db()
|
||||
app.run(host="0.0.0.0", debug=True)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user