Aguay/AdventCalendar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change password fix

Browse Source
This commit is contained in:
Aguay
2025-12-02 15:42:44 +01:00
parent e2dbdb49ea
commit 14bfe7a3ee
1 changed files with 52 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
app.py
View File

@@ -13,7 +13,6 @@ from functools import wraps
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
from werkzeug.security import generate_password_hash, check_password_hash from werkzeug.security import generate_password_hash, check_password_hash
DATABASE = os.path.join(os.path.dirname(__file__), "avent.db") DATABASE = os.path.join(os.path.dirname(__file__), "avent.db")
UPLOAD_FOLDER = os.path.join(os.path.dirname(__file__), "static", "uploads") UPLOAD_FOLDER = os.path.join(os.path.dirname(__file__), "static", "uploads")
os.makedirs(UPLOAD_FOLDER, exist_ok=True) os.makedirs(UPLOAD_FOLDER, exist_ok=True)
@@ -22,7 +21,7 @@ ALLOWED_EXTENSIONS = {"png", "jpg", "jpeg", "gif"}
app = Flask(__name__) app = Flask(__name__)
app.secret_key = "change-me-super-secret-key-2025" app.secret_key = "change-me-super-secret-key-2025"
app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER
app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024 # Max 5 MB app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024 # Max 5 MB upload
def allowed_file(filename): def allowed_file(filename):
return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
@@ -48,7 +47,6 @@ def init_db():
if cur.fetchone()['c'] == 0: if cur.fetchone()['c'] == 0:
hashed_admin = generate_password_hash("admin") hashed_admin = generate_password_hash("admin")
db.execute("INSERT INTO user (username, password) VALUES (?, ?)", ("admin", hashed_admin)) db.execute("INSERT INTO user (username, password) VALUES (?, ?)", ("admin", hashed_admin))
cur = db.execute("SELECT COUNT(*) AS c FROM project") cur = db.execute("SELECT COUNT(*) AS c FROM project")
if cur.fetchone()['c'] == 0: if cur.fetchone()['c'] == 0:
@@ -61,10 +59,14 @@ def init_db():
24 24
) )
).lastrowid ).lastrowid
people_list = ["User1"] people_list = ["Valentin", "Nicolas", "Victor", "Julie", "Louis", "Alexandre", "David", "Raphaël"]
for name in people_list: for name in people_list:
db.execute("INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", (project_id, name)) db.execute(
"INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)",
(project_id, name)
)
recalc_max_draws_for_project(project_id) recalc_max_draws_for_project(project_id)
db.commit() db.commit()
def get_user_by_username(username): def get_user_by_username(username):
@@ -78,7 +80,6 @@ def check_login(username, password):
return user return user
return None return None
def login_required(fn): def login_required(fn):
@wraps(fn) @wraps(fn)
def wrapped(*args, **kwargs): def wrapped(*args, **kwargs):
@@ -315,48 +316,6 @@ def admin_projects():
projects = get_project() projects = get_project()
return render_template("admin_projects.html", projects=projects) return render_template("admin_projects.html", projects=projects)
@app.route("/admin/change-password", methods=["GET", "POST"])
@login_required
def admin_change_password():
"""Page admin pour changer le mot de passe"""
db = get_db()
if request.method == "POST":
current_password = request.form.get("current_password")
new_password = request.form.get("new_password")
confirm_password = request.form.get("confirm_password")
# Récupérer l'utilisateur connecté
user_id = session.get("user_id")
cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,))
user = cur.fetchone()
if not user:
flash("Erreur utilisateur.")
return render_template("admin_change_password.html")
# Vérifier mot de passe actuel
if not check_password_hash(user["password"], current_password):
flash("Mot de passe actuel incorrect.")
return render_template("admin_change_password.html")
# Vérifications
if new_password != confirm_password:
flash("Les nouveaux mots de passe ne correspondent pas.")
return render_template("admin_change_password.html")
if len(new_password) < 6:
flash("Le nouveau mot de passe doit faire au moins 6 caractères.")
return render_template("admin_change_password.html")
# Hash et mise à jour
hashed_password = generate_password_hash(new_password)
db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id))
db.commit()
flash("✅ Mot de passe changé avec succès !")
return redirect(url_for("admin_projects"))
return render_template("admin_change_password.html")
@app.route("/admin/project/<int:project_id>/people", methods=["GET", "POST"]) @app.route("/admin/project/<int:project_id>/people", methods=["GET", "POST"])
@login_required @login_required
@@ -381,31 +340,21 @@ def admin_project_people(project_id):
if 'csv_file' in request.files: if 'csv_file' in request.files:
csv_file = request.files['csv_file'] csv_file = request.files['csv_file']
if csv_file.filename: if csv_file.filename:
# Lecture UTF-8 avec gestion BOM
content = csv_file.read().decode('utf-8-sig') content = csv_file.read().decode('utf-8-sig')
reader = csv.DictReader(StringIO(content)) reader = csv.DictReader(StringIO(content))
count = 0 count = 0
for row in reader: for row in reader:
# CONSERVE les espaces INTERNES, supprime SEULEMENT avant/après name = row.get("name", "").strip()
raw_name = row.get("name", "").strip() # UNIQUEMENT les bords if name:
if raw_name: cur = db.execute("SELECT id FROM people WHERE name = ? AND project_id = ?",
# Pas de .title() pour conserver la casse exacte (name, project_id))
name = raw_name # ESPACES INTERNES préservés !
# Vérifier doublons exacts (espaces inclus)
cur = db.execute(
"SELECT id FROM people WHERE name = ? AND project_id = ?",
(name, project_id)
)
if not cur.fetchone(): if not cur.fetchone():
db.execute( db.execute("INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)",
"INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", (project_id, name))
(project_id, name)
)
count += 1 count += 1
recalc_max_draws_for_project(project_id) recalc_max_draws_for_project(project_id)
db.commit() db.commit()
flash(f"{count} personnes importées (espaces + accents préservés !)") flash(f"{count} personnes importées (espaces + accents préservés)")
elif action == "delete": elif action == "delete":
person_id = int(request.form.get("person_id")) person_id = int(request.form.get("person_id"))
db.execute("DELETE FROM people WHERE id = ? AND project_id = ?", (person_id, project_id)) db.execute("DELETE FROM people WHERE id = ? AND project_id = ?", (person_id, project_id))
@@ -421,6 +370,44 @@ def admin_project_people(project_id):
people = get_people_stats(project_id) people = get_people_stats(project_id)
return render_template("admin_project_people.html", project=project, people=people) return render_template("admin_project_people.html", project=project, people=people)
@app.route("/admin/change-password", methods=["GET", "POST"])
@login_required
def admin_change_password():
db = get_db()
if request.method == "POST":
current_password = request.form.get("current_password")
new_password = request.form.get("new_password")
confirm_password = request.form.get("confirm_password")
user_id = session.get("user_id")
cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,))
user = cur.fetchone()
if not user:
flash("Erreur utilisateur.")
return render_template("admin_change_password.html")
if not check_password_hash(user["password"], current_password):
flash("Mot de passe actuel incorrect.")
return render_template("admin_change_password.html")
if new_password != confirm_password:
flash("Les nouveaux mots de passe ne correspondent pas.")
return render_template("admin_change_password.html")
if len(new_password) < 6:
flash("Le nouveau mot de passe doit faire au moins 6 caractères.")
return render_template("admin_change_password.html")
hashed_password = generate_password_hash(new_password)
db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id))
db.commit()
flash("✅ Mot de passe changé avec succès !")
return redirect(url_for("admin_projects"))
return render_template("admin_change_password.html")
@app.route("/login", methods=["GET", "POST"]) @app.route("/login", methods=["GET", "POST"])
def login(): def login():
if request.method == "POST": if request.method == "POST":
@@ -448,4 +435,3 @@ if __name__ == "__main__":
with app.app_context(): with app.app_context():
init_db() init_db()
app.run(host="0.0.0.0", debug=True) app.run(host="0.0.0.0", debug=True)