Change password

app.py

@@ -11,6 +11,8 @@ from flask import (
 )
 from functools import wraps
 from werkzeug.utils import secure_filename
+from werkzeug.security import generate_password_hash, check_password_hash
+
 
 DATABASE = os.path.join(os.path.dirname(__file__), "avent.db")
 UPLOAD_FOLDER = os.path.join(os.path.dirname(__file__), "static", "uploads")
@@ -44,7 +46,9 @@ def init_db():
     
     cur = db.execute("SELECT COUNT(*) AS c FROM user")
     if cur.fetchone()['c'] == 0:
-        db.execute("INSERT INTO user (username, password) VALUES (?, ?)", ("admin", "admin"))
+        hashed_admin = generate_password_hash("admin")
+        db.execute("INSERT INTO user (username, password) VALUES (?, ?)", ("admin", hashed_admin))
+
     
     cur = db.execute("SELECT COUNT(*) AS c FROM project")
     if cur.fetchone()['c'] == 0:
@@ -70,10 +74,11 @@ def get_user_by_username(username):
 
 def check_login(username, password):
     user = get_user_by_username(username)
-    if user and user["password"] == password:
+    if user and check_password_hash(user["password"], password):
         return user
     return None
 
+
 def login_required(fn):
     @wraps(fn)
     def wrapped(*args, **kwargs):
@@ -310,6 +315,48 @@ def admin_projects():
     
     projects = get_project()
     return render_template("admin_projects.html", projects=projects)
+@app.route("/admin/change-password", methods=["GET", "POST"])
+@login_required
+def admin_change_password():
+    """Page admin pour changer le mot de passe"""
+    db = get_db()
+    
+    if request.method == "POST":
+        current_password = request.form.get("current_password")
+        new_password = request.form.get("new_password")
+        confirm_password = request.form.get("confirm_password")
+        
+        # Récupérer l'utilisateur connecté
+        user_id = session.get("user_id")
+        cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,))
+        user = cur.fetchone()
+        
+        if not user:
+            flash("Erreur utilisateur.")
+            return render_template("admin_change_password.html")
+        
+        # Vérifier mot de passe actuel
+        if not check_password_hash(user["password"], current_password):
+            flash("Mot de passe actuel incorrect.")
+            return render_template("admin_change_password.html")
+        
+        # Vérifications
+        if new_password != confirm_password:
+            flash("Les nouveaux mots de passe ne correspondent pas.")
+            return render_template("admin_change_password.html")
+        
+        if len(new_password) < 6:
+            flash("Le nouveau mot de passe doit faire au moins 6 caractères.")
+            return render_template("admin_change_password.html")
+        
+        # Hash et mise à jour
+        hashed_password = generate_password_hash(new_password)
+        db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id))
+        db.commit()
+        flash("✅ Mot de passe changé avec succès !")
+        return redirect(url_for("admin_projects"))
+    
+    return render_template("admin_change_password.html")
 
 @app.route("/admin/project/<int:project_id>/people", methods=["GET", "POST"])
 @login_required