From 9852869a1c47d67e667fc0f89aafc4a05b87f5d1 Mon Sep 17 00:00:00 2001
From: Agnibho Mondal <mondal@agnibho.com>
Date: Thu, 14 Mar 2024 21:41:32 +0530
Subject: [PATCH] Bugfix: user management

---
 librevax.py | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/librevax.py b/librevax.py
index 86498df..8a70253 100644
--- a/librevax.py
+++ b/librevax.py
@@ -25,8 +25,8 @@ def preload():
 @app.route("/")
 def index():
     try:
-        if((ret:=problem())!="go"):
-            return ret
+        #if((ret:=problem())!="go"):
+        #    return ret
         cursor=get_db().cursor()
         (ok, mc)=multicenter.read(cursor, session["mid"])
         if(not ok):
@@ -67,6 +67,8 @@ def logout():
 
 @app.get("/admin")
 def admin(msg=None):
+    if((ret:=problem())!="go"):
+        return ret
     cursor=get_db().cursor()
     (ok, mc)=multicenter.list(cursor)
     if(not ok):
@@ -76,6 +78,8 @@ def admin(msg=None):
 
 @app.post("/newuser")
 def newuser():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if(auth.new(cursor, request.form["user"], request.form["pwd"], request.form["auth"])):
@@ -88,16 +92,18 @@ def newuser():
 
 @app.post("/changepass")
 def changepass():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if("user" in request.form.keys()):
-            if(auth.change(cursor, request.form["user"], request.form["new"])):
+            if(auth.changePass(cursor, request.form["user"], request.form["new"])):
                 return admin(msg="Password changed")
             else:
                 return admin(msg="Incorrect Password")
         elif(request.form["new"]==request.form["check"]):
             user=request.form.get("user", session["user"])
-            if(auth.change(cursor, user, request.form["new"], request.form["old"])):
+            if(auth.changePass(cursor, user, request.form["new"], request.form["old"])):
                 return admin(msg="Password changed")
             else:
                 return admin(msg="Incorrect Password")
@@ -109,6 +115,8 @@ def changepass():
 
 @app.post("/changeauth")
 def changeauth():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if(g.auth==auth.auth.ALL and "user" in request.form.keys() and "auth" in request.form.keys()):
@@ -124,6 +132,8 @@ def changeauth():
 
 @app.post("/deluser")
 def deluser():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if("user" in request.form.keys()):
@@ -850,7 +860,7 @@ def problem(access=""):
     if(auth.access()==auth.auth.ALL):
         return "go"
     else:
-        return redirect("/login")
+        return render_template("error.html", data="Access denied")
 
 @app.template_filter("format_date")
 def format_date(date):
-- 
2.39.5