raise(e)
return False
-def change(cursor, user, new, old=None):
+def changePass(cursor, user, new, old=None):
try:
if(old is not None):
result=cursor.execute("SELECT * FROM users WHERE user=?", (user,))
raise(e)
return False
-def new(cursor, user, pwd):
+def changeAuth(cursor, user, auth):
try:
- cursor.execute("INSERT INTO users (user, hash) VALUES (?, ?)", (user, base64.b64encode(bcrypt.hashpw(pwd.encode("utf-8"), bcrypt.gensalt()))))
+ result=cursor.execute("SELECT * FROM users WHERE user=?", (user,))
+ record=result.fetchone()
+ if(record is not None):
+ cursor.execute("UPDATE users SET auth=? WHERE user=?", (auth, user))
+ return True
+ else:
+ return False
+ return True
+ except Exception as e:
+ raise(e)
+ return False
+
+def new(cursor, user, pwd, auth):
+ try:
+ cursor.execute("INSERT INTO users (user, hash, auth) VALUES (?, ?, ?)", (user, base64.b64encode(bcrypt.hashpw(pwd.encode("utf-8"), bcrypt.gensalt())), auth))
+ return True
+ except Exception as e:
+ raise(e)
+ return False
+
+def delete(cursor, user):
+ try:
+ cursor.execute("DELETE FROM users WHERE user=?", (user,))
return True
except Exception as e:
raise(e)
return False
def _parse_auth(text):
- if(text.upper()==auth.ALL):
- return auth.ALL
- else:
+ try:
+ if(text.upper()==auth.ALL):
+ return auth.ALL
+ else:
+ return auth.NONE
+ return auth.NONE
+ except Exception as e:
return auth.NONE
def access():
@app.before_request
def preload():
g.user=session.get("user", None)
+ g.auth=session.get("auth", None)
g.mid=session.get("mid", None)
g.center=session.get("center", None)
g.enable_delete=app.config.get("ENABLE_DELETE", False) or g.user=="admin"
if(not ok):
raise Exception(mc)
users=auth.list(cursor)
- return render_template("admin.html", users=users, center=mc, msg=msg)
+ return render_template("admin.html", users=users, auth=auth.auth, center=mc, msg=msg)
@app.post("/newuser")
def newuser():
try:
cursor=get_db().cursor()
- if(auth.new(cursor, request.form["user"], request.form["pwd"])):
+ if(auth.new(cursor, request.form["user"], request.form["pwd"], request.form["auth"])):
return admin(msg="New user added")
else:
return admin(msg="Failed to add")
raise(e)
return render_template("error.html", data=e)
+@app.post("/changeauth")
+def changeauth():
+ try:
+ cursor=get_db().cursor()
+ if(g.auth==auth.auth.ALL and "user" in request.form.keys() and "auth" in request.form.keys()):
+ if(auth.changeAuth(cursor, request.form["user"], request.form["auth"])):
+ return admin(msg="Authorization changed")
+ else:
+ return admin(msg="Failed to change authorization")
+ else:
+ return admin(msg="Failed to change authorization")
+ except Exception as e:
+ raise(e)
+ return render_template("error.html", data=e)
+
+@app.post("/deluser")
+def deluser():
+ try:
+ cursor=get_db().cursor()
+ if("user" in request.form.keys()):
+ if(auth.delete(cursor, request.form["user"])):
+ return admin(msg="User deleted")
+ else:
+ return admin(msg="Failed to delete")
+ else:
+ return admin(msg="Failed to delete")
+ except Exception as e:
+ raise(e)
+ return render_template("error.html", data=e)
+
@app.post("/switchcenter")
def switchcenter():
try:
{% block content %}
<div class="content">
+ {{auth.ALL}}
{% if msg %}
<div class="alert alert-info">
<p>{{msg}}</p>
<div class="card-body">
<form method="post" action="newuser">
<div class="mb-2 row">
- <div class="col-sm-4">
+ <div class="col-sm-3">
<input name="user" placeholder="Username" class="form-control">
</div>
- <div class="col-sm-4">
- <input name="pwd" placeholder="Password" class="form-control">
+ <div class="col-sm-3">
+ <input name="pwd" type="password" placeholder="Password" class="form-control">
</div>
- <div class="col-sm-4 d-grid">
+ <div class="col-sm-3">
+ <select name="auth" class="form-select">
+ {% for i in auth %}
+ <option>{{i}}</option>
+ {% endfor %}
+ </select>
+ </div>
+ <div class="col-sm-3 d-grid">
<button type="submit" class="btn btn-primary">Create</button>
</div>
</div>
<div class="card-header">
<h6>Existing User</h6>
</div>
+ <div class="card-body">
+ <form method="post">
+ <div class="mb-2 row">
+ <div class="col-sm-4">
+ <select name="user" class="form-select mb-2">
+ {% for i in users %}
+ <option value="{{i["user"]}}">{{i["user"]}}</option>
+ {% endfor %}
+ </select>
+ </div>
+ <div class="col-sm-4">
+ <input name="new" placeholder="Password" class="form-control">
+ </div>
+ <div class="col-sm-4 d-grid">
+ <button type="submit" formaction="changepass" class="btn btn-success">Reset Password</button>
+ </div>
+ </div>
+ </form>
+ </div>
<div class="card-body">
<form method="post">
<div class="mb-2 row">
</select>
</div>
<div class="col-sm-3">
- <input name="new" placeholder="Password" class="form-control">
+ <select name="auth" class="form-select">
+ {% for i in auth %}
+ <option>{{i}}</option>
+ {% endfor %}
+ </select>
</div>
<div class="col-sm-3 d-grid">
- <button type="submit" formaction="changepass" class="btn btn-warning">Reset</button>
+ <button type="submit" formaction="changeauth" class="btn btn-warning">Change</button>
</div>
<div class="col-sm-3 d-grid">
- <button type="submit" class="btn btn-danger">Delete</button>
+ <button type="submit" formaction="deluser" class="btn btn-danger">Delete</button>
</div>
</div>
</form>