paramecio/paramecio2fm
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Fixes in admin login for more secure login

Browse source
This commit is contained in:
absurdo 2023-07-22 23:31:00 +02:00
parent a2bd05536f
commit de51f0356f
3 changed files with 31 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

30
paramecio2/modules/admin/app.py
View file

@ -239,6 +239,8 @@ def login():
#user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_auth': token_auth})
user_admin.fields['token_auth'].protected=False
arr_update['token_auth']=token_auth
# Send email
@ -357,6 +359,8 @@ def auth_check():
check_csrf()
you_cannot_login=0
if 'login_admin' in session:
code=request.form.get('code', '')
@ -365,23 +369,35 @@ def auth_check():
user_admin.check_user=False
c=user_admin.set_conditions('WHERE id=%s AND token_auth=%s', [session['user_id'], code]).select_count()
arr_user=user_admin.set_conditions('WHERE id=%s', [session.get('user_id', 0)]).select_a_row_where()
if c==1:
if arr_user:
user_admin.safe_query()
if user_admin.fields['token_auth'].verify(code, arr_user['token_auth']):
user_admin.set_conditions('WHERE id=%s', [session['user_id']]).update({'token_auth': ''})
user_admin.safe_query()
user_admin.set_conditions('WHERE id=%s', [session['user_id']]).update({'token_auth': ''})
session['verify_auth']=True
error=0
else:
session['verify_auth']=True
error=0
you_cannot_login=check_login_tries()
else:
you_cannot_login=check_login_tries()
return {'error': error}
return {'error': error, 'you_cannot_login': you_cannot_login}
"""
@admin_app.route('/admin/recovery_password/')
def recovery_password():
return ""
"""
def check_login_tries():