0

When I recover my password using html page my password in MySQL changes but it don't reflect on Flask pages in browser i.e I can login only through my old password not new password. I am creating a login system using Flask MySQL. But when I restart run.py new password start working.

run.py

from flask import Flask
from flask import render_template
from flask import request
from flask import redirect
from flask import url_for
from flask import session
from wtforms import Form
from wtforms import BooleanField
from wtforms import TextField
from wtforms import PasswordField
from wtforms.fields.html5 import EmailField
from wtforms import validators
from form import *
import string
import random
import hashlib
import smtplib

app=Flask(__name__)
app.secret_key='Secret Key'
app.config['TRAP_HTTP_EXCEPTIONS']=True

import MySQLdb as mdb

db=mdb.connect('localhost','root','','database')
cur=db.cursor()

with db:
    cur.execute('set global event_scheduler=on')

def id_generator(size=5, chars=string.ascii_uppercase + string.digits + string.ascii_lowercase):
    return ''.join(random.choice(chars) for _ in range(size))

def passwordsend(receiver,mess):
    sender = 'sender@gmail.com'
    receivers = []
    receivers.append(receiver)
    message = """From: %s
    To: %s
    Subject: SMTP e-mail test

    %s
    """ % (sender, ", ".join(receivers),mess)

    server = smtplib.SMTP("smtp.gmail.com", 587)
    server.ehlo()
    server.starttls()
    server.ehlo()
    server.login('#sender', '#password')
    server.sendmail(sender, receivers, message)
    server.close()
    print 'successfully sent the mail'

@app.route('/')
def hello():
    if 'username' in session:
        return redirect('/prof')
    form1=Signup(request.form)
    form2=Signin(request.form)
    return render_template('home.html',form1=form1,form2=form2)

@app.route('/sup',methods=['GET','POST'])
def sup():
    if 'username' in session:
        return redirect('/prof')
    form=Signup(request.form)
    if request.method=='POST' and form.validate():
        n=form.username.data
        r=form.reg.data
        e=form.email.data
        p=id_generator()
        p=n+p
        pg=hashlib.md5()
        pg.update(p)
        p=pg.hexdigest()
        ps=url_for('passw',passhash=p)
        ps="127.0.0.1:5000"+ps
        passwordsend(e,ps)
        with db:
            cur.execute('insert into login values("",%s,%s,%s,%s,now(),0)',(n,p,r,e))
            return redirect('/')    
    return render_template('sup.html',form=form)

@app.route('/sin',methods=['GET','POST'])
def sin():
    if 'username' in session:
        return redirect('/prof')
    form=Signin(request.form)
    if request.method=='POST' and form.validate():
        session['username']=form.username.data
        return redirect('/prof')    
    return render_template('sin.html',form=form)        

@app.route('/prof')
def prof():
    if 'username' in session:
        with db:
            cur.execute('select username from login where username=%s',(session['username'],))
            ld=cur.fetchall()
        return render_template('prof1.html',users=ld[0][0])
    return render_template('prof.html')

@app.route('/logout')
def logout():
    if 'username' in session:
        session.pop('username',None)
        return redirect('/')
    return redirect('/sin')

@app.route('/passw/<passhash>',methods=['GET','POST'])
def passw(passhash):
    form=passchange(request.form)
    with db:
        cur.execute('select pass from login where pass=%s',(passhash,))
        ld1=cur.fetchall()
        if ld1:
            if request.method=='POST' and form.validate():
                with db:
                    cur.execute('select username from login where pass=%s',(passhash,))
                    ld=cur.fetchall()
                    n=ld[0][0]
                p=form.password.data
                p=n+p
                pg=hashlib.md5()
                pg.update(p)
                p=pg.hexdigest()
                with db:
                    cur.execute('update login set pass=%s where pass=%s',(p,passhash))
                    cur.execute('update login set activ=1 where pass=%s',(p,))
                    return redirect('/sin')
            return render_template('passchange.html',form=form,passhash=passhash)
        return render_template('passchangeerr.html')

@app.route('/fpass',methods=['GET','POST'])
def fpass():
    if 'username' in session:
        return redirect('/prof')
    form=fpassw(request.form)
    if request.method=='POST' and form.validate():
        with db:
            cur.execute('select pass from login where email=%s',(form.email.data,))
            ld=cur.fetchall()
            p=ld[0][0]
        e=form.email.data   
        ps=url_for('passw',passhash=p)
        ps="127.0.0.1:5000"+ps
        passwordsend(e,ps)
        return redirect('/')
    return render_template('fpass.html',form=form)

if __name__=='__main__':
    app.run(debug=True)

form.py

from run import *

def present(a):
    def _present(form, field):
        sql='select '+a+' from login where '+a+' =%s'
        cur.execute(sql,(field.data,))
        ld=cur.fetchall()
        if ld:
            raise validators.ValidationError(a+' already used')
    return _present

def absent(a,message="Error"):
    def _absent(form, field):
        sql='select '+a+' from login where '+a+' =%s'
        cur.execute(sql,(field.data,))
        ld=cur.fetchall()
        if ld:
            pass
        else:   
            raise validators.ValidationError(message)
    return _absent

def absentp(a,message="Error"):
    def _absentp(form, field):
        sql='select pass from login where username=%s'
        cur.execute(sql,(form.username.data,))
        ld=cur.fetchall()
        fd=form.username.data+field.data
        fdp=hashlib.md5()
        fdp.update(fd)
        fd=fdp.hexdigest()
        if ld:
            if ld[0][0]==fd:
                pass
            else:       
                raise validators.ValidationError(message)   
        else:   
            raise validators.ValidationError(message)
    return _absentp 

class Signup(Form):
    username = TextField('Username', [
        validators.Required("Username can not be empty"),
        validators.Length(min=4, max=16, message="Username length should be between 4 to 16 characters"),
        validators.Regexp('[a-zA-Z0-9.]',message="Username can contain only Letters Numbers and Periods"),
        present('Username')
        ],)
    reg=TextField('Registration No.', [
        validators.Required("Registration No can not be empty"),
        validators.Length(min=8, max=9, message="Error"),
        present('Reg'),
        validators.Regexp('^[0-9]{2}[A-Z]{3}[0-9]{3,4}$',message="Error")
        ],)
    email=EmailField('Email', [
    validators.Required("Email can not be empty"),
    validators.Length(min=8, max=50, message=None),
    validators.Regexp('[a-zA-Z0-9.]+@vit\.ac\.in|a\.99\.v\.99@gmail\.com',message="Use Your Official VIT Email ID"),
    present('Email')
    ],)

class Signin(Form):  
    username = TextField('', [
        validators.Length(min=4, max=16, message="Invalid Username or Password"),
        absent('Username',message="Invalid Username or Password")
        ],)
    password = PasswordField('', [
        validators.Required(message="Invalid Username or Password"),
        absentp('Pass',message="Invalid Username or Password")
        ],)

class passchange(Form):
    password = PasswordField('Password', [validators.Required(),validators.Length(min=6, max=20, message=None),validators.EqualTo('repass', message='Passwords must match')],)
    repass=PasswordField('ReEnter Password', [validators.Required()])

class fpassw(Form):
    email=EmailField('Email', [
    absent('Email',message="Err")
    ],)
Nimesh Khandelwal
  • 9
  • 1
  • 1
    It could be a browser caching issue as per http://stackoverflow.com/questions/13768007/browser-caching-issues-in-flask – darklion Jan 06 '16 at 04:19
  • I think thats not reason because when I refresh it still works on old password but when I restart run.py in cmd it works on new password – Nimesh Khandelwal Jan 06 '16 at 04:46

0 Answers0