def user_password_change():
if 'username' in session:
if session['username'] != "admin":
if request.method == "POST":
if Users.query.filter_by(USERNAME=session['username']).first() is None:
return jsonify(status_error_does_not_exist_username)
else:
user = Users.query.filter_by(USERNAME=session['username']).first()
if check_password_hash(user.PASSWORD, request.form['password']) is False:
return jsonify(status_error_wrong_username_or_password)
else:
user.PASSWORD = generate_password_hash(request.form['password_new'])
try:
db.session.add(user)
db.session.commit()
except:
return jsonify(status_error_unknown_error)
else:
return jsonify(status_ok_edit_successfully)
else:
return render_template('user/user_change_password.html')
else:
if request.method == "POST":
if Users.query.filter_by(ID_USER=request.form['id_user']).first() is None:
return jsonify(status_error_does_not_exist_username)
else:
user = Users.query.filter_by(ID_USER=request.form['id_user']).first()
user.PASSWORD = generate_password_hash(request.form['password_new'])
try:
db.session.add(user)
db.session.commit()
except:
return jsonify(status_error_unknown_error)
else:
return jsonify(status_ok_edit_successfully)
else:
return render_template('user/user_change_password_admin.html')
else:
return jsonify(status_error_permission_denied)
评论列表
文章目录
