13 years ago · a488f7c479
--- a/main.py
+++ b/main.py
@@ -94,42 +94,42 @@ def password_lost():
 
				             flash(u"Un mail a été envoyé à " + user['email'], 'info')
			
 
				     return render_template('password_lost.html')
			
 
				 
			
 
				-@app.route('/login/<username>/<key>')
			
 
				-def login_key(username, key):
			
 
				-    user = query_db('select * from users where email = ? and key = ?', [username, key], one=True)
			
 
				+@app.route('/login/<userid>/<key>')
			
 
				+def login_key(userid, key):
			
 
				+    user = query_db('select * from users where id = ? and key = ?', [userid, key], one=True)
			
 
				     if user is None:
			
 
				         abort(404)
			
 
				     else:
			
 
				         connect_user(user)
			
 
				         # :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée
			
 
				         flash(u"Veuillez mettre à jour votre mot de passe", 'info')
			
 
				-        return redirect(url_for('user_password'), username=user['name'])
			
 
				+        return redirect(url_for('user_password'), userid=user['userid'])
			
 
				 
			
 
				 #---------------
			
 
				 # User settings
			
 
				 
			
 
				-@app.route('/user/<username>')
			
 
				-def show_user(username):
			
 
				-    if username != session.get('username'):
			
 
				+@app.route('/user/<userid>')
			
 
				+def show_user(userid):
			
 
				+    if int(userid) != session.get('userid'):
			
 
				         abort(401)
			
 
				     return render_template('show_user.html')
			
 
				 
			
 
				-@app.route('/user/settings/<username>', methods=['GET', 'POST'])
			
 
				-def user_settings(username):
			
 
				-    if username != session.get('username'):
			
 
				+@app.route('/user/settings/<userid>', methods=['GET', 'POST'])
			
 
				+def user_settings(userid):
			
 
				+    if int(userid) != session.get('userid'):
			
 
				         abort(401)
			
 
				     if request.method == 'POST':
			
 
				         g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?',
			
 
				                 [request.form['email'], request.form['name'], request.form['organization'], session['userid']])
			
 
				         g.db.commit()
			
 
				-        disconnect_user()
			
 
				+        disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D
			
 
				         flash(u'Votre profil a été mis à jour !', 'success')
			
 
				         return redirect(url_for('login'))
			
 
				     return render_template('user_settings.html')
			
 
				 
			
 
				-@app.route('/user/password/<username>', methods=['GET', 'POST'])
			
 
				-def user_password(username):
			
 
				-    if username != session.get('username'):
			
 
				+@app.route('/user/password/<userid>', methods=['GET', 'POST'])
			
 
				+def user_password(userid):
			
 
				+    if int(userid) != session.get('userid'):
			
 
				         abort(401)
			
 
				     if request.method == 'POST':
			
 
				         if request.form['password'] == request.form['password2']:
			
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -31,11 +31,11 @@
 
				     </div>
			
 
				     <div class="btn-group pull-right">
			
 
				       {% if 'username' in session %}
			
 
				-      <a href="{{ url_for('show_user', username=session.username) }}" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
			
 
				+      <a href="{{ url_for('show_user', userid=session.userid) }}" class="btn"><i class="icon-user"></i> {{ session.username }}</a>
			
 
				       <a href="#" class="btn dropdown-toggle" data-toggle="dropdown"><b class="caret"></b></a>
			
 
				       <ul class="dropdown-menu pull-right">
			
 
				         <li><a href=""><i class="icon-comment"></i> Votes en attente</a></li>
			
 
				-        <li><a href="{{ url_for('user_settings', username=session.username) }}"><i class="icon-cog"></i> Paramètres</a></li>
			
 
				+        <li><a href="{{ url_for('user_settings', userid=session.userid) }}"><i class="icon-cog"></i> Paramètres</a></li>
			
 
				         <li class="divider"></li>
			
 
				         <li><a href="{{ url_for('logout') }}"><i class="icon-off"></i> Déconnexion</a></li>
			
 
				       </ul>
			
--- a/templates/show_user.html
+++ b/templates/show_user.html
@@ -9,6 +9,8 @@
 
				     <dd>{{ session.organization }}
			
 
				     <dt>Groupes :
			
 
				     <dd><em>à venir</em>
			
 
				+  </dl>
			
 
				+  <a href="{{ url_for('user_settings', userid=session.userid) }}" class="btn btn-primary">Modifier</a>
			
 
				 </div>
			
 
				 {% endblock %}
			
 
				 
			
--- a/templates/user_settings.html
+++ b/templates/user_settings.html
@@ -3,7 +3,7 @@
 
				 <h2>{{ session.username }}</h2>
			
 
				 <div class="row">
			
 
				   <div class="span6 well">
			
 
				-    <form class="form-horizontal" action="{{ url_for('user_settings', username=session.username) }}" method="post">
			
 
				+    <form class="form-horizontal" action="{{ url_for('user_settings', userid=session.userid) }}" method="post">
			
 
				     <fieldset><legend>Mise à jour du profil utilisateur</legend>
			
 
				       <div class="alert"><strong>Attention :</strong> À l'issue de ce formulaire, vous devrez vous reconnecter</div>
			
 
				       <div class="control-group">
			
@@ -35,7 +35,7 @@
 
				   </div>
			
 
				 
			
 
				   <div class="span5 well">
			
 
				-    <form class="form-horizontal" action="{{ url_for('user_password', username=session.username) }}" method="post">
			
 
				+    <form class="form-horizontal" action="{{ url_for('user_password', userid=session.userid) }}" method="post">
			
 
				     <fieldset><legend>Modification du mot de passe</legend>
			
 
				       <div class="control-group">
			
 
				         <label class="control-label" for="password">Mot de passe</label>