diff --git a/app.py b/app.py index f9450db..e840035 100644 --- a/app.py +++ b/app.py @@ -2352,23 +2352,24 @@ def submission_delete(sub_id: int): """ +# ═══════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════ # Nutzerprofil-System (Cross-Channel Identity) # ═══════════════════════════════════════════════════════════════════ -import hashlib, secrets +import hashlib as _hashlib def _hash_password(password: str) -> str: """SHA-256 mit Salt.""" salt = secrets.token_hex(16) - h = hashlib.sha256((salt + password).encode()).hexdigest() + h = _hashlib.sha256((salt + password).encode()).hexdigest() return f"{salt}${h}" def _check_password(password: str, stored: str) -> bool: """Vergleicht Passwort mit gespeichertem Hash.""" try: salt, h = stored.split("$", 1) - return hashlib.sha256((salt + password).encode()).hexdigest() == h + return _hashlib.sha256((salt + password).encode()).hexdigest() == h except Exception: return False @@ -2394,6 +2395,91 @@ def _get_user_from_session(db) -> dict | None: ).fetchone() return dict(row) if row else None +# ── HTML-Templates (plain strings, no f-string needed) ────────────── + +_REGISTER_TPL = """ + +Registrieren — BSN Community + +
+

📋 Registrieren

+{error_html} +
+ + + + +
+ +
""" + +_LOGIN_TPL = """ + +Login — BSN Community + +
+

🔐 Login

+{error_html} +
+ + + +
+ +
""" + +_PROFILE_TPL = """ + +Profil — BSN Community + +
+

👤 Mein Profil

+{msg_html} +
Telefon
{phone}
+
+
Name
+
+ +
+ +
""" + + @app.route("/register", methods=["GET", "POST"]) def user_register(): db = get_db() @@ -2415,34 +2501,14 @@ def user_register(): db.commit() user_id = db.execute("SELECT last_insert_rowid()").fetchone()[0] token = _create_session(db, user_id) - resp = make_response(redirect("/profile")) + from flask import make_response, redirect as _redir + resp = make_response(_redir("/profile")) resp.set_cookie("bsn_session", token, max_age=30*86400, httponly=True) return resp - return f""" - -Registrieren — BSN Community - -
-

📋 Registrieren

-{"
{}
".format(error) if error else ""} -
- - - - -
- -
""".format(request.form.get("phone","")) + phone_val = request.form.get("phone", "") + error_html = "
" + error + "
" if error else "" + return _REGISTER_TPL.replace("{phone_val}", phone_val).replace("{error_html}", error_html) + @app.route("/login", methods=["GET", "POST"]) def user_login(): @@ -2456,33 +2522,14 @@ def user_login(): error = "Telefon oder Passwort falsch." else: token = _create_session(db, user["id"]) - resp = make_response(redirect("/profile")) + from flask import make_response, redirect as _redir + resp = make_response(_redir("/profile")) resp.set_cookie("bsn_session", token, max_age=30*86400, httponly=True) return resp - return f""" - -Login — BSN Community - -
-

🔐 Login

-{"
{}
".format(error) if error else ""} -
- - - -
- -
""".format(request.form.get("phone","")) + phone_val = request.form.get("phone", "") + error_html = "
" + error + "
" if error else "" + return _LOGIN_TPL.replace("{phone_val}", phone_val).replace("{error_html}", error_html) + @app.route("/logout") def user_logout(): @@ -2491,16 +2538,19 @@ def user_logout(): db = get_db() db.execute("DELETE FROM user_sessions WHERE token=?", (token,)) db.commit() - resp = make_response(redirect("/")) + from flask import make_response, redirect as _redir + resp = make_response(_redir("/")) resp.set_cookie("bsn_session", "", max_age=0) return resp + @app.route("/profile", methods=["GET", "POST"]) def user_profile(): db = get_db() user = _get_user_from_session(db) if not user: - return redirect("/login") + from flask import redirect as _redir + return _redir("/login") msg = "" if request.method == "POST": name = request.form.get("name", "").strip() @@ -2508,36 +2558,8 @@ def user_profile(): db.execute("UPDATE users SET name=? WHERE id=?", (name, user["id"])) db.commit() msg = "✅ Profil aktualisiert." - return f""" - -Profil — BSN Community - -
-

👤 Mein Profil

-{"
{}
".format(msg) if msg else ""} -
Telefon
{user['phone']}
-
-
Name
-
- -
- -
""" + msg_html = "
" + msg + "
" if msg else "" + return _PROFILE_TPL.replace("{phone}", user["phone"]).replace("{name}", user["name"] or "").replace("{msg_html}", msg_html) @app.route("/")