4 năm trước cách đây · 4b28e0d697
--- a/app/forms.py
+++ b/app/forms.py
@@ -1,5 +1,6 @@
 
				 from django import forms
			
 
				 from django.core.validators import RegexValidator
			
 
				+from . models import User
			
 
				 
			
 
				 numeric = RegexValidator(r'^[0-9+]', 'Only numeric characters.')
			
 
				 
			
@@ -9,3 +10,17 @@ class LoginForm(forms.Form):
 
				         'class': 'form-control form-control-lg p-4 text-center',
			
 
				         'id': 'pin',
			
 
				     }), label=None, validators=[numeric])
			
 
				+
			
 
				+
			
 
				+class UserForm(forms.Form):
			
 
				+
			
 
				+    def clean(self):
			
 
				+        cleaned_data = self.cleaned_data
			
 
				+        pin = cleaned_data['pin']
			
 
				+
			
 
				+        if pin and User.objects.get(pin=pin):
			
 
				+            raise forms.ValidationError("not unique")
			
 
				+
			
 
				+        # Always return the full collection of cleaned data.
			
 
				+        return cleaned_data
			
 
				+    
			
--- a/app/models.py
+++ b/app/models.py
@@ -1,4 +1,5 @@
 
				 from django.db import models
			
 
				+from hashlib import sha256
			
 
				 
			
 
				 
			
 
				 # Create your models here.
			
@@ -6,7 +7,14 @@ class User(models.Model):
 
				     status = models.BooleanField(default=True, blank=True)
			
 
				     first_name = models.CharField(max_length=255, default="", blank=False)
			
 
				     last_name = models.CharField(max_length=255, default="", blank=False)
			
 
				-    pin = models.CharField(max_length=255, default="", blank=False, unique=True)
			
 
				+    pin = models.CharField(max_length=255, null=False, blank=False, unique=True)
			
 
				+
			
 
				+    def save(self, *args, **kwargs):
			
 
				+        self.pin = sha256(self.pin.encode('utf-8')).hexdigest()
			
 
				+
			
 
				+        user = User.objects.filter(pin=self.pin).first()
			
 
				+        if user:
			
 
				+            super(User, self).save(*args, **kwargs)
			
 
				 
			
 
				     def __str__(self):
			
 
				         return "%s, %s (Enabled: %s)" % (self.last_name, self.first_name, self.status)
			
--- a/app/views.py
+++ b/app/views.py
@@ -23,12 +23,10 @@ def secure_page(request):
 
				             return True
			
 
				         else:
			
 
				             del request.session['u']
			
 
				-            return redirect('home')
			
 
				+            return False
			
 
				     except Exception as e:
			
 
				         print(e)
			
 
				 
			
 
				-    return redirect('home')
			
 
				-
			
 
				 
			
 
				 def home(request):
			
 
				     form = LoginForm
			
@@ -57,7 +55,7 @@ def home(request):
 
				     return render(request, 'home.html', context=context)
			
 
				 
			
 
				 
			
 
				-@secure_page
			
 
				+#@secure_page
			
 
				 def timesheet(request):
			
 
				 
			
 
				     context = {