2025-07-31 10:55:39 +02:00
1 changed files with 1 additions and 26 deletions
--- a/app.py
+++ b/app.py
@@ -40,10 +40,8 @@ from flask_login import (
 )
 from flask_compress import Compress
 from flask_socketio import SocketIO, emit, join_room
-from werkzeug.security import generate_password_hash, check_password_hash
 from config import Config
 from PIL import Image, ExifTags, ImageFilter, ImageOps
-from werkzeug.utils import secure_filename
 from werkzeug.middleware.proxy_fix import ProxyFix
 from sqlalchemy import func, extract, inspect, or_, case, text
 from sqlalchemy.orm import joinedload
@@ -126,7 +124,6 @@ WEBP_SAVE_PARAMS = {
    # "quality": 95,  # tylko jeśli lossless=False
 }

-
 db = SQLAlchemy(app)
 socketio = SocketIO(app, async_mode="eventlet")
 login_manager = LoginManager(app)
@@ -243,33 +240,14 @@ def hash_password(password):


 def check_password(stored_hash, password_input):
-    """Obsługuje zarówno hashe bcrypt (nowe), jak i stare Werkzeugowe (PBKDF2)."""
    pepper = app.config["BCRYPT_PEPPER"]
    peppered = (password_input + pepper).encode("utf-8")
-
-    # Rozpoznaj format hasha
    if stored_hash.startswith("$2b$") or stored_hash.startswith("$2a$"):
-        # bcrypt
        try:
            return bcrypt.checkpw(peppered, stored_hash.encode("utf-8"))
        except Exception:
            return False
-    elif stored_hash.startswith("pbkdf2:"):
-        # STARY HASH! (Werkzeug)
-        # opcjonalnie: zrób check_password_hash, pozwól się zalogować, wymuś zmianę hasła
-        from werkzeug.security import check_password_hash
-        if check_password_hash(stored_hash, password_input):
-            # tu np. możesz zapisać nowe hasło w formie bcrypt!
-            # user.password_hash = hash_password(password_input)
-            # db.session.commit()
-            print("Użytkownik loguje się starym hasłem: wymuś zmianę na nowe!")
-            return True  # POZWÓL JEDNORAZOWO
-        else:
-            return False
-    else:
-        # Nieznany format
-        return False
-
+    return False


 if app.config["SQLALCHEMY_DATABASE_URI"].startswith("sqlite:///"):
@@ -1290,7 +1268,6 @@ def login():
    if request.method == "POST":
        username_input = request.form["username"].lower()
        user = User.query.filter(func.lower(User.username) == username_input).first()
-        #if user and check_password_hash(user.password_hash, request.form["password"]):
        if user and check_password(user.password_hash, request.form["password"]):
            session.permanent = True
            login_user(user)
@@ -1966,7 +1943,6 @@ def add_user():
        flash("Użytkownik o takiej nazwie już istnieje", "warning")
        return redirect(url_for("list_users"))

-    #hashed_password = generate_password_hash(password)
    hashed_password = hash_password(password)
    new_user = User(username=username, password_hash=hashed_password)
    db.session.add(new_user)
@@ -2005,7 +1981,6 @@ def reset_password(user_id):
        flash("Podaj nowe hasło", "danger")
        return redirect(url_for("list_users"))

-    #user.password_hash = generate_password_hash(new_password)
    user.password_hash = hash_password(new_password)
    db.session.commit()
    flash(f"Hasło dla użytkownika {user.username} zostało zaktualizowane", "success")