def unsolved(Qid): mycursor = mydb.cursor(dictionary=True) if request.method == 'GET': mycursor.execute( "SELECT msgTime, sender, msg FROM Messages WHERE questionID = %s" % (Qid)) messages = mycursor.fetchall() mycursor.execute( "SELECT id, subject FROM ContactUsForms WHERE id = %s" % (Qid)) msg = mycursor.fetchone() return render_template("question_thread.html", messages=messages, msg=msg, unsolved=1) else: if 'send' in request.form: msg = request.form['msg'] sql = "INSERT INTO Messages (msgTime, questionID, adminID, sender, msg) VALUES (%s,%s,%s,%s,%s)" msgtime = datetime.now() a_id = session["u_id"] val = (msgtime, Qid, a_id, 'A', msg) mycursor.execute(sql, val) mydb.commit() return redirect(url_for('admin.unsolved', Qid=Qid)) elif 'solved' in request.form: mycursor.execute( "UPDATE ContactUsForms SET is_solved = 1 WHERE id = %s" % (Qid)) mydb.commit() return redirect(url_for('admin.msg'))
def editDr(): mycursor = mydb.cursor() dr_id = request.form['ID'] name = request.form['Name'] gender = request.form['Gender'] email = request.form['Email'] phone = request.form['Phone'] pw = request.form['Password'] # DATE format YYYY-MM-DD bdate = request.form['Birthday'] ssn = request.form['SSN'] try: sql = "UPDATE Doctors SET Name = %s, Gender = %s, Email = %s, Password = %s, Phone = %s, SSN = %s, Birthday = %s WHERE ID = %s" val = (name, gender, email, pw, phone, ssn, bdate, dr_id) mycursor.execute(sql, val) mydb.commit() mycursor.execute("SELECT * FROM Doctors WHERE ID = '%s'" % (dr_id)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("A_update_doctors.html", type=type, Data=zip(row_headers, myresult), succ="Doctor's profile updated successfully.") except: mycursor.execute("SELECT * FROM Doctors WHERE ID = '%s'" % (dr_id)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("A_update_doctors.html", type=type, Data=zip(row_headers, myresult), err="Something went wrong.")
def addDr(): mycursor = mydb.cursor() if request.method == 'GET': return render_template("A_add_doctor.html") else: email = request.form['email'] mycursor.execute("SELECT * FROM Doctors WHERE Email = '%s'" % (email)) result = mycursor.fetchone() if result: return render_template("A_add_doctor.html", err="This email is already registered!") else: name = request.form['name'] gender = request.form['gender'] phone = request.form['phone'] pw = request.form['password'] # DATE format YYYY-MM-DD bdate = request.form['birthday'] ssn = request.form['SSN'] today = time.strftime('%Y-%m-%d') try: sql = "INSERT INTO Doctors (Name, Gender, Email, Password, Phone, SSN, Birthday, Join_date) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)" val = (name, gender, email, pw, phone, ssn, bdate, today) mycursor.execute(sql, val) mydb.commit() return render_template("A_add_doctor.html", succ="Doctor registered successfully.") except: return render_template( "A_add_doctor.html", err="Something went wrong.") #"please check your ssn"
def addPatient(): mycursor = mydb.cursor() if request.method == 'GET': return render_template("A_addpatient.html") else: email = request.form['email'] mycursor.execute("SELECT * FROM Patients WHERE Email = '%s'" % (email)) result = mycursor.fetchone() if result: return render_template("A_addpatient.html", err="This email is already registered!") else: fname = request.form['fname'] lname = request.form['lname'] name = fname + " " + lname phone = request.form['phone'] pw = request.form['password'] # DATE format YYYY-MM-DD bdate = request.form['birthday'] ssn = request.form['SSN'] today = time.strftime('%Y-%m-%d') if ssn == "": ssn = None gender = request.form['gender'] if gender == '0': gender = None job = request.form['job'] bloodtype = request.form['bloodtype'] if bloodtype == '0': bloodtype = None weight = request.form['weight'] if weight == "": weight = None height = request.form['height'] if height == "": height = None hypertension = request.form.get('hypertension') HyperControl = request.form.get('controlledH') diabetic = request.form.get('diabetic') diabetesControl = request.form.get('controlledDiabetes') heartStroke = request.form.get('heartStroke') cholesterol = request.form.get('cholesterol') # print(name, email, pw, phone, ssn,gender, bdate, job, bloodtype, # weight, height, hypertension, HyperControl, diabetic, diabetesControl, heartStroke, cholesterol) try: sql = "INSERT INTO Patients (Name, Email, Password, Phone,Gender, Birthday,SSN,Job,BloodType,Weight,Height,Hypertension,ControlledHypertension,Diabetic,ControlledDiabetes,HeartStroke, Cholesterol, Join_date) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)" val = (name, email, pw, phone, gender, bdate, ssn, job, bloodtype, weight, height, hypertension, HyperControl, diabetic, diabetesControl, heartStroke, cholesterol, today) mycursor.execute(sql, val) mydb.commit() return render_template("A_addpatient.html", succ="Patient added successfully.") except: return render_template( "A_addpatient.html", err="Something went wrong.") #check your ssn
def create_user(name: str = typer.Argument( ..., help="Name of user you want to add"), phone: int = typer.Argument( None, help="The phone number of the user [required]")): if phone: if phone >= 9000000000 and phone <= 9999999999: num = "0" + str(phone) mycursor.execute("SELECT * FROM users where phone = %s", (num, )) check_user = mycursor.fetchone() if check_user is None: sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, num) mycursor.execute(sql, val) mydb.commit() ending = typer.style("User --((" + name + " " + str(phone) + "))-- Added", fg=typer.colors.GREEN, bold=True) typer.echo(ending) else: raise ValueError( typer.style("Phone number existed", fg=typer.colors.RED, bold=True)) else: raise ValueError( typer.style("Invalid phone number", fg=typer.colors.RED, bold=True)) else: num = typer.prompt("Enter your phone number [09xxxxxxxxx]?") if int(num): if re.search("^09.........", num): mycursor.execute("SELECT * FROM users where phone = %s", (num, )) check_user = mycursor.fetchone() if check_user is None: sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, num) mycursor.execute(sql, val) mydb.commit() ending = typer.style("User --((" + name + " " + str(num) + "))-- Added", fg=typer.colors.GREEN, bold=True) typer.echo(ending) else: raise ValueError( typer.style("Phone number existed", fg=typer.colors.RED, bold=True)) else: raise ValueError( typer.style("Invalid phone number", fg=typer.colors.RED, bold=True))
def del_user(phone: str = Query(..., min_length=11, max_length=11, regex="^09")): mycursor.execute("SELECT * FROM users where phone = %s", (phone, )) check_user = mycursor.fetchone() if check_user is None: raise HTTPException(status_code=406, detail="User is not existed") else: mycursor.execute("DELETE FROM users WHERE phone = %s", (phone, )) mydb.commit() return {"User is deleted": check_user}
def test_e1_3(): sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, num) mycursor.execute(sql, val) mydb.commit() response = client.post("/add/?name=" + name + "&phone=" + num) assert response.status_code == 406 assert response.json() == {"detail": "Phone Number is registered"} mycursor.execute("DELETE FROM users WHERE phone = %s", (num, )) mydb.commit()
def test_e2_1(): sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, num) mycursor.execute(sql, val) mydb.commit() response = client.get("/read/") assert response.status_code == 200 assert response.json() == {"Users": [[name, num]]} mycursor.execute("DELETE FROM users WHERE phone = %s", (num, )) mydb.commit()
def test_e3_1(): sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, num) mycursor.execute(sql, val) mydb.commit() response = client.delete("/del/?phone=" + num) assert response.status_code == 200 assert response.json() == {"User is deleted": [name, num]} mycursor.execute("DELETE FROM users WHERE phone = %s", (num, )) mydb.commit()
def edit_profile(): mycursor = mydb.cursor() p_id = session['u_id'] if request.method == 'GET': sql = 'SELECT * FROM Patients WHERE ID =%s' val = (p_id,) #Fetch user's record mycursor.execute(sql,val) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("profile.html", type=type, allData=zip(row_headers, myresult), edit=1) else: if 'edit' in request.form: name = request.form['Name'] gender = request.form['Gender'] email = request.form['Email'] phone = request.form['Phone'] # DATE format YYYY-MM-DD bdate = request.form['Birthday'] ssn = request.form['SSN'] job = request.form['Job'] bloodtype = request.form['BloodType'] weight = request.form['Weight'] height = request.form['Height'] hyper = request.form['Hypertension'] hypercont = request.form['ControlledHypertension'] diabetic = request.form['Diabetic'] diacont = request.form['ControlledDiabetes'] stroke = request.form['HeartStroke'] cholesterol = request.form['Cholesterol'] try: # print(name, email, phone, ssn, bday, p_id) sql = "UPDATE Patients SET Name = %s, Gender = %s, Email = %s, Phone = %s, SSN = %s, Birthday = %s, Job = %s, BloodType = %s, Weight = %s, Height = %s, Hypertension = %s, ControlledHypertension = %s, Diabetic = %s, ControlledDiabetes = %s, HeartStroke = %s, Cholesterol = %s WHERE ID = %s" val = (name, gender, email, phone, ssn, bdate, job, bloodtype, weight, height, hyper, hypercont,diabetic, diacont, stroke, cholesterol, p_id) mycursor.execute(sql, val) mydb.commit() flash("Profile updated successfully!", "info") except: flash("Something went wrong!", "error") elif 'change' in request.form: #for changing password old_pw = request.form['password'] mycursor.execute("SELECT Password FROM Patients where id = '%s'" %(p_id)) myresult = mycursor.fetchone() pw = myresult[0] # print(pw, old_pw) if pw == old_pw: new_pw = request.form['newpassword'] mycursor.execute("UPDATE Doctors SET Password = '******' WHERE id = '%s'" % (new_pw, p_id)) mydb.commit() flash("Password changed successfully!", "info") else: flash("Incorrect password!", "error") return redirect(url_for('patient.display_profile'))
def test_e1_1(): response = client.post("/add/?name=" + name + "&phone=" + num) assert response.status_code == 200 assert response.json() == { "User added": { "Username": name, "PhoneNumber": num } } mycursor.execute("DELETE FROM users WHERE phone = %s", (num, )) mydb.commit()
def test_e4_2(): sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, num) mycursor.execute(sql, val) mydb.commit() response = client.put("/change_username/?name=asghar&phone=" + num) assert response.status_code == 200 assert response.json() == { "User": [name, num], "Username updated to ": "asghar" } mycursor.execute("DELETE FROM users WHERE phone = %s", (num, )) mydb.commit()
def view_drs(): mycursor = mydb.cursor() if request.method == 'GET': mycursor.execute("SELECT * FROM Doctors") # this will extract row headers row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchall() return render_template("A_view_doctors.html", AllDoctors=myresult, headers=row_headers) else: if 'edit' in request.form: drid = request.form['edit'] # print(drid) mycursor.execute("SELECT * FROM Doctors WHERE ID = '%s'" % (drid)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("A_update_doctors.html", type=type, Data=zip(row_headers, myresult)) else: #delete drid = request.form['del'] # print(drid) try: mycursor.execute("DELETE FROM Doctors WHERE ID = '%s'" % (drid)) mydb.commit() #delete calendar of the doctor mycursor.execute( "SELECT c_id FROM Calendars WHERE drID ='%s'" % (drid)) c_id = mycursor.fetchone() g_api.delete_calendar(c_id['c_id']) mycursor.execute("DELETE FROM Calendars WHERE c_id='%s'" % (c_id['c_id'])) mydb.commit() ## mycursor.execute("SELECT * FROM Doctors") row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchall() return render_template("A_view_doctors.html", AllDoctors=myresult, headers=row_headers, succ="Doctor deleted successfully.") except: mycursor.execute("SELECT * FROM Doctors") row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchall() return render_template("A_view_doctors.html", AllDoctors=myresult, headers=row_headers, err="Something went wrong.")
def update_username(name: str = Query(..., min_length=1, regex="^[a-z/A-Z]"), phone: str = Query(..., min_length=11, max_length=11, regex="^09")): mycursor.execute("SELECT * FROM users where phone = %s", (phone, )) check_user = mycursor.fetchone() if check_user is None: raise HTTPException(status_code=406, detail="User is not existed") else: mycursor.execute("UPDATE users SET Username = %s WHERE phone = %s", (name, phone)) mydb.commit() return {"User": check_user, "Username updated to ": name}
def add_user(name: str = Query(..., min_length=1, regex="^[a-z/A-Z]"), phone: str = Query(..., min_length=11, max_length=11, regex="^09")): mycursor.execute("SELECT * FROM users where phone = %s", (phone, )) check_phone = mycursor.fetchone() if check_phone: raise HTTPException(status_code=406, detail="Phone Number is registered") else: sql = 'INSERT INTO users (Username, phone) VALUES (%s, %s)' val = (name, phone) mycursor.execute(sql, val) mydb.commit() return {"User added": {"Username": name, "PhoneNumber": phone}}
def remove_cal(): if request.method == 'POST': doctor_id = request.form['drID'] mycursor.execute("SELECT c_id FROM Calendars WHERE drID ='%s'" % (doctor_id)) c_id = mycursor.fetchone() if c_id: g_api.delete_calendar(c_id['c_id']) mycursor.execute("DELETE FROM Calendars WHERE c_id='%s'" % (c_id['c_id'])) mydb.commit() flash("Calendar is Removed Successfully!") else: flash("Doctor has no Calendar") return render_template("calendar.html")
def delApp(id_data): sql = "SELECT * FROM Events WHERE a_id = %s" val = (id_data, ) mycursor.execute(sql, val) Event = mycursor.fetchone() print(Event) g_api.delete_event(Event['cal_id'], Event['e_id']) sql = "DELETE FROM Events WHERE a_id = %s " val = (id_data, ) mycursor.execute(sql, val) mydb.commit() sql = 'DELETE FROM Appointments WHERE id=%s' val = (id_data, ) mycursor.execute(sql, val) mydb.commit() return redirect(url_for("upcoming_app"))
def editpat(): mycursor = mydb.cursor() pat_id = request.form['ID'] name = request.form['Name'] gender = request.form['Gender'] email = request.form['Email'] pw = request.form['Password'] phone = request.form['Phone'] # DATE format YYYY-MM-DD bdate = request.form['Birthday'] ssn = request.form['SSN'] job = request.form['Job'] bloodtype = request.form['BloodType'] weight = request.form['Weight'] height = request.form['Height'] hyper = request.form['Hypertension'] hypercont = request.form['ControlledHypertension'] diabetic = request.form['Diabetic'] diacont = request.form['ControlledDiabetes'] stroke = request.form['HeartStroke'] cholesterol = request.form['Cholesterol'] try: sql = "UPDATE Patients SET Name = %s, Gender = %s, Email = %s, Password = %s, Phone = %s, SSN = %s, Birthday = %s, Job = %s, BloodType = %s, Weight = %s, Height = %s, Hypertension = %s, ControlledHypertension = %s, Diabetic = %s, ControlledDiabetes = %s, HeartStroke = %s, Cholesterol = %s WHERE ID = %s" val = (name, gender, email, pw, phone, ssn, bdate, job, bloodtype, weight, height, hyper, hypercont, diabetic, diacont, stroke, cholesterol, pat_id) mycursor.execute(sql, val) mydb.commit() mycursor.execute("SELECT * FROM Patients WHERE ID = '%s'" % (pat_id)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("A_update_patients.html", type=type, Data=zip(row_headers, myresult), succ="Patient's profile updated successfully.") except: mycursor.execute("SELECT * FROM Patients WHERE ID = '%s'" % (pat_id)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("A_update_patients.html", type=type, Data=zip(row_headers, myresult), err="Something went wrong.")
def edit_profile(): mycursor = mydb.cursor() d_id = session['u_id'] if request.method == 'GET': sql = 'SELECT * FROM Doctors WHERE ID =%s' val = (d_id,) #Fetch user's record mycursor.execute(sql,val) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("profile.html", type=type, allData=zip(row_headers, myresult), edit=1) else: if 'edit' in request.form: name = request.form['Name'] gender = request.form['Gender'] email = request.form['Email'] phone = request.form['Phone'] # DATE format YYYY-MM-DD bdate = request.form['Birthday'] ssn = request.form['SSN'] # dep = request.form['DepartmentID'] try: # print(name, email, phone, ssn, bday, d_id) mycursor.execute("UPDATE Doctors SET Name = '%s', Gender = '%s', Email = '%s', Phone = '%s', SSN = '%s', Birthday = '%s' WHERE id = '%s'" % (name,gender, email, phone, ssn, bdate, d_id)) mydb.commit() flash("Profile updated successfully!", "info") except: flash("Something went wrong!", "error") elif 'change' in request.form: #for changing password old_pw = request.form['password'] mycursor.execute("SELECT Password FROM Doctors where ID = '%s'" %(d_id)) myresult = mycursor.fetchone() pw = myresult[0] # print(pw, old_pw) if pw == old_pw: new_pw = request.form['newpassword'] mycursor.execute("UPDATE Doctors SET Password = '******' WHERE ID = '%s'" % (new_pw, d_id)) mydb.commit() flash("Password changed successfully!", "info") else: flash("Incorrect password!", "error") return redirect(url_for('doctor.display_profile'))
def edit_profile(): mycursor = mydb.cursor() a_id = session["u_id"] if request.method == 'GET': mycursor.execute("SELECT * FROM Admins where ID = '%s'" % (a_id)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("profile.html", type=type, adminData=zip(row_headers, myresult), edit=1) else: if 'edit' in request.form: name = request.form['Name'] email = request.form['Email'] phone = request.form['Phone'] ssn = request.form['SSN'] bday = request.form['Birthday'] try: # print(name, email, phone, ssn, bday, a_id) mycursor.execute( "UPDATE Admins SET Name = '%s', Email = '%s', Phone = '%s', SSN = '%s', Birthday = '%s' WHERE ID = '%s'" % (name, email, phone, ssn, bday, a_id)) mydb.commit() flash("Profile updated successfully!", "info") except: flash("Something went wrong!", "error") elif 'change' in request.form: #for changing password old_pw = request.form['password'] mycursor.execute("SELECT Password FROM Admins where ID = '%s'" % (a_id)) myresult = mycursor.fetchone() pw = myresult[0] # print(pw, old_pw) if pw == old_pw: new_pw = request.form['newpassword'] mycursor.execute( "UPDATE Admins SET Password = '******' WHERE ID = '%s'" % (new_pw, a_id)) mydb.commit() flash("Password changed successfully!", "info") else: flash("Incorrect password!", "error") return redirect(url_for('admin.profile'))
def view_patients(): mycursor = mydb.cursor() if request.method == 'GET': mycursor.execute( "SELECT ID, Name, Email, Password, Phone, Gender, SSN, Birthday, Job , Join_date FROM Patients" ) # this will extract row headers row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchall() return render_template("A_view_patients.html", AllPatients=myresult, headers=row_headers) else: if 'edit' in request.form: patid = request.form['edit'] mycursor.execute("SELECT * FROM Patients WHERE ID = '%s'" % (patid)) row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchone() return render_template("A_update_patients.html", type=type, Data=zip(row_headers, myresult)) else: #delete patid = request.form['del'] try: mycursor.execute("DELETE FROM Patients WHERE ID = '%s'" % (patid)) mydb.commit() mycursor.execute("SELECT * FROM Patients") row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchall() return render_template("A_view_patients.html", AllPatients=myresult, headers=row_headers, succ="Patient deleted successfully.") except: mycursor.execute("SELECT * FROM Patients") row_headers = [x[0] for x in mycursor.description] myresult = mycursor.fetchall() return render_template("A_view_patients.html", AllPatients=myresult, headers=row_headers, err="Something went wrong.")
def contactus(): if request.method=='POST': patid = session["u_id"] subject = request.form['subject'] msg = request.form['msg'] sql = "INSERT INTO ContactUsForms (patID, subject) VALUES (%s,%s)" val = (patid,subject) mycursor.execute(sql, val) # get this question id to insert as foreign key in the messages table question_id = mycursor.lastrowid sql = "INSERT INTO Messages (msgTime, questionID, sender, msg) VALUES (%s,%s,%s,%s)" msgtime = datetime.now() val = (msgtime, question_id, 'p',msg) mycursor.execute(sql, val) mydb.commit() flash("Thanks for submitting, we well contact you as soon as possible!") return render_template("contactus.html")
def upcoming_app(): mydb.commit() now = datetime.datetime.now() if session['msg'] == 'A': sql = 'SELECT * FROM Patients AS T1 JOIN ( SELECT a.id , bookedTime, drID,patID, d.ID AS d_id , Name AS dname, Birthday AS dbday , Email AS demail , Phone AS dphone FROM Appointments AS a JOIN Doctors AS d on drID = d.ID WHERE bookedTime >= %s ) AS T2 ON T1.ID = T2.patID' val = (now, ) # mycursor.close() elif session['msg'] == 'p': sql = 'SELECT a.id , bookedTime, drID ,patID, name AS dname FROM Appointments AS a JOIN Doctors on a.drID = Doctors.ID WHERE bookedTime >= %s AND patID = %s' val = (now, session['u_id']) # print("HHHHHHHHHHHH") # mycursor.close() else: sql = 'SELECT * FROM Appointments JOIN Patients on Appointments.patID = Patients.ID WHERE bookedTime >= %s AND drID = %s' val = (now, session['u_id']) # mycursor.close() mycursor.execute(sql, val) data = mycursor.fetchall() # print(data) return render_template("upcoming_appointments.html", data=data)
def add_cal(): if request.method == 'POST': doctor_id = request.form['drID'] mycursor.execute("SELECT * From Calendars") c = mycursor.fetchall() if c: flash("Dr Already has a calendar , Remove the calendar first") return render_template("calendar.html") mycursor.execute("SELECT Email FROM Doctors WHERE ID ='%s'" % (doctor_id)) doctor_email = mycursor.fetchone() ID = g_api.create_calendar("Cardiology Department", "Africa/Cairo") g_api.give_access(ID, doctor_email['Email']) sql = "INSERT INTO Calendars (c_id,drID) VALUES (%s,%s)" val = (ID, doctor_id) print(val) mycursor.execute(sql, val) mydb.commit() flash("Calendar is aded Successfully!") return render_template("calendar.html")
def register(): tipo_usuario = request.form['tipo_usuario'] username = request.form['username'] email = request.form['email'] telefono = request.form['telefono'] password = request.form['password'] password2 = request.form['password2'] nombre = request.form['nombre'] apellido_paterno = request.form['apellido_paterno'] apellido_materno = request.form['apellido_materno'] sexo = request.form['sexo'] fecha_nacimiento = request.form['fecha_nacimiento'] #Validar campos vacios if tipo_usuario == "1": if apellido_materno is None or apellido_materno is None: return render_template('register.html', mensaje="Algun campo está vacío") if sexo is None or fecha_nacimiento is None: return render_template('register.html', mensaje="Algun campo está vacío") #Validar que las cont coincidan if password != password2: return render_template('register.html', mensaje="Las contraseñas no coinciden") #Validar que no exisa usuario ni correo cursor = mydb.cursor() cursor.execute('SELECT username FROM Usuario WHERE UserName = "******"' % username) result = cursor.fetchone() if result is not None: return render_template('register.html', mensaje="usuario existente") cursor.execute('SELECT Email FROM Usuario WHERE Email = "%s"' % email) result = cursor.fetchone() if result is not None: return render_template('register.html', mensaje="correo existente") #REGISTRO DEL USUARIO# sentence = 'INSERT INTO Usuario(UserName,TipoUsuario,HashPassword,Email,Telefono,Admin) VALUES (%s,%s,%s,%s,%s,FALSE)' variables = (username, tipo_usuario, password, email, telefono) cursor.execute(sentence, variables) mydb.commit() #EXTRACCION DEL NUEVO ID# cursor.execute('SELECT idUsuario FROM Usuario WHERE UserName = "******"' % username) result = cursor.fetchone() if tipo_usuario == "1": sentence = 'INSERT INTO Persona(Nombre,ApellidoPaterno,ApellidoMaterno,IdUsuario,Sexo,FechaNacimiento) VALUES (%s,%s,%s,%s,%s,%s)' variables = (nombre, apellido_paterno, apellido_materno, result[0], sexo, fecha_nacimiento) else: sentence = 'INSERT INTO Empresa(Nombre, IdUsuario) VALUES (%s,%s)' variables = (nombre, result[0]) cursor.execute(sentence, variables) mydb.commit() session['logged_in'] = True return home()
def register(): #check if user submitted form (POST) if request.method == 'POST': firstName = request.form['fname'] lastName = request.form['lname'] ssn = request.form['ssn'] job = request.form['job'] bdate = request.form['dob'] sex = request.form['gender'] bloodType = request.form['bt'] weight = request.form['weight'] phone = request.form['phone'] hyperTension = convert('hyperTension' in request.form) ht_controlled = convert('ht_controlled' in request.form) diabetes = convert('diabetes' in request.form) diabetes_control = convert('dcontrol' in request.form) heartstroke = convert('heartstroke' in request.form) cholesterol = convert('ch' in request.form) email = request.form['email'] password = request.form['pw'] today = time.strftime('%Y-%m-%d') #check if account exists already sql = 'SELECT * FROM Patients WHERE email = %s' val = (email,) mycursor.execute(sql, val) # Fetch user's record account = mycursor.fetchone() # If account exists show error and validation checks if account: flash('Account already exists!') return render_template('SignIn_p.html') elif not re.match(r'[^@]+@[^@]+\.[^@]+', email): flash('Invalid email address!') return render_template('Test_home.html') elif not email or not password or not firstName or not ssn or not bloodType: flash('Fill out the Registration Form!') return render_template('Test_home.html') else: format_str = '%d/%m/%Y' # The format bday_datetime = datetime.strptime(bdate, format_str) #registration succed, create patient account Name = firstName + " " + lastName sql_ ='INSERT INTO Patients (Name,Birthday, Job, Email, Password, Phone, Gender, SSN , BloodType,Weight,Hypertension,ControlledHypertension,Diabetic,ControlledDiabetes,HeartStroke,Cholesterol, Join_date) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)' val_ = (Name,bday_datetime,job,email,password,phone,sex,ssn,bloodType,weight,hyperTension,ht_controlled,diabetes,diabetes_control,heartstroke,cholesterol,today) mycursor.execute(sql_ , val_) mydb.commit() sql = 'SELECT id FROM Patients WHERE Email = %s AND Password = %s' val = (email, password) mycursor.execute(sql, val) # Fetch user's record account = mycursor.fetchone() session['loggedin'] = True session['user'] = Name session['u_id'] = account['id'] session['email'] = email session['msg']='p' flash(f"you have been Registered successfully!,{Name}") return redirect(url_for('patient.patientDash')) else: return render_template('SignUp.html')
def book(): mycursor = mydb.cursor(dictionary=True, buffered=True) mycursor.execute("SELECT * FROM Doctors") myresult = mycursor.fetchall() number_of_doctors = len(myresult) id_1_l = math.ceil((number_of_doctors / 2)) if request.method == 'POST': selected_data = request.form['doctor'] selected_date = request.form['date'] #in mm/dd/yyy selected_hour = request.form['hour'] p_id = request.form['p_id'] #check if date or time is empty if (not request.form['date']) or request.form['hour'] == 'Select Time': # print("jjj")) flash( "please select a date, a time and a doctor/Not Specific Doctor " ) return render_template("p_book_appointment.html", doctorsData=myresult, id_1_l=id_1_l) #get the values we need if selected_data != 'Not Specific Doctor': doctor_id, selected_doctor = selected_data.split('-') else: doctor_id = random.randint(1, number_of_doctors) #get the values we need format_str = '%m/%d/%Y' # The format date_datetime = datetime.strptime(selected_date, format_str).date() time_datetime = datetime.strptime(selected_hour, '%H:%M').time() bookedTime = datetime.combine(date_datetime, time_datetime) #check if the time is booked already in doctor's schedule sql = 'SELECT * FROM Appointments WHERE drID = %s AND bookedTime = %s' val = (doctor_id, bookedTime) mycursor.execute(sql, val) # Fetch user's record account = mycursor.fetchall() # If account exists show error and validation checks if account: flash('Doctor is not available in this time, choose another time!') return render_template("p_book_appointment.html", doctorsData=myresult, id_1_l=id_1_l) # Nothing wrong with booking, insertingappointment details id = session["u_id"] sql = "INSERT INTO Appointments (drID,bookedTime, patID) VALUES (%s, %s, %s)" val = (doctor_id, bookedTime, p_id) # print(val) mycursor.execute(sql, val) mydb.commit() # mycursor.close() flash("Appointment is Booked Successfully!") #Synchronize with doctor's calendar #getting appointment id to add in events table sql = "SELECT id FROM Appointments WHERE drID =%s AND bookedTime =%s" val = (doctor_id, bookedTime) mycursor.execute(sql, val) a_id = mycursor.fetchone() #getting dr data doctor = next( (doctor for doctor in myresult if doctor['ID'] == int(doctor_id)), False) doctor_email = doctor['Email'] doctor_id = int(doctor_id) sql = "SELECT * FROM Calendars WHERE drID = %s" mycursor.execute(sql, (doctor_id, )) dr_cal = mycursor.fetchall() print(dr_cal) if not dr_cal: ID = g_api.create_calendar("Cardiology Department", "Africa/Cairo") g_api.give_access(ID, doctor_email) sql = "INSERT INTO Calendars (c_id,drID) VALUES (%s,%s)" val = (ID, doctor_id) print(val) mycursor.execute(sql, val) mydb.commit() mycursor.execute("SELECT * FROM Calendars WHERE drID = '%s'" % (doctor_id)) dr_cal = mycursor.fetchone() event_id = g_api.create_event(bookedTime, dr_cal['c_id']) #insert event into Events table sql = "INSERT INTO Events (e_id,cal_id,a_id) VALUES (%s,%s,%s)" val = (event_id, dr_cal['c_id'], a_id['id']) mycursor.execute(sql, val) mydb.commit() print("EVENT CREATED") return render_template("p_book_appointment.html", doctorsData=myresult, id_1_l=id_1_l) else: return render_template("p_book_appointment.html", doctorsData=myresult, id_1_l=id_1_l)