def register():
next_url = request.args.get('next')
if not current_user.is_authenticated:
try:
if request.method == "POST":
con, conn = connection()
form = request.form
email = form['email']
password = sha256_crypt.encrypt((str(form['password'])))
used_username = con.execute(
"SELECT * FROM user WHERE login = (%s)",
escape_string(request.form['login']))
if "@" not in email:
wrong_email = True
else:
wrong_email = False
if used_username or wrong_email:
return render_template('register.html',
form=form,
used_username=used_username,
wrong_email=wrong_email)
con.execute(
"INSERT INTO scout (first_name, last_name) VALUES (%s, %s)",
(escape_string(
form['first-name']), escape_string(form['last-name'])))
conn.commit()
scout_id = con.lastrowid
sql = "INSERT INTO user (login, password, email, scout_id) VALUES (%s, %s, %s, " + str(
scout_id) + ")"
con.execute(
sql,
(escape_string(form['login']), escape_string(password),
escape_string(form['email'])))
conn.commit()
flash("Zarejestrowano pomyślnie!", 'success')
send_confirmation_email(form['email'])
con.close()
conn.close()
gc.collect()
return redirect(url_for('login', next=next_url,
username=email))
else:
return render_template('register.html')
except Exception as error:
flash('Błąd: ' + str(error), 'danger')
return redirect('/')
else:
flash("Jesteś już zalogowany!", 'warning')
return redirect(next_url)
def settings_get():
con, conn = connection()
con.execute("SELECT * FROM scout_team WHERE id_scout_team = %s", escape_string(str(session['id_scout_team'])))
scout_team = con.fetchone()
con.close()
conn.close()
return render_template('settings.html', scout_team=scout_team)
def plan():
con, conn = connection()
con.execute("SELECT * FROM scout_team WHERE id_scout_team = %s", escape_string(str(session['id_scout_team'])))
current_team = con.fetchone()
con.execute("SELECT * FROM work_plan WHERE scout_team_id = %s", escape_string(str(session['id_scout_team'])))
work_plans = con.fetchall()
con.close()
conn.close()
if work_plans:
current_work_plan = None
for work_plan in work_plans:
if request.args.get('work-plan'):
current_work_plan = work_plan if int(request.args.get('work-plan')) == work_plan['id_work_plan'] else current_work_plan
else:
current_work_plan = work_plan if work_plan['id_work_plan'] == current_team['current_work_plan_id'] else current_work_plan
return render_template("plan.html", work_plans=work_plans, current_work_plan=current_work_plan if current_work_plan else work_plans[-1])
return render_template("plan-none.html")
def send_confirmation_email(mail):
with MAIL.connect() as conn:
print(mail)
token = ts.dumps(mail, salt='email-confirm-key')
print(token)
msg = Message("EEH - Potwierdź swój adres email",
sender=config.MAIL_USERNAME,
recipients=[mail])
msg.html = render_template('verify_email.html', token=token)
conn.send(msg)
def scouting_troops_get():
con, conn = connection()
con.execute(
"SELECT * FROM scouting_troop WHERE scout_team_id = %s AND name <> \"none\"",
escape_string(str(session['id_scout_team'])))
scouting_troops = con.fetchall()
con.close()
conn.close()
return render_template("scouting-troops.html",
scouting_troops=scouting_troops)
def login():
try:
if current_user.is_authenticated:
flash('Już jesteś zalogowany!', 'warning')
if request.args.get('next'):
return redirect(request.args.get('next'))
return redirect('/')
if request.method == "POST":
con, conn = connection()
con.execute("SELECT * FROM user WHERE email = (%s) OR login = %s",
(escape_string(request.form['email']),
escape_string(request.form['email'])))
user_dict = con.fetchone()
user = User()
user.update(user_dict)
con.close()
conn.close()
gc.collect()
if user and sha256_crypt.verify(request.form['password'],
user['password']):
con, conn = connection()
con.execute(
"SELECT id_scout_team FROM scout_team WHERE scoutmaster_user_id = %s",
escape_string(str(user['id_user'])))
scout_team = con.fetchone()
con.close()
conn.close()
remember_me = request.form[
'remember-me'] if 'remember_me' in request.form else False
login_user(user, remember=remember_me)
session['id_scout_team'] = scout_team['id_scout_team']
if request.args.get('next'):
return redirect(request.args.get('next'))
return redirect('/app/')
return render_template('login.html', form=request.form, wrong=True)
return render_template('login.html')
except Exception as error:
flash('Błąd: ' + str(error), 'danger')
return redirect('/')
def plan_get(identifier):
harcerze = []
current_plan = Plan.query.filter_by(id=identifier).first()
if current_plan.druzyna_id == current_user['id']:
plany = Plan.query.filter_by(druzyna_id=current_user['id']).all()
plany_indywidualne = HarcerzPlan.query.filter_by(
plan_id=current_user['current_plan']).all()
for plan_indywidualny in plany_indywidualne:
harcerz = Harcerz.query.filter_by(id=plan_indywidualny.id).first()
harcerze.append({
'first_name': harcerz.first_name,
'last_name': harcerz.last_name,
'charakterystyka': plan_indywidualny.charakterystyka,
'cele': plan_indywidualny.cele
})
return render_template('plan.html', harcerze=harcerze, wizja=current_plan.wizja, cele=current_plan.cele, zz=current_plan.zz, plany=plany)
flash("You can't do that", 'warning')
return redirect(request.host_url)
def scouting_troop_get(identifier):
con, conn = connection()
query = con.execute(
"SELECT * FROM scouting_troop WHERE id_scouting_troop = %s AND scout_team_id = %s",
(escape_string(identifier), escape_string(str(
session['id_scout_team']))))
scouting_troop = con.fetchone()
if query == 0:
return redirect("/scouting-troops/")
con.execute(
"SELECT a.id_scout, a.first_name, a.last_name, b.name FROM scout a, scouting_troop b, scout_membership c WHERE b.id_scouting_troop = c.scouting_troop_id AND a.id_scout = c.scout_id AND b.scout_team_id = %s AND b.id_scouting_troop = %s",
(escape_string(str(
session['id_scout_team'])), escape_string(identifier)))
scouts = con.fetchall()
con.close()
conn.close()
return render_template("scouting-troop.html",
scouts=scouts,
scouting_troop=scouting_troop)
def add_get():
if request.method == "GET":
return render_template('add.html')
elif request.method == "POST":
try:
print(request.form)
con, conn = connection()
if not valid_pesel(request.form['pesel']):
flash("Zły pesel", 'warning')
return redirect('/add/')
sql = "INSERT INTO scout (first_name, middle_name, last_name, {}pesel, address, phone) VALUES (%s, {}%s, %s, %s, %s, %s)".format(
"birthdate, " if not request.form['birthdate'] == '' else '',
escape_string(str(request.form['birthdate'])) +
", " if not request.form['birthdate'] == '' else '')
print(sql)
con.execute(sql, (escape_string(request.form['first-name']),
escape_string(request.form['middle-name']),
escape_string(request.form['last-name']),
escape_string(request.form['pesel']),
escape_string(request.form['address']),
escape_string(request.form['phone'])))
conn.commit()
scout_id = con.lastrowid
con.execute(
"SELECT id_scouting_troop FROM scouting_troop WHERE scout_team_id IN (SELECT id_scout_team FROM scout_team WHERE scoutmaster_user_id= %s) AND name = \"none\"",
escape_string(str(current_user['id_user'])))
scouting_troop = con.fetchone()
scouting_troop_join(scout_id,
scouting_troop['id_scouting_troop'],
notify=False)
con.close()
conn.close()
flash(
"Dodano {} {}!".format(request.form['first-name'],
request.form['last-name']), 'success')
except Exception as error:
flash("Error: " + str(error), 'danger')
return redirect('/app/')
def app():
scouts = []
no_team = True
con, conn = connection()
if current_user.is_authenticated:
sql = "SELECT a.id_scout_team, a.name, c.scouting_troop_id, b.name FROM scout_team a, scouting_troop b, scout_membership c WHERE c.scouting_troop_id = b.id_scouting_troop AND a.id_scout_team = b.scout_team_id AND c.scout_id = %s"
query = con.execute(sql, current_user['scout_id'])
scout_teams = con.fetchall()
if not query == 0:
sql = "select a.id_scout_team, a.name, b.id_scouting_troop, c.scout_id FROM scout_team a, scouting_troop b, scout_membership c WHERE a.id_scout_team = b.scout_team_id AND c.scouting_troop_id = b.id_scouting_troop AND b.name = \"Komenda\" AND c.scout_id = %s;"
query = con.execute(sql,
escape_string(str(current_user['id_user'])))
scout_teams = con.fetchall() if not query == 0 else scout_teams
if not query == 0:
sql = "SELECT a.id_scout, a.first_name, a.middle_name, a.last_name, a.birthdate, a.pesel, a.address, a.phone, b.scouting_troop_id, c.name as 'scouting_troop_name', c.scout_team_id FROM scout a, scout_membership b, scouting_troop c WHERE c.scout_team_id = %s AND b.scouting_troop_id = c.id_scouting_troop AND a.id_scout = b.scout_id"
session['id_scout_team'] = int(
request.args.get('scout-team')) if request.args.get(
'scout-team') else session['id_scout_team']
id = session['id_scout_team']
query = con.execute(sql, escape_string(str(id)))
scouts_raw = con.fetchall()
print(scouts_raw)
if not query == 0:
scouts = scouts_raw
no_team = False
con.close()
conn.close()
else:
con.close()
conn.close()
flash("Zaloguj się", "warning")
return redirect('/')
return render_template('app.html',
harcerze=scouts,
no_team=no_team,
scout_teams=scout_teams,
current_scout_team_id=None if no_team else id)
def home():
return render_template('home.html')
def new_plan_get():
return render_template('plan-new.html')
def errorhandler404(e):
return render_template('404.html'), 404
