def getUser():
uid = session.get("uid", None)
exp = session.get("expires", None)
if uid is None or exp is None or exp > (datetime.now() +
timedelta(hours=1)):
return None
db = database()
usr = db.cursor().execute(
'''
SELECT fname, lname, email FROM users WHERE uid=?
''', (uid, )).fetchone()
return usr
def authenticate(user):
""" authenticates attempted login"""
# checks if user exists in database
c = database() #
result_hash = c.cursor().execute(
'''
Select hash, uid from Users
where email=?
''', (user.email, )).fetchone()
if result_hash is None:
return redirect(url_for('login_get'))
elif check_password(user.password, result_hash[0], pep):
session["uid"] = result_hash[1]
session["expires"] = datetime.now()
def remove_product(product_id):
db = database()
cursor = db.cursor()
# Remove product image
image_file = cursor.execute(
"""
SELECT image_file FROM Products WHERE id = ?
""", (product_id, )).fetchone()
os.remove(os.path.join(product_image_dir, image_file[0]))
# Remove product from database
cursor.execute("""
DELETE FROM Products WHERE id = ?
""", (product_id, ))
db.commit()
return redirect(url_for("product_list"))
def move_forward():
# Moving forward code
userId = session.get('uid', None)
if userId is None:
flash("Must be signed in to delete account")
return redirect(url_for('home'))
db = database()
db.cursor().execute('''
DELETE FROM Users WHERE uid=?;
''', (userId, ))
db.cursor().execute(
'''
DELETE FROM Products WHERE user=?;
''', (userId, ))
db.commit()
session["uid"] = None
session["expires"] = None
flash("Account deleted")
return redirect(url_for('home'))
def product(product_id):
conn = database() #
c = conn.cursor()
result = c.execute(
'''
SELECT id, name, description, price, tags, image_file, condition, user, U.fname, U.lname, U.email, U.profileExt FROM Products
JOIN Users U ON Products.user = U.uid
WHERE id=?;
''', (product_id, )).fetchall()
if len(result) == 0:
return render_template("products.j2")
for row in result:
id = row[0]
name = row[1]
description = row[2]
price = row[3]
tags = row[4].split(', ')
image_file = row[5]
condition = row[6]
user = row[7]
sfName = row[8]
slName = row[9]
sEmail = row[10]
sExt = row[11]
sellerName = sfName + " " + slName
return render_template("product.j2",
user=getUser(),
id=id,
name=name,
description=description,
price=price,
tags=tags,
image_file=image_file,
condition=condition,
userID=user,
sName=sellerName,
sEmail=sEmail,
sPath=sEmail + sExt)
def recoverPassword_post():
form = RecoverPasswordForm()
if form.validate_on_submit():
plainText = ''.join(
random.SystemRandom().choice(string.ascii_uppercase +
string.digits) for _ in range(15))
hash = hash_password(plainText, pep)
conn = database()
conn.cursor().execute(
'''
UPDATE Users set hash=? where email=?;
''', (hash, form.email.data))
conn.commit()
# email password
mailSvr = mailer()
mailSvr.sendMail(
form.email.data, 'Reset Password',
'Your password has been reset. Please login with the new temporary password: '******' and change it immediately')
return redirect(url_for('login_get'))
return render_template('recoverPassword.j2')
def settings():
uid = session.get("uid")
form = SettingsForm()
conn = database()
usr = conn.cursor().execute(
'''
SELECT fname, lname, email FROM users WHERE uid=?
''', (uid, )).fetchone()
if form.validate_on_submit() and request.method == 'POST':
if form.password.data != '' and form.password.data != form.confirm.data:
flash("passwords must match")
elif form.password.data != '':
pw_hash = hash_password(form.password.data, pep)
conn.cursor().execute(
'''
UPDATE Users
SET hash=?, email=?, fname=?, lname=?
WHERE uid=?
''', (pw_hash, form.email.data, form.fname.data, form.lname.data,
uid))
conn.commit()
else:
# update other info
conn.cursor().execute(
'''
UPDATE Users
SET email=?, fname=?, lname=?
WHERE uid=?
''', (form.email.data, form.fname.data, form.lname.data, uid))
conn.commit()
conn = database()
cursor = conn.cursor()
row = cursor.execute(
'''
SELECT profileExt FROM Users where uid=?
''', (uid, )).fetchone()
oldExt = row[0]
if form.profile_image.data is not None:
_, extension = os.path.splitext(form.profile_image.data.filename)
form.profile_image.data.save(
os.path.join(user_image_dir,
str(form.email.data) + extension))
conn = database()
c = conn.cursor()
c.execute(
'''
UPDATE Users
SET profileExt = ?
where uid=?
''', (extension, uid))
conn.commit()
else:
old_profile = os.path.join(user_image_dir, str(usr[2])) + oldExt
new_profile = os.path.join(user_image_dir,
form.email.data) + oldExt
os.rename(r'' + old_profile, r'' + new_profile)
flash("Settings have been updated")
form.accept_changes.data = False
return render_template('settings.j2', user=usr, form=form)
elif request.method == 'POST':
flash("Invalid Fields. Please try again.")
return render_template('settings.j2', user=usr, form=form)
elif request.method == 'GET':
form.fname.data = usr[0]
form.lname.data = usr[1]
form.email.data = usr[2]
return render_template('settings.j2', user=usr, form=form)