def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute("SELECT * from userAccount WHERE username= ?", (username,)).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user["password"], password):
error = "Incorrect password."
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
if request.method == 'GET':
username = session.get('username', None)
if username:
query = 'SELECT id from userAccount WHERE username="******"'
db = get_db()
user_id = db.execute(query).fetchone()
if(user_id['id']):
session['user_id'] = user_id['id']
return redirect(url_for('index'))
return render_template('auth/login.html')
def update(id):
account = get_account(id)
if request.method == 'POST':
amount = request.form['amount']
error = None
if not amount:
error = 'Amount is required.'
if verify_number(amount) == False:
error = 'Not a valid numeric input'
result_amount = account['amount']
if request.form['withposit'] == "Withdraw":
result_amount = result_amount - float(amount)
if (result_amount < 0):
error = "Cannot withdraw more than balance"
elif request.form['withposit'] == "Deposit":
result_amount = result_amount + float(amount)
if error is not None:
flash(error)
else:
db = get_db()
db.execute('UPDATE bankAccount SET amount = ?'
' WHERE id = ?', (result_amount, id))
db.commit()
return redirect(url_for('account.index'))
return render_template('account/update.html', account=account)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute(
'SELECT * FROM userAccount WHERE id = ?', (user_id,)
).fetchone()
def get_account(id, check_author=True):
account = get_db().execute(
'SELECT b.id, userAccount_id, username, amount'
' FROM bankAccount b JOIN userAccount u ON b.userAccount_id = u.id'
' WHERE b.id = ?', (id, )).fetchone()
# if account is None:
# abort(404, "Account id {0} doesn't exist.".format(id))
#
# if check_author and account['userAccount_id'] != g.user['id']:
# abort(403)
return account
def index():
db = get_db()
passtoHTMLaccounts = []
if g.user is not None:
accounts = db.execute(
'SELECT b.id, userAccount_id, username, amount'
' FROM bankAccount b JOIN userAccount u ON b.userAccount_id = u.id'
' WHERE userAccount_id = ?', (g.user['id'], )).fetchall()
for account in accounts:
account_instance = {}
init_amount = account['amount']
account_instance['amount'] = f'{init_amount:.2f}'
account_instance['username'] = account['username']
account_instance['id'] = account['id']
passtoHTMLaccounts.append(account_instance)
return render_template('account/index.html', accounts=passtoHTMLaccounts)
def create():
if request.method == 'POST':
init_amount = request.form['amount']
error = None
if not init_amount:
error = 'Initial amount required.'
if verify_number(init_amount) == False:
error = 'Not a valid numeric input'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO bankAccount (amount, userAccount_id)'
' VALUES (?, ?)', (init_amount, g.user['id']))
db.commit()
return redirect(url_for('account.index'))
return render_template('account/create.html')
def delete(id):
get_account(id)
db = get_db()
db.execute('DELETE FROM bankAccount WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('account.index'))
def register2():
session.clear()
username = request.args.get('username_register', '')
if request.method == 'POST':
password = request.form['password']
firstname = request.form['firstname']
lastname = request.form['lastname']
phonenumber = request.form['phonenumber']
initamount = request.form['initamount']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not firstname:
error = 'First name required.'
elif not lastname:
error = 'Last name required.'
elif phonenumber.isnumeric() == False:
error = 'Phone number not numeric'
elif not initamount:
error = 'Initial amount required.'
elif verify_number(initamount) == False:
error = 'Not a valid numeric input'
elif db.execute(
'SELECT id FROM userAccount WHERE username = ?', (username,)
).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if len(username) > 127:
error = "Username too long"
elif len(password) > 127:
error = "Password too long"
pat = re.compile("[_\\-\\.0-9a-z]+")
usernameRegex = pat.fullmatch(username)
if usernameRegex is None:
error = "Username contains illegal characters"
passwordRegex = pat.fullmatch(password)
if passwordRegex is None:
error = "Password contains illegal characters"
if error is None:
db.execute(
'INSERT INTO userAccount (username, password, phoneNumber, firstName, lastName)'
' VALUES (?, ?, ?, ?, ?)',
(username, generate_password_hash(password), phonenumber, firstname, lastname)
)
db.commit()
userAccountInfo = db.execute(
'SELECT id FROM userAccount WHERE username = ?', (username,)
).fetchone()
userAccountId = userAccountInfo['id']
db.execute(
'INSERT INTO bankAccount (amount, userAccount_id)'
' VALUES (?, ?)',
(initamount, userAccountId)
)
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/login.html')
session['username_register'] = username
return render_template('auth/register.html', username=username)