def load_logged_in_user():
user_id = session.get("user_id")
if user_id is None:
g.user = None
else:
g.user = (
get_db().execute("SELECT * FROM user WHERE id = ?", (user_id,)).fetchone()
)
def send_emails():
if request.method == "POST":
db = get_db()
confirm = None
error = None
try:
confirm = request.form["confirm"]
except:
error = "You must confirm to perform this action."
user_list = db.execute(
"SELECT * FROM user WHERE match NOT NULL").fetchall()
from os import environ
try:
password = environ["SECRET_SANTA_SMTP_PASS"]
except KeyError:
error = "Specify password on command line as SECRET_SANTA_SMTP_PASS"
if error is None:
if confirm is not None:
import smtplib, ssl
smtp_server = "mail.riseup.net"
port = 587
username = "******"
sender = "*****@*****.**"
context = ssl.create_default_context()
try:
server = smtplib.SMTP(smtp_server, port)
server.starttls(context=context)
server.login(username, password)
for user in user_list:
match = db.execute("SELECT * FROM user WHERE id = ?",
(user["match"], )).fetchone()
message = """\
From: {}\r\nTo: {}\r\nSubject: Secret Santa Delivery\r\n\r\n
Here is your Secret Santa delivery! You are matched with {} {}! :)
Visit your Secret Santa account to see their wishlist and more.
""".format(sender, user["email"], match["name"], match["surname"])
server.sendmail(sender, user["email"], message)
except Exception as e:
print(e)
finally:
server.quit()
return redirect(url_for("admin.index"))
flash(error)
return render_template("admin/send_emails.html")
def start():
if request.method == "POST":
db = get_db()
confirm = None
error = None
try:
confirm = request.form["confirm"]
except:
error = "You must confirm to perform this action."
user_list = get_db().execute(
"SELECT * FROM user WHERE terms = 1").fetchall()
if len(user_list) < 3:
error = "You must have at least 3 participants to continue."
if error is None:
if confirm is not None:
from random import shuffle
shuffle(user_list)
pairs = tuple(zip(user_list, user_list[1:] + user_list[:1]))
for pair in pairs:
db.execute(
"UPDATE user SET match = ? WHERE id = ?",
(pair[1]["id"], pair[0]["id"]),
)
db.commit()
return redirect(url_for("admin.index"))
flash(error)
return render_template("admin/start.html")
def index():
if request.method == "POST":
mylist = request.form["mylist"]
db = get_db()
error = None
if error is None:
db.execute("UPDATE user SET list = ? WHERE id = ?",
(mylist, g.user["id"]))
db.commit()
return redirect(url_for("mylist.index"))
flash(error)
return render_template("mylist/index.html")
def index():
if request.method == "POST":
name = request.form["name"]
surname = request.form["surname"]
username = request.form["username"]
password = request.form["password"]
new_password = request.form["new_password"]
db = get_db()
error = None
if not password:
error = "Password is required to update account info."
elif not check_password_hash(g.user["password"], password):
error = "Incorrect password."
# user must enter their password to update info
if error is None:
if name:
db.execute(
"UPDATE user SET name = ? WHERE id = ?", (name, g.user["id"])
)
if surname:
db.execute(
"UPDATE user SET surname = ? WHERE id = ?", (surname, g.user["id"])
)
if username:
db.execute(
"UPDATE user SET username = ? WHERE id = ?",
(username, g.user["id"]),
)
if new_password:
db.execute(
"UPDATE user SET password = ? WHERE id = ?",
(generate_password_hash(new_password), g.user["id"]),
)
db.commit()
return redirect(url_for("account.index"))
flash(error)
return render_template("account/index.html")
def register():
if request.method == "POST":
email = request.form["email"]
name = request.form["name"]
surname = request.form["surname"]
username = request.form["username"]
password = request.form["password"]
db = get_db()
error = None
if not name or not surname:
error = "Name is required."
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif (
db.execute("SELECT id FROM user WHERE username = ?", (username,)).fetchone()
is not None
):
error = "User {} is already registered.".format(username)
if error is None:
db.execute(
"INSERT INTO user (email, name, surname, username, password) VALUES (?, ?, ?, ?, ?)",
(email, name, surname, username, generate_password_hash(password)),
)
db.commit()
user = db.execute(
"SELECT * FROM user WHERE username = ?", (username,)
).fetchone()
session.clear()
session["user_id"] = user["id"]
return redirect(url_for("auth.login"))
flash(error)
return render_template("auth/register.html")
def index():
if request.method == "POST":
db = get_db()
error = None
terms = None
try:
terms = request.form["terms"]
except:
error = "Must accept terms and conditions to continue."
terms = None
if error is None:
if terms is not None:
db.execute("UPDATE user SET terms = ? WHERE id = ?",
(1, g.user["id"]))
db.commit()
return redirect(url_for("index.index"))
flash(error)
return render_template("signup.html")
def login():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
db = get_db()
error = None
user = db.execute(
"SELECT * FROM user WHERE username = ?", (username,)
).fetchone()
if user is None:
error = "Incorrect username."
elif not check_password_hash(user["password"], password):
error = "Incorrect password."
if error is None:
session.clear()
session["user_id"] = user["id"]
return redirect(url_for("index.index"))
flash(error)
return render_template("auth/login.html")
def users():
user_list = get_db().execute("SELECT * FROM user")
return render_template("admin/users.html", user_list=user_list)
def index():
match = (get_db().execute("SELECT * FROM user WHERE id = ?",
(g.user["match"], )).fetchone())
return render_template("match/index.html", match=match)
