Beispiel #1
0
def register():
    if request.method == 'POST':
        params = (
            request.form['regEmail'],
            request.form['regPassword'],
            request.form['regFirstname'],
            request.form['regLastname'],
            request.form['departmentCode'],
            request.form['accountType'])

        sproc = """[usr].[CreateUser] @Email = ?, @Password= ?, @FirstName = ?, @LastName = ?, 
        @DepartmentCode = ?, @isStaff = ?"""
        Database.execute_query(sproc, params)
    return redirect(url_for('auth.Auth'))
Beispiel #2
0
def login():
    if request.method == 'POST':
        sproc = "[usr].[UserLogin] @Email = ?, @Password= ?"
        user_email = request.form['email']
        params = (user_email, request.form['password'])
        result = Database.execute_query(sproc, params)

        if "Login successful" == result[0][0]:
            sproc = "[usr].[getUser] @Email = ?"
            session['email'] = user_email
            params = user_email
            result = Database.execute_query(sproc, params)
            is_admin = result[0][4]
            if is_admin:
                return redirect('/admin')
            else:
                return redirect('/basket')
    return redirect('/auth')