def reset_key_verify(): if request.method == "POST": username = request.form["username"] password = request.form["password"] #Update password db = get_db() db.execute( "UPDATE user SET password = ? WHERE username = ?", (generate_password_hash(password), username), ) db.commit() #Get user id user = db.execute("SELECT * FROM user WHERE username = ?", (username, )).fetchone() user_id = int(user['id']) #Delete query in verify db.execute( "DELETE FROM verify WHERE user_id = ? AND subject = 'reset'", (user_id, )) db.commit() flash("Your password has been reset.") return redirect(url_for("auth.login")) user_id = request.args.get('id') verify_key = request.args.get('key') db = get_db() verify_data = db.execute( "SELECT * FROM verify WHERE user_id = ? AND subject = 'reset' ORDER BY id DESC", (user_id, )).fetchone() if verify_data is None: flash("You don't request for reset.") return redirect(url_for("auth.login")) elif verify_key == verify_data['verify_key']: flash("Your email has been verified, Enter new password.") user = db.execute("SELECT * FROM user WHERE id = ?", (user_id, )).fetchone() return render_template("auth/reset.html", email=user["username"]) else: flash("Wrong url for rest verification.") return redirect(url_for("auth.login"))
def get_mail_message(subject): db = get_db() m = db.execute( "SELECT message FROM mail_template WHERE subject = ?", (subject, ), ).fetchone() return m['message']
def reset_request(): if request.method == "POST": username = request.form["username"] db = get_db() user = db.execute( "SELECT * FROM user WHERE username = ? AND is_verified = 1", (username, )).fetchone() if user is None: flash("Wrong username.") return render_template("auth/reset_request.html") user_id = user["id"] verify_key = randomString() db.execute( "INSERT INTO verify (user_id, subject, verify_key) VALUES (?, ?, ?)", (user_id, 'reset', verify_key), ) db.commit() url = "http://" + str(request.host) + "/auth/reset/?id=" + str( user_id) + "&key=" + verify_key send_mail("reset", url, username, "Reset Password G-Home") message = "Please, check your email." flash(message) return redirect(url_for('auth.login')) return render_template("auth/reset_request.html")
def verify(): user_id = request.args.get('id') verify_key = request.args.get('key') db = get_db() verify_data = db.execute( "SELECT * FROM verify WHERE user_id = ? AND subject = 'verify'", (user_id, )).fetchone() e = ["Not Found", []] if verify_data is None: e[1].append("Not registered user.") elif verify_key == verify_data['verify_key']: db.execute( "UPDATE user SET is_verified = ? WHERE id = ?", (1, user_id), ) db.commit() db.execute( "DELETE FROM verify WHERE user_id = ? AND subject = 'verify'", (user_id), ) db.commit() flash("Your email has been verified.") return redirect(url_for("auth.login")) else: e[1].append("Wrong Key.") return render_template("error.html", errors=e)
def get_user_id(username): db = get_db() user = db.execute("SELECT * FROM user WHERE username = ?", (username, )).fetchone() if user is not None: return user["id"] return None
def add_user_token(username, auth_token): db = get_db() db.execute( "INSERT INTO token (username, auth_token) VALUES (?,?)", (username, auth_token), ) db.commit()
def login(): """Log in a registered user by adding the user id to the session.""" if request.method == "POST": username = request.form["username"] password = request.form["password"] db = get_db() error = None user = db.execute("SELECT * FROM user WHERE username = ?", (username, )).fetchone() if user is None: error = "Incorrect username." elif not check_password_hash(user["password"], password): error = "Incorrect password." elif user["is_verified"] == 0: error = "Your account not verified, check email." if error is None: # store the user id in a new session and return to the index session.clear() session["user_id"] = user["id"] update_last_login(db, user["id"]) return redirect(url_for("index")) flash(error) return render_template("auth/login.html")
def update_switch_by_admin(pin, name, id): db = get_db() db.execute( "UPDATE switch SET pin = ?, name = ? WHERE id = ?", (pin, name, id), ) db.commit()
def add_trigger(switch_id, value, time): db = get_db() db.execute( "INSERT INTO trigger (switch_id, value, time) VALUES (?,?,?)", (switch_id, value, time), ) db.commit()
def update_trigger(trigger_id, value, time, is_enable): db = get_db() db.execute( "UPDATE trigger SET value = ?, time = ?, is_enable = ? WHERE id = ?", (value, time, is_enable, trigger_id), ) db.commit()
def create_switch_by_admin(username, name, pin): db = get_db() db.execute( "INSERT INTO switch (username, name, pin) VALUES (?,?,?)", (username, name, pin), ) db.commit()
def load_logged_in_user(): """If a user id is stored in the session, load the user object from the database into ``g.user``.""" user_id = session.get("user_id") if user_id is None: g.user = None else: g.user = (get_db().execute("SELECT * FROM user WHERE id = ?", (user_id, )).fetchone())
def get_schedule_work(): now = datetime.datetime.now() time = now.hour * 60 + now.minute time = int(time / 30) * 30 db = get_db() trigger = db.execute( "SELECT token.auth_token, switch.pin, trigger.value, trigger.time FROM trigger, switch, token " "WHERE trigger.switch_id = switch.id AND switch.username = token.username AND trigger.is_enable = 1 " "AND trigger.time > ? AND trigger.time <= ?", (time, time + 30), ).fetchall() return trigger
def register(): """Register a new user. Validates that the username is not already taken. Hashes the password for security. """ if request.method == "POST": username = request.form["username"] password = request.form["password"] given_name = request.form["given_name"] db = get_db() error = None if not username: error = "Username is required." elif not password: error = "Password is required." elif (db.execute("SELECT id FROM user WHERE username = ?", (username, )).fetchone() is not None): error = "User {0} is already registered.".format(username) if error is None: # the name is available, store it in the database and go to # the login page create_user_db(db, username, password, given_name, '', 0) if "@" in username: user_id = UserData.get_user_id(username) verify_key = randomString() db.execute( "INSERT INTO verify (user_id, subject, verify_key) VALUES (?, ?, ?)", (user_id, 'verify', verify_key), ) db.commit() url = "http://" + str( request.host) + "/auth/verify/?id=" + str( user_id) + "&key=" + verify_key send_mail("verify", url, username, "Verify email address") message = given_name + ", Your account created. Verify your email" flash(message) return redirect(url_for("auth.login")) flash(error) return render_template("auth/register.html")
def glogin(): email = request.form["email"] given_name = request.form["given_name"] profile_id = request.form["profile_id"] image_url = request.form["image_url"] db = get_db() user = db.execute("SELECT * FROM user WHERE username = ?", (email, )).fetchone() if user is None: # Register User create_user_db(db, email, profile_id, given_name, image_url, 2) user = db.execute("SELECT * FROM user WHERE username = ?", (email, )).fetchone() else: # Update user last login update_last_login(db, user["id"]) session.clear() session["user_id"] = user["id"] return redirect(url_for("index"))
def delete_trigger(id): db = get_db() db.execute("DELETE FROM trigger WHERE id = ?", (id, )) db.commit()
def get_trigger(switch_id): db = get_db() trigger = db.execute("SELECT * FROM trigger WHERE switch_id = ?", (switch_id, )).fetchall() return trigger
def delete_switch_by_admin(id): db = get_db() db.execute("DELETE FROM switch WHERE id = ?", (id, )) db.commit()
def get_tokens(): db = get_db() token = db.execute("SELECT * FROM token").fetchall() return token
def get_switch_from_id(id): db = get_db() switch = db.execute("SELECT * FROM switch WHERE id = ?", (id, )).fetchone() return switch
def delete_token(id): db = get_db() db.execute("DELETE FROM token WHERE id = ?", (id, )) db.commit()
def get_token(username): db = get_db() token = db.execute("SELECT * FROM token WHERE username = ?", (username, )).fetchone() return token
def get_switch(username): db = get_db() switch = db.execute("SELECT * FROM switch WHERE username = ?", (username, )).fetchall() return switch