def sign_in():
email = request.form['email']
password = request.form['password']
check_user = db_select_queries.check_user_by_email(email)
if not check_user:
return jsonify(error=True, message='invalid credentials')
pw_check = check_password(password, check_user['password'])
if not pw_check:
return jsonify(error=True, message='invalid credentials')
user = db_select_queries.get_user_by_username(check_user['username'])
user_session['session_id'] = uniqueValue()
user_session['you_id'] = user["id"]
user_session['you_username'] = user['username']
user_session['you'] = user
return jsonify(
message='Signed In Successfully!',
success=True,
user_id=user_session['you_id'],
username=user_session['you_username'],
)
def signin(request, sse):
try:
data = json.loads(request.data)
if not data:
return jsonify(error=True,
message='request body is empty, check headers/data')
print(data)
email = str(data['email']).encode()
password = str(data['password']).encode()
account = db_session.query(Accounts).filter_by(email=email).first()
if not account:
return jsonify(error=True, message='invalid credentials')
if bcrypt.checkpw(password, account.password.encode()) == False:
return jsonify(error=True, message='invalid credentials')
session_id = chamber.uniqueValue()
user_session['session_id'] = session_id
user_session['account_id'] = account.id
user_session['account_type'] = account.type
return jsonify(account=account.serialize, message='Signed In!')
except Exception as err:
print(err)
return jsonify(error=True,
errorMessage=str(err),
message='error signing in...')
def sign_in(request):
data = json.loads(request.data)
print('--- data ---', data)
if "email" not in data:
return jsonify(error = True, message = "Email Address field is required")
if "password" not in data:
return jsonify(error = True, message = "Password field is required")
email = cgi.escape( data['email'] )
password = cgi.escape( data['password'] ).encode('utf8')
if not email or chamber.isValidEmail(email) != True:
return jsonify(error = True, message = "Email Address must be in proper format")
if not password:
return jsonify(error = True, message = "Password must be at least 6 characters")
you = db_session.query(Users).filter_by(email = email).first()
if not you:
return jsonify(error = True, message = "Invalid credentials")
checkPassword = bcrypt.hashpw(password, you.password.encode('utf8'))
if checkPassword != you.password:
return jsonify(error = True, message = "Invalid credentials")
you.last_loggedin = func.now()
db_session.add(you)
db_session.commit()
user_session["session_id"] = chamber.uniqueValue()
user_session["you_id"] = you.id
return jsonify(message = "Signed In!")
def signup(request, sse):
try:
data = json.loads(request.data)
if not data:
return jsonify(error=True,
message='request body is empty, check headers/data')
print(data)
username = str(data['username']).encode()
account_email = str(data['account_email']).encode()
booking_email = str(data['booking_email']).encode()
account_type = str(data['account_type']).encode()
password = str(data['password']).encode()
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
check_username = db_session.query(Accounts).filter_by(
username=username).first()
check_account_email = db_session.query(Accounts).filter_by(
email=account_email).first()
check_booking_email = db_session.query(Accounts).filter_by(
booking_email=booking_email).first()
if check_username:
return jsonify(error=True, message='username is already in use')
if check_account_email:
return jsonify(error=True,
message='account email is already in use')
if check_booking_email:
return jsonify(error=True,
message='booking email is already in use')
new_account = Accounts(username=username,
email=account_email,
booking_email=booking_email,
password=hashed,
type=account_type)
db_session.add(new_account)
db_session.commit()
session_id = chamber.uniqueValue()
user_session['session_id'] = session_id
user_session['account_id'] = new_account.id
user_session['account_type'] = new_account.type
return jsonify(message='Signed Up!')
except Exception as err:
print(err)
return jsonify(error=True,
errorMessage=str(err),
message='error signing up...')
def account_page(request, sse, username):
user_session['auth_key'] = uniqueValue()
account = db_session.query(Accounts).filter_by(username=username).first()
if account == None:
message = '''No account exists with this username'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('user-page.html', session=logged_in())
def event_attending_page(request, sse, event_id):
user_session['auth_key'] = uniqueValue()
event = db_session.query(Events).filter_by(id=event_id).first()
if event == None:
message = '''Event not found.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('event-attending-page.html', session=logged_in())
def requests_page(request, sse):
if 'session_id' not in user_session:
return redirect('/')
if user_session['account_type'] == 'USER':
message = '''USERs do not have a requests page.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
user_session['auth_key'] = uniqueValue()
return render_template('requests-page.html', session=logged_in())
def event_page(request, sse, event_id):
user_session['auth_key'] = uniqueValue()
event = db_session.query(Events).filter_by(id=event_id).first()
if event == None:
message = '''No event exists with this id'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('event-page.html', session=logged_in())
def profile_attending(request, sse):
user_session['auth_key'] = uniqueValue()
if 'session_id' not in user_session:
return render_template('error-page.html',
session=logged_in(),
message='Not logged in...')
if user_session['account_type'] != 'USER':
message = '''Your account is not of type: USER.
Only Users can attend events.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('profile-attending.html', session=logged_in())
def profile_shows(request, sse):
user_session['auth_key'] = uniqueValue()
if 'session_id' not in user_session:
return render_template('error-page.html',
session=logged_in(),
message='Not logged in...')
if user_session['account_type'] != 'ARTIST':
message = '''Your account is not of type: ARTIST.
Only Artists can have shows.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('profile-shows.html', session=logged_in())
def profile_events(request, sse):
user_session['auth_key'] = uniqueValue()
if 'session_id' not in user_session:
return render_template('error-page.html',
session=logged_in(),
message='Not logged in...')
if user_session['account_type'] != 'VENUE':
message = '''Your account is not of type: VENUE.
Only Venues can have events.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('profile-events.html', session=logged_in())
def account_shows(request, sse, username):
user_session['auth_key'] = uniqueValue()
account = db_session.query(Accounts).filter_by(username=username).first()
if account == None:
message = '''No account exists with this username'''
return render_template('error-page.html',
session=logged_in(),
message=message)
if account.type != 'ARTIST':
message = '''This account is not of type: ARTIST. Only Artists can have shows.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('user-shows.html', session=logged_in())
def account_attending(request, sse, username):
user_session['auth_key'] = uniqueValue()
account = db_session.query(Accounts).filter_by(username=username).first()
if account == None:
message = '''No account exists with this username'''
return render_template('error-page.html',
session=logged_in(),
message=message)
if account.type != 'USER':
message = '''This account is not of type: USER. Only Users can attend events.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('user-attending.html', session=logged_in())
def submit_password_reset_code(request):
data = json.loads(request.data)
if "code" not in data:
return jsonify(error = True, message = "Code field is required")
code = cgi.escape(data['code'])
if not code:
return jsonify(error = True, message = "Code field cannot be blank")
reset_request = db_session.query(ResetPasswordRequests).filter_by(unique_value = code).first()
if not reset_request:
return jsonify(error = True, message = "Invalid code")
you = db_session.query(Users).filter_by(email = reset_request.user_email).first()
new_password = chamber.uniqueValue()
hash = bcrypt.hashpw(new_password, bcrypt.gensalt()).encode('utf8')
print("reset - ", new_password, hash, you)
you.password = hash
db_session.add(you)
db_session.delete(reset_request)
db_session.commit()
checkPassword = bcrypt.hashpw(new_password, you.password.encode('utf8'))
if checkPassword != you.password:
print("new password test failed...")
return jsonify(error = True, message = "Server error: could not reset password...")
else:
print("new password test successful!")
body = render_template("email/PasswordResetSuccess.html",
data = {
"user": you.serialize_small,
"password": new_password,
"link": request.host + "/signin"
}
)
mail_sent = chamber.send_email(you.email, "Password Reset Successful!", "text/html", body)
return jsonify(message = "New password reset successful! Check your email.")
def sign_up():
form_dict = {
"displayname": str(request.form['displayname']).encode('utf-8'),
"username": str(request.form['username']).encode('utf-8'),
"email": str(request.form['email']).encode('utf-8'),
"password": str(request.form['password']).encode('utf-8'),
}
password = str(form_dict['password']).encode('utf-8')
password_confirm = str(request.form['password_confirm']).encode('utf-8')
passwords_do_not_match = password != password_confirm
if passwords_do_not_match:
return jsonify(error=True, message='passwords do not match')
check_username = db_select_queries.check_user_by_username(
form_dict['username'])
if check_username:
return jsonify(error=True, message='username already in use')
check_email = db_select_queries.check_user_by_email(form_dict['email'])
if check_email:
return jsonify(error=True, message='email already in use')
new_user_id = db_insert_queries.create_new_user(form_dict)
new_user = db_select_queries.get_user_by_username(form_dict['username'])
user_session['session_id'] = uniqueValue()
user_session['you_id'] = new_user_id
user_session['you_username'] = form_dict['username']
user_session['you'] = new_user
return jsonify(
message='Signed Up Successfully!',
success=True,
new_user_id=user_session['you_id'],
new_username=user_session['you_username'],
)
def edit_event(request, sse, event_id):
user_session['auth_key'] = uniqueValue()
if 'session_id' not in user_session:
return render_template('error-page.html',
session=logged_in(),
message='Not logged in...')
event = db_session.query(Events).filter_by(id=event_id).first()
if event == None:
message = '''Event not found.'''
return render_template('error-page.html',
session=logged_in(),
message=message)
if event.host_id != user_session['account_id']:
message = '''You cannot make edits because
you do not own this event'''
return render_template('error-page.html',
session=logged_in(),
message=message)
return render_template('edit-event.html', session=logged_in())
def signup(request, sse):
user_session['auth_key'] = uniqueValue()
if 'session_id' in user_session:
return redirect('/')
return render_template('signup.html', session=logged_in())
def search_page(request, sse):
user_session['auth_key'] = uniqueValue()
return render_template('search.html', session=logged_in())
def info(request, sse):
user_session['auth_key'] = uniqueValue()
return render_template('info.html', session=logged_in())
def account_settings(request, sse):
if 'session_id' not in user_session:
return redirect('/')
user_session['auth_key'] = uniqueValue()
return render_template('account-settings.html', session=logged_in())
def messages_page(request, sse):
if 'session_id' not in user_session:
return redirect('/')
user_session['auth_key'] = uniqueValue()
return render_template('messages-page.html', session=logged_in())
def sign_up(request):
data = json.loads(request.data)
if "displayname" not in data:
return jsonify(error=True, message="Display Name field is required")
if "email" not in data:
return jsonify(error=True, message="Email Address field is required")
if "password" not in data:
return jsonify(error=True, message="Password field is required")
if "confirmpassword" not in data:
return jsonify(error=True,
message="Confirm Password field is required")
displayname = cgi.escape(data['displayname'])
email = cgi.escape(data['email'])
password = cgi.escape(data['password']).encode('utf8')
confirmpassword = cgi.escape(data['confirmpassword']).encode('utf8')
if not displayname:
return jsonify(
error=True,
message=
"Display Name must be letters only; dashes, apostrophes and periods are allowed"
)
if not email or chamber.isValidEmail(email) != True:
return jsonify(error=True,
message="Email Address must be in proper format")
if not password or len(password) < 6:
return jsonify(error=True,
message="Password must be at least 6 characters")
if not confirmpassword:
return jsonify(
error=True,
message="Confirm Password must be at least 6 characters")
if password != confirmpassword:
return jsonify(error=True, message="Passwords must match")
check_account = db_session.query(Users).filter_by(email=email).first()
if check_account:
return jsonify(error=True, message="Email already in use")
hash = bcrypt.hashpw(password, bcrypt.gensalt()).encode('utf8')
new_user = Users(displayname=displayname, email=email, password=hash)
db_session.add(new_user)
db_session.commit()
user_session["session_id"] = chamber.uniqueValue()
user_session["you_id"] = new_user.id
try:
html = render_template("email/SignedUp.html",
user={"displayname": new_user.displayname})
mail_sent = chamber.send_email(new_user.email, "Welcome!", "text/html",
html)
print("mail_sent", mail_sent)
except Exception as e:
print('error - ', e)
pass
return jsonify(message="Signed Up!")
