def login():
# Check if user already logged in
if ('username' in session):
return redirect('/')
# Check if post method selected therfore need to login the user
if request.method == "POST":
# Connect to database and check if user exists
con = sqlite3.connect(current_app.config['DB_NAME'])
sqlQuryLogin = "******"
sqlRes = con.execute(sqlQuryLogin, (request.form["username"], ))
record = sqlRes.fetchone()
# Check if user exists
if (record != None):
# Create user object for current selected username
usrLogin = User(record[0],
record[1],
record[2],
decryptPassword(record[3]),
record[4],
record[5],
record[6],
record[8],
email=record[9])
# Check if password is correct and user is not banned
if (usrLogin.validatePassword(request.form["password"])):
# Check if user banned
if (not usrLogin.getIsBanned()):
# Check if the user is admin or not
if (record[7] == 1):
session['admin'] = True
# Save user name in session
session['username'] = usrLogin.getUsername()
massage = "Logged in successfuly!"
return redirect('/')
# The user banned
else:
massage = "Your user is banned!"
# The password is incorrect
else:
massage = "Wrong password entered!"
else:
massage = "Wrong username entered!"
# Close the connection to DB
con.close()
return render_template('login.html', massage=massage)
# Get method mean open the page
else:
return render_template('login.html',
massage="Please fill the login form!")
def register():
# Load all institutions
institutions = []
con = sqlite3.connect(current_app.config['DB_NAME'])
# Preprare query
sqlQueryInstitutions = "SELECT * FROM Institutions"
# Run the query and save result
sqlRes = con.execute(sqlQueryInstitutions)
# Run over the lines of the result and append to list
for line in sqlRes:
institutions.append([line[0], line[1]])
# Close the connection to the database
con.close()
# Check if user already logged in
if ('username' in session):
return redirect('/')
# If method post selected then register the user
if (request.method == "POST"):
# connect to db and check if username taken
con = sqlite3.connect(current_app.config['DB_NAME'])
sqlQueryCheckExist = "SELECT * FROM Users WHERE UserName = (?)"
sqlRes = con.execute(sqlQueryCheckExist, (request.form["username"], ))
record = sqlRes.fetchone()
# Create user object
newUser = User(request.form["username"],
request.form["fName"],
request.form["lName"],
request.form["password"],
request.form["institution"],
request.form["faculty"],
request.form["year"],
email=request.form["email"])
# Check if the user is not already registered!
if (record == None):
# Validate the user
valMessage = newUser.validateUser()
valMessage = valMessage.replace('\n', '<br>')
valMessage = Markup(valMessage)
# Check if user is valid
if (valMessage != ""):
return render_template('register.html',
massage=valMessage,
institutions=institutions)
# Insert the user into the table of users
sqlQueryRegister = "INSERT INTO Users VALUES (?,?, ?, ?, ?, ?, ?, 0, 0, ?)"
con.execute(
sqlQueryRegister,
(newUser.getUsername(), newUser.getFName(), newUser.getLName(),
encryptPassword(newUser.getPassword()),
newUser.getInstitutionID(), newUser.getFacultyID(),
newUser.getStudyYear(), newUser.getEmail()))
# Commit the changes in users table
con.commit()
# Create message
massage = "User registered successfully!"
# Add the user into the session variable
session['username'] = newUser.getUsername()
else:
massage = "Username already taken please choose another!"
return render_template('register.html',
massage=massage,
institutions=institutions)
# Close the database connection
con.close()
return redirect('/')
# Load and prepare the page
else:
return render_template('register.html',
massage="Please register",
institutions=institutions)