def setuserpriv():
data = json.loads(request.data)
if (AM.checktoken(data['token'])[1] == 'admin'):
try:
DB.update(
'users',
'SET privilege = \'{p}\' WHERE username = \'{u}\''.format(
u=data['username'], p=data['priv']))
except sqlite3.IntegrityError as e:
return {'code': 'failed', 'message': 'Incorrect privilege level.'}
return {'code': 'success', 'message': 'Done.'}
return {
'code': 'failed',
'message': 'You do not have high enough privilege to do that.'
}
def banuser():
data = json.loads(request.data)
if (AM.checktoken(data['token'])[1] == 'admin'):
if DB.query('users', 'banned', 'WHERE username = \'{u}\''.format(
u=data['username']))[0][0] == 'false':
DB.update(
'users',
'SET banned = \'true\' WHERE username = \'{u}\''.format(
u=data['username']))
else:
DB.update(
'users',
'SET banned = \'false\' WHERE username = \'{u}\''.format(
u=data['username']))
return {'code': 'success'}
return {'code': 'failed'}
def changePassword():
data = json.loads(flask.request.data)
account = checktoken(data['token'])
#does account exist
if account[0] == False:
return {'code': 'failed', 'message': 'Not logged in.'}
if not checkpass(account[2], data['oldpass']):
return {'code': 'failed', 'message': 'Incorrect password.'}
newhash = hashpass(data['newpass'])
DB.update(
'users',
'SET hashpass = \'{h}\', salt = \'{s}\' WHERE username = \'{u}\''.
format(u=account[2], s=newhash[0], h=newhash[1]))
DB.delete('logintokens', 'username = \'{u}\''.format(u=account[2]))
return {'code': 'success', 'message': 'Password changed.'}
def editroom():
data = json.loads(request.data)
if AM.checktoken(json.loads(request.data)['token'])[1] != 'admin':
return {
'code': 'failed',
'message': 'Privilege level not high enough.'
}
if len(
DB.query(
'rooms',
args='WHERE floornumber = {fn} AND roomnumber = {rn}'.format(
fn=data['update']['floornumber'],
rn=data['update']['roomnumber']))) < 1:
return {'code': 'failed', 'message': 'No such room exists.'}
DB.update(
'rooms',
'SET isVaccant = \'{isVaccant}\', isReady = \'{isReady}\', description = \'{description}\', price = \'{price}\' WHERE floornumber = {fn} AND roomnumber = {rn}'
.format(isVaccant=data['update']['isVaccant'],
isReady=data['update']['isReady'],
description=data['update']['description'],
price=data['update']['price'],
fn=data['update']['floornumber'],
rn=data['update']['roomnumber']))
DB.update(
'room_info',
'SET bed = \'{bed}\', microwave =\'{microwave}\', balcony=\'{balcony}\', ethernet=\'{ethernet}\', TV=\'{TV}\', bedamount={bedamount} WHERE floornumber = {fn} AND roomnumber = {rn}'
.format(bed=data['update']['bed'],
microwave=data['update']['microwave'],
balcony=data['update']['balcony'],
ethernet=data['update']['ethernet'],
TV=data['update']['TV'],
bedamount=data['update']['bedamount'],
fn=data['update']['floornumber'],
rn=data['update']['roomnumber']))
return {'code': 'success', 'message': 'Update saved.'}