def register():
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
username = form.username.data
email = form.email.data
query = "select * from user where username='******'"
reader = getInstance()
con = DBConnectivity.getConnection(
reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
cursor = DBConnectivity.getQueryResult(con, query)
cursor = cursor.fetchone()
if (cursor == None):
query = "select * from user where email='" + email + "'"
cursor = DBConnectivity.getQueryResult(con, query)
cursor = cursor.fetchone()
if (cursor == None):
query = "insert into user(username,email,password) values('" + username + "','" + email + "','" + hashed_password + "')"
DBConnectivity.updateDatabase(con, query)
flash(f"User has successfully registered!", "success")
DBConnectivity.closeConnection(con)
return redirect(url_for("users.login"))
else:
DBConnectivity.closeConnection(con)
flash(f"Email has already exists!", "danger")
return redirect(url_for("users.register"))
else:
DBConnectivity.closeConnection(con)
flash(f"Username has already exists!", "danger")
return redirect(url_for("users.register"))
return render_template("register.html", title="Registration", form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
reader = getInstance()
con = DBConnectivity.getConnection(
reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select * from user where Email='" + form.email.data + "'"
cursor = DBConnectivity.getQueryResult(con, query)
user = cursor.fetchone()
if user != None:
hashed_pwd = str(user[3])
if (bcrypt.check_password_hash(hashed_pwd, form.password.data)):
session['logged_in'] = True
session['username'] = user[1]
session['email'] = user[2]
session['image_file'] = user[4]
#flash("You have been logged in", "success")
return redirect(url_for("users.account"))
else:
flash("Invalid Password!!", "danger")
return redirect(url_for("users.login"))
DBConnectivity.closeConnection(con)
else:
flash("User does not exists!", "danger")
return redirect(url_for("users.register"))
DBConnectivity.closeConnection(con)
return render_template("login.html", title="Login", form=form)
def forgot_password_otp_resend():
form = ForgotPassword_Resend_OTP()
if form.validate_on_submit():
reader = getInstance()
con = DBConnectivity.getConnection(
reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select * from user where email='" + form.email.data + "'"
result = DBConnectivity.getQueryResult(con, query).fetchone()
if result != None:
session['email'] = form.email.data
OTP = str(random.randrange(1001, 10000))
session['OTP'] = OTP
subject = "Flask Blog Application"
msg = OTP + " is your One time password (OTP) for Flask Blog Application."
send_email(subject, msg, form.email.data)
return redirect(url_for("users.forgot_password_otp"))
else:
flash("Email Does not exists", "danger")
return redirect(url_for("users.register"))
DBConnectivity.closeConnection(con)
elif request.method == 'GET':
form.email.data = session['email']
return render_template('forgot_password_otp_resend.html', form=form)
def update_post(post_id):
form = PostForm()
reader = getInstance()
con = DBConnectivity.getConnection(reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select u.user_id,u.username,u.image_file,p.post_id,p.title,p.content,p.date_posted from user u join posts p on u.user_id=p.user_id where post_id=" + str(
post_id)
post = DBConnectivity.getQueryResult(con, query).fetchone()
if post[1] != session['username']:
abort(403)
if form.validate_on_submit():
query = "update posts set title='" + form.title.data + "', content='" + form.content.data + "' where post_id=" + str(
post[3])
DBConnectivity.updateDatabase(con, query)
flash("Post has been successfully updated!", "success")
return redirect(url_for("posts.post", post_id=post[3]))
elif request.method == 'GET':
form.title.data = post[4]
form.content.data = post[5]
return render_template('create_post.html',
title=post[4],
legend="Update Post",
post=post,
form=form)
def my_post():
reader = getInstance()
con = DBConnectivity.getConnection(reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select u.user_id,u.username,u.image_file,p.post_id,p.title,p.content,p.date_posted from user u join posts p on u.user_id=p.user_id where u.username='******'username'] + "'"
posts = DBConnectivity.getQueryResult(con, query).fetchall()
return render_template("my_post.html", posts=posts)
def post(post_id):
reader = getInstance()
con = DBConnectivity.getConnection(reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select u.user_id,u.username,u.image_file,p.post_id,p.title,p.content,p.date_posted from user u join posts p on u.user_id=p.user_id where post_id=" + str(
post_id)
post = DBConnectivity.getQueryResult(con, query).fetchone()
return render_template('post.html', title=post[4], post=post)
def delete_post(post_id):
reader = getInstance()
con = DBConnectivity.getConnection(reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "delete from posts where post_id=" + str(post_id)
DBConnectivity.updateDatabase(con, query)
flash("Your post has been successfully deleted!", "success")
return redirect(url_for('main.home'))
def account():
form = UpdateAccountForm()
reader = getInstance()
con = DBConnectivity.getConnection(reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select * from user where username='******'username'] + "'"
user = DBConnectivity.getQueryResult(con, query).fetchone()
if form.validate_on_submit():
query = "select * from user where username='******' and user_id <> " + str(
user[0])
result = DBConnectivity.getQueryResult(con, query).fetchone()
if result == None:
query = "select * from user where email='" + form.email.data + "' and user_id <> " + str(
user[0])
result = DBConnectivity.getQueryResult(con, query).fetchone()
if result == None:
if form.picture.data:
picture_file = save_picture(form.picture.data)
query = "UPDATE USER SET image_file='" + picture_file + "' where user_id=" + str(
user[0])
DBConnectivity.updateDatabase(con, query)
session['image_file'] = picture_file
session['username'] = form.username.data
session['email'] = form.email.data
query = "UPDATE USER SET username='******',email='" + form.email.data + "' where user_id=" + str(
user[0])
DBConnectivity.updateDatabase(con, query)
DBConnectivity.closeConnection(con)
flash("Account has been updated!", "success")
return redirect(url_for("users.account"))
else:
DBConnectivity.closeConnection(con)
flash("Email has already exists!", "danger")
return redirect(url_for("users.account"))
else:
DBConnectivity.closeConnection(con)
flash("Username has already exists!", "danger")
return redirect(url_for("users.account"))
elif request.method == "GET":
form.username.data = session['username']
form.email.data = session['email']
if (user[4] == None):
image_file = url_for('static', filename='profilepics/pubg.jpg')
else:
image_file = url_for('static', filename='profilepics/' + user[4])
DBConnectivity.closeConnection(con)
return render_template('account.html',
title="Account",
image_file=image_file,
form=form)
def send_email(subject, msg,to_address):
try:
reader = getInstance()
server = smtplib.SMTP('smtp.gmail.com:587')
server.ehlo()
server.starttls()
server.login(reader.get("GmailConfig", "Email"), reader.get("GmailConfig", "pwd"))
message = 'Subject: {}\n\n{}'.format(subject, msg)
server.sendmail(to_address,to_address,message)
server.quit()
print("Success: Email sent!")
except Exception as e:
print(e.message)
def forgot_password_change():
form = Password_Change()
if form.validate_on_submit():
reader = getInstance()
con = DBConnectivity.getConnection(
reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
query = "update user set password='******' where email='" + session[
'email'] + "'"
DBConnectivity.updateDatabase(con, query)
DBConnectivity.closeConnection(con)
subject = "Flask Blog Application"
msg = "Your password has been changed successfully!"
send_email(subject, msg, session['email'])
flash(msg, "success")
return redirect(url_for("users.login"))
return render_template('forgot_password_change.html', form=form)
def new_post():
form = PostForm()
if form.validate_on_submit():
reader = getInstance()
con = DBConnectivity.getConnection(
reader.get('Credential', 'hostname'),
reader.get('Credential', 'username'),
reader.get('Credential', 'passwrod'),
reader.get('Credential', 'database'))
query = "select * from user where username='******'username'] + "'"
user = DBConnectivity.getQueryResult(con, query).fetchone()
query = "insert into posts(title,content,user_id) values('" + form.title.data + "','" + form.content.data + "'," + str(
user[0]) + ")"
print(query)
DBConnectivity.updateDatabase(con, query)
flash('Your post has been created!', 'success')
return redirect(url_for('main.home'))
return render_template('create_post.html',
title='New Post',
legend="New Post",
form=form)
