def setuserpriv(): data = json.loads(request.data) if (AM.checktoken(data['token'])[1] == 'admin'): try: DB.update( 'users', 'SET privilege = \'{p}\' WHERE username = \'{u}\''.format( u=data['username'], p=data['priv'])) except sqlite3.IntegrityError as e: return {'code': 'failed', 'message': 'Incorrect privilege level.'} return {'code': 'success', 'message': 'Done.'} return { 'code': 'failed', 'message': 'You do not have high enough privilege to do that.' }
def banuser(): data = json.loads(request.data) if (AM.checktoken(data['token'])[1] == 'admin'): if DB.query('users', 'banned', 'WHERE username = \'{u}\''.format( u=data['username']))[0][0] == 'false': DB.update( 'users', 'SET banned = \'true\' WHERE username = \'{u}\''.format( u=data['username'])) else: DB.update( 'users', 'SET banned = \'false\' WHERE username = \'{u}\''.format( u=data['username'])) return {'code': 'success'} return {'code': 'failed'}
def changePassword(): data = json.loads(flask.request.data) account = checktoken(data['token']) #does account exist if account[0] == False: return {'code': 'failed', 'message': 'Not logged in.'} if not checkpass(account[2], data['oldpass']): return {'code': 'failed', 'message': 'Incorrect password.'} newhash = hashpass(data['newpass']) DB.update( 'users', 'SET hashpass = \'{h}\', salt = \'{s}\' WHERE username = \'{u}\''. format(u=account[2], s=newhash[0], h=newhash[1])) DB.delete('logintokens', 'username = \'{u}\''.format(u=account[2])) return {'code': 'success', 'message': 'Password changed.'}
def editroom(): data = json.loads(request.data) if AM.checktoken(json.loads(request.data)['token'])[1] != 'admin': return { 'code': 'failed', 'message': 'Privilege level not high enough.' } if len( DB.query( 'rooms', args='WHERE floornumber = {fn} AND roomnumber = {rn}'.format( fn=data['update']['floornumber'], rn=data['update']['roomnumber']))) < 1: return {'code': 'failed', 'message': 'No such room exists.'} DB.update( 'rooms', 'SET isVaccant = \'{isVaccant}\', isReady = \'{isReady}\', description = \'{description}\', price = \'{price}\' WHERE floornumber = {fn} AND roomnumber = {rn}' .format(isVaccant=data['update']['isVaccant'], isReady=data['update']['isReady'], description=data['update']['description'], price=data['update']['price'], fn=data['update']['floornumber'], rn=data['update']['roomnumber'])) DB.update( 'room_info', 'SET bed = \'{bed}\', microwave =\'{microwave}\', balcony=\'{balcony}\', ethernet=\'{ethernet}\', TV=\'{TV}\', bedamount={bedamount} WHERE floornumber = {fn} AND roomnumber = {rn}' .format(bed=data['update']['bed'], microwave=data['update']['microwave'], balcony=data['update']['balcony'], ethernet=data['update']['ethernet'], TV=data['update']['TV'], bedamount=data['update']['bedamount'], fn=data['update']['floornumber'], rn=data['update']['roomnumber'])) return {'code': 'success', 'message': 'Update saved.'}