def uploadingImageToServer():
if checkLogin() == False:
return beecFunc.ReturnResponse("LOGIN")
FileStorage = request.files["image"]
# Make the new image file name
randNum = str(random.random() * 1000)[:3]
imageFileName = FileStorage.filename + "_" + str(
session["UserID"]) + "_" + str(randNum) + ".png"
print(request.files)
# Save the comming picture
FileStorage.save(
os.path.join(app.config["UploadImageFolder"], imageFileName))
# React with DB
r = beecFunc.addImageToDB(FileName=FileStorage.filename,
ImageName=imageFileName)
if 'err' in r:
return beecFunc.ReturnResponse("err")
else:
return beecFunc.ReturnResponse("OK")
def emailVerfication():
if request.method == 'POST':
FullInData = json.dumps(request.form)
FullInData = json.loads(FullInData)
inVerCode = Checking.RemoveUnwantedChar(FullInData['VerCode'])
print(FullInData)
if len(inVerCode) == 8:
myDB = SqlConn.ConnectToDB()
para = {"VarCard": inVerCode}
SQLResult = SqlConn.SendSQL(myDB, "SELECT `userid` FROM `verifications` WHERE `vercode` = %(VarCard)s AND `enddate` > NOW()" \
, parameters=para)
if SQLResult != None:
SqlConn.SendSQL(myDB, "UPDATE `ourusers` SET `verified`=TRUE WHERE `userid`='" + str(SQLResult[0][0]) + "'", \
returnDate=False)
myDB.close()
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("OK")
else:
return flask.send_from_directory("HTML", "loginpage.html")
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Wrong code!")
else:
return flask.send_from_directory("HTML", "EmailVerifcation.html")
else:
if 'WEB' not in request.form:
return beecFunc.ReturnResponse("Wrong code!")
else:
return flask.send_from_directory("HTML", "EmailVerifcation.html")
def imageupload():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
FileStorage = request.files["image"]
# Get the image file name
imageFileName = FileStorage.filename
print(request.files)
# Save the comming picture
FileStorage.save(os.path.join(app.config["UploadImageFolder"], FileStorage.filename))
# Parse the data
FullInData = json.dumps(request.form)
FullInData = json.loads(FullInData)
# Clean up the name
FullInData['ImageName'] = Checking.RemoveUnwantedChar(FullInData['ImageName'])
# React with DB
r = comFunc.addImageToDB(FileName=FileStorage.filename, ImageName=FullInData['ImageName'])
if 'err' in r:
return '<center>' + r[1] + '<center>"<meta http-equiv="refresh" content="3";url=' + url_for(
'imageUpload') + '" />"'
else:
return redirect("/home")
return flask.render_template("imageUpload.html")
def CreateNewCard():
if beecFunc.checkLogin() == False:
return beecFunc.ReturnResponse("LGOIN")
# Request :
# - CardInfo(JSON OBJECT tell all the data),
# - Theam(String that tell what colors seperated with '-', ORDER: Background, FontColor, BoarerColor) d
# (COLORS ARE IN R, G, B for each '-' string)
# - Feilds(String List of wanted feild seperated with ":"
if request.method == 'POST':
# Convert the input to JSON object
FullInData = json.dumps(request.form)
FullInData = json.loads(FullInData)
print(FullInData)
# Call the create Card Module
# Call the a function in the folder Cards/NewCard.py [It was imported in this name]
NewCardResult = AddNewCard(FullInData)
if NewCardResult[0] == "OK":
return beecFunc.ReturnResponse("OK")
else:
return beecFunc.ReturnResponse("err")
def AddressEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
return CallFor(callingAddress="AddressEdit", \
parametersList="`addressid`, `firstline`, `streetname`, `unitid`, `postoffice`, `area`, `quarter`, `addressname`, `countryid`, `AddedBy`", \
TableName='addresseslists', IdName='addressid', \
inCondation="`addressid`=%(addressid)s", ExtraData={"AddedBy": str(session['UserID'])})
theList = comFunc.DropListTags("SELECT `addressid`,`addressname` FROM addresseslists")
return open("Beec/HTML/Address.html").read().format(TheList=theList)
def compnayEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
return CallFor(callingAddress="compnayEdit", \
parametersList="`companyid`, `companyname`, `websitelink`, `representiviteid`", \
TableName='company', IdName='companyid', \
inCondation="`companyid`=%(companyid)s")
theList = comFunc.DropListTags(
"SELECT `companyid`,`companyname` FROM `company` WHERE `representiviteid`=" + str(session['UserID']))
# return open("HTML/Address.html").read().format(TheList=theList)
return flask.render_template("editCompany.html")
def resendVerifcaiton(UserID):
#Clean the Passed UserID
UserID = Checking.RemoveUnwantedChar(UserID)
# Connect to the SQL server
dbConn = SqlConn.ConnectToDB()
# Check if the user exisits and get its data
para = {"userID": UserID}
ur = SqlConn.SendSQL(dbConn, "SELECT ourusers.`email` as email, `firstname`, `lastname` FROM ourusers, `employee` " + \
"WHERE ourusers.`userid`=%(userID)s AND verified = 0 AND ourusers.userid = employee.userid", para)
if ur == None:
print("Fail")
return beecFunc.ReturnResponse("Fail")
# Create new Verifcation code
VirifcationCode = str(SqlConn.GenerateRadom(3))
VirifcationCode = Hashing.sha3_256(
VirifcationCode.encode()).hexdigest()[2:10]
VirifcationCode = VirifcationCode.upper()
# Update the code to the database
para = {"vcode": VirifcationCode, "userID": UserID}
SqlConn.InsertSQL(
dbConn,
"UPDATE `verifications` SET `vercode`= %(vcode)s WHERE `UserID`=%(userID)s",
para, False)
# Close DB Connection
SqlConn.CloseConnection(dbConn)
# Send the email
try:
beecFunc.SendEmail(emailSubject="Avtivate you account with eCards", emailTo=ur[0][0],
emailBody="Hi Mr. " + ur[0][1] + " " + ur[0][2] + \
", \n You have register with us and complete your registration please click the line bellow or use this Code:\n" + \
VirifcationCode + " \n Thank you ...")
except:
print("Email Failer")
return beecFunc.ReturnResponse("EmailFail")
return beecFunc.ReturnResponse("OK")
def employeeEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
return CallFor(callingAddress="employeeEdit", \
parametersList="`empid`, `nickname`, `firstname`, `middlename`, `grandname`, `lastname`, `abuname`, `phone`, `mobile`, `hometel`, `email`, `workphone`, `notes`, `userid`, `licencesid`", \
TableName='employee', IdName='empid', \
inCondation="`empid`=%(empid)s", \
idGenSize=9, ExtraData={"userid": str(session['UserID'])})
return flask.render_template("employee.html")
def departmentEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
return CallFor(callingAddress="departmentEdit", \
parametersList="`departementid`, `departementname`, `landphone1`, `landphone2`, `email`, `email2`, `website`, `belongtocomapny`, `addressid`", \
TableName='departement', IdName='departementid', \
inCondation="`departementid`=%(departementid)s")
return flask.render_template("department.html")
def joblistEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
return CallFor(callingAddress="joblistEdit", \
parametersList="`jobid`, `jobname`, `jobdescription`", \
TableName='jobslist', IdName='jobid', \
inCondation="`jobid`=%(jobid)s", \
idGenSize=3)
return flask.render_template("joblist.html")
def theamsEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
MoreData = {}
MoreData['createdby'] = str(session['UserID'])
return CallFor(callingAddress="theamsEdit", \
parametersList="`theamid`, `theamname`, `HTMLcode`, `createdby`, `forcompany`, `licenceid`", \
TableName='theam', IdName='theamid', \
inCondation="`theamid`=%(theamid)s", \
ExtraData=MoreData, idGenSize=8)
return flask.render_template("Theam.html")
def GetUserFullData(UserID):
# Make sure the user is loged in
loginResult = checkLogin()
if loginResult != True:
print("Fulldata request rejected, login is required")
return loginResult
UserID = Checking.onlyNumber(UserID)
r = json.loads(beecFunc.getUserFullData(UserID))
if "err" in r:
print("Error in r db 1")
return beecFunc.ReturnResponse("NONE")
if (len(r) == 0):
return beecFunc.ReturnResponse("NONE")
print("Fulldata request was sent successfully")
# return the response object
return app.response_class(response=json.dumps(r, ensure_ascii=False),
status=200,
mimetype='application/json')
def CallFor(callingAddress: str, parametersList: str, TableName: str, ExtraData: dict = {}, IdName: str = "",
inCondation="", idGenSize=7):
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
# Parse the data
ReqnData = json.dumps(request.form)
if ExtraData != "":
ExtraData = json.dumps(ExtraData)
ReqnData = ReqnData[0:len(ReqnData) - 1] + ", " + ExtraData[1:]
ReqnData = json.loads(ReqnData)
FullInData = ReqnData
# Clean up
for x in FullInData:
FullInData[x] = Checking.RemoveUnwantedChar(FullInData[x])
# React with DB
db = SqlConn.ConnectToDB()
if 'newC' in request.form:
# Generate a new ID
FullInData[IdName] = SqlConn.GenerateRadom(idGenSize)
# Create the list of paramter accordingly
InsertList = SqlConn.makeHTML(WhatYouWant="INSERT", ParaList=parametersList)
SQLs = "INSERT INTO " + TableName + " (" + parametersList + ") VALUES " + "(" + InsertList + ")"
r = SqlConn.InsertSQL(db, SQLs, FullInData, returnID=False)
elif 'editC' in request.form:
# Create the list of paramter accordingly
#print("^^^", FullInData)
UpdateList = SqlConn.makeHTML(WhatYouWant="UPDATE", ParaList=parametersList)
SQLs = "UPDATE " + TableName + " SET " + UpdateList + " WHERE " + inCondation
r = SqlConn.SendSQL(db, SQLs, FullInData, returnDate=False)
db.close()
# Check Result
if r[0] == "OK":
return redirect("/home")
else:
return '<center>' + r[1] + '<center>"<meta http-equiv="refresh" content="3";url=' + url_for(
callingAddress) + '" />"'
def forgetPwdVeri():
if 'VerifcationCode' in request.form:
incode = request.form['VerifcationCode']
db = SqlConn.ConnectToDB()
para = {'incode': incode}
r = SqlConn.SendSQL(
db,
"SELECT `UserID` FROM `verifications` WHERE `vercode`=%(incode)s AND `enddate`> NOW() LIMIT 1",
para)
if 'err' in r:
db.close()
return str(r)
else:
if 'passwordCheck' in request.form and 'NewPassword' in request.form:
if request.form['passwordCheck'] == request.form[
'NewPassword']:
para = {
"NewPassword":
beecFunc.hasPassword(request.form['NewPassword']),
"UserID":
r[0][0]
}
SqlConn.SendSQL(
db,
"UPDATE `ourusers` SET `password`= %(NewPassword)s WHERE `userid`=%(UserID)s",
para,
returnDate=False)
db.close()
return redirect("/login")
else:
return flask.send_from_directory("HTML", "ForgetVerifcation.html")
def checkLogin():
if beecFunc.checkLogin() == False:
return beecFunc.ReturnResponse("LOGIN")
else:
return True
def displayImage(ImageName):
return comFunc.displayImage(ImageName, app=app, IsAppServer=False)
def openHome():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
return flask.render_template("homepage.html", first_header='Welcome', p1=session['FullName'])
def RegisterNewUser():
if request.method == 'POST':
# Convert the input to JSON object
FullInData = json.dumps(request.form)
FullInData = json.loads(FullInData)
# print("Resived:", FullInData)
try:
# return FullInData;
# Check email format
if Checking.CheckEamilFormat(FullInData['email']):
# Check email Match
if (FullInData['email']) == (FullInData['Reenter']
or 'WEB' not in FullInData):
print("email check passed")
pass
else:
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Email Match")
else:
return Msgs.getErrorMessage(0, "EN")
else:
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Email Format")
else:
return Msgs.getErrorMessage(1, "EN")
# Check Password Match
if FullInData['Passowrd'] == FullInData[
'pReenter'] or 'WEB' not in FullInData:
# Password Complexity
d = Checking.passwordComplexity(FullInData['Passowrd'])
if d == "OK":
print("Password Complexity Passed")
pass
else:
print("Password Complexity FAILD")
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Pwd Complexity")
else:
return Msgs.getErrorMessage(2, "EN")
else:
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Pwd Match")
else:
return Msgs.getErrorMessage(3, "EN")
# Virify the username
# FullInData['UserName'] = Checking.RemoveUnwantedChar(FullInData['UserName'])
# Clean all input data
for x in FullInData:
if x != "Passowrd" and x != "email":
FullInData[x] = Checking.RemoveUnwantedChar(FullInData[x])
except KeyError:
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Passed Key error: " +
str(KeyError))
else:
return "Passed Key error: " + str(KeyError)
except:
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Other Error")
else:
return "Some error in you request"
# ----------------------------------------
# Everything is ok
# ----------------------------------------
print("Everything is OK")
ErrorArray = []
# Create User ID
FullInData['userid'] = str(SqlConn.GenerateRadom(8))
FullInData['password'] = beecFunc.hasPassword(FullInData['Passowrd'])
# Connect to the SQL serer
dbConn = SqlConn.ConnectToDB()
# 1 Insert the user
ResultData = SqlConn.InsertSQL(
dbConn,
"INSERT INTO `ourusers`(`CanLogin`,`points`,`userroleid`,`userid`, `email`,`password`) VALUES (1, 0, 122, %(userid)s, %(email)s, %(password)s )",
FullInData, False)
# Check if result is ok
if ResultData == None or ResultData[0] != "OK":
# If the error was becuse exisiting email, change the 'err' title to exisit
# This is to dispaly the correct error message on the app
if 'WEB' not in FullInData:
if "exisits" in ResultData[1]:
return beecFunc.ReturnResponse("Exisit")
else:
return beecFunc.ReturnResponse(ResultData[1])
else:
return str(ResultData)
# 2 Get the new created Licese ID
# LicSQL = SqlConn.SendSQL(dbConn, "SELECT `licencesid` FROM `licences` WHERE `type`='E' AND `CreatedFor`=' " + str(UserID) + "'")
para = {"username": FullInData['userid']}
LicSQL = SqlConn.SendSQL(
dbConn,
"SELECT `licencesid` FROM `licences` WHERE `type`='E' AND `CreatedFor`=%(username)s",
para)
# print(FullInData['userid'])
FullInData["LicenceID"] = str(LicSQL[0][0])
# 3 Create and employee
# print("FullInData[1LicenceID1]=", FullInData["LicenceID"])
myInsert = "INSERT INTO `employee`(`empid`, `nickname`, `firstname`, `middlename`, `grandname`, `lastname`, `abuname`, " + \
"`phone`, `mobile`, `hometel`, `email`, `workphone`, `notes`, `userid`, `licencesid`) VALUES ('1'," + \
" %(Nickname)s , %(FirstName)s, %(MiddleName)s , %(GrandFatherName)s , %(FamilyName)s ,%(AbuName)s , %(PhoneNumber)s" + \
", %(MobileNumber)s , %(HomePhone)s , %(email)s , %(Workphone)s , %(notes)s , %(userid)s , %(LicenceID)s )"
ResultData = SqlConn.InsertSQL(dbConn, myInsert, FullInData, True)
# ------------
# 4 SEND EMAIL
if ResultData[0] == "OK":
# Create the Verifcation code
VirifcationCode = str(SqlConn.GenerateRadom(3))
VirifcationCode = Hashing.sha3_256(
VirifcationCode.encode()).hexdigest()[2:10]
VirifcationCode = VirifcationCode.upper()
# Save the code to the database
para = {"vcode": VirifcationCode, "userID": FullInData['userid']}
SqlConn.InsertSQL(
dbConn,
"INSERT INTO `verifications`(`vercode`, `UserID`) VALUES (%(vcode)s,%(userID)s )",
para, False)
# Send the email
try:
beecFunc.SendEmail(emailSubject="Avtivate you account with eCards", emailTo=FullInData['email'],
emailBody="Hi Mr. " + FullInData['FirstName'] + \
", \n You have register with us and complete your registration please click the line bellow or use this Code:\n" + \
VirifcationCode + " \n Thank you ...")
except:
ErrorArray.append("Email")
# Close DB Connection
SqlConn.CloseConnection(dbConn)
# 5 Redirect to verificaiton
RR = flask.send_from_directory("HTML", "EmailVerifcation.html")
if 'WEB' not in FullInData:
if len(ErrorArray) > 0:
if "Email" in ErrorArray:
return beecFunc.ReturnResponse(
{
"Result": "Email",
"UserID": ResultData[1]
}, True)
else:
return beecFunc.ReturnResponse(
{
"Result": "OK",
"UserID": ResultData[1]
}, True)
else:
return str(RR)
# Close DB Connection
SqlConn.CloseConnection(dbConn)
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse(ResultData)
else:
return str(ResultData)
# return Msgs.getErrorMessage(4, "EN") + FullInData['UserName']
elif request.method == 'GET':
# If it get, simply return the registration form
return flask.send_from_directory("HTML", "Register.html")
def login():
#print("Login")
if request.method == 'POST':
# Check if POST request has the Username paramter
if 'Username' in request.form:
# OK
pass
else:
# Not passed
print("Wrong Request")
return "WORNG REQUEST"
# Parse the data
FullInData = json.dumps(request.form)
FullInData = json.loads(FullInData)
# Clean the username
if Checking.CheckEamilFormat(FullInData['Username']):
username = FullInData['Username']
else:
print("Wrong Request2")
if 'WEB' not in FullInData:
return beecFunc.ReturnResponse("Fail")
return flask.render_template(
"loginpage.html",
SystemMessage="Wrong user name or password. Please try again.")
password = beecFunc.hasPassword(FullInData['password'])
# Send the sql
db = SqlConn.ConnectToDB()
if type(db).__name__ == "str":
print("Wrong Request3 db", db)
return beecFunc.ReturnResponse("error")
#print(password)
para = {"username": username, "password": password}
r = SqlConn.SendSQL(db, "SELECT `ourusers`.`userid`, `ourusers`.`email`, `CanLogin`, `verified`, `points`, `userroleid`, " + \
"`employee`.`firstname`, `employee`.`lastname`, `ourusers`.`verified`, `ourusers`.`defultCardID`, `employee`.`empid` " +\
"FROM `ourusers`, `employee` WHERE `employee`." + \
"userid = ourusers.userid AND `ourusers`.`email` = %(username)s AND `password`=%(password)s AND " + \
"`CanLogin`=1 LIMIT 1", para)
db.close()
# Check the user
if r != []:
# Open the session
#print(r)
session['Username'] = username
session['UserID'] = r[0][0]
session['Email'] = r[0][1]
session['CanLogin'] = r[0][2]
session['Verified'] = r[0][3]
session['Points'] = r[0][4]
session['UserRoleID'] = r[0][5]
session['FullName'] = r[0][6] + " " + r[0][7]
session['EmpID'] = r[0][8]
#print(session)
if 'WEB' not in FullInData:
# Check if the user has completed his verifction
if r[0][8] != 1:
responseDic = {"Result": "Verification"}
else:
responseDic = {"Result": "Success!"}
for l in session:
responseDic[l] = session[l]
response = app.response_class(response=json.dumps(responseDic),
status=200,
mimetype='application/json')
return response # ReturnResponse("Success!")
else:
return redirect("/home")
# return open("HTML/homepage.html").read().format(first_header='Welcome', p1=session['FullName'])
else:
# Wrong user name or password
if 'WEB' not in FullInData:
print("Fails")
return beecFunc.ReturnResponse("Fail")
else:
return flask.render_template(
"loginpage.html",
SystemMessage=
"Wrong user name or password. Please try again.")
return flask.render_template("loginpage.html")
def logout():
if 'Username' in session:
# remove the username from the session if it's there
session.clear()
return beecFunc.ReturnResponse("Successful")
def CardsEdit():
if comFunc.checkLogin() == False:
return redirect(url_for('login'))
if request.method == 'POST':
ReqnData = json.dumps(request.form)
ReqnData = json.loads(ReqnData)
FullInData = ReqnData
# Clean up
for x in FullInData:
FullInData[x] = Checking.RemoveUnwantedChar(FullInData[x])
# React with DB
db = SqlConn.ConnectToDB()
if 'newC' in request.form:
# Generate a new ID
FullInData['cardid'] = SqlConn.GenerateRadom(5)
# Fix the checkbox input
if FullInData['isprivate'] == 'on':
FullInData['isprivate'] = "1"
else:
FullInData['isprivate'] = "0"
##############################
# Fix the INFO feild to JSON object
##############################
# Get the Theam HTML
para = {"applytheamid": FullInData['applytheamid']}
ThemSQL_Result = SqlConn.SendSQL(db, "SELECT `HTMLcode` FROM `theam` WHERE `theamid`=%(applytheamid)s", para)
# Extart the requried data
inHTML_ParaList = re.findall(r"\{[a-zA-Z]*\}", ThemSQL_Result[0][0])
# Remove the {} from the results
for x in range(0, len(inHTML_ParaList)):
inHTML_ParaList[x] = inHTML_ParaList[x][1:len(inHTML_ParaList[x]) - 1]
##################
# Get the full data JSON
FullDataJSON = GetUserFullData(session['UserID'], app, True)
FullDataJSON = json.loads(FullDataJSON)
ResultJSON: dict = {}
# Match the needed data with the data in FullDataJSON
for oneEntry in FullDataJSON:
if oneEntry in inHTML_ParaList:
ResultJSON[oneEntry] = FullDataJSON[oneEntry]
# Fix Full Name `firstname``middlename``grandname``lastname`
ResultJSON['FullName'] = FullDataJSON['firstname']
if "middlename" in FullDataJSON:
ResultJSON['FullName'] = ResultJSON['FullName'] + " " + FullDataJSON['middlename']
if "grandname" in FullDataJSON:
ResultJSON['FullName'] = ResultJSON['FullName'] + " " + FullDataJSON['grandname']
ResultJSON['FullName'] = str(ResultJSON['FullName'] + " " + FullDataJSON['lastname'])
# Assign the JSON object
FullInData['INFO'] = json.dumps(ResultJSON, ensure_ascii=False)
###############################################
# Create the Insert SQL
SQLs = "INSERT INTO cards (`cardid`, `cardname`, `hashlink`, `isprivate`, `visitcounter`, `htmllink`, `foremployee`, `applytheamid`, `INFO`, `QRCodeImg`) VALUES " \
+ "('" + str(FullInData['cardid']) + "','" + FullInData['cardname'] + "','" + FullInData[
'hashlink'] + "','" + \
FullInData['isprivate'] + "','0','" + FullInData['htmllink'] + "','" + \
str(FullInData['foremployee']) + "','" + str(FullInData['applytheamid']) + "','" + FullInData[
'INFO'] + "','" + \
str(FullInData['QRCodeImg']) + "')"
r = SqlConn.InsertSQL(db, SQLs, FullInData, returnID=False)
return str(r)
elif 'editC' in request.form:
# Create the list of paramter accordingly
print("^^^", FullInData)
db.close()
else:
return flask.render_template("EditCard.html")
def WantedFeilds():
if checkLogin() == False:
return
UserID = str(session['UserID'])
return beecFunc.ReturnResponse(CardInfo.getSelectedFeilds(UserID))
