def load_logged_in_user(): '''If a user id is stored in the session, load the user object from the database into ``g.user``.''' user_id = session.get('user_id') db = get_db() if user_id is None: g.user = None else: g.user = db.execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def get_mystocks(): db = get_db() try: if g.user: my_stocks = db.execute( 'SELECT idx, code FROM stock WHERE user_id = ? ORDER BY seq', (g.user['id'],)).fetchall() else: my_stocks = db.execute( 'SELECT idx, code FROM stock WHERE user_id = 0').fetchall() except: tables = db.execute('SELECT name FROM sqlite_master').fetchall() if tables == []: init_db() return get_mystocks() return jsonify(asyncio.run(get_realtime(my_stocks)))
def login(): '''Log in a user by adding the user id to the session.''' if g.user: return redirect(url_for('index')) if request.method == 'POST': username = request.form.get('username') password = request.form.get('password') rememberme = request.form.get('rememberme') db = get_db() error = None try: user = db.execute('SELECT * FROM user WHERE username = ?', (username.lower(), )).fetchone() except: tables = db.execute('SELECT name FROM sqlite_master').fetchall() if tables == []: init_db() flash('Detected first time running. Initialized the database.') else: flash( 'Critical Error! Please contact your system administrator.' ) return render_template('auth/login.html') if user is None: error = 'Incorrect username.' elif not check_password_hash( user['password'], password) and user['password'] != password: error = 'Incorrect password.' if error is None: # store the user id in a new session and return to the index session.clear() session['user_id'] = user['id'] if rememberme == 'on': session.permanent = True else: session.permanent = False return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def setting(): '''Change current user's password.''' if request.method == 'POST': password = request.form.get('password') password1 = request.form.get('password1') password2 = request.form.get('password2') db = get_db() error = None user = db.execute('SELECT password FROM user WHERE id = ?', (g.user['id'], )).fetchone() if not check_password_hash(user['password'], password) and user['password'] != password: error = 'Incorrect password.' elif password1 != password2: error = "Confirm password doesn't match new password." elif password1 == password: error = 'New password cannot be the same as your current password.' elif password1 is None or password1 == '': error = 'New password cannot be blank.' if error is None: # Store new password in the database and go to # the login page db.execute( 'UPDATE user SET password = ? WHERE id = ?', (generate_password_hash(password1), g.user['id']), ) db.commit() session.clear() flash('Password Changed. Please Re-login!') return redirect(url_for('auth.login')) flash(error) return render_template('auth/setting.html')
def reorder(): orig = loads(request.form.get('orig')) dest = loads(request.form.get('dest')) db = get_db() if g.user: orig_seq = db.execute( 'SELECT seq FROM stock WHERE idx = ? AND code = ? AND user_id = ?', (orig[0], orig[1], g.user['id'])).fetchone()['seq'] if dest != 'top': dest_seq = db.execute( 'SELECT seq FROM stock WHERE idx = ? AND code = ? AND user_id = ?', (dest[0], dest[1], g.user['id'])).fetchone()['seq'] else: dest_seq = 0 if orig_seq > dest_seq: dest_seq += 1 db.execute('UPDATE stock SET seq = seq + 1 WHERE seq >= ? AND user_id = ? AND seq < ?', (dest_seq, g.user['id'], orig_seq)) else: db.execute('UPDATE stock SET seq = seq - 1 WHERE seq <= ? AND user_id = ? AND seq > ?', (dest_seq, g.user['id'], orig_seq)) db.execute('UPDATE stock SET seq = ? WHERE idx = ? AND code = ? AND user_id = ?', (dest_seq, orig[0], orig[1], g.user['id'])) db.commit() return '1' return '0'
def star(): refer = request.referrer index = refer.split('/')[-2] code = refer.split('/')[-1] db = get_db() if request.method == 'GET': if g.user: stock = db.execute( 'SELECT * FROM stock WHERE idx = ? AND code = ? AND user_id = ?', (index, code, g.user['id'])).fetchone() if stock: return 'True' return 'False' action = request.form.get('action') if g.user: if action == 'unstar': db.execute('DELETE FROM stock WHERE idx = ? AND code = ? AND user_id = ?', (index, code, g.user['id'])) db.commit() else: db.execute('INSERT INTO stock (idx, code, user_id) VALUES (?, ?, ?)', (index, code, g.user['id'])) db.commit() return '1' return '0'