def login(): if request.method == 'POST': error = None email = request.form['email'] #GET FORM FIELDS password_candidate= request.form['password'] #GET FORM FIELDS flag=0 sql="SELECT password FROM users WHERE email = '%s' "%(email) rows = dbquery.fetchone(sql) try: # if no entry found, an error is raised for row in rows: flag=1 password=row sql="SELECT userno FROM users WHERE email = '%s' "%(email) #validations rows = dbquery.fetchone(sql) for row in rows: userid=row sql="SELECT type FROM users WHERE email= '%s' "%(email) #validations rows = dbquery.fetchone(sql) for row in rows: type=row if str(password_candidate) == str(password): #initialise session variable if passwords match session['logged_in'] = True session['type']=str(type) session['id']=str(userid) session['email']=email if session['type'] == "Nurse": return redirect(url_for('nurse_dash')) if session['type'] == "Doctor": return redirect(url_for('doctor_dash')) if session['type'] == "Patient": return redirect(url_for('patient_dash')) else: error = 'Username or Password Incorrect' return render_template('login.html',error=error) except: if flag==0: error = 'Username or Password Incorrect' return render_template('login.html',error=error) #if verification is successful load the dashboard with session return render_template('login.html')
def login(): if request.method == 'POST': email = request.form['email'] #GET FORM FIELDS password_candidate= request.form['password'] #GET FORM FIELDS flag=0 sql="SELECT PASSWORD FROM USERS WHERE EMAIL= '%s' "%(email) rows = dbquery.fetchone(sql) try: # if no entry found, an error is raised for row in rows: flag=1 password=row sql="SELECT NAME FROM USERS WHERE EMAIL= '%s' "%(email) #validations rows = dbquery.fetchone(sql) for row in rows: name=row sql="SELECT USERID FROM USERS WHERE EMAIL= '%s' "%(email) #validations rows = dbquery.fetchone(sql) for row in rows: userid=row sql="SELECT CITY FROM USERS WHERE EMAIL= '%s' "%(email) rows = dbquery.fetchone(sql) for row in rows: city=row if str(password_candidate) == str(password): #initialise session variable if passwords match session['logged_in'] = True session['name'] = str(name) session['userid']=userid session['city']=city else: error = 'Invalid login' return render_template('login.html',error=error) except: if flag==0: error = 'Email not found' return render_template('login.html',error=error) return redirect( url_for('dashboard'))#if verification is successful load the dashboard with session return render_template('login.html')
def signup(): if request.method == 'POST': email = request.form['email'] #GET FORM FIELDS password_candidate= request.form['password'] name = request.form['name'] sql="SELECT USERID FROM USERS WHERE EMAIL='%s'"%(email) #Security check on email try: rows = dbquery.fetchone(sql) #if none, error should be raised for row in rows: f=1 except: sql="INSERT INTO USERS(NAME,EMAIL,PASSWORD) VALUES('%s','%s' ,'%s')"%(name,email,password_candidate) dbquery.inserttodb(sql) #connecting to db model flash('You are now registered! Please Log in.','success') #sending a message to user return redirect(url_for('login')) #redirecting to login page flash('This Email exists!','success') #Checking for email return render_template('signup.html') return render_template('signup.html')
def signup(): if request.method == 'POST': message=None email = request.form['email'] #GET FORM FIELDS name = request.form['name'] password= request.form['password'] type = request.form['type'] sql="SELECT userno FROM users WHERE email='%s'"%(email) #Security check on username try: rows = dbquery.fetchone(sql) #if none, error should be raised for row in rows: f=1 except: sql="INSERT INTO users(name,email,password,type) VALUES('%s','%s' ,'%s','%s')"%(name,email,password,type) dbquery.inserttodb(sql) #connecting to db model message="User Registration Successful" return render_template('signup.html',message=message) message="Email Exists" return render_template('signup.html',message=message) return render_template('signup.html')
def signup(): if request.method== 'POST': #retrieving values from user if POST name = request.form['name'] email = request.form['email'] password= request.form['password'] country=request.form['country'] country=country.lower() city=request.form['city'] city=city.lower() sql="SELECT USERID FROM USERS WHERE EMAIL='%s'"%(email) #Security check on email try: rows = dbquery.fetchone(sql) #if none, error should be raised for row in rows: f=1 except: sql="INSERT INTO USERS(NAME,EMAIL,PASSWORD,COUNTRY,CITY) VALUES('%s','%s' ,'%s','%s','%s')"%(name,email,password,country,city) dbquery.inserttodb(sql) #connecting to db model flash('You are now registered! Please Log in.','success') #sending a message to user return redirect( url_for('login')) #redirecting to login page flash('This Email exists!','success') #Checking for email return render_template('signup.html') return render_template('signup.html') # rendering the signup page