def login():
if request.method == 'POST':
error = None
email = request.form['email'] #GET FORM FIELDS
password_candidate= request.form['password'] #GET FORM FIELDS
flag=0
sql="SELECT password FROM users WHERE email = '%s' "%(email)
rows = dbquery.fetchone(sql)
try: # if no entry found, an error is raised
for row in rows:
flag=1
password=row
sql="SELECT userno FROM users WHERE email = '%s' "%(email) #validations
rows = dbquery.fetchone(sql)
for row in rows:
userid=row
sql="SELECT type FROM users WHERE email= '%s' "%(email) #validations
rows = dbquery.fetchone(sql)
for row in rows:
type=row
if str(password_candidate) == str(password): #initialise session variable if passwords match
session['logged_in'] = True
session['type']=str(type)
session['id']=str(userid)
session['email']=email
if session['type'] == "Nurse":
return redirect(url_for('nurse_dash'))
if session['type'] == "Doctor":
return redirect(url_for('doctor_dash'))
if session['type'] == "Patient":
return redirect(url_for('patient_dash'))
else:
error = 'Username or Password Incorrect'
return render_template('login.html',error=error)
except:
if flag==0:
error = 'Username or Password Incorrect'
return render_template('login.html',error=error)
#if verification is successful load the dashboard with session
return render_template('login.html')
def login():
if request.method == 'POST':
email = request.form['email'] #GET FORM FIELDS
password_candidate= request.form['password'] #GET FORM FIELDS
flag=0
sql="SELECT PASSWORD FROM USERS WHERE EMAIL= '%s' "%(email)
rows = dbquery.fetchone(sql)
try: # if no entry found, an error is raised
for row in rows:
flag=1
password=row
sql="SELECT NAME FROM USERS WHERE EMAIL= '%s' "%(email) #validations
rows = dbquery.fetchone(sql)
for row in rows:
name=row
sql="SELECT USERID FROM USERS WHERE EMAIL= '%s' "%(email) #validations
rows = dbquery.fetchone(sql)
for row in rows:
userid=row
sql="SELECT CITY FROM USERS WHERE EMAIL= '%s' "%(email)
rows = dbquery.fetchone(sql)
for row in rows:
city=row
if str(password_candidate) == str(password): #initialise session variable if passwords match
session['logged_in'] = True
session['name'] = str(name)
session['userid']=userid
session['city']=city
else:
error = 'Invalid login'
return render_template('login.html',error=error)
except:
if flag==0:
error = 'Email not found'
return render_template('login.html',error=error)
return redirect( url_for('dashboard'))#if verification is successful load the dashboard with session
return render_template('login.html')
def signup():
if request.method == 'POST':
email = request.form['email'] #GET FORM FIELDS
password_candidate= request.form['password']
name = request.form['name']
sql="SELECT USERID FROM USERS WHERE EMAIL='%s'"%(email) #Security check on email
try:
rows = dbquery.fetchone(sql) #if none, error should be raised
for row in rows:
f=1
except:
sql="INSERT INTO USERS(NAME,EMAIL,PASSWORD) VALUES('%s','%s' ,'%s')"%(name,email,password_candidate)
dbquery.inserttodb(sql) #connecting to db model
flash('You are now registered! Please Log in.','success') #sending a message to user
return redirect(url_for('login')) #redirecting to login page
flash('This Email exists!','success') #Checking for email
return render_template('signup.html')
return render_template('signup.html')
def signup():
if request.method == 'POST':
message=None
email = request.form['email'] #GET FORM FIELDS
name = request.form['name']
password= request.form['password']
type = request.form['type']
sql="SELECT userno FROM users WHERE email='%s'"%(email) #Security check on username
try:
rows = dbquery.fetchone(sql) #if none, error should be raised
for row in rows:
f=1
except:
sql="INSERT INTO users(name,email,password,type) VALUES('%s','%s' ,'%s','%s')"%(name,email,password,type)
dbquery.inserttodb(sql) #connecting to db model
message="User Registration Successful"
return render_template('signup.html',message=message)
message="Email Exists"
return render_template('signup.html',message=message)
return render_template('signup.html')
def signup():
if request.method== 'POST': #retrieving values from user if POST
name = request.form['name']
email = request.form['email']
password= request.form['password']
country=request.form['country']
country=country.lower()
city=request.form['city']
city=city.lower()
sql="SELECT USERID FROM USERS WHERE EMAIL='%s'"%(email) #Security check on email
try:
rows = dbquery.fetchone(sql) #if none, error should be raised
for row in rows:
f=1
except:
sql="INSERT INTO USERS(NAME,EMAIL,PASSWORD,COUNTRY,CITY) VALUES('%s','%s' ,'%s','%s','%s')"%(name,email,password,country,city)
dbquery.inserttodb(sql) #connecting to db model
flash('You are now registered! Please Log in.','success') #sending a message to user
return redirect( url_for('login')) #redirecting to login page
flash('This Email exists!','success') #Checking for email
return render_template('signup.html')
return render_template('signup.html') # rendering the signup page