def blog():
current_user = request.user
if request.method == "POST":
title = request.form.get("posttitle")
text = request.form.get("posttext")
post = Post(title=title, text=text, user=current_user)
db.add(post)
db.commit()
# send notification email
msg = Message(subject="WebDev Blog - Registration Successful",
sender=SENDER,
recipients=[current_user.email])
msg.body = f"Hi {current_user.username}!\nWelcome to our WebDev Flask site!\nEnjoy!"
msg.html = render_template("new_post.html",
username=current_user.username,
link=f"{HOST_ADDR}/posts/{post.id}",
post=post)
mail.send(msg)
return redirect(url_for('blog'))
if request.method == "GET":
posts = db.query(Post).all()
return render_template("blog.html", posts=posts, user=request.user)
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
hashed_password = hashlib.sha256(password.encode()).hexdigest()
content = "Welcome"
date = datetime.datetime.now()
user = db.query(ToDo).filter_by(email=email).first()
if not user:
user = ToDo(name=name,
email=email,
password=hashed_password,
content=content,
date=date)
db.add(user)
db.commit()
if hashed_password != user.password:
return "Wrong Password"
else:
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect("/task"))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def profile_edit():
token_session = request.cookies.get("token_session")
user = db.query(User).filter_by(token_session=token_session,
delete=False).first()
if request.method == "GET":
if user:
return render_template("profile_edit.html", user=user)
else:
return redirect(url_for("index"))
elif request.method == "POST":
name = request.form.get("profile-name")
email = request.form.get("profile-email")
old_password = request.form.get("old-password")
new_password = request.form.get("new-password")
if old_password and new_password:
h_old_password = hashlib.sha256(old_password.encode()).hexdigest()
h_new_password = hashlib.sha256(new_password.encode()).hexdigest()
if h_old_password == user.password:
user.password = h_new_password
else:
return "Operacion incorrecta! Su antigua contraseña no es correcta"
user.name = name
user.email = email
db.add(user)
db.commit()
return redirect(url_for("profile"))
def login():
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
# query, check if there is a user with this username in the DB
# user = db.query(User).filter(User.username == username).one() # -> needs to find one, otherwise raises Error
# user = db.query(User).filter(User.username == username).first() # -> find first entry, if no entry, return None
# users = db.query(User).filter(User.username == username).all() # -> find all, always returns list. if not entry found, empty list
password_hash = hashlib.sha256(password.encode()).hexdigest()
# right way to find user with correct password
user = db.query(User) \
.filter(User.username == username, User.password_hash == password_hash) \
.first()
session_cookie = str(uuid.uuid4())
expiry_time = datetime.datetime.now() + datetime.timedelta(
seconds=COOKIE_DURATION)
if user is None:
flash("Username or password is wrong", "warning")
app.logger.info(
f"User {username} failed to login with wrong password.")
redirect_url = request.args.get('redirectTo', url_for('index'))
return redirect(url_for('login', redirectTo=redirect_url))
else:
user.session_cookie = session_cookie
user.session_expiry_datetime = expiry_time
db.add(user)
db.commit()
app.logger.info(f"User {username} is logged in")
redirect_url = request.args.get('redirectTo', url_for('index'))
response = make_response(redirect(redirect_url))
response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME,
session_cookie,
httponly=True,
samesite='Strict')
return response
elif request.method == "GET":
cookie = request.cookies.get(WEBSITE_LOGIN_COOKIE_NAME)
user = None
if cookie is not None:
user = db.query(User) \
.filter_by(session_cookie=cookie) \
.filter(User.session_expiry_datetime >= datetime.datetime.now()) \
.first()
if user is None:
logged_in = False
else:
logged_in = True
return render_template("login.html",
logged_in=logged_in,
user=request.user)
def result():
num_user = int(request.form.get("num_user"))
token_session = request.cookies.get("token_session")
user = db.query(User).filter_by(token_session=token_session,
delete=False).first()
if user and num_user == user.secret_number:
mensaje = "Enhorabuena!! El numero correcto es: " + str(num_user)
new_secret = random.randint(1, 30)
user.secret_number = new_secret
db.add(user)
db.commit()
return render_template("result.html", mensaje=mensaje)
elif num_user > user.secret_number:
mensaje = "Tu numero no es correcto! Intentalo con uno mas pequeño!"
return render_template("result.html", mensaje=mensaje)
elif num_user < user.secret_number:
mensaje = "Tu numero no es correcto! Intentalo con uno mas grande!"
return render_template("result.html", mensaje=mensaje)
def success():
active = "active"
name = request.form["name"]
email = request.form["email"]
password = request.form["pwd"]
password_hash = generate_password_hash(password)
name_exists = db.query(User).filter_by(name=name).first()
email_exists = db.query(User).filter_by(email=email).first()
if name_exists or email_exists:
successMessage = "The username or email address already exists!"
successClass = "alert alert-danger"
return render_template("form.html", active1=active, successMessage = successMessage, successClass = successClass)
else:
user_registration = User(name=name, email=email, password_hash=password_hash)
successMessage = "You have successfully registered!"
successClass = "alert alert-success"
db.add(user_registration)
db.commit()
response = make_response(render_template("index.html", successMessage=successMessage, successClass=successClass, emailAddress=email, active0=active, user=name))
response.set_cookie("email", email)
return response
def password_check():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
new_password = request.form.get("new-password")
new_password2 = request.form.get("new-password2")
if new_password != new_password2:
return "The Passwords Do Not Match"
else:
user.password = hashlib.sha256(new_password.encode()).hexdigest()
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect(url_for('profile')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def result():
guess = int(request.form.get("guess"))
session_token = request.cookies.get("session_token")
# get user from the database based on her/his email address
user = db.query(User).filter_by(session_token=session_token).first()
if guess == user.secret_number:
message = "Correct! The secret number is {0}".format(str(guess))
# create a new random secret number
new_secret = random.randint(1, 30)
# update the user's secret number
user.secret_number = new_secret
# update the user object in a database
db.add(user)
db.commit()
elif guess > user.secret_number:
message = "Your guess is not correct... try something smaller."
elif guess < user.secret_number:
message = "Your guess is not correct... try something bigger."
return render_template("result.html", message=message)
def login():
name = request.form.get("user-name") # like in bind.param in PHP
email = request.form.get("user-email") # like in bind.param in PHP
password = request.form.get("user-password") # like in bind.param in PHP
hashed_pw = hashlib.sha256(password.encode()).hexdigest()
#new Object from tpe User (model)
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name, email=email, password=hashed_pw)
db.add(user)
db.commit()
if hashed_pw != user.password:
return "Wrong Password!!!"
elif hashed_pw == user.password:
session_token = str(uuid.uuid4()) # SESSION
user.session_token = session_token
db.add(user)
db.commit()
#Cookie
response = make_response(redirect(url_for('index')))
response.set_cookie('session_token',
session_token,
httponly=True,
samesite='Strict')
return response
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
hashed_pw = hashlib.sha256(password.encode()).hexdigest()
#neues Objekt User(Model
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name, email=email, password=hashed_pw)
db.add(user)
db.commit()
if hashed_pw != user.password:
return "Wrong Password! Tra again!"
elif hashed_pw == user.password:
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
#cookie
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite="Strict")
return response
def index():
if request.method == "POST":
task_content = request.form['content']
new_task = Todo(content=task_content)
db.add(new_task)
db.commit()
return redirect("/")
else:
tasks = db.query(Todo).all()
return render_template("index.html", tasks=tasks)
async def update_time_step2(message: types.Message, state: FSMContext):
birthday = db.query(Notification).filter(Notification.chat_id == message.chat.id).first()
if birthday is None:
notification = Notification(chat_id=message.chat.id,
time=message.text)
db.add(notification)
db.commit()
else:
db.query(Notification).filter(Notification.chat_id == message.chat.id).update({'time': message.text})
db.commit()
await state.finish()
async def add_step3(message: types.Message, state: FSMContext):
data = await state.get_data()
day, month, year = map(int, message.text.split('.'))
birthday = Birthday(chat_id=message.chat.id,
name=data.get('name'),
year=year,
month=month,
day=day)
db.add(birthday)
db.commit()
await state.finish()
def logout():
response = make_response(redirect(url_for('index')))
response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME, expires=0)
user = db.query(User) \
.filter_by(username=request.user.username) \
.first()
if user is not None:
# reset user
user.session_expiry_datetime = None
user.session_cookie = None
db.add(user)
db.commit()
app.logger.info(f"{user.username} has logged out.")
return response
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
password_hashed = hashed_password(password)
# user = User(name=name, email=email, password=password)
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name, email=email, password=password_hashed)
db.add(user)
db.commit()
# Cookie
response = make_response(redirect(url_for('index')))
response.set_cookie("email", email)
# response.set_cookie("name", name)
return response
def posts(post_id):
current_user = request.user
post = db.query(Post).filter(Post.id == post_id).first()
if request.method == "POST":
text = request.form.get("text")
comment = Comment(text=text, post=post, user=current_user)
db.add(comment)
db.commit()
return redirect('/posts/{}'.format(post_id))
elif request.method == "GET":
comments = db.query(Comment).filter(Comment.post_id == post_id).all()
return render_template('posts.html',
post=post,
comments=comments,
user=request.user)
def task():
session = request.cookies.get("session_token")
user = db.query(ToDo).filter_by(session_token=session).first()
name = user.name
if request.method == "POST":
task_content = request.form.get("content")
new_content = ToDo(name=name,
content=task_content,
session_token=session)
db.add(new_content)
db.commit()
return redirect("/task")
else:
tasks = db.query(ToDo).filter_by(name=name).all()
return render_template("task.html", tasks=tasks)
def message_reply(message_id):
message = db.query(Message).get(int(message_id))
if request.method == "POST":
sender = message.receiver
receiver = message.sender
title = "Re:" + message.title
message_text = request.form.get("poruka")
print(message_text)
new_message = Message(sender=sender,
receiver=receiver,
title=title,
message=message_text)
db.add(new_message)
db.commit()
response = make_response(redirect(url_for("profile")))
return response
elif request.method == "GET":
return render_template("message_reply.html", message=message)
def profile_delete():
token_session = request.cookies.get("token_session")
user = db.query(User).filter_by(token_session=token_session,
delete=False).first()
if request.method == "GET":
if user:
return render_template("profile_delete.html", user=user)
else:
return redirect(url_for("index"))
elif request.method == "POST":
user.delete = True
db.add(user)
db.commit()
return redirect(url_for("index"))
def login():
if request.method == "GET":
return render_template("login.html")
elif request.method == "POST":
session_token = request.cookies.get("session_token")
if not session_token:
session_token = str(uuid.uuid4())
name = request.form.get("user-name")
email = request.form.get("user-email")
location = request.form.get("user-location")
password = request.form.get("user-password")
# hash the password - to smo koristili za sakriti pass kad dizemo app.
hashed_password = hashlib.sha256(password.encode()).hexdigest()
# see if user already exists
user = db.query(User).filter_by(email=email).first()
if not user:
# create a User object
user = User(name=name,
email=email,
password=hashed_password,
location=location,
session_token=session_token)
db.add(user)
db.commit()
else:
# check if password is incorrect, but only if it exists in database
if user.password:
if hashed_password != user.password:
return render_template("wrong_password.html")
elif hashed_password == user.password:
# save the session token in a database
user.session_token = session_token
db.add(user)
db.commit()
# save user's session token into a cookie
response = make_response(redirect(url_for("profile")))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def profile_delete():
session_token = request.cookies.get("session_token")
# get user from the database based on her/his email address
user = db.query(User).filter_by(session_token=session_token, deleted=False).first()
if request.method == "GET":
if user: # if user is found
return render_template("profile_delete.html", user=user)
else:
return redirect(url_for("index"))
elif request.method == "POST":
# delete the user in the database
user.deleted = True
db.add(User)
db.commit()
return redirect(url_for("index"))
def initiate():
# Input aus dem Login/Registrierungsformular
name = request.form.get("name")
email = request.form.get("email")
secret = random.randint(1, 50)
# User in Datenbank finden
user = db.query(User).filter_by(email=email).first()
# User hinzufügen, falls noch nicht vorhanden
if not user:
user = User(name=name, email=email, secret=secret)
db.add(user)
db.commit()
# User Email-Adresse als Cookie eintragen (ist aber eine böse Lösung)
response = make_response(redirect(url_for('game')))
response.set_cookie("email", email)
return response
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
hashed_password = hashlib.sha256(password.encode()).hexdigest()
#create secret number
secret_number = random.randint(1, 30)
#check if user exists
user = db.query(User).filter_by(email=email).first()
if not user:
# create user object
user = User(name=name,
email=email,
secret_number=secret_number,
password=hashed_password)
# save to db
db.add(user)
db.commit()
# check if password is incorrect
if hashed_password != user.password:
return "WRONG PASSWORD. Please try again."
elif hashed_password == user.password:
# create a random token
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect(url_for("index")))
# response.set_cookie("email", email)
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def message_edit():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
users = db.query(User).filter(User.name != user.name)
if request.method == "POST":
sender = user.name
receiver = request.form.get("receiver")
title = request.form.get("title")
if title == "":
title = "°"
message_text = request.form.get("poruka")
new_message = Message(sender=sender,
receiver=receiver,
title=title,
message=message_text)
db.add(new_message)
db.commit()
response = make_response(redirect(url_for("profile")))
return response
elif request.method == "GET":
return render_template("message_edit.html", users=users)
def profile_edit():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if request.method == "GET":
if user:
return render_template("profile_edit.html", user=user)
else:
return redirect(url_for("index"))
elif request.method == "POST":
name = request.form.get("profile-name")
email = request.form.get("profile-email")
user.name = name
user.email = email
db.add(user)
db.commit()
return redirect(url_for("profile"))
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
secret_num = random.randint(1, 50)
password = request.form.get("user-password")
hashed_password = hashlib.sha256(password.encode()).hexdigest()
delete = "no"
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name,
email=email,
secret_num=secret_num,
password=hashed_password,
delete=delete)
db.add(user)
db.commit()
if hashed_password != user.password:
return "Wrong Password"
elif user.delete == "no":
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
else:
return redirect(url_for("logout"))
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
# hash the password
hashed_password = hashlib.sha256(password.encode()).hexdigest()
# create a secret number
secret_number = random.randint(1, 30)
# see if user already exists
user = db.query(User).filter_by(email=email).first()
if not user:
# create a User object
user = User(name=name, email=email, secret_number=secret_number, password=hashed_password)
# save the user object into a database
db.add(user)
db.commit()
# check if password is incorrect
if hashed_password != user.password:
return "WRONG PASSWORD! Go back and try again."
elif hashed_password == user.password:
# create a random session token for this user
session_token = str(uuid.uuid4())
# save the session token in a database
user.session_token = session_token
db.add(user)
db.commit()
# save user's session token into a cookie
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token", session_token, httponly=True)
return response
def result():
guess = int(request.form.get("guess"))
# email_address = request.cookies.get("email")
session_token = request.cookies.get("session_token")
# get user from db
user = db.query(User).filter_by(session_token=session_token).first()
if guess == user.secret_number:
message = "Correct"
new_secret = random.randint(1, 30)
user.secret_number = new_secret
db.add(user)
db.commit()
elif guess > user.secret_number:
message = "Your guess is not correct, try something smaller"
elif guess < user.secret_number:
message = "Your guess is not correct, try something bigger"
return render_template("result.html", message=message)
def add():
username = request.json.get('username')
password = bcrypt.generate_password_hash(
request.get_json()['password']).decode('utf-8')
obj = (username, password)
check = db.add('student', obj)
if check != 0:
result = {'student_name': username, 'student_password': password}
else:
result = ''
return jsonify({'result': result})
def guess():
guess = int(request.form.get("your-guess"))
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not guess:
return "Please choose a number between 1 - 50"
elif guess == user.secret_num:
message = "Success. You guessed correctly"
user.secret_num = random.randint(1, 50)
db.add(user)
db.commit()
elif guess < user.secret_num:
message = "Try a bigger number"
else:
message = "Try a smaller number"
return render_template("results.html", message=message)
