def admin_create_user(): user = session['user_hash'] user = currentUser(user) errors = [] success = [] permissions = getAllPermissions() positions = getAllPositions() form_dict = {} if request.method == 'POST': form_dict = loadForm(form_dict) email = form_dict['email'] permission = form_dict['permission'] position = form_dict['position'] user_hash = generate_password_hash( str(email) + str(permission) + str(position)) sql = "INSERT INTO users (email, permission_id, position_id, user_hash, verified, organization) VALUES (%s, %s, %s, %s, %s, %s)" data = [ email, permission, position, user_hash, 0, user['organization'] ] db, cursor = connect() cursor.execute(sql, data) db.commit() db.close() registration = "<p>You Have been Invited to Sign up at TaskKonnect.</p><br>" registration += "<p><a href='" + str( site_url) + "complete_signup/" + str( user_hash) + "'>Create Your Account</a></p>" msg = Message(subject='TaskKonnect Invite - CSC 394', html=registration, sender="*****@*****.**", recipients=[str(email)]) mail.send(msg) success.append("A Signup Email has been sent to: " + str(email)) if user and user['permission'] == 'administrator': return render_template('admin_create_user.html', user=user, errors=errors, success=success, permissions=permissions, positions=positions) else: return redirect(url_for('login'))
def complete_signup(user_hash): errors = [] success = [] user = currentUser(user_hash) form_dict = {} if request.method == 'POST': form_dict = loadForm(form_dict) email = form_dict['email'] first_name = form_dict['first_name'] last_name = form_dict['last_name'] password = generate_password_hash(form_dict['password']) confirm_password = form_dict['confirm_password'] new_user_hash = generate_password_hash( str(email) + str(first_name) + str(last_name) + str(password)) # Validate As Needed if form_dict['password'] != confirm_password: errors.append("Passwords do not Match.") if len(errors) == 0: db, cur = connect() sql = """ UPDATE users SET first_name = %s, last_name = %s, password = %s, user_hash = %s, verified = 1 WHERE user_hash = %s """ data = [first_name, last_name, password, new_user_hash, user_hash] cur.execute(sql, data) db.commit() db.close() session['user_hash'] = new_user_hash return redirect(url_for('home')) return render_template('register.html', current_data=user, errors=errors, success=success)
def kanban_add_card(): user = session['user_hash'] user = currentUser(user) group_id = request.args.get('group') category = request.args.get('category') members = getGroupMembers(group_id) form_dict = {} errors = [] success = [] if request.method == 'POST': form_dict = loadForm(form_dict) empty = checkEmptyForm(form_dict) if empty: errors.append("There are empty fields! Please Complete") else: db, cur = connect() sql = "INSERT INTO cards (title, description, assigned_to, kanban_category, group_id, completed, owner, due_date, archived) VALUES (%s, %s,%s, %s,%s, %s,%s,%s,%s)" title = form_dict['title'] description = form_dict['description'] assigned_to = form_dict['assigned_to'] kanban_category = form_dict['kanban_category'] due_date = form_dict['due_date'] completed = form_dict['completed'] owner = user['user_hash'] cur.execute(sql, [ title, description, assigned_to, kanban_category, group_id, completed, owner, due_date, 0 ]) db.commit() db.close() success.append("Successfully Added a Card") return render_template('kanban_add_card.html', user=user, members=members, category=category, errors=errors, success=success)
def kanban_card_edit(): form_dict = {} form_dict = loadForm(form_dict) form_dict['completed'] = '1' if len( request.form.getlist('completed')) > 0 else '0' sql = """ UPDATE cards SET title = %s, description = %s, completed = %s, due_date = %s, archived = %s WHERE id = %s """ data = [ form_dict['title'], form_dict['description'], form_dict['completed'], form_dict['due_date'], form_dict['archived'], form_dict['card_id'] ] db, cur = connect() cur.execute(sql, data) db.commit() db.close() return redirect('/kanban/card/' + str(form_dict['card_id']))
def login(): try: user = session['email'] if user: return redirect(url_for('home')) except Exception as e: pass form_dict = {} errors = [] if request.method == 'POST': # Get data from form form_dict = loadForm(form_dict) email = form_dict['email'] password = form_dict['password'] if checkUser(email, password): user = getCurrentUser(None, email=email) session['user_hash'] = user['user_hash'] return redirect(url_for('home')) else: errors.append("Email or Password is Incorrect. Try Again.") return render_template('login.html', errors=errors)
def admin_edit_user(user_hash): errors = [] success = [] user = session['user_hash'] user = currentUser(user) permissions = getAllPermissions() positions = getAllPositions() db, cur = connect() sql = """ SELECT U.email as email, U.first_name as first_name, U.last_name as last_name, P.permission_name as permission_name, P.id as permission_id, POS.id as position_id, POS.position_name as position_name FROM users U JOIN permissions P ON P.id = U.permission_id JOIN positions POS ON POS.id = U.position_id WHERE U.user_hash = %s """ cur.execute(sql, [user_hash]) result = cur.fetchone() columns = getColumns(cur) user_data = {} for key, value in zip(columns, list(result)): user_data[key] = value form_dict = {} if request.method == 'POST': form_dict = loadForm(form_dict) email = form_dict['email'] first_name = form_dict['first_name'] last_name = form_dict['last_name'] permission_id = int(form_dict['permission_id']) position_id = int(form_dict['position_id']) sql = """ UPDATE users SET email = %s, first_name = %s, last_name = %s, permission_id = %s, position_id = %s WHERE user_hash = %s """ data = [ email, first_name, last_name, permission_id, position_id, user_hash ] cur.execute(sql, data) db.commit() db.close() user_data = form_dict user_data['permission_id'] = int(user_data['permission_id']) user_data['position_id'] = int(user_data['position_id']) success.append("Updated User's Info") return render_template('admin_edit_user.html', user_data=user_data, user=user, permissions=permissions, positions=positions, errors=errors, success=success)
def register(): form_dict = {} errors = [] success = [] try: user = session['user_hash'] if user: return redirect(url_for('home')) except Exception as e: pass if request.method == 'POST': # Get data from form form_dict = loadForm(form_dict) # Make sure fields are not empty empty = checkEmptyForm(form_dict) if not empty: email = form_dict['email'] first_name = form_dict['first_name'] last_name = form_dict['last_name'] password = generate_password_hash(form_dict['password']) confirm_password = form_dict['confirm_password'] perm = 1 position_id = 1 user_hash = generate_password_hash( str(email) + str(first_name) + str(last_name) + str(password)) organization = generate_password_hash(str(user_hash)) # Validate As Needed if form_dict['password'] != confirm_password: errors.append("Passwords do not Match.") if alreadyAnUser(email): errors.append( "There is already an user with that email address.") # If no errors, proceed with database interaction if len(errors) == 0: sql = "INSERT INTO users (email, first_name, last_name, password, permission_id, position_id, user_hash, verified, organization) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)" data = [ email, first_name, last_name, password, perm, position_id, user_hash, 0, organization ] db, cursor = connect() try: cursor.execute(sql, data) db.commit() db.close() registration = "<p>Thank you for signing up. Please click the link to verify.</p><br>" registration += "<p><a href='" + str( site_url) + "confirm?user="******"'>Verify</a></p>" msg = Message(subject='Verify Email - CSC 394', html=registration, sender="*****@*****.**", recipients=[ str(email) ]) # ENTER YOUR EMAIL IN recipients mail.send(msg) success.append( "You have been signed up. Please check your Email to verify your account." ) except Exception as e: errors.append("Exception found: " + str(e)) else: print("There Was an Error.") else: errors.append('There are empty fields in the form.') return render_template('register.html', current_data=None, errors=errors, success=success)