def register():
if request.method == 'POST':
params = (
request.form['regEmail'],
request.form['regPassword'],
request.form['regFirstname'],
request.form['regLastname'],
request.form['departmentCode'],
request.form['accountType'])
sproc = """[usr].[CreateUser] @Email = ?, @Password= ?, @FirstName = ?, @LastName = ?,
@DepartmentCode = ?, @isStaff = ?"""
Database.execute_query(sproc, params)
return redirect(url_for('auth.Auth'))
def login():
if request.method == 'POST':
sproc = "[usr].[UserLogin] @Email = ?, @Password= ?"
user_email = request.form['email']
params = (user_email, request.form['password'])
result = Database.execute_query(sproc, params)
if "Login successful" == result[0][0]:
sproc = "[usr].[getUser] @Email = ?"
session['email'] = user_email
params = user_email
result = Database.execute_query(sproc, params)
is_admin = result[0][4]
if is_admin:
return redirect('/admin')
else:
return redirect('/basket')
return redirect('/auth')
