def getAllWorkouts(): db = get_mySQLdb() cur = db.cursor(dictionary=True) cur.execute( 'SELECT * FROM workouts' ) return jsonify(cur.fetchall())
def checkLogin(): if request.method == 'POST': jsonUserPass = request.json returnDict = {'userId': None, 'error': None} print(jsonUserPass) email = jsonUserPass['email'] password = jsonUserPass['password'] db = get_mySQLdb() cur = db.cursor() cur.execute( "SELECT id FROM appUsers WHERE email={}".format('"' + email + '"')) appUserId = cur.fetchone() if appUserId: #if found, the id is returned as a tuple so extract the id value appUserId = appUserId[0] #GET password to check hash cur.execute("SELECT password FROM appUsers WHERE id = {}".format( appUserId)) dbPassword = cur.fetchone() if check_password_hash(password, dbPassword): returnDict['userId'] = appUserId else: returnDict['error'] = "incorrect password" else: returnDict['error'] = "user not registered" return jsonify(returnDict)
def getProgramById(workoutId): db = get_mySQLdb() cur = db.cursor(dictionary=True) cur.execute( 'SELECT * FROM workoutPlans WHERE id = %s', (workoutId,) ) return jsonify(cur.fetchone())
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: db = get_mySQLdb() cursor = db.cursor(dictionary=True) cursor.execute('SELECT * FROM users WHERE id = %s', (user_id, )) g.user = cursor.fetchone()
def getAllPrograms(): db = get_mySQLdb() cur = db.cursor(dictionary=True) cur.execute( 'SELECT * FROM workoutPlans' ) workouts = cur.fetchall() #GET DATA FROM MYSQL AND JSONIFY IT return jsonify(workouts)
def register(): if request.method == 'POST': firstName = request.form['firstName'] lastName = request.form['lastName'] email = request.form['email'] username = request.form['username'] password = request.form['password'] #get and save prof pic and create reference profilePicLoc = None if 'profilePic' not in request.files: flash("no profile pic") profilePic = request.files['profilePic'] profPicExt = profilePic.filename.split('.')[-1] profilePicLoc = UPLOAD_FOLDER + username + '.' + profPicExt db = get_mySQLdb() cur = db.cursor() cur.execute('SELECT * FROM users WHERE username="******"'.format(username)) error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required' elif cur.fetchone() is not None: error = 'User {} is already registered'.format(username) if error is None: cur.execute( 'INSERT INTO users (username, email, firstName, lastName, password, profilePicLoc) VALUES (%s,%s,%s,%s,%s,%s)', (username, email, firstName, lastName, generate_password_hash(password), profilePicLoc)) db.commit() profilePic.save(profilePicLoc) return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def registerAppUser(): if request.method == 'POST': jsonDict = request.json registerError = None email = jsonDict["email"] password = jsonDict["password"] firstName = jsonDict["firstName"] lastName = jsonDict["lastName"] db = get_mySQLdb() cur = db.cursor() cur.execute('SELECT id FROM appUsers WHERE email = %s', (email, )) if cur.fetchall(): registerError = "email already registered" else: cur.execute( 'INSERT INTO users (email, firstName, lastName, password) VALUES (%s,%s,%s,%s)', (email, firstName, lastName, password)) return jsonify(registerError)
def login(): if request.method == 'POST': try: firstName = request.form['firstname'] except BadRequestKeyError: username = request.form['username'] password = request.form['password'] db = get_mySQLdb() error = None toCheckPassword = "" cur = db.cursor() cur.execute( 'SELECT username, password, id FROM users WHERE username = %s', (username, )) user = cur.fetchone() if user is None: error = 'Incorrect username' else: toCheckPassword = user[1] id = user[2] if not check_password_hash(toCheckPassword, password): error = "Incorrect password" if error is None: session.clear() session['user_id'] = id return redirect(url_for('home.home')) else: lastName = request.form['lastname'] username = request.form['username'] email = request.form['email'] password = request.form['password'] db = get_mySQLdb() cur = db.cursor() cur.execute( 'SELECT * FROM users WHERE username="******"'.format(username)) error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required' elif cur.fetchone() is not None: error = 'User {} is already registered'.format(username) if error is None: cur.execute( 'INSERT INTO users (username, email, firstName, lastName, password) VALUES (%s,%s,%s,%s,%s)', (username, email, firstName, lastName, generate_password_hash(password))) db.commit() cur.execute( 'SELECT username, password, id FROM users WHERE username = %s', (username, )) user = cur.fetchone() if user is None: error = 'Incorrect username' else: toCheckPassword = user[1] id = user[2] if not check_password_hash(toCheckPassword, password): error = "Incorrect password" if error is None: session.clear() session['user_id'] = id return redirect(url_for('home.home')) flash(error) return render_template('auth/login.html')