def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(pymysql.Error) as e:
db.execute("SELECT 1")
assert 'closed' in str(e)
def addplane():
"""
Return add plane page. Airline staffs can add planes for their company.
Args:
None
Returns:
Airline Staff add flights page
"""
cursor = get_cursor()
cursor.execute(
"SELECT airplane_id, seat FROM airplane WHERE airline = %s ",
(g.user[5]))
airplanes = cursor.fetchall()
if request.method == "POST":
error = None
seat = request.form['seat']
db = get_db()
cursor = get_cursor()
if int(seat) <= 0:
error = "Number should be greater than 0."
if error is None:
try:
cursor.execute(
"INSERT INTO airplane (airline, seat) values (%s, %s)",
(g.user[5], seat))
db.commit()
return redirect(url_for('a.confirm', action="Add airplane"))
except pymysql.Error as e:
db.rollback()
flash(error)
return render_template('a/addplane.html', airplanes=airplanes)
def addairport():
"""
Return add airport page. Airline staffs can add airports for their company.
Args:
None
Returns:
Airline Staff add airport page
"""
if request.method == "POST":
error = None
name = request.form['name']
city = request.form['city']
db = get_db()
cursor = get_cursor()
cursor.execute("SELECT * FROM airport WHERE name = %s", (name, ))
if cursor.fetchone() is not None:
error = "The airport is already in the system"
flash(error)
else:
try:
cursor.execute(
"INSERT INTO airport (name, city) values (%s, %s)",
(name, city))
db.commit()
return redirect(url_for('a.confirm', action="Add airport"))
except pymysql.Error as e:
db.rollback()
flash(e)
return render_template('a/addairport.html')
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({'TESTING': True, 'DATABASE': db_path})
with app.app_context():
init_db()
cursor = get_db().cursor()
queries = str(_data_sql).split(';')[:-1]
for query in queries:
cursor.execute(query)
yield app
os.close(db_fd)
os.unlink(db_path)
def settings():
"""
Airline Staff Settings Page. Airline staff can see his/her information, including Name, Email, Phone Number, etc. Airline Staff can also add phone numbers.
Args:
None.
Returns:
Airline Staff settings page
"""
db = get_db()
cursor = db.cursor()
error = None
if request.method == "POST":
phone_number = request.form["phone_number"]
if phone_number != "":
cursor.execute("SELECT * FROM staff_phone WHERE phone_number = %s",
(phone_number))
if cursor.fetchone() is not None:
error = "Phone number already in system"
if error is None:
try:
cursor.execute(
"INSERT INTO staff_phone (phone_number, username) values (%s, %s)",
(phone_number, g.user[0]))
db.commit()
except pymysql.Error as e:
db.rollback()
flash(error)
username = g.user[0]
fname = g.user[2]
lname = g.user[3]
bday = g.user[4]
airline = g.user[5]
cursor.execute("SELECT phone_number FROM staff_phone WHERE username = %s",
(g.user[0]))
phones = cursor.fetchall()
return render_template("a/settings.html",
username=username,
fname=fname,
lname=lname,
bday=bday,
airline=airline,
phones=phones)
def addflights():
"""
Return add flights page. Airline staffs can add flights for their company.
Args:
None
Returns:
Airline Staff add flights page
"""
if request.method == "POST":
error = None
airline = g.user[5]
airplane_id = request.form['airplane_id']
base_price = request.form['base_price']
flight_status = request.form['flight_status']
dept_time = request.form['dept_date'] + ' ' + request.form['dept_time']
arrv_time = request.form['arrv_date'] + ' ' + request.form['arrv_time']
dept_airport = request.form['dept_airport']
arrv_airport = request.form['arrv_airport']
try:
db = get_db()
cursor = db.cursor()
cursor.execute(
"INSERT INTO flight (airline, airplane_id, base_price, flight_status, dept_time, arrv_time, dept_airport, arrv_airport) values (%s,%s,%s,%s,%s,%s,%s,%s)",
(airline, airplane_id, base_price, flight_status, dept_time,
arrv_time, dept_airport, arrv_airport))
db.commit()
return redirect(url_for('a.confirm', action="Add Flight"))
except pymysql.Error as e:
flash(e)
db.rollback()
cursor = get_cursor()
# select all airplane of the company
cursor.execute("SELECT airplane_id FROM airplane WHERE airline = %s",
(g.user[5]))
airplanes = cursor.fetchall()
# select all airports
cursor.execute("SELECT name FROM airport")
airports = cursor.fetchall()
return render_template('a/addflights.html',
airplanes=airplanes,
airports=airports)
def settings():
"""
Customer Settings Page. Can add phone number.
Args:
None.
Returns:
Airline Staff settings page
"""
db = get_db()
cursor = db.cursor()
error = None
if request.method == "POST":
phone_number = request.form["phone_number"]
cursor.execute(
"SELECT * FROM customer_phone WHERE phone= %s", (phone_number))
if cursor.fetchone() is not None:
error = "Phone number already in system"
if error is None:
try:
cursor.execute(
"INSERT INTO customer_phone (phone, email) values (%s, %s)", (phone_number, g.user[0]))
db.commit()
except pymysql.Error as e:
db.rollback()
flash(error)
email = g.user[0]
name = g.user[1]
building_number = g.user[3]
street = g.user[4]
city = g.user[5]
state = g.user[6]
passport_number = g.user[7]
passport_exp = g.user[8]
passport_country = g.user[9]
bday = g.user[10]
cursor.execute(
"SELECT phone FROM customer_phone WHERE email = %s", (g.user[0]))
phones = cursor.fetchall()
return render_template("c/settings.html", phones=phones, email=email, name=name, building_number=building_number, street=street, city=city, state=state, passport_number=passport_number, passport_country=passport_country, passport_exp=passport_exp, bday=bday)
def flight_info(flight_id):
"""
Return certain flight info. Displaying all the passengers.
Args:
None
Returns:
Airline Staff flights page
"""
if request.method == "POST":
error = None
flight_id = request.form["flight_id"]
status = request.form["status"]
db = get_db()
cursor = db.cursor()
try:
cursor.execute(
"UPDATE flight SET flight_status=%s WHERE flight_id = %s",
(status, flight_id))
db.commit()
return redirect(url_for('a.confirm', action="Change Status"))
except pymysql.Error as e:
db.rollback()
flash(e)
cursor = get_cursor()
cursor.execute(
"SELECT email, name FROM customer JOIN ticket ON email = customer_email WHERE airline = %s AND flight_id = %s",
(
g.user[5],
flight_id,
))
customers = cursor.fetchall()
return render_template("a/flight_info.html",
flight_id=flight_id,
customers=customers)
def index():
"""
Index page for the site. Users can search flights
Args:
None.
Returns:
Index Page.
"""
# initialize the search result to be empty
n_flights = 'n' # n for null
b_n_flights = 'o' # stands for one way
db = get_db()
cursor = db.cursor()
# cursor.execute("SELECT distinct dept_airport from flight")
# dept_airport = cursor.fetchall()
# cursor.execute("SELECT distinct arrv_airport from flight")
cursor.execute("SELECT name FROM airport")
dept_airport = arrv_airport = cursor.fetchall()
cursor.execute("SELECT name FROM airline")
airlines = cursor.fetchall()
if request.method == "POST": # from search form submit
if request.form['content'] == "trip":
f_dept_airport = request.form['dept_airport'] # search form names
f_dept_time = request.form['dept_time']
f_arrv_airport= request.form['arrv_airport']
cursor.execute("SELECT * from `flight` WHERE dept_airport= %s AND arrv_airport = %s and DATE(dept_time) = %s",(f_dept_airport, f_arrv_airport,f_dept_time))
flights = cursor.fetchall() # all the planes that matches the result
n_flights = []
if flights:
for flight in flights:
flight = list(flight)
base_price = flight[3]
# find out how many tickets are sold
cursor.execute("SELECT COUNT(flight_id) FROM ticket WHERE flight_id = %s GROUP BY flight_id", flight[0])
ticket_sold = cursor.fetchone()[0]
# find out how many seats are available
cursor.execute("SELECT seat FROM airplane where airplane_id = %s",(flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
price = int(base_price * 1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
flight = [flight[1], flight[5], flight[6], price, flight[0]] # airline, dept_time, arrv_time, price, flight_id
n_flights.append(flight)
else:
n_flights = 'e' # e for empty
# if comming back
if request.form['trip'] == 'twoway':
f_back_date = request.form['back_date']
cursor.execute("SELECT * from `flight` WHERE dept_airport= %s AND arrv_airport = %s and DATE(dept_time) = %s",(f_arrv_airport, f_dept_airport,f_back_date))
b_flights = cursor.fetchall() # all the planes that matches the result
b_n_flights = []
if b_flights:
for b_flight in b_flights:
b_flight = list(b_flight)
base_price = b_flight[3]
# find out how many tickets are sold
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s", b_flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute("SELECT seat FROM airplane where airplane_id = %s",(b_flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
price = int(base_price * 1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
b_flight = [b_flight[1], b_flight[5], b_flight[6], price, b_flight[0]] # airline, dept_time, arrv_time, price, flight_id
b_n_flights.append(b_flight)
else:
b_n_flights = 'e'
elif request.form['content'] == "flight":
f_airline = request.form['airline']
f_flight_id = request.form['flight_id']
f_dept_date = request.form['dept_date']
f_arrv_date = request.form['arrv_date']
cursor.execute("SELECT * from `flight` WHERE flight_id = %s AND DATE(dept_time)= %s AND DATE(arrv_time)= %s and airline = %s",(f_flight_id, f_dept_date, f_arrv_date,f_airline))
flights = cursor.fetchall() # all the planes that matches the result
n_flights = []
if flights:
for flight in flights:
flight = list(flight)
base_price = flight[3]
# find out how many tickets are sold
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s", flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute("SELECT seat FROM airplane where airplane_id = %s",(flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
price = int(base_price * 1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
flight = [flight[1], flight[5], flight[6], price, flight[0]] # airline, dept_time, arrv_time, price, flight_id
n_flights.append(flight)
return render_template('index.html', dept_airport = dept_airport, arrv_airport = arrv_airport, result= n_flights, back = b_n_flights, airlines = airlines)
def search():
"""
Search future flights
Args:
None
Returns:
Booking Agent index page
"""
n_flights = 'e'
db = get_db()
cursor = db.cursor()
cursor.execute("SELECT distinct dept_airport from flight")
dept_airport = cursor.fetchall()
cursor.execute("SELECT distinct arrv_airport from flight")
arrv_airport = cursor.fetchall()
b_n_flights = None
if request.method == "POST": # from search form submit
f_dept_airport = request.form['dept_airport'] # search form names
f_dept_time = request.form['dept_time']
f_arrv_airport = request.form['arrv_airport']
cursor.execute(
"SELECT * from `flight` WHERE dept_airport= %s AND arrv_airport = %s and DATE(dept_time) = %s",
(f_dept_airport, f_arrv_airport, f_dept_time))
flights = cursor.fetchall() # all the planes that matches the result
n_flights = []
for flight in flights:
flight = list(flight)
base_price = flight[3]
# find out how many tickets are sold
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s",
flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute("SELECT seat FROM airplane where airplane_id = %s",
(flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
price = int(
base_price *
1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
flight = [flight[1], flight[5], flight[6], price, flight[0]
] # airline, dept_time, arrv_time, price, flight_id
n_flights.append(flight)
# if comming back
if request.form['trip'] == 'twoway':
f_back_time = request.form['back_time']
cursor.execute(
"SELECT * from `flight` WHERE dept_airport= %s AND arrv_airport = %s and DATE(dept_time) = %s",
(f_arrv_airport, f_dept_airport, f_back_time))
b_flights = cursor.fetchall(
) # all the planes that matches the result
b_n_flights = []
for b_flight in b_flights:
b_flight = list(b_flight)
base_price = b_flight[3]
# find out how many tickets are sold
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s",
b_flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute(
"SELECT seat FROM airplane where airplane_id = %s",
(flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
price = int(
base_price *
1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
b_flight = [
b_flight[1], b_flight[5], b_flight[6], price, b_flight[0]
] # airline, dept_time, arrv_time, price, flight_id
b_n_flights.append(flight)
return render_template('b/search.html',
dept_airport=dept_airport,
arrv_airport=arrv_airport,
result=n_flights,
back=b_n_flights)
def confirm_order():
"""
Confirm order
Args:
None
Returns:
Customer index page
"""
db = get_db()
cursor = db.cursor()
# check ticket price
if request.form['type'] == 'search':
g.flight_id = request.form['flight_id']
cursor.execute("SELECT * FROM flight WHERE flight_id = %s",
(g.flight_id, ))
flight = list(cursor.fetchone())
base_price = flight[3]
# find out how many tickets are sold
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s", flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute("SELECT seat FROM airplane where airplane_id = %s",
(flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold / seat >= 0.7:
price = int(base_price *
1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
result = [
flight[1], flight[7], flight[5], flight[8], flight[6], price,
flight[0]
]
elif request.form['type'] == 'confirm':
error = None
customer_email = request.form['customer_email']
flight_id = request.form['flight_id']
payment = request.form['payment']
card_number = request.form['card_number']
name_on_card = request.form['name_on_card']
exp_date = request.form['exp_date']
pwd = request.form['pwd']
cursor.execute("SELECT * FROM flight WHERE flight_id = %s",
(flight_id, ))
flight = cursor.fetchone()
base_price = flight[3]
# find out how many tickets are sold
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s", flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute("SELECT seat FROM airplane where airplane_id = %s",
(flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold / seat >= 0.7:
price = int(base_price *
1.2) # when 70% of tickets are sold, raise the price
else:
price = base_price
result = [
flight[1], flight[7], flight[5], flight[8], flight[6], price,
flight[0]
]
if not check_password_hash(g.user[1], pwd):
error = "Sorry, wrong password"
cursor.execute("SELECT * FROM customer WHERE email = %s",
(customer_email))
if not cursor.fetchone():
error = "Can't find this user"
if error is None:
try:
cursor.execute(
"INSERT INTO ticket (flight_id, airline, customer_email, sold_price, payment_method, card_number, name_on_card, expiration_date, purchase_date_time, BAID) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,CURTIME(), %s)",
(flight[0], flight[1], customer_email, price, payment,
card_number, name_on_card, exp_date, g.BAID))
cursor.execute("SELECT * FROM ticket WHERE flight_id = %s",
flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute(
"SELECT seat FROM airplane where airplane_id = %s",
(flight[2]))
seat = cursor.fetchone()[0]
if seat < ticket_sold:
db.rollback()
error = "Sorry, the ticket sold out."
else:
db.commit()
return redirect(url_for('b.purchase_success'))
except pymysql.Error as e:
error = e
flash(error)
return render_template('b/confirm_order.html', result=result)
def search():
"""
Return Customer search flight page.
Args:
None
Returns:
Customer index page
"""
# initialize the search result to be empty
n_flights = 'n' # n for null
b_n_flights = 'o' # stands for one way
db = get_db()
cursor = db.cursor()
# cursor.execute("SELECT distinct dept_airport from flight")
# dept_airport = cursor.fetchall()
# cursor.execute("SELECT distinct arrv_airport from flight")
cursor.execute("SELECT name FROM airport")
dept_airport = arrv_airport = cursor.fetchall()
if request.method == "POST": # from search form submit
f_dept_airport = request.form['dept_airport'] # search form names
f_dept_time = request.form['dept_time']
f_arrv_airport = request.form['arrv_airport']
cursor.execute("SELECT * from `flight` WHERE dept_airport= %s AND arrv_airport = %s and DATE(dept_time) = %s",
(f_dept_airport, f_arrv_airport, f_dept_time))
flights = cursor.fetchall() # all the planes that matches the result
n_flights = []
if flights:
for flight in flights:
flight = list(flight)
base_price = flight[3]
# find out how many tickets are sold
cursor.execute(
"SELECT * FROM ticket WHERE flight_id = %s", flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute(
"SELECT seat FROM airplane where airplane_id = %s", (flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
# when 70% of tickets are sold, raise the price
price = int(base_price * 1.2)
else:
price = base_price
# airline, dept_time, arrv_time, price, flight_id
flight = [flight[1], flight[5], flight[6], price, flight[0]]
n_flights.append(flight)
else:
n_flights = 'e' # e for empty
# if comming back
if request.form['trip'] == 'twoway':
f_back_date = request.form['back_date']
cursor.execute("SELECT * from `flight` WHERE dept_airport= %s AND arrv_airport = %s and DATE(dept_time) = %s",
(f_arrv_airport, f_dept_airport, f_back_date))
b_flights = cursor.fetchall() # all the planes that matches the result
b_n_flights = []
if b_flights:
for b_flight in b_flights:
b_flight = list(b_flight)
base_price = b_flight[3]
# find out how many tickets are sold
cursor.execute(
"SELECT * FROM ticket WHERE flight_id = %s", b_flight[0])
ticket_sold = len(cursor.fetchall())
# find out how many seats are available
cursor.execute(
"SELECT seat FROM airplane where airplane_id = %s", (flight[2]))
seat = cursor.fetchone()[0]
if ticket_sold == seat:
price = 'Sold Out'
elif ticket_sold / seat >= 0.7:
# when 70% of tickets are sold, raise the price
price = int(base_price * 1.2)
else:
price = base_price
# airline, dept_time, arrv_time, price, flight_id
b_flight = [b_flight[1], b_flight[5],
b_flight[6], price, b_flight[0]]
b_n_flights.append(flight)
else:
b = 'e'
return render_template('c/search.html', dept_airport=dept_airport, arrv_airport=arrv_airport, result=n_flights, back=b_n_flights)
def register(role):
"""
Register in the system. Based on different roles in the system, return
different register page.
Args:
role: Role of the user. Default is user.
Returns:
If requested by get, return rendered register page.
If requested by post, redirect to reg_confirm page if registered successfully,
else return error msg.
"""
error = None
db = get_db()
cursor = db.cursor()
# from register form submit, verify if register is successful.
if request.method == "POST":
# by default, Booking Agent ID is some random content.
BAID = 'success'
# Airline Staff Register
if role == 'a': # a for Airline Staff
username = request.form['username']
password = request.form['password']
password_c = request.form['password_c']
fname = request.form['fname'] # first name
lname = request.form['lname'] # last name
bday = request.form['bday'] # birthday
airline = request.form['airline'] # airline name
phone = request.form['phone']
# query database to check if the username is used
cursor.execute("SELECT * from `staff` WHERE `username` = %s",
(username, ))
if not username:
error = 'Username is required'
elif not password:
error = 'Password is required'
elif password != password_c:
error = 'Passwords do not match.'
elif not fname:
error = 'First name is required'
elif not lname:
error = 'Last name is required'
elif not bday:
error = 'Date of birth is required'
elif not phone:
error = "Phone number is required"
elif cursor.fetchone() is not None:
error = 'Airline Staff {} already exists.'.format(username)
elif error is None:
try:
cursor.execute(
"INSERT INTO staff (username, pwd, first_name, last_name, date_of_birth, airline) values(%s,%s,%s,%s,%s,%s)",
(username, generate_password_hash(password), fname,
lname, bday, airline))
db.commit()
cursor.execute(
'INSERT INTO staff_phone (phone_number, username) values (%s,%s)',
(phone, username))
db.commit()
return redirect(
url_for('auth.register_confirm', role=role, BAID=BAID))
except pymysql.Error as e:
db.rollback() # if register not successful then rollback
error = e.args[1]
flash(error)
# Booking Agent Register
elif role == 'b': # b for Booking Agent
f_email = request.form['email']
password = request.form['password']
password_c = request.form['password_c']
f_BAID = request.form["BAID"]
cursor.execute('SELECT email FROM booking_agent WHERE email = %s',
(f_email, ))
email = cursor.fetchone()
cursor.execute("SELECT * FROM booking_agent WHERE BAID = %s",
(f_BAID, ))
BAID = cursor.fetchone()
if not f_email:
error = "Email is required."
elif not password:
error = "Password is required."
elif password_c != password:
error = "Passwords do not match."
elif email is not None:
error = "Email is already used."
elif len(f_BAID) > 8:
error = "Booking Agent ID too long."
elif BAID is not None:
error = "Booking Agent ID is used."
elif error is None:
try:
cursor.execute(
"INSERT INTO booking_agent (email, pwd, BAID) values (%s,%s,%s)",
(f_email, generate_password_hash(password), f_BAID))
db.commit()
return redirect(
url_for('auth.register_confirm',
role=role,
BAID=f_BAID))
except pymysql.Error as e:
db.rollback()
error = 'DBError'
flash(e)
flash(error)
# Customer Register.
elif role == 'c':
username = request.form['username']
email = request.form['email']
password = request.form['password']
password_c = request.form['password_c']
building = request.form['building']
street = request.form['street']
city = request.form['city']
state = request.form['state']
phone = request.form['phone']
passport = request.form['passport']
# Passport Expiration Date
passport_exp = request.form['passport_exp']
passport_country = request.form['passport_country']
bday = request.form['bday'] # Date of birth
cursor.execute('SELECT * FROM customer where email = %s', email)
if not username:
error = "Username is required"
elif not email:
error = "Email is required"
elif not password:
error = "Password is required"
elif password != password_c:
error = "Passwords do not match"
elif not building:
error = "Building is required"
elif not street:
error = "Street is required"
elif not city:
error = "City is required"
elif not state:
error = "State is required"
elif not passport:
error = "Passport is required"
elif not passport_exp:
error = "Passport expiration date is required"
elif not passport_country:
error = "Passport Country is required"
elif not phone:
error = "Phone is required"
elif not bday:
error = "Date of birth is required"
elif cursor.fetchone() is not None:
error = "This Email is already registered."
elif error is None:
try:
cursor.execute(
"INSERT INTO customer (email, name, pwd, building_number, street, city, state, passport_number, passport_expiration_date, passport_country, date_of_birth) values (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)",
(email, username, generate_password_hash(password),
building, street, city, state, passport, passport_exp,
passport_country, bday))
db.commit()
cursor.execute(
"INSERT INTO customer_phone (phone, email) values (%s, %s)",
(phone, email))
db.commit()
return redirect(
url_for('auth.register_confirm', role=role, BAID=BAID))
except pymysql.Error as e:
db.rollback()
error = e.args[1]
flash(error)
# redirect(url_for('auth.login'), role = role)
if role == 'a': # fetch all airline names if visiting airline staff registration page
cursor.execute("SELECT * from airline")
airlines = cursor.fetchall()
return render_template('a/reg_a.html',
error=error,
role=role,
airlines=airlines)
# Booking Agent & Customer Login
return render_template('{}/reg_{}.html'.format(role, role),
error=error,
role=role)
def login(role):
"""
Login function depending on roles.
Args:
role: role.
Returns:
Redirect to index if login successful. Error message otherwise.
"""
if request.method == 'POST':
# requested by POST
error = None
db = get_db()
cursor = db.cursor()
# airline staff
if role == 'a':
username = request.form['username']
password = request.form['password']
cursor.execute('SELECT * from staff WHERE username = %s',
(username, )) # Fetch user info
user = cursor.fetchone()
if user is None:
error = "Incorrect Username"
elif not check_password_hash(user[1], password):
error = "Incorrect Password"
if error is None:
session.clear()
session['role'] = 'a'
session['username'] = username
return redirect(url_for('a.index'))
flash(error)
return render_template('a/login_a.html')
# booking agent
if role == 'b':
email = request.form['email']
BAID = request.form['BAID']
password = request.form['password']
cursor.execute('SELECT * FROM booking_agent WHERE BAID = %s',
(BAID, ))
user = cursor.fetchone()
if user is None:
error = "Incorrect BAID"
elif user[0] != email:
error = "Incorrect Email"
elif not check_password_hash(user[1], password):
error = "Incorrect Password"
if error is None:
session.clear()
session['BAID'] = BAID
session['role'] = 'b'
return redirect(url_for('b.index'))
flash(error)
return render_template('b/login_b.html')
# customer
if role == 'c':
email = request.form['email']
password = request.form['password']
cursor.execute("SELECT * FROM customer WHERE email = %s",
(email, ))
user = cursor.fetchone()
if user is None:
error = 'Incorrect Email'
elif not check_password_hash(user[2], password):
error = 'Incorrect Password'
if error is None:
session.clear()
session['email'] = email
session['role'] = 'c'
return redirect(url_for('c.index'))
flash(error)
return render_template('c/login_c.html')
# Requested by GET, the user is trying to login
if role == 'a':
return render_template('a/login_a.html')
if role == 'b':
return render_template('b/login_b.html')
if role == 'c':
return render_template('c/login_c.html')
