def update(): try: if 'loggedin' in session: rp = None cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() if account['role'] == 'admin': if request.method == 'POST': name = request.form['editDeviceName'] serial_number = request.form['editSerialNumber'] location = request.form['editLocation'] operating_sys = request.form['editOperatingSys'] tablet_type = request.form['editDeviceType'] model = request.form['editModel'] zone = request.form['editZone'] state = request.form['editCondition'] date_added = request.form['editDateAdded'] date_damaged = request.form['editDateDamaged'] st = 'UPDATE devices SET name=\"{}\", location=\"{}\", operating_sys=\"{}\", tablet_type=\"{}\", model=\"{}\", zone=\"{}\", state=\"{}\", date_added=\"{}\", '\ 'date_damaged=\"{}\" WHERE serial_number=\"{}\"'.format( name, location, operating_sys, tablet_type, model, zone, state, date_added, date_damaged, serial_number) cur = mysql.connection.cursor() cur.execute(st) mysql.connection.commit() if location == 'Repair': rp = 'UPDATE `repair` SET repair_count= repair_count+1 WHERE serial_number=\"{}\"'.format( serial_number) cur.execute(rp) cur.execute(rp) mysql.connection.commit() flash("Data Updated Successfully") elif account['role'] == 'normal': cur = mysql.connection.cursor() if request.method == 'POST': serial_number = request.form['editSerialNumber'] damageDes = request.form['damageReport'] rp = 'UPDATE `repair` SET repair_count= repair_count+1 WHERE serial_number=\"{}\"'.format( serial_number) rp1 = 'UPDATE `repair` SET damage_report=\"{}\" WHERE serial_number=\"{}\"'.format( damageDes, serial_number) email(serial_number, damageDes) #notification = "alert(\'Email sent successfully!\')" cur.execute(rp) mysql.connection.commit() return redirect(url_for('dashboard', username=session['username'])) return redirect(url_for('login')) except ValueError as error: flash("Failed to insert record into table {}".format(error))
def info(id_data): if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() cursor.execute("SELECT * FROM repair WHERE repair_id = %s", (id_data, )) info = cursor.fetchone() mysql.connection.commit() return redirect( url_for('dashboard', username=session['username'], info=info)) return redirect(url_for('login'))
def email(id_data, damage): if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() cursor.execute("SELECT * FROM devices WHERE serial_number = %s", (id_data, )) data = cursor.fetchone() #needed, name, location and location = data['location'] DamagedReport(id_data, location, damage) return redirect(url_for('dashboard', username=session['username'])) return redirect(url_for('login'))
def logout(): # Remove session data, this will log the user out session.pop('loggedin', None) session.pop('id', None) session.pop('username', None) # Redirect to login page return redirect(url_for('login'))
def login(): # Output message if something goes wrong... msg = '' # Check if "username" and "password" POST requests exist (user submitted form) if request.method == 'POST' and 'username' in request.form and 'password' in request.form: # Create variables for easy access username = request.form['username'] password = request.form['password'] # Check if account exists using MySQL cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute( 'SELECT * FROM accounts WHERE username = %s AND password = %s', (username, password)) # Fetch one record and return result account = cursor.fetchone() # If account exists in accounts table in out database if account: # Create session data, we can access this data in other routes session['loggedin'] = True session['id'] = account['id'] session['username'] = account['username'] # Redirect to home page return redirect(url_for('home')) else: # Account doesnt exist or username/password incorrect msg = 'Incorrect username/password!' # Show the login form with message (if any) return render_template('login.html', msg=msg)
def home(): # Check if user is loggedin if 'loggedin' in session: # User is loggedin show them the home page return render_template('home.html', username=session['username']) # User is not loggedin redirect to login page return redirect(url_for('login'))
def users(): if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() if account['role'] == 'admin': cursor.execute('SELECT * FROM accounts') data = cursor.fetchall() # Show the profile page with return render_template( 'users.html', username=session['username'], values=data) # values not transmitting to table else: return redirect(url_for('home', username=session['username'])) return redirect(url_for('login'))
def dashboard(): if 'loggedin' in session: # We need all the account info for the user so we can display it on the profile page cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() if account['role'] == 'normal': stmt = 'SELECT * FROM devices WHERE location=\"{}\"'.format( account['location']) cursor.execute(stmt) data = cursor.fetchall() length = len(data) return render_template('dashboard-user.html', username=session['username'], values=data, length=length) #Load table cursor.execute('SELECT * FROM devices') data = cursor.fetchall() length = len(data) # Show the profile page with return render_template( 'dashboard.html', username=session['username'], values=data, length=length) # values not transmitting to table return redirect(url_for('login'))
def file_import(): if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() try: if request.method == 'POST': file_path = request.files['myfile'] importfile(file_path) return redirect(url_for("dashboard")) except ValueError as error: return redirect(url_for("dashboard")) if file_path != None: importfile(file_path) else: return redirect(url_for('login'))
def add(): if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() try: if request.method == 'POST': name = request.form.get('inputDeviceName') serialnum = request.form.get('inputSerialNumber') location = request.form.get('inputLocation') operatingsys = request.form.get('inputOperatingSys') devicetype = request.form.get('inputDeviceType') inputmodel = request.form.get('inputModel') inputzone = request.form.get('inputZone') state = request.form.get('inputCondition') dateadded = request.form.get('inputDateAdded') datedamaged = request.form.get('inputDateDamaged') inputuser = request.form.get('inputUser') st = 'INSERT INTO `devices` (`name`, `serial_number`, `location`, `operating_sys`, `tablet_type`, `model`, `zone`, `state`, `date_added`, `date_damaged`, `user`)' \ 'VALUES(\"{}\", \"{}\", \"{}\", \"{}\", \"{}\", \"{}\", \"{}\", \"{}\", \"{}\", \"{}\", \"{}\")'.format( name, serialnum, location, operatingsys, devicetype, inputmodel, inputzone, state, dateadded, datedamaged, inputuser) cur = mysql.connection.cursor() cur.execute(st) mysql.connection.commit() rpcount = 0 cmmt = 'NULL' rp = 'INSERT INTO `repair` (`repair_count`, `serial_number`, `previous_location`, `comment`)' \ 'VALUES({}, \"{}\", \"{}\", \"{}\")'.format(rpcount, serialnum ,location, cmmt) cur.execute(rp) mysql.connection.commit() return redirect(url_for("dashboard", username=session['username'])) except ValueError as error: return redirect(url_for("login")) #flash("Failed to insert record into table {}".format(error)) return redirect(url_for('login'))
def profile(): # Check if user is loggedin if 'loggedin' in session: # We need all the account info for the user so we can display it on the profile page cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() # Show the profile page with account info return render_template('profile.html', account=account, username=session['username']) # User is not loggedin redirect to login page return redirect(url_for('login'))
def delete_usr(id_data): try: if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() cursor.execute("DELETE FROM accounts WHERE id = %s and id != %s", (id_data, account['id'])) mysql.connection.commit() flash("Record Has Been Deleted Successfully") return redirect(url_for("users", username=session['username'])) except ValueError as error: flash("Failed to delete record into table {}".format(error))