def update_user(user_id):
curr_user = User.query.get_or_404(user_id)
if current_user.id != curr_user.id:
flash("Access unauthorized.", "danger")
return redirect("/login")
form = UpdateUserForm()
if form.validate_on_submit():
user = User.authenticate(form.username.data, form.password.data)
if user:
try:
curr_user.avatar_url = form.avatar_url.data or curr_user.avatar_url
curr_user.email = form.email.data or curr_user.email
if form.new_password.data:
hashed_pass = bcrypt.generate_password_hash(
form.new_password.data).decode('UTF-8')
curr_user.password = hashed_pass or curr_user.password
db.session.add(curr_user)
db.session.commit()
flash("Your account was updated successfully!", "success")
return redirect(f'/my-lists/{curr_user.id}')
except IntegrityError:
db.session.rollback()
flash("Email is associated with another account", 'danger')
else:
flash("Invalid credentials.", 'danger')
return render_template('update-user.html', form=form)
def change_user(user_id):
changed_user = User.query.get_or_404(user_id)
form = UpdateUserForm()
if form.validate_on_submit():
changed_user.username = form.username.data
changed_user.group_id = form.group.data.id
changed_user.group = form.group.data.name
db.session.commit()
flash('User updated successfully', 'success')
return redirect(url_for('users.user_page'))
elif request.method == "GET":
form.username.data = changed_user.username
form.group.data = changed_user.group_id
return render_template('chage_user.html', form=form, title=title)
def update_user():
username = current_user.get_id()
user = User.query.filter_by(username=username)
form = UpdateUserForm(obj=user.first())
if form.validate_on_submit():
existing_user = User.query.filter_by(email=form.email.data).first()
if form.email.data != user.first().email and existing_user:
return abort(401, description="Email already registered")
else:
data = {
"first_name": form.first_name.data,
"last_name": form.last_name.data,
"dob": form.dob.data,
"mobile": form.mobile.data,
"city": form.city.data,
"country": form.country.data
}
fields = user_schema.load(data, partial=True)
user.update(fields)
db.session.commit()
flash("Account updated!")
return redirect(url_for("web_users.get_user"))
return render_template("user_update.html", form=form, user=user)
# @web_users.route("/account/delete", methods=["POST"])
# @login_required
# def delete_user():
# form = DeleteButton()
# if form.submit.data:
# username = current_user.get_id()
# user = User.query.filter_by(username=username)
# profiles = Profile.query.filter_by(user_id=user.user_id)
# for profile in profiles:
# while len(profile.unrecommend) > 0:
# for item in profile.unrecommend:
# profile.unrecommend.remove(item)
# db.session.commit()
# db.session.delete(user)
# db.session.commit()
# logout_user()
# flash("Account deleted")
# return redirect(url_for("web_users.web_users_login"))
# return redirect(url_for("web_users.get_user"))
def profile():
"""Update profile for current user."""
user = g.user
form = UpdateUserForm(username=user.username,
email=user.email,
bio=user.bio)
if form.validate_on_submit():
if User.authenticate(user.username, form.password.data):
update_user_with_form_data(user, form)
db.session.commit()
else:
flash('Could not authenticate - please try again.', 'danger')
return redirect(f'users/{user.id}')
return render_template('users/edit.html', form=form, user=user)
def change_user(user_id):
changed_user = get_filtered_by_id_users(user_id)[0]
changed_name = changed_user[1]
form = UpdateUserForm()
if form.validate_on_submit():
changed_user.name = changed_name
changed_user.email = form.email.data
changed_user.phone = form.phone.data
changed_user.mobile_phone = form.mobile_phone.data
changed_user.status = form.status.data
flash('User updated successfully', 'success')
elif request.method == "GET":
form.name.data = changed_user[1]
form.email.data = changed_user[2]
form.phone.data = changed_user[3]
form.mobile_phone.data = changed_user[4]
form.status.data = changed_user[5]
form.courses.choices = [(course[0], course[1]) for course in get_all_courses()]
return render_template('chage_user.html', form=form, title=title)
def update_user():
user_id = current_user.get_id()
user = User.query.filter_by(user_id=user_id)
form = UpdateUserForm(obj=user.first())
if form.validate_on_submit():
existing_user = User.query.filter_by(email=form.email.data).first()
if form.email.data != user.first().email and existing_user:
return abort(401, description="Email already registered")
else:
data = {
"email": form.email.data,
"subscription_status": form.subscription_status.data
}
fields = user_schema.load(data, partial=True)
user.update(fields)
db.session.commit()
flash("Account updated!")
return redirect(url_for("web_users.get_user"))
return render_template("user_update.html", form=form, user=user)
def profile():
"""Update profile for current user."""
if not g.user:
flash("Must be logged in to do that", "danger")
return redirect("/login")
user = g.user
form = UpdateUserForm(obj=user)
if form.validate_on_submit():
if User.authenticate(user.username, form.password.data):
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
db.session.commit()
return redirect(f"/users/{user.id}")
flash("Incorrect Password", "danger")
return render_template("users/edit.html", form=form, user=user)
else:
return render_template("users/edit.html", form=form, user=user)
def edit_profile(id):
"""Update profile for current user."""
user = User.query.get_or_404(g.user.id)
form = UpdateUserForm(obj=user)
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
if form.validate_on_submit():
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.location = form.location.data
user.bio = form.bio.data
db.session.commit()
return redirect(f"/users/{id}")
else:
return render_template("users/edit.html", user=user, form=form)
def profile():
"""Update profile for current user."""
user = g.user
form = UpdateUserForm(obj=user)
if form.validate_on_submit():
if User.authenticate(user.username, form.password.data):
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data or "/static/images/default-pic.png"
user.header_image_url = form.header_image_url.data or "/static/images/warbler-hero.jpg"
user.bio = form.bio.data
user.location = form.location.data
db.session.commit()
return redirect(f"/users/{user.id}")
flash("Incorrect password. Try again", 'danger')
return render_template('users/edit.html', form=form)
def update():
if 'logged_in' in session:
form = UpdateUserForm()
current_user = getUser()
if request.method == 'GET': # fill in form with information in database
form.first_name.data = current_user.firstName
form.last_name.data = current_user.lastName
form.username.data = current_user.username
form.email.data = current_user.email
form.addr_street.data = current_user.addr_street
form.addr_city.data = current_user.addr_city
form.addr_state.data = current_user.addr_state
form.addr_zip.data = current_user.addr_zip
elif request.method == 'POST':
if form.validate_on_submit():
currentUsername = session['username']
firstName = form.first_name.data
lastName = form.last_name.data
username = form.username.data
email = form.email.data
addr_street = form.addr_street.data
addr_city = form.addr_city.data
addr_state = form.addr_state.data
addr_zip = form.addr_zip.data
cursor = conn.cursor()
update = 'UPDATE user SET fName=%s, lName=%s, username=%s, email=%s, \
addr_street=%s, addr_city=%s, addr_state=%s, addr_zip=%s WHERE username=%s'
cursor.execute(update, (firstName, lastName, username, email, addr_street,
addr_city, addr_state, addr_zip, currentUsername))
session['username'] = username
conn.commit()
cursor.close()
flash('Your account has been successfully updated!', 'success')
return redirect(url_for('update'))
else:
flash('Please check the errors below.', 'danger')
return render_template('edit.html', title='Edit Account', form=form, current_user=current_user, isLoggedin=True)
else:
return redirect(url_for('home'))
def admin():
form = AddUserForm(prefix="form")
formUpdate = UpdateUserForm(prefix="formUpdate", idUser='******')
u = Users.query.order_by(Users.id).all()
formDelete = DeleteUserForm(prefix="formDelete")
if form.validate_on_submit() and form.submit.data:
a.createUser(session['author_id'], session['session_id'], form.login.data, form.email.data, form.password.data, form.admin.data)
elif request.method == 'POST' and form.validate() == False and not formUpdate.submit.data and not formDelete.submit.data:
flash("Error during the user creation!")
if formUpdate.validate_on_submit() and formUpdate.submit.data:
if formUpdate.idUser.data == '0':
formUpdate.idUser.data = session['author_id']
a.updatePassword(session['author_id'], session['session_id'], int(formUpdate.idUser.data), formUpdate.oldPassword.data, formUpdate.password.data)
if formDelete.validate_on_submit() and formDelete.submit.data:
a.getUserByName(session['author_id'], session['session_id'], formDelete.name.data)
time.sleep(1)
u = Users.query.filter_by(name = formDelete.name.data).all()
if not u:
flash("User not found or the server don't send the user information!")
else:
u = u[0]
print formDelete.password.data
a.delUser(session['author_id'], session['session_id'], u.id, formDelete.password.data)
return render_template('admin.html', form=form, formUpdate=formUpdate,u = u, formDelete=formDelete)
def profile():
form = UpdateUserForm()
if form.validate_on_submit():
username = request.form['username']
email = request.form['email']
firstname = request.form['firstname']
lastname = request.form['lastname']
about = request.form['about']
telephone = request.form['telephone']
street = request.form['street']
city = request.form['city']
country = request.form['country']
cur = mysql.connection.cursor()
cur.execute(
"Update User set username=%s, email=%s, firstname=%s,lastname=%s, about=%s, telephone=%s,street=%s,city=%s,country=%s where username=%s ",
(
username,
email,
firstname,
lastname,
about,
telephone,
street,
city,
country,
session['username'],
))
mysql.connection.commit()
cur.close()
session['loggedin'] = True
session['username'] = request.form['username']
session['email'] = request.form['email']
flash(f' {username} Account successfully updated', 'success')
return redirect(url_for('profile'))
elif request.method == 'GET':
pass
curl = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
curl.execute("SELECT * FROM User WHERE username=%s",
(session['username'], ))
data = curl.fetchone()
curl.close()
default_image = os.path.join(app.config['UPLOAD_FOLDER'],
'default-picture.png')
cur = mysql.connection.cursor()
cur.callproc("GETPROFILE_PICTURE_BY_USERNAME", [session['username']])
user_profile_pic = cur.fetchone()
cur.close()
print(user_profile_pic)
return render_template("profile.html",
title='Profile',
default=default_image,
form=form,
pro_info=data,
user_profile_pic=user_profile_pic)
