def matchpairs():
if request.method == 'POST':
#fill students/coaches with the users seelcted by the teacher
students,coaches =[],[]
for key,value in request.form.items():
if value == "on":
if key[:3] == "stu":
students.append(key[4:])
else:
coaches.append(key[6:])
#match the students and coaches
pairs,iteration = match(students,coaches)
#error checking
if pairs == 0:
return("Too many students. Not enough coaches.")
#insert pairs into database
for student,coach in pairs.items():
dbexecute("INSERT INTO pairs (studentEmail,coachEmail,iteration) VALUES(?,?,?)", (student,coach,iteration))
return redirect(url_for("teacher"))
#if GET request
else:
#select all students and coaches so teacher can select
sturows = dbexecute("SELECT * FROM student;")
coachrows = dbexecute("SELECT * FROM coach;")
if session.get("acc_type") == "teacher":
print("userid = "+session.get("user_id"))
return render_template("match.html",sturows=sturows,coachrows=coachrows)
else:
return "you aren't a teacher"
def imageupload():
if request.method == 'POST':
image = None
#get task text data that has been posted
for key,value in request.form.items():
if key[:-1] == "task":
taskID = int(key[-1])
tasktext = value
#get image data that has been posted
for key,value in request.files.items():
image = bytearray(value.read())
#update/insert task data
if image:
dbexecute("INSERT OR REPLACE INTO studentTask (studentEmail,taskID,submissionTime,text,\
photo) VALUES(?,?,CURRENT_TIMESTAMP,?,?)", (session["user_id"],taskID,tasktext,image))
else:
dbexecute("INSERT OR REPLACE INTO studentTask (studentEmail,taskID,submissionTime,text)\
VALUES(?,?,CURRENT_TIMESTAMP,?)", (session["user_id"],taskID,tasktext))
return redirect("/profile")
else:
return render_template("imageupload.html")
def teacher():
if session["acc_type"] != "teacher":
return render_template("error.html",errorMessage="You are not a teacher.")
#sql aggregate query
#select all students in current iteration
students = dbexecute("SELECT email,firstName,lastName,uniqueCode FROM student WHERE email in \
(SELECT studentEmail FROM pairs WHERE iteration = (SELECT MAX(iteration) FROM pairs))")
#maximum amount of tasks/wagon wheel/eval to be completed for the progress bar
maxAmount = len(dbexecute("SELECT * FROM task")) + 3
for student in students:
# for every student get the number of tasks etc. completed
wagonCompleted = len(dbexecute("SELECT * FROM wagonwheel WHERE studentEmail = ?",(student["email"],)))
evalCompleted = len(dbexecute("SELECT * FROM studentEvaluation WHERE email = ?",(student["email"],)))
taskRows = dbexecute("SELECT taskID FROM studentTask WHERE studentEmail = ?",(student["email"],))
taskList=[]
for task in taskRows:
taskList.append(task["taskID"])
tasksCompleted = len(list(dict.fromkeys(taskList)))
student["completed"] = wagonCompleted+evalCompleted+tasksCompleted
return render_template("teacher.html",students=students,maxAmount=maxAmount)
def choosesuperpower():
#coach selects a superpower from dropdown
#database is updated
chosensp = request.form.get("superpower")
try:
powerid = dbexecute(
"SELECT superpowerID from superpower WHERE superpower = ?", (chosensp,))[0]["superpowerID"]
except:
return render_template("choosesuperpower.html",errorMessage="Please choose a superpower.")
dbexecute("UPDATE coach SET superpowerID = ? WHERE email = ?",
(powerid, session["user_id"]))
return redirect(url_for("coach"))
def login():
if request.method == 'POST':
session.clear()
# Ensure username was submitted
if not request.form.get("email"):
return ("must provide email")
# Ensure password was submitted
elif not request.form.get("pass"):
return ("must provide password")
# Query database for username
sturows = dbexecute("SELECT * FROM student WHERE email = ?",
(request.form.get("email"),))
coachrows = dbexecute("SELECT * FROM coach WHERE email = ?",
(request.form.get("email"),))
teachrows = dbexecute("SELECT * FROM teacher WHERE email = ?",
(request.form.get("email"),))
pw = hashlib.md5(request.form.get("pass").encode())
# check if user is a student and has correct password
if len(sturows) == 1 and pw.hexdigest() == sturows[0]["password"]:
#set session email address
session["user_id"] = request.form.get("email")
session["acc_type"] = "student"
return redirect(url_for("profile"))
# check if user is a coach and has correct password
if len(coachrows) == 1 and pw.hexdigest() == coachrows[0]["password"]:
#set session email address
session["user_id"] = request.form.get("email")
session["acc_type"] = "coach"
return redirect(url_for("coach"))
# check if user is a teacher and has correct password
if len(teachrows) == 1 and pw.hexdigest() == teachrows[0]["password"]:
#set session email address
session["user_id"] = request.form.get("email")
session["acc_type"] = "teacher"
return redirect(url_for("teacher"))
return render_template("index.html",errorMessage = "Incorrect Email/Password")
#if it is a GET request
else:
return render_template("testing.html")
def studenteval():
#get student's evaluation from HTML text field
evaluation = request.form.get("studenteval")
if len(evaluation) > 0:
#check if the student has already written an evaluation
existingEval = dbexecute("SELECT * FROM studentEvaluation WHERE email = ?",(session["user_id"],))
if len(existingEval) == 0:
#if it is the first time insert into database
dbexecute("INSERT INTO studentEvaluation (email,text) \
VALUES(?,?)", (session["user_id"], evaluation))
else:
#if after the first time, update the database
dbexecute("UPDATE studentEvaluation SET text=? WHERE email =?",(evaluation,session["user_id"]))
return redirect("/profile")
def viewpairs():
#sql aggregate function
#select all pairs in the current iteration
pairs = dbexecute("SELECT coach.firstName as coachFName,coach.lastName as coachLName,\
student.firstName as stuFName,student.lastName as stuLName FROM coach,student,pairs \
WHERE pairs.coachEmail = coach.email and pairs.studentEmail = student.email and \
pairs.iteration = (SELECT MAX(iteration) FROM pairs);")
#return template with current pair data
return render_template("viewpairs.html",pairs=pairs)
def coachEval():
#get coach's evaluation from HTML text field
evaluation = request.form.get("coacheval")
if len(evaluation) > 0:
#sql aggregate function
#select existing evaluation if it exists
existingEval = dbexecute("SELECT * FROM coachEvaluation WHERE email = ? AND\
iteration=(SELECT MAX(iteration) FROM pairs)",(session["user_id"],))
#if it is the first time insert into database
if len(existingEval) == 0:
dbexecute("INSERT INTO coachEvaluation (email,text,iteration) \
VALUES(?,?,(SELECT MAX(iteration) FROM pairs))", (session["user_id"], evaluation))
else:
#if after the first time, update the database
dbexecute("UPDATE coachEvaluation SET text=? WHERE email =?",(evaluation,session["user_id"]))
return redirect("/coach")
def forgotPwEmail():
if request.method == 'POST':
session["codeCorrect"] = False
email = request.form.get("email")
allEmails = dbexecute("SELECT email FROM student;") + dbexecute("SELECT email FROM coach;")
if email in str(allEmails):
#generate reset password code and add it to the database
resetCode = randint(1000000,9999999)
dbexecute("INSERT OR REPLACE INTO forgotPassword (email,resetCode,dateCreated) VALUES (?,?,CURRENT_TIMESTAMP)",(email,resetCode))
# Send the email via gmail's server, over SSL
me = "*****@*****.**"
my_password = "******"
msg = MIMEMultipart('alternative')
msg['Subject'] = "Reset Password Code"
msg['From'] = me
msg['To'] = email
html = '<html><body><p>Your reset password code is '+str(resetCode)+'</p></body></html>'
part2 = MIMEText(html, 'html')
msg.attach(part2)
emailsession = smtplib.SMTP_SSL('smtp.gmail.com')
emailsession.login(me, my_password)
emailsession.sendmail(me, email, msg.as_string())
emailsession.quit()
#save the email for which the password is being reset
session["resetEmail"] = email
return render_template("forgotPwCode.html")
else:
return render_template("error.html",errorMessage="Invalid email.")
# return the html page on a GET request
else:
return render_template("forgotPwEmail.html")
def fillwheel(wagonNum):
if wagonNum not in [0,1]:
return "Error"
#get wagon wheel data items from respective dropdowns
try:
diary = int(request.form.get("diary"))
time = int(request.form.get("time"))
packing = int(request.form.get("packing"))
org = int(request.form.get("org"))
filing = int(request.form.get("filing"))
locker = int(request.form.get("locker"))
except:
return render_template("fillwheel.html",wagonNum=wagonNum,errorMessage="Please fill all dropdowns.")
#insert into database
dbexecute("INSERT OR REPLACE INTO wagonwheel (studentEmail,initOrFinal,timeManagement,filing,\
organizationTime,packingBag,hwDiary,lockerUse) VALUES(?,?,?,?,?,?,?,?)", (session["user_id"],wagonNum, time, filing, org, packing, diary, locker))
return redirect("/profile")
def forgotPwCode():
#compare entered code to actual code
codeEntered = request.form.get("code")
email = session["resetEmail"]
actualCode = dbexecute("SELECT resetCode from forgotPassword WHERE email = ?",(email,))
if len(actualCode) == 0:
return render_template("error.html",errorMessage="Invalid code")
#go to the reset password page if the codes match
if actualCode[0]["resetCode"] == codeEntered:
session["codeCorrect"] = True
return render_template("resetpassword.html")
else:
return render_template("error.html",errorMessage="Invalid code")
def coach():
if session.get("acc_type") == "coach":
superpowerEntered = dbexecute("SELECT superpowerID FROM coach WHERE email = ?",(session["user_id"],))[0]["superpowerID"]
if not superpowerEntered:
return render_template("choosesuperpower.html")
#try to get assigned student's unique code
try:
studentUniqueCode = dbexecute("SELECT uniqueCode FROM student,pairs WHERE \
student.email = pairs.studentEmail AND pairs.coachEmail = ? \
AND iteration=(SELECT MAX(iteration) FROM pairs);",(session.get("user_id"),))[0]["uniqueCode"]
#student may not be matched to a student for the current iteration
except:
return render_template("error.html",errorMessage="You have not been assigned to a student.")
#try to select evaluation if written
try:
coachEval = dbexecute("SELECT text FROM coachEvaluation WHERE email = ? AND iteration = (SELECT MAX(iteration) FROM pairs)",(session["user_id"],))[0]["text"]
except:
coachEval=""
return render_template("coach.html",uniqueCode=studentUniqueCode,coachEval=coachEval)
else:
return render_template("error.html",errorMessage="You are not a coach")
def resetPassword():
if not session["codeEntered"]:
return render_template("error.html",errorMessage="Sorry you can't access this page.")
pw = hashlib.md5(request.form['password'].encode())
confirmpw = hashlib.md5(request.form['confirmpw'].encode())
#validation
if pw.hexdigest() != confirmpw.hexdigest():
return render_template("error.html",errorMessage="Passwords not the same/Password must be at least 8 characters")
#update the password on the database
studentAccount = len(dbexecute("SELECT * FROM student WHERE email = ?",(session["resetEmail"],))) > 0
if studentAccount:
dbexecute("UPDATE student set password = ? WHERE email = ?",(pw.hexdigest(),session["resetEmail"]))
else:
dbexecute("UPDATE coach set password = ? WHERE email = ?",(pw.hexdigest(),session["resetEmail"]))
dbexecute("DELETE FROM forgotPassword WHERE email = ?",(session["resetEmail"],))
return redirect("/")
def profile():
#must be a student to access profile
if session["acc_type"] != "student":
return render_template("error.html",errorMessage="You are not a student.")
#select all tasks
tasks = dbexecute("SELECT * FROM task")
# get unique code
uniqueCode = dbexecute("SELECT uniqueCode FROM student WHERE email = ?",(session["user_id"],))[0]
#select wagon wheel data for the student
try:
initWagonwheel = dbexecute("SELECT * FROM wagonwheel WHERE studentEmail = ? AND initOrFinal = 0",(session["user_id"],))[0]
except:
return render_template("fillwheel.html",wagonNum=0)
try:
finalWagonwheel = dbexecute("SELECT * FROM wagonwheel WHERE studentEmail = ? AND initOrFinal = 1",(session["user_id"],))[0]
except:
finalWagonwheel = {}
# try to select student's evaluation
try:
evaluation = dbexecute("SELECT * FROM studentEvaluation WHERE email = ?",(session["user_id"],))[0]
#set evaluation to blank if it hasn't been entered
except:
evaluation=""
# if the student has not filled the wagon wheel yet, redirect them to fill it
if len(initWagonwheel) == 0:
return render_template("fillwheel.html",wagonNum=0)
#select tasks user has completed
usertasks = dbexecute("SELECT * FROM studentTask WHERE studentEmail = ?",(session["user_id"],))
for task in tasks:
#set deafults for all tasks
task["text"]= "Enter text here"
task["image"] = "No"
#update image and task data if it has been completed
for usertask in usertasks:
if task["taskID"] == usertask["taskID"]:
task["text"] = usertask["text"]
#update image data if it has been uploaded
if usertask["photo"]!= None:
task["image"] = b64encode(usertask["photo"]).decode("utf-8")
#render profile with data
return render_template("imageupload.html", eval=evaluation, initWheel =initWagonwheel,tasks=tasks,finalWheel = finalWagonwheel,unique = uniqueCode)
def show(code):
#rectified
#select student's email
try:
email = dbexecute("SELECT email from student WHERE uniqueCode=?",(code,))[0]["email"]
except IndexError:
return render_template("error.html",errorMessage="Invalid Unique Code")
# code below is same as student's profile
tasks = dbexecute("SELECT * FROM task")
initWagonwheel = dbexecute("SELECT * FROM wagonwheel WHERE studentEmail = ? AND initOrFinal = 0",(email,))[0]
try:
finalWagonwheel = dbexecute("SELECT * FROM wagonwheel WHERE studentEmail = ? AND initOrFinal = 1",(email,))[0]
except:
finalWagonwheel = {}
try:
studenteval= dbexecute("SELECT text FROM studentEvaluation WHERE email = (SELECT email FROM student WHERE uniqueCode = ?)",(code,))[0]["text"]
except IndexError:
studenteval = "Evaluation Not Entered Yet."
usertasks = dbexecute("SELECT * FROM studentTask WHERE studentEmail = ?",(email,))
for task in tasks:
task["text"]= "No Text Entered"
task["image"] = "No"
for usertask in usertasks:
if task["taskID"] == usertask["taskID"]:
task["text"] = usertask["text"]
if usertask["photo"]!= None:
task["image"] = b64encode(usertask["photo"]).decode("utf-8")
#try to select coach's evaluation
try:
coacheval = dbexecute("SELECT text FROM coachEvaluation WHERE email = (SELECT coachEmail FROM pairs WHERE \
studentEmail = (SELECT email FROM student WHERE uniqueCode = ?) and iteration = (SELECT MAX(iteration) \
FROM pairs)) and iteration = (SELECT MAX(iteration) FROM pairs)",(code,))[0]["text"]
except IndexError:
coacheval = "Evaluation Not Entered Yet."
return render_template("profile.html", initWheel =initWagonwheel,tasks=tasks,finalWheel = finalWagonwheel,studenteval=studenteval,coacheval=coacheval)
def addaccount():
if request.method == 'POST':
#clear currently logged in user
session.clear()
#get data from HTML form
fnm = request.form['fnm']
lnm = request.form['lnm']
email = request.form['email']
pw = hashlib.md5(request.form['pw'].encode())
confirmpw = hashlib.md5(request.form['confirmpw'].encode())
print(pw.hexdigest(),"\n",confirmpw.hexdigest())
year = int(request.form['year'])
acctype = request.form['type']
#check for dubaicollege email address
if not re.search('^[A-Za-z]+[0-9][0-9][0-9][0-9]\@dubaicollege.org$',email):
return render_template("register.html",error="Please use a valid @dubaicollege.org email.")
#ensure password is entered correctly twice
if pw.hexdigest() != confirmpw.hexdigest():
return render_template("register.html",error="Passwords not the same/Password must be at least 8 characters")
#if student checkbox ticked, insert student data into database
if acctype == 'student':
#generate unique code
unique = randint(10000, 99999)
currentCodeRows = dbexecute("SELECT uniqueCode FROM student;")
currentCodes = []
isCodeUnique = True
for i in currentCodes:
currentCodes.append(["uniqueCode"])
while str(unique) in currentCodes:
unique = randint(10000, 99999)
try:
dbexecute("INSERT INTO student (uniqueCode, firstName,lastName,email,password,yearGroup) VALUES(?,?,?,?,?,?)",
(unique, fnm, lnm, email, pw.hexdigest(),year))
except sqlite3.IntegrityError:
return render_template("register.html",error="Email already in the system")
else:
#insert coach info into database
try:
dbexecute("INSERT INTO coach (firstName,lastName,email,password,yearGroup) VALUES(?,?,?,?,?)",
(fnm, lnm, email, pw.hexdigest(), year))
except sqlite3.IntegrityError:
return render_template("register.html",error="Email already in the system")
#set user session
session["user_id"] = request.form['email']
#student must fill wagon wheel. Coach must select superpower
if acctype == "student":
session["acc_type"] = "student"
return render_template("fillwheel.html",wagonNum=0)
else:
session["acc_type"] = "coach"
return render_template("choosesuperpower.html")
return "Error"
else:
return render_template("register.html")
