def show_entries(): # print(type(session['master_user'])) # print(str(session['master_user'])) db = get_db() cur = db.execute('select title, text from entries order by id desc') entries = cur.fetchall() template = env.get_template('show_entries.html') return template.render(entries=entries, application=application)
def check_valid_user(): if request.method == 'GET': db = get_db() cur = db.execute('select username, password from authentication') entries = cur.fetchall() template = env.get_template('show_all_users.html') return template.render(entries=entries, application=application) username = (request.form['username'],) password = request.form['password'] db = get_db() cur = db.execute('select password from authentication where username=?', username) results = cur.fetchall() for result in results: if result['password'] == password: return 'valid user' else: return 'invalid user' else: return "user not found"
def add_entry(): if not session.get('logged_in'): abort(401) db = get_db() title = request.form['title'] try: if session['master_user']: title = "post by master user : Title --> "+title except: pass db.execute('insert into entries (title, text) values (?, ?)', [title, request.form['text']]) db.commit() flash('New entry was successfully posted') return redirect(url_for('show_entries'))
def login(): error = None if request.method == 'POST': username = (request.form['username'],) db = get_db() cur = db.execute('select password from authentication where username=?', username) results = cur.fetchall() if len(results) == 0: error = 'Invalid Username' else: for result in results: print(result['password']) if request.form['password'] != result['password']: error = 'Invalid Password' break else: session['logged_in'] = True session['master_user'] = False flash('You have been logged in') return redirect(url_for('show_entries')) template = env.get_template('login.html') return template.render(error=error)
def insert_into_authentication_table(): db = get_db() db.execute('insert into authentication (username, password) values (?, ?)', [request.form['username'], request.form['password']]) db.commit() return redirect(url_for('check_valid_user'))