def register(): next_url = request.args.get('next') if not current_user.is_authenticated: try: if request.method == "POST": con, conn = connection() form = request.form email = form['email'] password = sha256_crypt.encrypt((str(form['password']))) used_username = con.execute( "SELECT * FROM user WHERE login = (%s)", escape_string(request.form['login'])) if "@" not in email: wrong_email = True else: wrong_email = False if used_username or wrong_email: return render_template('register.html', form=form, used_username=used_username, wrong_email=wrong_email) con.execute( "INSERT INTO scout (first_name, last_name) VALUES (%s, %s)", (escape_string( form['first-name']), escape_string(form['last-name']))) conn.commit() scout_id = con.lastrowid sql = "INSERT INTO user (login, password, email, scout_id) VALUES (%s, %s, %s, " + str( scout_id) + ")" con.execute( sql, (escape_string(form['login']), escape_string(password), escape_string(form['email']))) conn.commit() flash("Zarejestrowano pomyślnie!", 'success') send_confirmation_email(form['email']) con.close() conn.close() gc.collect() return redirect(url_for('login', next=next_url, username=email)) else: return render_template('register.html') except Exception as error: flash('Błąd: ' + str(error), 'danger') return redirect('/') else: flash("Jesteś już zalogowany!", 'warning') return redirect(next_url)
def settings_get(): con, conn = connection() con.execute("SELECT * FROM scout_team WHERE id_scout_team = %s", escape_string(str(session['id_scout_team']))) scout_team = con.fetchone() con.close() conn.close() return render_template('settings.html', scout_team=scout_team)
def plan(): con, conn = connection() con.execute("SELECT * FROM scout_team WHERE id_scout_team = %s", escape_string(str(session['id_scout_team']))) current_team = con.fetchone() con.execute("SELECT * FROM work_plan WHERE scout_team_id = %s", escape_string(str(session['id_scout_team']))) work_plans = con.fetchall() con.close() conn.close() if work_plans: current_work_plan = None for work_plan in work_plans: if request.args.get('work-plan'): current_work_plan = work_plan if int(request.args.get('work-plan')) == work_plan['id_work_plan'] else current_work_plan else: current_work_plan = work_plan if work_plan['id_work_plan'] == current_team['current_work_plan_id'] else current_work_plan return render_template("plan.html", work_plans=work_plans, current_work_plan=current_work_plan if current_work_plan else work_plans[-1]) return render_template("plan-none.html")
def send_confirmation_email(mail): with MAIL.connect() as conn: print(mail) token = ts.dumps(mail, salt='email-confirm-key') print(token) msg = Message("EEH - Potwierdź swój adres email", sender=config.MAIL_USERNAME, recipients=[mail]) msg.html = render_template('verify_email.html', token=token) conn.send(msg)
def scouting_troops_get(): con, conn = connection() con.execute( "SELECT * FROM scouting_troop WHERE scout_team_id = %s AND name <> \"none\"", escape_string(str(session['id_scout_team']))) scouting_troops = con.fetchall() con.close() conn.close() return render_template("scouting-troops.html", scouting_troops=scouting_troops)
def login(): try: if current_user.is_authenticated: flash('Już jesteś zalogowany!', 'warning') if request.args.get('next'): return redirect(request.args.get('next')) return redirect('/') if request.method == "POST": con, conn = connection() con.execute("SELECT * FROM user WHERE email = (%s) OR login = %s", (escape_string(request.form['email']), escape_string(request.form['email']))) user_dict = con.fetchone() user = User() user.update(user_dict) con.close() conn.close() gc.collect() if user and sha256_crypt.verify(request.form['password'], user['password']): con, conn = connection() con.execute( "SELECT id_scout_team FROM scout_team WHERE scoutmaster_user_id = %s", escape_string(str(user['id_user']))) scout_team = con.fetchone() con.close() conn.close() remember_me = request.form[ 'remember-me'] if 'remember_me' in request.form else False login_user(user, remember=remember_me) session['id_scout_team'] = scout_team['id_scout_team'] if request.args.get('next'): return redirect(request.args.get('next')) return redirect('/app/') return render_template('login.html', form=request.form, wrong=True) return render_template('login.html') except Exception as error: flash('Błąd: ' + str(error), 'danger') return redirect('/')
def plan_get(identifier): harcerze = [] current_plan = Plan.query.filter_by(id=identifier).first() if current_plan.druzyna_id == current_user['id']: plany = Plan.query.filter_by(druzyna_id=current_user['id']).all() plany_indywidualne = HarcerzPlan.query.filter_by( plan_id=current_user['current_plan']).all() for plan_indywidualny in plany_indywidualne: harcerz = Harcerz.query.filter_by(id=plan_indywidualny.id).first() harcerze.append({ 'first_name': harcerz.first_name, 'last_name': harcerz.last_name, 'charakterystyka': plan_indywidualny.charakterystyka, 'cele': plan_indywidualny.cele }) return render_template('plan.html', harcerze=harcerze, wizja=current_plan.wizja, cele=current_plan.cele, zz=current_plan.zz, plany=plany) flash("You can't do that", 'warning') return redirect(request.host_url)
def scouting_troop_get(identifier): con, conn = connection() query = con.execute( "SELECT * FROM scouting_troop WHERE id_scouting_troop = %s AND scout_team_id = %s", (escape_string(identifier), escape_string(str( session['id_scout_team'])))) scouting_troop = con.fetchone() if query == 0: return redirect("/scouting-troops/") con.execute( "SELECT a.id_scout, a.first_name, a.last_name, b.name FROM scout a, scouting_troop b, scout_membership c WHERE b.id_scouting_troop = c.scouting_troop_id AND a.id_scout = c.scout_id AND b.scout_team_id = %s AND b.id_scouting_troop = %s", (escape_string(str( session['id_scout_team'])), escape_string(identifier))) scouts = con.fetchall() con.close() conn.close() return render_template("scouting-troop.html", scouts=scouts, scouting_troop=scouting_troop)
def add_get(): if request.method == "GET": return render_template('add.html') elif request.method == "POST": try: print(request.form) con, conn = connection() if not valid_pesel(request.form['pesel']): flash("Zły pesel", 'warning') return redirect('/add/') sql = "INSERT INTO scout (first_name, middle_name, last_name, {}pesel, address, phone) VALUES (%s, {}%s, %s, %s, %s, %s)".format( "birthdate, " if not request.form['birthdate'] == '' else '', escape_string(str(request.form['birthdate'])) + ", " if not request.form['birthdate'] == '' else '') print(sql) con.execute(sql, (escape_string(request.form['first-name']), escape_string(request.form['middle-name']), escape_string(request.form['last-name']), escape_string(request.form['pesel']), escape_string(request.form['address']), escape_string(request.form['phone']))) conn.commit() scout_id = con.lastrowid con.execute( "SELECT id_scouting_troop FROM scouting_troop WHERE scout_team_id IN (SELECT id_scout_team FROM scout_team WHERE scoutmaster_user_id= %s) AND name = \"none\"", escape_string(str(current_user['id_user']))) scouting_troop = con.fetchone() scouting_troop_join(scout_id, scouting_troop['id_scouting_troop'], notify=False) con.close() conn.close() flash( "Dodano {} {}!".format(request.form['first-name'], request.form['last-name']), 'success') except Exception as error: flash("Error: " + str(error), 'danger') return redirect('/app/')
def app(): scouts = [] no_team = True con, conn = connection() if current_user.is_authenticated: sql = "SELECT a.id_scout_team, a.name, c.scouting_troop_id, b.name FROM scout_team a, scouting_troop b, scout_membership c WHERE c.scouting_troop_id = b.id_scouting_troop AND a.id_scout_team = b.scout_team_id AND c.scout_id = %s" query = con.execute(sql, current_user['scout_id']) scout_teams = con.fetchall() if not query == 0: sql = "select a.id_scout_team, a.name, b.id_scouting_troop, c.scout_id FROM scout_team a, scouting_troop b, scout_membership c WHERE a.id_scout_team = b.scout_team_id AND c.scouting_troop_id = b.id_scouting_troop AND b.name = \"Komenda\" AND c.scout_id = %s;" query = con.execute(sql, escape_string(str(current_user['id_user']))) scout_teams = con.fetchall() if not query == 0 else scout_teams if not query == 0: sql = "SELECT a.id_scout, a.first_name, a.middle_name, a.last_name, a.birthdate, a.pesel, a.address, a.phone, b.scouting_troop_id, c.name as 'scouting_troop_name', c.scout_team_id FROM scout a, scout_membership b, scouting_troop c WHERE c.scout_team_id = %s AND b.scouting_troop_id = c.id_scouting_troop AND a.id_scout = b.scout_id" session['id_scout_team'] = int( request.args.get('scout-team')) if request.args.get( 'scout-team') else session['id_scout_team'] id = session['id_scout_team'] query = con.execute(sql, escape_string(str(id))) scouts_raw = con.fetchall() print(scouts_raw) if not query == 0: scouts = scouts_raw no_team = False con.close() conn.close() else: con.close() conn.close() flash("Zaloguj się", "warning") return redirect('/') return render_template('app.html', harcerze=scouts, no_team=no_team, scout_teams=scout_teams, current_scout_team_id=None if no_team else id)
def home(): return render_template('home.html')
def new_plan_get(): return render_template('plan-new.html')
def errorhandler404(e): return render_template('404.html'), 404