def admin_page(): if current_user.is_authenticated: abstracts = get_abstracts() totalnumber = 0 for a in abstracts: totalnumber += 1 accept_decisions = get_accept_decisions(current_user.get_email()) accept_decisions = [r[0] for r in accept_decisions] poster_decisions = get_poster_decisions(current_user.get_email()) poster_decisions = [r[0] for r in poster_decisions] reject_decisions = get_reject_decisions(current_user.get_email()) reject_decisions = [r[0] for r in reject_decisions] all_accept = get_all_accept_decisions() all_poster = get_all_poster_decisions() all_reject = get_all_reject_decisions() return render_template("admin.html", abstracts=abstracts, total_number_of_papers=totalnumber, accept_decisions=accept_decisions, poster_decisions=poster_decisions, reject_decisions=reject_decisions, all_accept=all_accept, all_poster=all_poster, all_reject=all_reject) else: return render_template("home.html")
def upload_form(): success_msg = None app_ctx = AppContext() form = FileUploadForm() if form.validate_on_submit(): (filename, output_f) = generate_file(app.config["NMEA_FILE_UPLOAD_DIR"]) if not filename: abort(500) form.data_file.data.save(output_f) output_f.close() if do_file_loading(g.db, # TODO, should user user's id directly # and not e-mail. InputInfo(user_email=current_user.get_email(), input_file=filename, trip_name=form.trip_name.data, trip_date=form.trip_date.data, vessel_name=form.vessel_name.data), context=app_ctx): success_msg = "File uploaded successfully" else: success_msg = app_ctx.get_log_msgs() return render_template("upload_form.html", success_msg=success_msg, error_msg=app_ctx.get_error_msgs(), form=form, vars=TemplateVars(app))
def change_password(): form = json.loads(list(request.form.keys())[0]) old_password = form.get('old_password') password = form.get('password') if password == None or old_password == None: return make_response(jsonify({'ok': False}), 400) ok = graphql.execute(''' query { login(email: "%s", password: "******"){ ok } } ''' % (current_user.get_email(), old_password)).data['login']['ok'] if ok is False: return make_response(jsonify({'ok': False}), 400) ok = graphql.execute(''' mutation { mutateUser(userData: {id: "%s", password: "******"}){ ok } } ''' % (current_user.get_id(), password)).data['mutateUser']['ok'] return make_response(jsonify({'ok': ok}), 200 if ok else 400)
def about(): """Render the abount page for the project Returns: response: the flask response object representing the HTML page """ if current_user.is_anonymous: # redirect to login page if not logged in return redirect(url_for('auth.login')) username = current_user.get_username() email = current_user.get_email() address = current_user.get_address() auth_attributes = get_auth_attributes() auth_user_attributes = auth_attributes[0] if not address: address = auth_user_attributes.get('address', None) phone_number = current_user.get_phone() if not phone_number: phone_number = auth_user_attributes.get('phone_number', None) policies = [] for p in current_user.get_policy(): cur = {'uid': p.get_uid(), 'location': p.get_location(), 'policy_json': p.get_policy_json()} policies.append(cur) print(policies) print(current_user.get_policy()) return render_template("home/about.html", username=username, email=email, address=address, phone_number=phone_number, policies=policies)
def get_profile(): info = dict() info["Status"] = 1 info["username"] = current_user.get_username() info["email"] = current_user.get_email() info["age"] = current_user.get_age() info["gender"] = current_user.get_gender() return jsonify(info)
def post(self): form = ProfileForm(request.form) if not form.validate(): flash('Zadali jste špatné údaje', 'alert-danger') return render_template('edit_profile.html', form=form) if not form.data['email'] == current_user.get_email(): if db.get_user(form.data['email']): flash('Profil s tímto emailem již existuje', 'alert-danger') return render_template('edit_profile.html', form=form) db.update_users_data(form.data) flash('Profil uspěšně aktualizován', 'alert-success') return redirect(url_for('profile'))
def resendMessage(receiver_id): current_userId = current_user.get_id() current_userName = current_user.get_username() current_userEmail = current_user.get_email() current_video = "./Hermes/static/uploadVideos/" + str( current_userId) + ".mp4" replay_video = "./static/uploadVideos/" + str(current_userId) + ".mp4" senderImageUrl = db.child("Users").child(current_userId).get().val().get( 'profile_image') receiverId = db.child("Users").order_by_key().equal_to( receiver_id).limit_to_first(1).get() for r in receiverId: r_Id = r.val().get('id') if request.method == 'POST': if 'btnResendMessage' in request.form: timestamp = calendar.timegm(time.gmtime()) dt_object = time.strftime("%a, %d %b %Y %I:%M:%S %p", time.localtime(timestamp)) # Uploads to firebase putVideo = storage.child("Videos/" + str(current_userId) + "_" + str(r_Id)).child( str(dt_object) + "/" + str(current_userId) + "_" + str(r_Id)).put(current_video) getVideoUrl = storage.child( "Videos/" + str(current_userId) + "_" + str(r_Id)).child( str(dt_object) + "/" + str(current_userId) + "_" + str(r_Id)).get_url(str(current_userId) + "_" + str(r_Id)) data = { "sender_id": current_userId, "receiver_id": r_Id, "sender_name": current_userName, "sender_email": current_userEmail, "timestamp": dt_object, "message_body": getVideoUrl, "profile_image": senderImageUrl } createMessage = db.child("Messages").child(r_Id).child( current_userId).child().push(data) flash('Video Message has been send it successfully', 'success') return redirect(url_for('home')) return render_template('emergencyMessagePage.html', pending_video=replay_video)
def __init__(self, app): self.css = url_for("static", filename="style.css") self.shortcut_icon = url_for("static", filename="favicon.ico") self.logout = url_for("logout") self.login = url_for("login") self.root = url_for("root") self.depth_map = url_for("depth_map") self.trip_map = url_for("trip_map") self.upload_form = url_for("upload_form") self.user_email = current_user.get_email() \ if current_user.is_authenticated() \ else None self.maps_key = app.config['GOOGLE_MAPS_KEY']; self.static_path = url_for("static", filename="") self.requirejs = url_for("static", filename="require.js") self.map_main = url_for("static", filename="map_main.js")
def user_profile() -> str: """ Show a page to edit account details. Upon submission, change the account details. :return: The HTML response. """ profile_form = UserProfileForm(obj=current_user, email=current_user.get_email()) if profile_form.validate_on_submit(): # Always change the name. user = User.load_from_id(current_user.get_id()) user.name = profile_form.name.data # If the user entered a password, change that as well. if profile_form.password.data: user.set_password(profile_form.password.data) # Write the changes to the database. db.session.commit() # If the email address changed send a confirmation mail to the new address. if user.get_email() != profile_form.email.data: token = user.send_change_email_address_email(profile_form.email.data) validity = token.get_validity(in_minutes=True) flash(Markup(_('An email has been sent to the new address %(email)s. Please open the link included in the \ mail within the next %(validity)d minutes to confirm your new email address. Otherwise, \ your email address will not be changed.', email='<em>{email}</em>'.format(email=profile_form.email.data), validity=validity)), category='warning') flash(_('Your changes have been saved.')) return redirect(url_for('userprofile.user_profile')) delete_form = DeleteUserProfileForm() return render_template('userprofile/profile.html', title=_('User Profile'), profile_form=profile_form, delete_form=delete_form)
def change(): form = json.loads(list(request.form.keys())[0]) name = form.get('name', current_user.get_name()) image = form.get('image', current_user.get_image()) introduction = form.get('introduction', current_user.get_introduction()) email = current_user.get_email() result = graphql.execute(''' mutation { mutateUser(userData: {email: "%s", name: "%s",image: "%s", introduction: "%s"}){ user { id email name image introduction role } ok } } ''' % (email, name, image, introduction)).data['mutateUser'] ok = result['ok'] user = result['user'] return make_response(jsonify({'ok': ok, 'user': user}), 200 if ok else 400)
def get(self): user = db.get_user_profile(current_user.get_email()) position = None if user[1]: position = 'Vedoucí' if user[1] == 'vedouci' else 'Zaměstnanec' return render_template('profile.html', data=user[0], membership=user[2], position=position)
def special_tutor_page(): if request.method == "POST": if 'userSearchButton' in request.form: #if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() email = current_user.get_email() name = current_user.get_name() surname = current_user.get_surname() if formtype == "SpecialTutor": tutorsubject = request.form['SpecialTutorSubject'] tutorname = request.form['SpecialTutorName'] if not tutorname: seq = {name, surname} tutorname = " ".join(seq) tutormail = request.form['SpecialTutorMail'] if not tutormail: tutormail = email tutorphone = request.form['SpecialTutorPhone'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) tutorid = cursor.fetchone() tutor = special_tutor(tutorsubject, tutorname, tutormail, tutorphone, tutorid) query = """INSERT INTO SPECIALTUTORS(SUBJECT, FULLNAME, EMAIL, PHONENUMBER, USERID) VALUES (%s, %s, %s, %s, %s)""" cursor.execute(query, (tutor.subject, tutor.fullname, tutor.email, tutor.phonenumber, tutor.user_id)) connection.commit() return redirect(url_for('site.SpecialTutor')) elif formtype == "SpecialTutorUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) tutoruser_id = cursor.fetchone() tutorid = request.form['tutor-id'] tutorsubject = request.form['SpecialTutorSubject'] if not tutorsubject: statement = """SELECT SUBJECT FROM SPECIALTUTORS WHERE SPECIALTUTORS.ID = %s""" cursor.execute(statement, tutorid) tutorsubject = cursor.fetchone() tutorname = request.form['SpecialTutorName'] if not tutorname: statement = """SELECT FULLNAME FROM SPECIALTUTORS WHERE SPECIALTUTORS.ID = %s""" cursor.execute(statement, tutorid) tutorname = cursor.fetchone() tutormail = request.form['SpecialTutorMail'] if not tutormail: statement = """SELECT EMAIL FROM SPECIALTUTORS WHERE SPECIALTUTORS.ID = %s""" cursor.execute(statement, tutorid) tutormail = cursor.fetchone() tutorphone = request.form['SpecialTutorPhone'] if not tutorphone: statement = """SELECT PHONENUMBER FROM SPECIALTUTORS WHERE SPECIALTUTORS.ID = %s""" cursor.execute(statement, tutorid) tutorphone = cursor.fetchone() statement = """UPDATE SPECIALTUTORS SET SUBJECT = %s, FULLNAME = %s, EMAIL = %s, PHONENUMBER = %s, USERID = %s WHERE SPECIALTUTORS.ID = %s""" cursor.execute(statement, (tutorsubject, tutorname, tutormail, tutorphone, tutoruser_id, tutorid)) connection.commit() return redirect( url_for('site.selected_special_tutor', tutorId=tutorid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT SUBJECT, FULLNAME, SPECIALTUTORS.EMAIL, PHONENUMBER, USERS.USERNAME, SPECIALTUTORS.ID FROM SPECIALTUTORS, USERS WHERE (SPECIALTUTORS.USERID = USERS.ID)""" cursor.execute(query) specialtutors = cursor.fetchall() return render_template('special_tutor.html', specialtutors=specialtutors)
def lost_stuff_page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() #print(username) #use print to check whether the correct data is retrieved by checking the terminal email = current_user.get_email() #print(email) name = current_user.get_name() #print(name) surname = current_user.get_surname() #print(surname) if formtype == "LostSomething": lostdesc = request.form['LostSomethingDescription'] lostlocation = request.form['LostSomethingPossibleLocation'] lostdate = request.form['LostSomethingDate'] lostownername = request.form['LostSomethingOwnerName'] if not lostownername: seq = {name, surname} lostownername = " ".join(seq) lostmail = request.form['LostSomethingOwnerMail'] if not lostmail: lostmail = email lostphone = request.form['LostSomethingOwnerPhone'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor()#prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) lostuser_id = cursor.fetchone() lost = lost_stuff(lostdesc, lostlocation, lostdate, lostownername, lostmail, lostphone, lostuser_id) query = """INSERT INTO LOSTSTUFF(STUFFDESC, POSSIBLELOC, POSSIBLEDATE, OWNERNAME, OWNERMAIL, OWNERPHONE, USERID) VALUES (%s, %s, %s, %s, %s, %s, %s)""" cursor.execute(query, (lost.description, lost.location, lost.date, lost.ownername, lost.mail, lost.phone, lost.user_id)) connection.commit() return redirect(url_for('site.LostStuff')) elif formtype == "LostSomethingUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor()#prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) lostuser_id = cursor.fetchone() lostid = request.form['lost-id'] lostdesc = request.form['LostSomethingDescription'] if not lostdesc: statement = """SELECT STUFFDESC FROM LOSTSTUFF WHERE LOSTSTUFF.ID = %s""" cursor.execute(statement, lostid) lostdesc = cursor.fetchone() lostlocation = request.form['LostSomethingPossibleLocation'] if not lostlocation: statement = """SELECT POSSIBLELOC FROM LOSTSTUFF WHERE LOSTSTUFF.ID = %s""" cursor.execute(statement, lostid) lostlocation = cursor.fetchone() lostdate = request.form['LostSomethingDate'] if not lostdate: statement = """SELECT POSSIBLEDATE FROM LOSTSTUFF WHERE LOSTSTUFF.ID = %s""" cursor.execute(statement,lostid) lostdate = cursor.fetchone() lostname = request.form['LostSomethingOwnerName'] if not lostname: statement = """SELECT OWNERNAME FROM LOSTSTUFF WHERE LOSTSTUFF.ID = %s""" cursor.execute(statement, lostid) lostname = cursor.fetchone() lostmail = request.form['LostSomethingOwnerMail'] if not lostmail: statement = """SELECT OWNERMAIL FROM LOSTSTUFF WHERE LOSTSTUFF.ID = %s""" cursor.execute(statement, lostid) lostmail = cursor.fetchone() lostphone = request.form['LostSomethingOwnerPhone'] if not lostphone: statement = """SELECT OWNERPHONE FROM LOSTSTUFF WHERE LOSTSTUFF.ID = %s""" cursor.execute(statement, lostid) lostphone = cursor.fetchone() statement = """UPDATE LOSTSTUFF SET STUFFDESC=%s, POSSIBLELOC=%s, POSSIBLEDATE=%s, OWNERNAME=%s, OWNERMAIL=%s, OWNERPHONE=%s, USERID=%s WHERE LOSTSTUFF.ID=%s""" cursor.execute(statement, (lostdesc, lostlocation, lostdate, lostname, lostmail, lostphone, lostuser_id, lostid)) connection.commit() return redirect(url_for('site.selected_lost_stuff', lostId=lostid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT STUFFDESC, POSSIBLELOC, POSSIBLEDATE, OWNERNAME, OWNERMAIL, OWNERPHONE, USERS.USERNAME, LOSTSTUFF.ID FROM LOSTSTUFF, USERS WHERE (LOSTSTUFF.USERID = USERS.ID)""" cursor.execute(query) lostitems = cursor.fetchall() return render_template('lost_stuff.html', lostitems=lostitems)
def shared_Books_Announcement_Page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() email = current_user.get_email() if formtype == "SharedBooksAnnouncement": NameOfBook = request.form['InputNameOfSharedBook'] LessonName = request.form['InputLessonNameOfShareBook'] LessonCode = request.form['InputLessonCodeOfShareBook'] TypeOfShare = request.form['InputTypeOfSharedBooks'] if(request.form['InputPriceOfShareBook']): Price = request.form['InputPriceOfShareBook'] else: Price = None with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() statement = """SELECT ID FROM USERS WHERE(USERS.USERNAME = %s) AND(USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) currentuser_id = cursor.fetchone() sharedBooksAd = sharingBooksAnnouncement(NameOfBook,LessonName,LessonCode,TypeOfShare,Price,currentuser_id) query = """INSERT INTO SHAREDBOOKS(NAMEOFBOOK, LESSONNAME, LESSONCODE,TYPEOFSHARE,PRICE,USERID) VALUES (%s,%s,%s,%s,%s,%s)""" cursor.execute(query, (sharedBooksAd.NameOFSharingBooks,sharedBooksAd.LessonNameOfSharingBooks, sharedBooksAd.LessonCodeOfSharingBooks,sharedBooksAd.TypeOfSharingBooks, sharedBooksAd.PriceOFSharingBooks,sharedBooksAd.id_ownerOfSharingBooks)) connection.commit() return redirect(url_for('site.SharedBooksAnnouncementPage')) elif formtype == "SharedBooksAnnouncementUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) sharingUser_id = cursor.fetchone() sharingBookid = request.form['sharingBooks-id'] NameOfBook = request.form['InputNameOfSharedBook'] if not NameOfBook: statement = """SELECT NAMEOFBOOK FROM SHAREDBOOKS WHERE SHAREDBOOKS.ID = %s""" cursor.execute(statement, sharingBookid) NameOfBook = cursor.fetchone() LessonName = request.form['InputLessonNameOfShareBook'] if not LessonName: statement = """SELECT LESSONNAME FROM SHAREDBOOKS WHERE SHAREDBOOKS.ID = %s""" cursor.execute(statement, sharingBookid) LessonName = cursor.fetchone() LessonCode = request.form['InputLessonCodeOfShareBook'] if not LessonCode: statement = """SELECT LESSONCODE FROM SHAREDBOOKS WHERE SHAREDBOOKS.ID = %s""" cursor.execute(statement, sharingBookid) LessonCode = cursor.fetchone() TypeOfShare = request.form['InputTypeOfSharedBooks'] if not TypeOfShare: statement = """SELECT TYPEOFSHARE FROM SHAREDBOOKS WHERE SHAREDBOOKS.ID = %s""" cursor.execute(statement, sharingBookid) TypeOfShare = cursor.fetchone() Price = request.form['InputPriceOfShareBook'] if not Price: statement = """SELECT PRICE FROM SHAREDBOOKS WHERE SHAREDBOOKS.ID = %s""" cursor.execute(statement, sharingBookid) Price = cursor.fetchone() statement = """UPDATE SHAREDBOOKS SET NAMEOFBOOK=%s, LESSONNAME=%s, LESSONCODE=%s, TYPEOFSHARE=%s, PRICE=%s, USERID=%s WHERE SHAREDBOOKS.ID=%s""" cursor.execute(statement,(NameOfBook, LessonName, LessonCode, TypeOfShare, Price, sharingUser_id,sharingBookid)) connection.commit() return redirect(url_for('site.selected_sharingBooks', id=sharingBookid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT NAMEOFBOOK,LESSONNAME,LESSONCODE,TYPEOFSHARE,PRICE,USERS.NAME,USERS.SURNAME,USERS.EMAIL,FACULTIES.FACULTYNAME,FACULTIES.FACULTYCODE,SHAREDBOOKS.ID FROM SHAREDBOOKS,USERS,FACULTIES WHERE(SHAREDBOOKS.USERID = USERS.ID) AND(USERS.FACULTYID = FACULTIES.ID) """ cursor.execute(query) ALLSharingBooks = cursor.fetchall() return render_template("sharedbooks_announcement.html",ALLSharingBooks=ALLSharingBooks)
def share_MyHouse_Announcement_Page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() print( username ) # use print to check whether the correct data is retrieved by checking the terminal password = current_user.get_password() print(password) email = current_user.get_email() print(email) name = current_user.get_name() print(name) surname = current_user.get_surname() print(surname) faculty_id = current_user.get_faculty_id() print(faculty_id) if formtype == "SharedHouseAnnouncement": Location = request.form['InputLocationOfSharingHouse'] RentPrice = request.form['InputRentPriceOfSharingHouse'] NumberOfPeople = request.form['InputnumberOfPeopleInHouse'] NumberOfRoom = request.form['InputNumberOfRoomforSharingHouse'] Description = request.form['InputDescriptionOfSharingHouse'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() #prevented sql injection statement = """SELECT ID FROM USERS WHERE(USERS.USERNAME = %s) AND(USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) currentuser_id = cursor.fetchone() sharingHouseAd = sharingHouseAnnouncement( Location, RentPrice, NumberOfPeople, NumberOfRoom, Description, currentuser_id) query = """INSERT INTO DATASHAREDHOUSE(LOCATION, RENTPRICE, NUMBEROFPEOPLE, NUMBEROFROOM, DESCRIPTION, USERID) VALUES (%s, %s, %s, %s, %s, %s)""" cursor.execute( query, (sharingHouseAd.LocationOfSharingHouse, sharingHouseAd.RentPriceOfSharingHouse, sharingHouseAd.NumberOfPeopleInSharingHouse, sharingHouseAd.NumberOfSharingHouseRoom, sharingHouseAd.DescriptionOfSharingHouse, sharingHouseAd.id_ownerOfSharingHouseAnnouncement)) connection.commit() return redirect(url_for('site.ShareHousePageAnnouncement')) elif formtype == "SharedHouseAnnouncementUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) sharingUser_id = cursor.fetchone() sharingHouseid = request.form['sharingHouse-id'] Location = request.form['InputLocationOfSharingHouse'] if not Location: statement = """SELECT LOCATION FROM DATASHAREDHOUSE WHERE DATASHAREDHOUSE.ID = %s""" cursor.execute(statement, sharingHouseid) Location = cursor.fetchone() RentPrice = request.form['InputRentPriceOfSharingHouse'] if not RentPrice: statement = """SELECT RENTPRICE FROM DATASHAREDHOUSE WHERE DATASHAREDHOUSE.ID = %s""" cursor.execute(statement, sharingHouseid) RentPrice = cursor.fetchone() NumberOfPeople = request.form['InputnumberOfPeopleInHouse'] if not NumberOfPeople: statement = """SELECT NUMBEROFPEOPLE FROM DATASHAREDHOUSE WHERE DATASHAREDHOUSE.ID = %s""" cursor.execute(statement, sharingHouseid) NumberOfPeople = cursor.fetchone() NumberOfRoom = request.form['InputNumberOfRoomforSharingHouse'] if not NumberOfRoom: statement = """SELECT NUMBEROFROOM FROM DATASHAREDHOUSE WHERE DATASHAREDHOUSE.ID = %s""" cursor.execute(statement, sharingHouseid) NumberOfRoom = cursor.fetchone() Description = request.form['InputDescriptionOfSharingHouse'] if not Description: statement = """SELECT DESCRIPTION FROM DATASHAREDHOUSE WHERE DATASHAREDHOUSE.ID = %s""" cursor.execute(statement, sharingHouseid) Description = cursor.fetchone() statement = """UPDATE DATASHAREDHOUSE SET LOCATION=%s, RENTPRICE=%s, NUMBEROFPEOPLE=%s, NUMBEROFROOM=%s, DESCRIPTION=%s, USERID=%s WHERE DATASHAREDHOUSE.ID=%s""" cursor.execute( statement, (Location, RentPrice, NumberOfPeople, NumberOfRoom, Description, sharingUser_id, sharingHouseid)) connection.commit() return redirect( url_for('site.selected_sharingHouse', id=sharingHouseid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT LOCATION,RENTPRICE,NUMBEROFPEOPLE,NUMBEROFROOM,DESCRIPTION,USERS.NAME,USERS.SURNAME,USERS.EMAIL,FACULTIES.FACULTYNAME,FACULTIES.FACULTYCODE,DATASHAREDHOUSE.ID FROM DATASHAREDHOUSE,USERS,FACULTIES WHERE(DATASHAREDHOUSE.USERID = USERS.ID) AND(USERS.FACULTYID = FACULTIES.ID) """ cursor.execute(query) ALLSharingHouse = cursor.fetchall() return render_template('sharedmyhouse_announcement.html', ALLSharingHouse=ALLSharingHouse)
def home_page(): if request.method == 'GET': if current_user.is_authenticated: abstracts = get_abstracts() totalnumber = 0 for a in abstracts: totalnumber += 1 accept_decisions = get_accept_decisions(current_user.get_email()) accept_decisions = [r[0] for r in accept_decisions] poster_decisions = get_poster_decisions(current_user.get_email()) poster_decisions = [r[0] for r in poster_decisions] reject_decisions = get_reject_decisions(current_user.get_email()) reject_decisions = [r[0] for r in reject_decisions] return render_template("home.html", abstracts=abstracts, total_number_of_papers=totalnumber, accept_decisions=accept_decisions, poster_decisions=poster_decisions, reject_decisions=reject_decisions) else: return render_template("home.html") else: if current_user.is_authenticated: abstracts = get_abstracts() totalnumber = 0 abs = [] for a in abstracts: totalnumber += 1 abs.append(int(a.abstract_id)) all_accepts = request.form.getlist("accept") all_posters = request.form.getlist("poster") all_rejects = request.form.getlist("reject") for accept in abs: session.query(Decision).filter_by(user_email = current_user.get_email()).\ filter_by(abstract_id = accept).update({"accept": 0}) session.query(Decision).filter_by(user_email = current_user.get_email()).\ filter_by(abstract_id = accept).update({"poster": 0}) session.query(Decision).filter_by(user_email = current_user.get_email()).\ filter_by(abstract_id = accept).update({"reject": 0}) for accept in all_accepts: session.query(Decision).filter_by(user_email = current_user.get_email()).\ filter_by(abstract_id = accept).update({"accept": 1}) for poster in all_posters: session.query(Decision).filter_by(user_email = current_user.get_email()).\ filter_by(abstract_id = poster).update({"poster": 1}) for reject in all_rejects: session.query(Decision).filter_by(user_email = current_user.get_email()).\ filter_by(abstract_id = reject).update({"reject": 1}) session.commit() accept_decisions = get_accept_decisions(current_user.get_email()) accept_decisions = [r[0] for r in accept_decisions] poster_decisions = get_poster_decisions(current_user.get_email()) poster_decisions = [r[0] for r in poster_decisions] reject_decisions = get_reject_decisions(current_user.get_email()) reject_decisions = [r[0] for r in reject_decisions] return render_template("home.html", abstracts=abstracts, total_number_of_papers=totalnumber, accept_decisions=accept_decisions, poster_decisions=poster_decisions, reject_decisions=reject_decisions) else: return render_template("home.html")
def game_friend_page(): if request.method == 'POST': if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() email = current_user.get_email() if formtype == "GameFriend": gameName = request.form['InputGameName'] gameType = request.form['InputGameType'] playerNum = int(request.form['GamePlayerNo']) gameDate = request.form['InputGameDate'] gameLoc = request.form['InputGameLocation'] gameDesc = request.form['GameDescription'] with dbapi2.connect(current_app.config['dsn']) as connection: # to take the current user's name and email cursor1 = connection.cursor() statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor1.execute(statement, (username, email)) UserId = cursor1.fetchone() UserId = UserId[0] gameAnnounce = GameAnnounce(gameName, gameType, playerNum, gameDate, gameLoc, gameDesc, UserId) # print(type(UserId)) # to insert the new announcement information cursor = connection.cursor() query = """INSERT INTO GAMEANNOUNCE (NAME, TYPE, GAMEDATE, LOCATION, PLAYERNUMBER, DESCRIPTION, USERID) VALUES(%s,%s,%s,%s,%s,%s,%s)""" cursor.execute(query, (gameAnnounce.gameName, gameAnnounce.gameType, gameAnnounce.gameDate, gameAnnounce.gameLoc, gameAnnounce.playerNum, gameAnnounce.gameDesc, gameAnnounce.user_id)) connection.commit() # return render_template('game_friends.html') return redirect(url_for('site.GameFriendPage')) elif formtype == "GameFriendUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) announce_user_id = cursor.fetchone() announceid = request.form['announce-id'] gameName = request.form['InputGameName'] if not gameName: statement = """SELECT NAME FROM GAMEANNOUNCE WHERE GAMEANNOUNCE.ID = %s""" cursor.execute(statement, announceid) gameName = cursor.fetchone() playerNum = request.form['GamePlayerNo'] if not playerNum: statement = """SELECT PLAYERNUMBER FROM GAMEANNOUNCE WHERE GAMEANNOUNCE.ID = %s""" cursor.execute(statement, announceid) playerNum = cursor.fetchone() gameDate = request.form['InputGameDate'] if not gameDate: statement = """SELECT GAMEDATE FROM GAMEANNOUNCE WHERE GAMEANNOUNCE.ID = %s""" cursor.execute(statement, announceid) gameDate = cursor.fetchone() gameLoc = request.form['InputGameLocation'] if not gameLoc: statement = """SELECT LOCATION FROM GAMEANNOUNCE WHERE GAMEANNOUNCE.ID = %s""" cursor.execute(statement, announceid) gameLoc = cursor.fetchone() gameDesc = request.form['GameDescription'] if not gameDesc: statement = """SELECT DESCRIPTION FROM GAMEANNOUNCE WHERE GAMEANNOUNCE.ID = %s""" cursor.execute(statement, announceid) gameDesc = cursor.fetchone() statement = """UPDATE GAMEANNOUNCE SET NAME = %s, PLAYERNUMBER = %s, GAMEDATE = %s, LOCATION = %s, DESCRIPTION = %s, USERID = %s WHERE GAMEANNOUNCE.ID = %s""" cursor.execute(statement, (gameName, playerNum, gameDate, gameLoc, gameDesc, announce_user_id, announceid)) connection.commit() return redirect( url_for('site.SelectedGameAnnounce', announceId=announceid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT GAMEANNOUNCE.NAME, TYPE, GAMEDATE, LOCATION, PLAYERNUMBER, DESCRIPTION, USERS.NAME, USERS.SURNAME, USERS.EMAIL, FACULTIES.FACULTYNAME, FACULTIES.FACULTYCODE, USERS.USERNAME, GAMEANNOUNCE.ID FROM GAMEANNOUNCE, USERS, FACULTIES WHERE (GAMEANNOUNCE.USERID = USERS.ID) AND (USERS.FACULTYID = FACULTIES.ID)""" cursor.execute(query) gameFriendAnnounces = cursor.fetchall() return render_template('game_friends.html', gameFriendAnnounces=gameFriendAnnounces)
def found_stuff_page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() #print(username) # use print to check whether the correct data is retrieved by checking the terminal email = current_user.get_email() #print(email) name = current_user.get_name() #print(name) surname = current_user.get_surname() #print(surname) if formtype == "FoundSomething": founddesc = request.form['FoundSomethingDescription'] foundlocation = request.form['FoundSomethingCurrentLocation'] founddate = request.form['FoundSomethingDate'] foundname = request.form['FoundSomethingFinderName'] if not foundname: seq = {name, surname} foundname = " ".join(seq) foundmail = request.form['FoundSomethingFinderMail'] if not foundmail: foundmail = email foundphone = request.form['FoundSomethingFinderPhone'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor()#prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) founduser_id = cursor.fetchone() found = found_stuff(founddesc, foundlocation, founddate, foundname, foundmail, foundphone, founduser_id) query = """INSERT INTO FOUNDSTUFF(STUFFDESC, CURRENTLOC, FINDINGDATE, FOUNDERNAME, FOUNDERMAIL, FOUNDERPHONE, USERID) VALUES (%s, %s, %s, %s, %s, %s, %s)""" cursor.execute(query, (found.description, found.location, found.date, found.name, found.mail, found.phone, found.user_id)) connection.commit() return redirect(url_for('site.FoundStuff')) elif formtype == "FoundSomethingUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor()#prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) founduser_id = cursor.fetchone() foundid = request.form['found-id'] founddesc = request.form['FoundSomethingDescription'] print("-", founddesc, "-\n") if not founddesc: statement = """SELECT STUFFDESC FROM FOUNDSTUFF WHERE FOUNDSTUFF.ID = %s""" cursor.execute(statement, foundid) founddesc = cursor.fetchone() foundlocation = request.form['FoundSomethingCurrentLocation'] print("-", foundlocation, "-\n") if not foundlocation: statement = """SELECT CURRENTLOC FROM FOUNDSTUFF WHERE FOUNDSTUFF.ID = %s""" cursor.execute(statement, foundid) foundlocation = cursor.fetchone() founddate = request.form['FoundSomethingDate'] if not founddate: statement = """SELECT FINDINGDATE FROM FOUNDSTUFF WHERE FOUNDSTUFF.ID = %s""" cursor.execute(statement,foundid) founddate = cursor.fetchone() foundname = request.form['FoundSomethingFinderName'] print("-", foundname, "-\n") if not foundname: statement = """SELECT FOUNDERNAME FROM FOUNDSTUFF WHERE FOUNDSTUFF.ID = %s""" cursor.execute(statement, foundid) foundname = cursor.fetchone() foundmail = request.form['FoundSomethingFinderMail'] print("-", foundmail, "-\n") if not foundmail: statement = """SELECT FOUNDERMAIL FROM FOUNDSTUFF WHERE FOUNDSTUFF.ID = %s""" cursor.execute(statement, foundid) foundmail = cursor.fetchone() foundphone = request.form['FoundSomethingFinderPhone'] print("-", foundphone, "-\n") if not foundphone: statement = """SELECT FOUNDERPHONE FROM FOUNDSTUFF WHERE FOUNDSTUFF.ID = %s""" cursor.execute(statement, foundid) foundphone = cursor.fetchone() statement = """UPDATE FOUNDSTUFF SET STUFFDESC=%s, CURRENTLOC=%s, FINDINGDATE=%s, FOUNDERNAME=%s, FOUNDERMAIL=%s, FOUNDERPHONE=%s, USERID=%s WHERE FOUNDSTUFF.ID=%s""" cursor.execute(statement, (founddesc, foundlocation, founddate, foundname, foundmail, foundphone, founduser_id, foundid)) connection.commit() return redirect(url_for('site.selected_found_stuff', foundId=foundid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT STUFFDESC, CURRENTLOC, FINDINGDATE, FOUNDERNAME, FOUNDERMAIL, FOUNDERPHONE, USERS.USERNAME, FOUNDSTUFF.ID FROM FOUNDSTUFF, USERS WHERE (FOUNDSTUFF.USERID = USERS.ID)""" cursor.execute(query) founditems = cursor.fetchall() return render_template('found_stuff.html', founditems=founditems)
def special_student_page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() email = current_user.get_email() name = current_user.get_name() surname = current_user.get_surname() if formtype == "SpecialStudent": studentsubject = request.form['SpecialStudentSubject'] studentname = request.form['SpecialStudentName'] if not studentname: seq = {name, surname} studentname = " ".join(seq) studentmail = request.form['SpecialStudentMail'] if not studentmail: studentmail = email studentphone = request.form['SpecialStudentPhone'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) studentid = cursor.fetchone() student = special_student(studentsubject, studentname, studentmail, studentphone, studentid) query = """INSERT INTO SPECIALSTUDENTS(SUBJECT, FULLNAME, EMAIL, PHONENUMBER, USERID) VALUES (%s, %s, %s, %s, %s)""" cursor.execute(query, (student.subject, student.fullname, student.email, student.phonenumber, student.user_id)) connection.commit() return redirect(url_for('site.SpecialStudent')) elif formtype == "SpecialStudentUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) studentuser_id = cursor.fetchone() studentid = request.form['student-id'] studentsubject = request.form['SpecialStudentSubject'] if not studentsubject: statement = """SELECT SUBJECT FROM SPECIALSTUDENTS WHERE SPECIALSTUDENTS.ID = %s""" cursor.execute(statement, studentid) studentsubject = cursor.fetchone() studentname = request.form['SpecialStudentName'] if not studentname: statement = """SELECT FULLNAME FROM SPECIALSTUDENTS WHERE SPECIALSTUDENTS.ID = %s""" cursor.execute(statement, studentid) studentname = cursor.fetchone() studentmail = request.form['SpecialStudentMail'] if not studentmail: statement = """SELECT EMAIL FROM SPECIALSTUDENTS WHERE SPECIALSTUDENTS.ID = %s""" cursor.execute(statement, studentid) studentmail = cursor.fetchone() studentphone = request.form['SpecialStudentPhone'] if not studentphone: statement = """SELECT PHONENUMBER FROM SPECIALSTUDENTS WHERE SPECIALSTUDENTS.ID = %s""" cursor.execute(statement, studentid) studentphone = cursor.fetchone() statement = """UPDATE SPECIALSTUDENTS SET SUBJECT = %s, FULLNAME = %s, EMAIL = %s, PHONENUMBER = %s, USERID = %s WHERE SPECIALSTUDENTS.ID = %s""" cursor.execute(statement, (studentsubject, studentname, studentmail, studentphone, studentuser_id, studentid)) connection.commit() return redirect(url_for('site.selected_special_student', studentId=studentid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT SUBJECT, FULLNAME, SPECIALSTUDENTS.EMAIL, PHONENUMBER, USERS.USERNAME, SPECIALSTUDENTS.ID FROM SPECIALSTUDENTS, USERS WHERE (SPECIALSTUDENTS.USERID = USERS.ID)""" cursor.execute(query) specialstudents = cursor.fetchall() return render_template('special_student.html', specialstudents=specialstudents)
def restaurants_page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() #print(username) #use print to check whether the correct data is retrieved by checking the terminal email = current_user.get_email() #print(email) name = current_user.get_name() #print(name) surname = current_user.get_surname() #print(surname) if formtype == "AddRestaurant": restaurantName = request.form['RestaurantName'] menuType = request.form['MenuType'] campusLocation = request.form['campusLocation'] with dbapi2.connect( current_app.config['dsn'] ) as connection: #get the id of the selected campusLocation from the dropdown list cursor = connection.cursor() query = """SELECT CAMPUSLOCATIONS.ID FROM CAMPUSLOCATIONS WHERE CAMPUSLOCATIONS.CAMPUSNAME= %s """ cursor.execute(query, [campusLocation]) campusLocation = cursor.fetchone() openingTime = request.form['OpeningTime'] closingTime = request.form['ClosingTime'] restaurantOwnerEmail = request.form['RestaurantOwnerEmail'] restaurantOwnerPhone = request.form['RestaurantOwnerPhone'] serviceType = request.form['RestaurantServiceType'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection restaurant = Restaurant(restaurantName, campusLocation[0], menuType, -1, openingTime, closingTime, restaurantOwnerEmail, restaurantOwnerPhone, serviceType) query = """INSERT INTO RESTAURANTS(RESTAURANTNAME, RESTAURANTPOINT, LOCATIONID, MENUTYPE, OPENINGTIME, CLOSINGTIME, OWNEREMAIL, OWNERPHONENUMBER, SERVICETYPE) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)""" cursor.execute( query, (restaurant.restaurantName, restaurant.restaurantPoint, restaurant.locationID, restaurant.menuType, restaurant.openingTime, restaurant.closingTime, restaurant.ownerEmail, restaurant.ownerPhone, restaurant.serviceType)) connection.commit() return redirect(url_for('site.RestaurantsPage')) elif formtype == "RestaurantUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() restaurantId = request.form['restaurant-id'] restaurantName = request.form['RestaurantName'] if not restaurantName: statement = """SELECT RESTAURANTNAME FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) restaurantName = cursor.fetchone() menuType = request.form['MenuType'] if not menuType: statement = """SELECT MENUTYPE FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) menuType = cursor.fetchone() campusLocation = request.form['campusLocation'] if not campusLocation: statement = """SELECT LOCATIONID FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) campusLocation = cursor.fetchone() else: #get the location id statement = """SELECT CAMPUSLOCATIONS.ID FROM CAMPUSLOCATIONS WHERE CAMPUSLOCATIONS.CAMPUSNAME = %s""" cursor.execute(statement, [campusLocation]) campusLocation = cursor.fetchone() restaurantOwnerEmail = request.form['RestaurantOwnerEmail'] if not restaurantOwnerEmail: statement = """SELECT OWNEREMAIL FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) restaurantOwnerEmail = cursor.fetchone() restaurantOwnerPhone = request.form['RestaurantOwnerPhone'] if not restaurantOwnerPhone: statement = """SELECT OWNERPHONENUMBER FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) restaurantOwnerPhone = cursor.fetchone() openingTime = request.form['OpeningTime'] if not openingTime: statement = """SELECT OPENINGTIME FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) openingTime = cursor.fetchone() closingTime = request.form['ClosingTime'] if not closingTime: statement = """SELECT CLOSINGTIME FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) closingTime = cursor.fetchone() serviceType = request.form['RestaurantServiceType'] if not serviceType: statement = """SELECT SERVICETYPE FROM RESTAURANTS WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, restaurantId) serviceType = cursor.fetchone() statement = """UPDATE RESTAURANTS SET RESTAURANTNAME = %s, LOCATIONID= %s, MENUTYPE= %s, OPENINGTIME = %s, CLOSINGTIME = %s, OWNEREMAIL = %s, OWNERPHONENUMBER = %s, SERVICETYPE = %s WHERE RESTAURANTS.ID = %s""" cursor.execute( statement, (restaurantName, campusLocation[0], menuType, openingTime, closingTime, restaurantOwnerEmail, restaurantOwnerPhone, serviceType, restaurantId)) connection.commit() return redirect( url_for('site.SelectedRestaurant', restaurantId=restaurantId)) elif formtype == "VoteUpdate": restaurantId = request.form['restaurant-id'] newPoint = request.form['point'] print(newPoint) with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() statement = """UPDATE RESTAURANTS SET RESTAURANTPOINT = ((RESTAURANTPOINT * VOTES + %s) / ( VOTES + 1 ) ), VOTES = VOTES + 1 WHERE RESTAURANTS.ID = %s""" cursor.execute(statement, (newPoint, restaurantId)) connection.commit() return redirect( url_for('site.SelectedRestaurant', restaurantId=restaurantId)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """ SELECT RESTAURANTS.ID, RESTAURANTS.MENUTYPE, RESTAURANTS.RESTAURANTPOINT, RESTAURANTS.OPENINGTIME, RESTAURANTS.CLOSINGTIME, RESTAURANTS.OWNEREMAIL, RESTAURANTS.OWNERPHONENUMBER, RESTAURANTS.SERVICETYPE, RESTAURANTS.ID FROM RESTAURANTS """ cursor.execute(query) restaurants = cursor.fetchall() with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT CAMPUSLOCATIONS.CAMPUSDISTRICT, CAMPUSLOCATIONS.CAMPUSNAME FROM CAMPUSLOCATIONS """ cursor.execute(query) campusLocations = cursor.fetchall() pointList = [1, 2, 3, 4, 5] return render_template('restaurants.html', restaurants=restaurants, campusLocations=campusLocations, pointList=pointList)
def sendMessage(id): receiver = db.child("Users").order_by_key().equal_to(id).limit_to_first( 1).get() current_userId = current_user.get_id() current_userName = current_user.get_username() current_userEmail = current_user.get_email() current_video = "./Hermes/static/uploadVideos/" + str( current_userId) + ".mp4" senderImageUrl = db.child("Users").child(current_userId).get().val().get( 'profile_image') for r in receiver: receiverId = r.val().get('id') if request.method == 'POST': if 'btnSendMessage' in request.form: with open(current_video, "rb") as f: file_hash = hashlib.md5() for chunk in iter(lambda: f.read(8192), b''): print file_hash.update(chunk) print(file_hash.digest()) #video that its on server timestamp = calendar.timegm(time.gmtime()) dt_object = time.strftime("%a, %d %b %Y %I:%M:%S %p", time.localtime(timestamp)) try: # Uploads to firebase putVideo = storage.child( "Videos/" + str(current_userId) + "_" + str(receiverId)).child( str(dt_object) + "/" + str(current_userId) + "_" + str(receiverId)).put(current_video) getVideoUrl = storage.child("Videos/" + str(current_userId) + "_" + str(receiverId)).child( str(dt_object) + "/" + str(current_userId) + "_" + str(receiverId)).get_url( str(current_userId) + "_" + str(receiverId)) serverFile = file_hash.digest() firebaseStorageFile_Md5Hash = putVideo.get('md5Hash') firebaseStorageFile_digest = base64.b64decode( firebaseStorageFile_Md5Hash) data = { "sender_id": current_userId, "receiver_id": receiverId, "sender_name": current_userName, "sender_email": current_userEmail, "timestamp": dt_object, "message_body": getVideoUrl, "profile_image": senderImageUrl } createMessage = db.child("Messages").child(receiverId).child( current_userId).child().push(data) current_message_dbTable_ID = createMessage.get('name') if serverFile == firebaseStorageFile_digest: os.remove( os.path.join(app.config['UPLOAD_FOLDER'], str(current_userId) + ".mp4")) print("13") flash('Video Message has been send it successfully', 'success') return redirect(url_for('home')) else: return redirect( url_for('resendMessage', receiver_id=receiverId)) except: return redirect( url_for('resendMessage', receiver_id=receiverId)) if 'btnBackChooseOtherUser' in request.form: return redirect(url_for('users')) return render_template('sendMessagePage.html', receiver=receiver)
def shared_LessonNotes_Announcement_Page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() email = current_user.get_email() if formtype == "SharedLessonNotesAnnouncement": NameOfLessonNote = request.form['InputNameOfSharedLessonNote'] TeacherName = request.form['InputTeacherNameofSharedLessonNote'] LessonName = request.form['InputLessonNameOfShareLessonNote'] LessonCode = request.form['InputLessonCodeOfShareLessonNote'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() statement = """SELECT ID FROM USERS WHERE(USERS.USERNAME = %s) AND(USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) currentuser_id = cursor.fetchone() sharedLessonNotesAd = sharingLessonNotesAnnouncement( NameOfLessonNote, LessonName, LessonCode, TeacherName, currentuser_id) query = """INSERT INTO SHAREDLESSONNOTES(NAMEOFNOTES, LESSONNAME, LESSONCODE,TEACHERNAME,USERID) VALUES (%s,%s,%s,%s,%s)""" cursor.execute( query, (sharedLessonNotesAd.NameOFSharingLessonNote, sharedLessonNotesAd.LessonNameOfSharingLessonNote, sharedLessonNotesAd.LessonCodeOfSharingLessonNote, sharedLessonNotesAd.TeacherNameOFSharingLessonNote, sharedLessonNotesAd.id_ownerOfSharingLessonNote)) connection.commit() return redirect(url_for('site.SharedLessonNotesAnnouncementPage')) elif formtype == "SharedLessonNotesAnnouncementUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) sharingUser_id = cursor.fetchone() sharingLessonNotesid = request.form['sharingLessonNotes-id'] NameOfLessonNote = request.form['InputNameOfSharedLessonNote'] if not NameOfLessonNote: statement = """SELECT NAMEOFNOTES FROM SHAREDLESSONNOTES WHERE SHAREDLESSONNOTES.ID = %s""" cursor.execute(statement, sharingLessonNotesid) NameOfLessonNote = cursor.fetchone() TeacherName = request.form[ 'InputTeacherNameofSharedLessonNote'] if not TeacherName: statement = """SELECT TEACHERNAME FROM SHAREDLESSONNOTES WHERE SHAREDLESSONNOTES.ID = %s""" cursor.execute(statement, sharingLessonNotesid) TeacherName = cursor.fetchone() LessonName = request.form['InputLessonNameOfShareLessonNote'] if not LessonName: statement = """SELECT LESSONNAME FROM SHAREDLESSONNOTES WHERE SHAREDLESSONNOTES.ID = %s""" cursor.execute(statement, sharingLessonNotesid) LessonName = cursor.fetchone() LessonCode = request.form['InputLessonCodeOfShareLessonNote'] if not LessonCode: statement = """SELECT LESSONCODE FROM SHAREDLESSONNOTES WHERE SHAREDLESSONNOTES.ID = %s""" cursor.execute(statement, sharingLessonNotesid) LessonCode = cursor.fetchone() statement = """UPDATE SHAREDLESSONNOTES SET NAMEOFNOTES=%s, LESSONNAME=%s, LESSONCODE=%s, TEACHERNAME=%s, USERID=%s WHERE SHAREDLESSONNOTES.ID=%s""" cursor.execute( statement, (NameOfLessonNote, LessonName, LessonCode, TeacherName, sharingUser_id, sharingLessonNotesid)) connection.commit() return redirect( url_for('site.selected_sharingLessonNotes', id=sharingLessonNotesid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT NAMEOFNOTES,LESSONNAME,LESSONCODE,TEACHERNAME,USERS.NAME,USERS.SURNAME,USERS.EMAIL,FACULTIES.FACULTYNAME,FACULTIES.FACULTYCODE,SHAREDLESSONNOTES.ID FROM SHAREDLESSONNOTES,USERS,FACULTIES WHERE(SHAREDLESSONNOTES.USERID = USERS.ID) AND(USERS.FACULTYID = FACULTIES.ID) """ cursor.execute(query) ALLSharingLessonNotes = cursor.fetchall() return render_template("sharedlessonnotes_announcement.html", ALLSharingLessonNotes=ALLSharingLessonNotes)
def searched_House_Announcement_Page(): if request.method == "POST": if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() print( username ) # use print to check whether the correct data is retrieved by checking the terminal password = current_user.get_password() print(password) email = current_user.get_email() print(email) name = current_user.get_name() print(name) surname = current_user.get_surname() print(surname) faculty_id = current_user.get_faculty_id() print(faculty_id) if formtype == "SearchingHouseAnnouncement": Location = request.form['InputLocationOfSearchingHouse'] MinRent = request.form['InputMinRentPriceOfSearchingHouse'] MaxRent = request.form['InputMaxRentPriceOfSearchingHouse'] Description = request.form['InputDescriptionOfSearchingHouse'] with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() statement = """SELECT ID FROM USERS WHERE(USERS.USERNAME = %s) AND(USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) currentuser_id = cursor.fetchone() searchingHouseAd = searchingHouseAnnouncement( Location, MinRent, MaxRent, Description, currentuser_id) query = """INSERT INTO DATASEARCHEDHOUSE(LOCATION, MINRENTPRICE, MAXRENTPRICE,DESCRIPTION,USERID) VALUES (%s,%s,%s,%s,%s)""" cursor.execute( query, (searchingHouseAd.LocationOfSearchingHouse, searchingHouseAd.MinRentPriceOfSearchingHouse, searchingHouseAd.MaxRentPriceOfSearchingHouse, searchingHouseAd.DescriptionOfSearchingHouse, searchingHouseAd.id_ownerOfSearchingHouseAnnouncement)) connection.commit() return redirect(url_for('site.SearchedHousePageAnnouncement')) elif formtype == "SearchingHouseAnnouncementUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) searchingHouseUser_id = cursor.fetchone() searchingHouseid = request.form['searchingHouse-id'] Location = request.form['InputLocationOfSearchingHouse'] if not Location: statement = """SELECT LOCATION FROM DATASEARCHEDHOUSE WHERE DATASEARCHEDHOUSE.ID = %s""" cursor.execute(statement, searchingHouseid) Location = cursor.fetchone() MinRent = request.form['InputMinRentPriceOfSearchingHouse'] if not MinRent: statement = """SELECT MINRENT FROM DATASEARCHEDHOUSE WHERE DATASEARCHEDHOUSE.ID = %s""" cursor.execute(statement, searchingHouseid) MinRent = cursor.fetchone() MaxRent = request.form['InputMaxRentPriceOfSearchingHouse'] if not MaxRent: statement = """SELECT MAXRENT FROM DATASEARCHEDHOUSE WHERE DATASEARCHEDHOUSE.ID = %s""" cursor.execute(statement, searchingHouseid) MaxRent = cursor.fetchone() Description = request.form['InputDescriptionOfSearchingHouse'] if not Description: statement = """SELECT DESCRIPTION FROM DATASEARCHEDHOUSE WHERE DATASEARCHEDHOUSE.ID = %s""" cursor.execute(statement, searchingHouseid) Description = cursor.fetchone() statement = """UPDATE DATASEARCHEDHOUSE SET LOCATION=%s, MINRENTPRICE=%s, MAXRENTPRICE=%s, DESCRIPTION=%s, USERID=%s WHERE DATASEARCHEDHOUSE.ID=%s""" cursor.execute(statement, (Location, MinRent, MaxRent, Description, searchingHouseUser_id, searchingHouseid)) connection.commit() return redirect( url_for('site.selected_searchingHouse', id=searchingHouseid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT LOCATION,MINRENTPRICE,MAXRENTPRICE,DESCRIPTION,USERS.NAME,USERS.SURNAME,USERS.EMAIL,FACULTIES.FACULTYNAME,FACULTIES.FACULTYCODE,DATASEARCHEDHOUSE.ID FROM DATASEARCHEDHOUSE,USERS,FACULTIES WHERE(DATASEARCHEDHOUSE.USERID = USERS.ID) AND(USERS.FACULTYID = FACULTIES.ID) """ cursor.execute(query) ALLSearchedHouse = cursor.fetchall() return render_template('searchedhouse_announcement.html', ALLSearchedHouse=ALLSearchedHouse)
def update_profile(): uid = current_user.get_id() value = request.json if uid in user_cache: del user_cache[uid] return user.update_profile(uid, current_user.get_email(), current_user.get_age(), current_user.get_gender(), value)
def itu_activity_page(): if request.method == 'POST': if 'userSearchButton' in request.form: # if the search button is submitted session['search_username'] = request.form['usernameSearch'] return redirect(url_for('site.SearchUserPage')) formtype = request.form['form-name'] username = current_user.get_username() email = current_user.get_email() if formtype == "Activity": activityName = request.form['InputActivityName'] participantName = request.form['InputParticipantName'] activityDate = request.form['InputActivityDate'] activityTime = request.form['InputActivityTime'] activityLoc = request.form['InputActivityLocation'] activityDesc = request.form['ActivityDescription'] with dbapi2.connect(current_app.config['dsn']) as connection: # to take the current user's name and email cursor1 = connection.cursor() statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor1.execute(statement, (username, email)) UserId = cursor1.fetchone() UserId = UserId[0] ituActivity = ItuActivity(activityName, participantName, activityDate, activityTime, activityLoc, activityDesc, UserId) cursor = connection.cursor() query = """INSERT INTO ITUACTIVITIES (NAME, SPECIALPARTICIPANT, ACTIVITYDATE, ACTIVITYTIME, LOCATION, DESCRIPTION, USERID) VALUES(%s,%s,%s,%s,%s,%s,%s)""" cursor.execute(query, (ituActivity.activityName, ituActivity.participantName, ituActivity.activityDate, ituActivity.activityTime, ituActivity.activityLoc, ituActivity.activityDesc, ituActivity.user_id)) connection.commit() return redirect(url_for('site.ItuActivityPage')) elif formtype == "ActivityUpdate": with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() # prevented sql injection statement = """SELECT ID FROM USERS WHERE (USERS.USERNAME = %s) AND (USERS.EMAIL = %s)""" cursor.execute(statement, (username, email)) activity_user_id = cursor.fetchone() activityid = request.form['activity-id'] activityName = request.form['InputActivityName'] if not activityName: statement = """SELECT NAME FROM ITUACTIVITIES WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, activityid) activityName = cursor.fetchone() participantName = request.form['InputParticipantName'] if not participantName: statement = """SELECT SPECIALPARTICIPANT FROM ITUACTIVITIES WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, activityid) participantName = cursor.fetchone() activityDate = request.form['InputActivityDate'] if not activityDate: statement = """SELECT ACTIVITYDATE FROM ITUACTIVITIES WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, activityid) activityDate = cursor.fetchone() activityTime = request.form['InputActivityTime'] if not activityTime: statement = """SELECT ACTIVITYTIME FROM ITUACTIVITIES WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, activityid) activityTime = cursor.fetchone() activityLoc = request.form['InputActivityLocation'] if not activityLoc: statement = """SELECT LOCATION FROM ITUACTIVITIES WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, activityid) activityLoc = cursor.fetchone() activityDesc = request.form['ActivityDescription'] if not activityDesc: statement = """SELECT DESCRIPTION FROM ITUACTIVITIES WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, activityid) activityDesc = cursor.fetchone() statement = """UPDATE ITUACTIVITIES SET NAME = %s, SPECIALPARTICIPANT = %s, ACTIVITYDATE = %s, ACTIVITYTIME = %s, LOCATION = %s, DESCRIPTION = %s, USERID = %s WHERE ITUACTIVITIES.ID = %s""" cursor.execute(statement, (activityName, participantName, activityDate, activityTime, activityLoc, activityDesc, activity_user_id, activityid)) connection.commit() return redirect(url_for('site.SelectedItuActivity', activityId=activityid)) else: with dbapi2.connect(current_app.config['dsn']) as connection: cursor = connection.cursor() query = """SELECT ITUACTIVITIES.NAME, SPECIALPARTICIPANT, ACTIVITYDATE, ACTIVITYTIME, LOCATION, DESCRIPTION, USERS.NAME, USERS.SURNAME, USERS.EMAIL, FACULTIES.FACULTYNAME, FACULTIES.FACULTYCODE, USERS.USERNAME, ITUACTIVITIES.ID FROM ITUACTIVITIES, USERS, FACULTIES WHERE (ITUACTIVITIES.USERID = USERS.ID) AND (USERS.FACULTYID = FACULTIES.ID)""" cursor.execute(query) ituActivities = cursor.fetchall() return render_template('itu_activities.html', ituActivities=ituActivities)
def login(): return render_template('login.html', email=current_user.get_email(), count=current_user.get_count())