def profile(): # must be signed in if 'user_id' not in session: return redirect(url_for('signin')) profile = ProfileForm() if request.method == "GET": # get user data qry = db.session.execute(""" select user_id, first_name, last_name, email, SUBSTR(username,2) as username, create_ts from users where user_id = :user """, {'user': int(session['user_id'])}) user = qry.first() # profile form profile.first_name.default = user.first_name profile.last_name.default = user.last_name profile.email.default = user.email profile.username.default = user.username profile.create_ts.default = user.create_ts profile.process() return render_template('users/profile.html', form=profile) elif request.method == "POST": if profile.validate() == False: return render_template('users/profile.html', form=profile) else: User.query.filter_by(user_id=int(session['user_id'])).update( dict( first_name = profile.first_name.data, last_name = profile.last_name.data, email = profile.email.data, username = '******' + profile.username.data ) ) db.session.commit() return redirect(url_for('index'))