def getUser(): uid = session.get("uid", None) exp = session.get("expires", None) if uid is None or exp is None or exp > (datetime.now() + timedelta(hours=1)): return None db = database() usr = db.cursor().execute( ''' SELECT fname, lname, email FROM users WHERE uid=? ''', (uid, )).fetchone() return usr
def authenticate(user): """ authenticates attempted login""" # checks if user exists in database c = database() # result_hash = c.cursor().execute( ''' Select hash, uid from Users where email=? ''', (user.email, )).fetchone() if result_hash is None: return redirect(url_for('login_get')) elif check_password(user.password, result_hash[0], pep): session["uid"] = result_hash[1] session["expires"] = datetime.now()
def remove_product(product_id): db = database() cursor = db.cursor() # Remove product image image_file = cursor.execute( """ SELECT image_file FROM Products WHERE id = ? """, (product_id, )).fetchone() os.remove(os.path.join(product_image_dir, image_file[0])) # Remove product from database cursor.execute(""" DELETE FROM Products WHERE id = ? """, (product_id, )) db.commit() return redirect(url_for("product_list"))
def move_forward(): # Moving forward code userId = session.get('uid', None) if userId is None: flash("Must be signed in to delete account") return redirect(url_for('home')) db = database() db.cursor().execute(''' DELETE FROM Users WHERE uid=?; ''', (userId, )) db.cursor().execute( ''' DELETE FROM Products WHERE user=?; ''', (userId, )) db.commit() session["uid"] = None session["expires"] = None flash("Account deleted") return redirect(url_for('home'))
def product(product_id): conn = database() # c = conn.cursor() result = c.execute( ''' SELECT id, name, description, price, tags, image_file, condition, user, U.fname, U.lname, U.email, U.profileExt FROM Products JOIN Users U ON Products.user = U.uid WHERE id=?; ''', (product_id, )).fetchall() if len(result) == 0: return render_template("products.j2") for row in result: id = row[0] name = row[1] description = row[2] price = row[3] tags = row[4].split(', ') image_file = row[5] condition = row[6] user = row[7] sfName = row[8] slName = row[9] sEmail = row[10] sExt = row[11] sellerName = sfName + " " + slName return render_template("product.j2", user=getUser(), id=id, name=name, description=description, price=price, tags=tags, image_file=image_file, condition=condition, userID=user, sName=sellerName, sEmail=sEmail, sPath=sEmail + sExt)
def recoverPassword_post(): form = RecoverPasswordForm() if form.validate_on_submit(): plainText = ''.join( random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(15)) hash = hash_password(plainText, pep) conn = database() conn.cursor().execute( ''' UPDATE Users set hash=? where email=?; ''', (hash, form.email.data)) conn.commit() # email password mailSvr = mailer() mailSvr.sendMail( form.email.data, 'Reset Password', 'Your password has been reset. Please login with the new temporary password: '******' and change it immediately') return redirect(url_for('login_get')) return render_template('recoverPassword.j2')
def settings(): uid = session.get("uid") form = SettingsForm() conn = database() usr = conn.cursor().execute( ''' SELECT fname, lname, email FROM users WHERE uid=? ''', (uid, )).fetchone() if form.validate_on_submit() and request.method == 'POST': if form.password.data != '' and form.password.data != form.confirm.data: flash("passwords must match") elif form.password.data != '': pw_hash = hash_password(form.password.data, pep) conn.cursor().execute( ''' UPDATE Users SET hash=?, email=?, fname=?, lname=? WHERE uid=? ''', (pw_hash, form.email.data, form.fname.data, form.lname.data, uid)) conn.commit() else: # update other info conn.cursor().execute( ''' UPDATE Users SET email=?, fname=?, lname=? WHERE uid=? ''', (form.email.data, form.fname.data, form.lname.data, uid)) conn.commit() conn = database() cursor = conn.cursor() row = cursor.execute( ''' SELECT profileExt FROM Users where uid=? ''', (uid, )).fetchone() oldExt = row[0] if form.profile_image.data is not None: _, extension = os.path.splitext(form.profile_image.data.filename) form.profile_image.data.save( os.path.join(user_image_dir, str(form.email.data) + extension)) conn = database() c = conn.cursor() c.execute( ''' UPDATE Users SET profileExt = ? where uid=? ''', (extension, uid)) conn.commit() else: old_profile = os.path.join(user_image_dir, str(usr[2])) + oldExt new_profile = os.path.join(user_image_dir, form.email.data) + oldExt os.rename(r'' + old_profile, r'' + new_profile) flash("Settings have been updated") form.accept_changes.data = False return render_template('settings.j2', user=usr, form=form) elif request.method == 'POST': flash("Invalid Fields. Please try again.") return render_template('settings.j2', user=usr, form=form) elif request.method == 'GET': form.fname.data = usr[0] form.lname.data = usr[1] form.email.data = usr[2] return render_template('settings.j2', user=usr, form=form)