def get_visits(myid):
db = get_db()
mycheck = db.execute(
'SELECT v.id, u.id'
' FROM venue v JOIN user u ON v.organisation_id = u.organisation_id'
' WHERE v.id = ? AND u.id = ?', (myid, g.user['id'])).fetchone()
if mycheck is None:
abort(404, "Venue id {0} doesn't exist".format(myid))
visits = get_db().execute(
'SELECT firstname, lastname, phone, visited'
' FROM visitor WHERE venue_id = ?', (myid, )).fetchall()
return visits
def register():
''' Login screen and send to register screen '''
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
realname = request.form['realname']
orgname = request.form['orgname']
billing = request.form['billing']
venuename = request.form['venuename']
venueaddress = request.form['venueaddress']
db = get_db()
error = None
# username check
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not realname:
error = 'Preferred name is required'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is aready registered'.format(username)
# Org check
if not orgname:
error = 'Organisation Name is required'
elif not billing:
error = 'Billing information is required'
elif db.execute('SELECT id FROM organisation WHERE orgname = ?',
(orgname, )).fetchone() is not None:
error = 'Organisation {} is aready registered'.format(orgname)
# venue check
if not venuename:
error = 'Venue name is required.'
elif not venueaddress:
error = 'Venue address is required'
if error is None:
db.execute(
'INSERT INTO organisation (orgname, billing) VALUES (?, ?)',
(orgname, billing))
db.commit()
org_id = db.execute(
'SELECT id FROM organisation WHERE orgname = ?',
(orgname, )).fetchone()
db.execute(
'INSERT INTO user (username, password, realname, organisation_id)'
' VALUES (?, ?, ?, ?)',
(username, generate_password_hash(password), realname,
org_id['id']))
db.execute(
'INSERT INTO venue (venuename, venueaddress, organisation_id) VALUES (?, ?, ?)',
(venuename, venueaddress, org_id['id']))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def editvenue(venueid):
db = get_db()
mycheck = db.execute(
'SELECT v.id, u.id'
' FROM venue v JOIN user u ON v.organisation_id = u.organisation_id'
' WHERE v.id = ? AND u.id = ?', (venueid, g.user['id'])).fetchone()
if mycheck is None:
abort(404, "Venue id {0} doesn't exist".format(id))
if request.method == 'POST':
error = None
venuename = request.form['venuename']
if venuename is None:
error = 'Venue name is required.'
venueaddress = request.form['venueaddress']
if venueaddress is None:
error = 'Venue address is required.'
if error is not None:
flash(error)
else:
db.execute(
'UPDATE venue SET venuename = ?, venueaddress = ?'
' WHERE id = ?', (
venuename,
venueaddress,
venueid,
))
db.commit()
return redirect(url_for('config.index'))
else:
venuedata = db.execute(
'SELECT id, venuename, venueaddress'
' FROM venue'
' WHERE id = ?', (venueid, )).fetchone()
return render_template('config/editvenue.html', venuedata=venuedata)
def load_logged_in_user():
''' Grabs user information for logged in user. Or makes user log on'''
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user where id = ?',
(user_id, )).fetchone()
def get_venue(myid):
venue = get_db().execute(
'SELECT v.id, v.venuename, v.venueaddress, v.organisation_id'
' FROM venue v JOIN user u ON v.organisation_id = u.organisation_id'
' WHERE v.id = ? AND u.id = ?', (
myid,
g.user['id'],
)).fetchone()
if venue is None:
abort(404, "Venue id {0} doesn't exist".format(myid))
return venue
def deletevenue(venueid):
db = get_db()
mycheck = db.execute(
'SELECT v.id, u.id'
' FROM venue v JOIN user u ON v.organisation_id = u.organisation_id'
' WHERE v.id = ? AND u.id = ?', (venueid, g.user['id'])).fetchone()
if mycheck is None:
abort(404, "Venue id {0} doesn't exist".format(venueid))
db.execute('DELETE FROM venue WHERE id = ?', (venueid, ))
db.execute('DELETE FROM visitor WHERE venue_id = ?', (venueid, ))
db.commit()
return redirect(url_for('configure.index'))
def edituser():
db = get_db()
userdata = db.execute(
'SELECT username, password, realname'
' FROM user'
' WHERE id = ?', (g.user['id'], )).fetchone()
if request.method == 'POST':
cpassword = request.form['cpassword']
npassword = request.form['npassword']
realname = request.form['realname']
error = None
db = get_db()
userdata = db.execute(
'SELECT username, password, realname'
' FROM user'
' WHERE id = ?', (g.user['id'], )).fetchone()
if not check_password_hash(userdata['password'], cpassword):
error = 'Incorrect Password'
if realname is None:
error = 'A real name is required'
if error is not None:
flash(error)
else:
if npassword is not None:
db.execute('UPDATE user SET password = ? WHERE id = ?', (
generate_password_hash(npassword),
g.user['id'],
))
db.commit()
if realname is not userdata['realname']:
db.execute('UPDATE user SET realname = ? WHERE id = ?', (
realname,
g.user['id'],
))
db.commit()
return redirect(url_for('config.index'))
return render_template('config/edituser.html', userdata=userdata)
def index():
db = get_db()
orgdata = db.execute(
'SELECT o.id, orgname, billing, username, realname'
' FROM organisation o JOIN user u ON o.id = u.organisation_id'
' WHERE u.id = ?', (g.user['id'], )).fetchone()
venuedata = db.execute(
'SELECT v.id, venuename, venueaddress'
' FROM organisation o JOIN venue v ON v.organisation_id = o.id'
' WHERE o.id = ?', (orgdata['id'], )).fetchall()
return render_template('config/index.html',
orgdata=orgdata,
venuedata=venuedata)
def addvenue(orgid):
if request.method == 'POST':
db = get_db()
error = None
venuename = request.form['venuename']
if venuename is None:
error = 'Venue Name is required.'
venueaddress = request.form['venueaddress']
if venueaddress is None:
error = 'Venue Address is required.'
if error is not None:
flash(error)
else:
db.execute(
'INSERT INTO venue (venuename, venueaddress, organisation_id)'
' VALUES (?, ?, ?)', (venuename, venueaddress, orgid))
db.commit()
return redirect(url_for('config.index'))
return render_template('config/addvenue.html', orgid=orgid)
def login():
''' Checks if logon is real and sends to config
Otherwise, asks user to log on'''
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('config.index'))
flash(error)
return render_template('auth/login.html')
def editorg():
db = get_db()
orgdata = db.execute(
'SELECT o.id, orgname, billing'
' FROM organisation o JOIN user u ON o.id = u.organisation_id'
' WHERE u.id = ?', (g.user['id'], )).fetchone()
if request.method == 'POST':
error = None
orgname = request.form['orgname']
billing = request.form['billing']
if orgname is None:
error = 'Organisation name is required.'
if billing is None:
error = 'Billing information is required.'
if error is not None:
flash(error)
else:
db.execute(
'UPDATE organisation SET orgname = ?, billing = ?'
' WHERE id = ?', (orgname, billing, orgdata['id']))
db.commit()
return redirect(url_for('config.index'))
return render_template('config/editorg.html', orgdata=orgdata)
