def event_new(): if request.method == "POST": query = """INSERT INTO Event (title,description,start_time,end_time) VALUES(%s,%s,%s,%s);""" title = sanitizeHTML(request.form.get('title')) description = sanitizeHTML(request.form.get('description')) start_time = sanitizeHTML(request.form.get('start_time')) end_time = sanitizeHTML(request.form.get('end_time')) t = (title,description,start_time,end_time) cursor = g.db.cursor() cursor.execute(query,t) g.db.commit() cursor.close() return redirect(url_for('events')) else: return render_template('event_new.html',user_id=session['user_id'])
def register(): full_name = sanitizeHTML(request.form.get('fullname','')) email = sanitizeHTML(request.form.get('email','')) password = sanitizeHTML(request.form['password']) passwordconfirm = sanitizeHTML(request.form['password']) agreed_to_terms = sanitizeHTML(request.form.get('terms','')) # either on or '' if agreed_to_terms == '': flash('Must agree to terms and conditions') return redirect(url_for('login')) if not full_name: flash('Must include name') if not email: flash('Must include email') if not password: flash('Must include password') if password != passwordconfirm: flash('Passwords do not match') if full_name and email and password and (password == passwordconfirm): # preserve request type of POST with HTTP code 307 # as per HTTP/1.1 (RFC 2616) # create the user and log them in with the given info query = """INSERT INTO SLUser (full_name, email, password) VALUES(%s,%s,%s);""" cursor = g.db.cursor() cursor.execute(query,(full_name,email,password)) g.db.commit() cursor.close() flash("Registration successful. Check your email for a confirmation.") return redirect(url_for('login',email=email,password=password), code=307) return redirect(url_for('login'))