def register(): form = RegistrationForm(request.form) if request.method == 'POST' and form.validate(): db = db_connect() cur = db.cursor() salt = get_salt() password_hash = phash(form.password.data + salt) # TODO: Clean up this handling. # Handles case where email is not present, inserts NULL below. # Notice lack of single quotes in query which facilitates this. if form.email.data != "": email = "'{}'".format(form.email.data) else: email = "NULL" query = "INSERT INTO users (username, l_username, first_name, " \ "last_name, password_hash, salt, email) VALUES " \ "('{username}', LOWER('{username}'), '{first_name}', " \ "'{last_name}', '{password_hash}', '{salt}', {email})".format( username=form.username.data, first_name=form.first_name.data, last_name=form.last_name.data, password_hash=password_hash, salt=salt, email=email ) cur.execute(query) db.commit() session['logged'] = form.username.data return redirect(url_for('homepage')) return render_template("register.html", form=form)
def export(): # Request for export data. if request.method == 'POST': db = db_connect() cur = db.cursor(MySQLdb.cursors.DictCursor); query = "SELECT DATE(h.entry_start) AS start_date, TIME(h.entry_start) AS start_time, DATE(h.entry_end) AS end_date, TIME(h.entry_end) AS end_time, h.severity FROM headache_entries h JOIN users u ON h.user_id = u.id WHERE u.l_username = LOWER('{}')".format(session['logged']) cur.execute(query) # Get all entries at once. entries = cur.fetchall(); # Save results parsed as csv to file in-memory. string_buffer = StringIO.StringIO() w = csv.DictWriter(string_buffer, entries[0].keys()) w.writeheader() w.writerows(entries) csv_content = string_buffer.getvalue() string_buffer.close() # Response with export data. return Response(csv_content, mimetype="text/csv", headers={ "Content-Disposition": "attachment;filename=export.csv" }) return render_template("export.html")
def register(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) errorMail = "" errorFirst = "" errorLast = "" errorPass = "" error = "" if request.method == 'POST': firstname=request.form['firstname'] lastname=request.form['lastname'] email=request.form['email'] password=request.form['password'] if "mail.umw.edu" in email and firstname and lastname and password: query = "INSERT INTO users (firstname,lastname,email,password,accountStatus) VALUES('%s','%s','%s','%s',3);" % (firstname,lastname,email,password) cur.execute(query) db.commit() return redirect(url_for('login')) else: error = "true" if "mail.umw.edu" or "umw.edu" not in email or not email: errorMail = "true" if not firstname: errorFirst = "true" if not lastname: errorLast = "true" if not password: errorPass = "******" return render_template('register.html', errorMail=errorMail, errorFirst=errorFirst, errorLast=errorLast, errorPass=errorPass, error=error)
def another_page(): print('anotherpage') scoop = {'postername': MySQLdb.escape_string(request.form['postername']), 'activity': MySQLdb.escape_string(request.form['activity']), 'rank': request.form['rank'] } if request.method == 'POST': db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "INSERT INTO club_name (postername) VALUES ('" + MySQLdb.escape_string(request.form['postername']) + "')" # Print query to console (useful for debugging) print query cur.execute(query) id=cur.lastrowid #db.commit() query2 = "INSERT INTO activity (club_id, activity, rank) VALUES (" + str(id) + ", '" + MySQLdb.escape_string(request.form['activity']) + "', '" + request.form['rank'] + "')" # Print query to console (useful for debugging) print query2 cur.execute(query2) db.commit() cur.execute('SELECT DISTINCT cn.postername, a.activity, a.rank FROM club_name cn NATURAL JOIN activity a') rows = cur.fetchall() return render_template('another_page.html', club_name=rows, activity = rows, scoop = scoop)
def register(): #If they registered for an account if request.method == 'POST': #set up database connections db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) #get form results. username = MySQLdb.escape_string(request.form['username']) password = MySQLdb.escape_string(request.form['pw']) zipcode = MySQLdb.escape_string(request.form['zipcode']) #testing in terminal print "Hi " + username + " " + password + " " + zipcode #Insert into 'users' table #query = "INSERT INTO users (username, password, zipcode) VALUES ('"; #query += request.form['username'] + "','" + request.form['pw'] + "','" + request.form['zipcode'] + "')" #Hash it ###ADD ZIPCODE TO USERS TABLE query = "INSERT INTO users (username, password, zipcode) VALUES ('%s', SHA2('%s', 0), '%d')" % (username, password, int(zipcode)) print query #testing in terminal cur.execute(query) db.commit() return render_template('login.html', selectedMenu='Login') return render_template('register.html', selectedMenu='Register', name = currentUser)
def report2(): query = 'INSERT' query2 = 'INSERT' query3 = 'INSERT' query4 = 'INSERT' print query print query2 print query3 print query4 db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "INSERT INTO Star_Wars (Name) VALUES ('" query += request.form['name'] + "')" query2 = "INSERT INTO Appearance (Species, Gender) VALUES ('" query2 += request.form['species'] + "', '" + request.form['gender'] + "')" query3 = "INSERT INTO Ability_Scores (Str, Dex, Con, Intl, Wis, Cha) VALUES (" query3 += request.form['str'] + ", " + request.form['dex'] + ", " + request.form['con'] + ", " + request.form['intl'] + ", " + request.form['wis'] + ", " + request.form['cha'] + ")" query4 = "INSERT INTO Class_Levels (Soldier, Jedi, Scoundrel, Scout, Noble) VALUES (" query4 += request.form['soldier'] + ", " + request.form['jedi'] + ", " + request.form['scoundrel'] + ", " + request.form['scout'] + ", " + request.form['noble'] + ")" print query print query2 print query3 print query4 cur.execute(query); cur.execute(query2); cur.execute(query3); cur.execute(query4); db.commit() return redirect(url_for('starWars'))
def estateadd2(): db = utils.db_connect() cur = db.cursor() if request.method == 'POST': #if user has submitted something if 'address' in request.form: #if user is adding an estate damageType = MySQLdb.escape_string(request.form['damageType']) address = request.form['address'] query = "INSERT INTO basicHouse (address,county,state,price) VALUES ('" + address +"', '"+MySQLdb.escape_string(request.form['county'])+"', '"+MySQLdb.escape_string(request.form['state'])+"', "+MySQLdb.escape_string(request.form['price'])+")" print(query) cur.execute(query) db.commit() query = "INSERT INTO house_damages (type,house_id,cost) VALUES ('" query+=damageType+"', (SELECT house_id FROM basicHouse WHERE address= '"+ address+"' GROUP BY address) , '"+ MySQLdb.escape_string(request.form['damageCost']) + "');" print(query) cur.execute(query) #rows = cur.fetchall() db.commit() if 'damAddress' in request.form: #if adding damages to existing estate address = MySQLdb.escape_string(request.form['damAddress']) damageType = MySQLdb.escape_string(request.form['damDamageType']) damageCost = MySQLdb.escape_string(request.form['damDamageCost']) query = "INSERT INTO house_damages (house_id,type,cost) VALUES ((SELECT house_id FROM basicHouse WHERE address = '" + address + "'),'"+ damageType+"',"+damageCost + ");" print(query) cur.execute(query) db.commit() return render_template('index.html', name = currentUser)
def register(): global currentUser db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) # if user typed in a post ... if request.method == 'POST': un = MySQLdb.escape_string(request.form['username']) pw = MySQLdb.escape_string(request.form['pw']) stop = 0 query = "SELECT COUNT(*) FROM users" cur.execute(query) countBefore = cur.fetchall() query = "INSERT INTO users (username) SELECT name FROM (SELECT '%s' AS name) t WHERE NOT EXISTS (SELECT * FROM users WHERE username = '******')" % (un, un) cur.execute(query) db.commit( ) query = "SELECT COUNT(*) FROM users" cur.execute(query) countAfter = cur.fetchall() if countAfter == countBefore: stop = 1 if stop != 1: query2 = "SELECT id FROM users WHERE username = '******'" % (un) cur.execute(query2) tida = cur.fetchall( ) tid = tida[0]['id'] query3 = "INSERT INTO user_passwords (password, user_id) VALUES (SHA2('%s',0), %d)" % (pw, tid) cur.execute(query3) db.commit( ) currentUser = un return redirect(url_for('mainIndex')) else: warn = "That username already exists!" return render_template('warning.html', warn = warn) return render_template('register.html', curus = currentUser)
def report(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = 'select * from games' cur.execute(query) rows = cur.fetchall() return render_template('report.html', games=rows, selectedMenu='report')
def hours(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) fname=request.args.get('firstname') lname=request.args.get('lastname') classes=request.args.get('subject') username=session['username'] query = "SELECT numId FROM users WHERE email='%s'" % (username) cur.execute(query) student = cur.fetchone() sId = student['numId'] username = fname + " " + lname b=[] IDquery = "SELECT numId FROM users WHERE firstname = '%s' AND lastname = '%s'" % (fname, lname) cur.execute(IDquery) user = cur.fetchone() numId = user['numId'] appQuery = "SELECT dayofweek, hourof FROM times WHERE studentId = '%s' AND available = '0'" % (numId) cur.execute(appQuery) apps = cur.fetchall() for thing in apps: time = thing['hourof'] day = thing['dayofweek'] app = time + day b.append(app) return render_template('hours.html', name=username, a=b, tutorId=numId, studentId=sId, course=classes)
def createTutor(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) created = " " if request.method == 'POST': row = [] first = request.form['firstName'] last = request.form['lastName'] email = request.form['email'] course = request.form['course'] password = request.form['password'] query2 = "SELECT * FROM users WHERE email = '%s';" % (email) cur.execute(query2) test = cur.fetchone() if test: if test['accountStatus'] == 1: created = "admin" elif test['accountStatus'] == 2: created = "no" elif test['accountStatus'] == 3: created = "updated" #if the query here does not activate, take out classes + and leave it '%s' query3 = "UPDATE users SET accountStatus = 2, classes = classes + '%s' WHERE email = '%s';" % (course, email) cur.execute(query3) else: created = "yes" query = "INSERT INTO users (firstname,lastname,email,password,accountStatus,classes) VALUES('%s','%s','%s','%s',2, '%s');" % (first,last,email,password, course) cur.execute(query) db.commit() return render_template('createTutor.html', created=created)
def gChoose2(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) genre = request.form.get("genreT") ranNum = random.randint(1,5) if ranNum == 1: trivia = 'Laws' cur.execute('select content,state from laws where genreId = (select numId from genre where genreName= \''+genre+'\') order by rand() limit 5') elif ranNum == 2: trivia = 'Trivia' cur.execute('select content from trivia where genreId = (select numId from genre where genreName= \''+genre+'\') order by rand() limit 5') elif ranNum == 3: trivia = 'Sayings' cur.execute('select content, author from sayings where genreId = (select numId from genre where genreName= \''+genre+'\') order by rand() limit 5') elif ranNum == 4: trivia = 'Fortune Cookies' cur.execute('select content from fortuneCookies where genreId = (select numId from genre where genreName= \''+genre+'\') order by rand() limit 5') elif ranNum == 5: trivia = 'Meme' cur.execute('select imageLink,content from meme where genreId = (select numId from genre where genreName= \''+genre+'\') order by rand() limit 5') rows = cur.fetchall() return render_template('genreDisplay.html', genre = genre, rows = rows, trivia = trivia)
def randome(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) trivia = request.form.get("triviatype") ranNum = random.randint(1,5) if ranNum == 1: tCol = 'laws' cur.execute('select content,state from '+tCol+' order by rand() limit 1') elif ranNum == 2: tCol = 'trivia' cur.execute('select content from '+tCol+' order by rand() limit 1') elif ranNum == 3: tCol = 'sayings' cur.execute('select content, author from '+tCol+' order by rand() limit 1') elif ranNum == 4: tCol = 'fortuneCookies' cur.execute('select content from '+tCol+' order by rand() limit 1') print 'select content from '+tCol+' order by rand() limit 1' elif ranNum == 5: tCol = 'meme' cur.execute('select imageLink,content from '+tCol+' order by rand() limit 1') rows = cur.fetchall() print ranNum, rows return render_template('randdisplay.html', trivia = trivia, rows = rows)
def trivia2(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) trivia = request.form.get("triviatype") if trivia == 'Laws': tCol = 'laws' cur.execute('select content,state from '+tCol+' order by rand() limit 3') #cur.execute('select content, state from ' + tCol + ';') elif trivia == 'Trivia': tCol = 'trivia' cur.execute('select content from '+tCol+' order by rand() limit 3') #cur.execute('select content from '+ tCol + ';' ) elif trivia == 'Sayings': tCol = 'sayings' cur.execute('select content, author from '+tCol+' order by rand() limit 3') #cur.execute('select content, author from ' + tCol + ';') elif trivia == 'Fortune Cookies': tCol = 'fortuneCookies' cur.execute('select content from '+tCol+' order by rand() limit 3') #cur.execute('select content from ' + tCol + ';') elif trivia == 'Meme': tCol = 'meme' cur.execute('select content, imageLink from '+tCol+' order by rand() limit 3') #cur.execute('select content from ' + tCol + ';') rows = cur.fetchall() print rows return render_template('triviadisplay.html', trivia=trivia, rows=rows)
def report2(): firstname = request.form['firstname'] lastname = request.form['lastname'] username = request.form['username'] password = request.form['password'] school = request.form['school'] city = request.form['city'] state = request.form['state'] game = request.form['game'] #query = "SELECT id from games where title = '" + game + "'" #"(SELECT id from users where users.username ='******' AND users.password ='******')" db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "INSERT INTO users (firstname, lastname, username, password, game) VALUES ('"; query += request.form['firstname'] + "', '" + request.form['lastname'] + "', '" + username + "', '" + password + "', (SELECT id from games where games.title = '" + game + "'))" print query cur.execute(query) db.commit() query = "INSERT INTO userInfo (userid, school, city, state) VALUES ((SELECT id from users where users.username ='******' AND users.password ='******'),'" + school + "' , '" + city + "', '" + state + "')" print query cur.execute(query) db.commit() return redirect(url_for('list'))
def editTutor2(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) classes = request.args.get('classes') tempClass = classes.split(',') first = request.args.get('first') last = request.args.get('last') created="" line = "" email = request.args.get('email') if request.method == "POST": num = request.form['CourseNum'] subject = request.form['Subject'] if num and subject: course = subject + "-" + num query = "SELECT classes FROM users WHERE email = '" + email + "' AND classes LIKE '%" + course + "%';" cur.execute(query) test = cur.fetchone() else: course = "" test = None delete = request.form['tutorCourse'] if test: created="exist" else: if course and not delete: created = "updated" query3 = "UPDATE users SET classes = CONCAT(classes, ',%s') WHERE email = '%s';" % (course, email) cur.execute(query3) db.commit() elif course and delete: created = "both" for data in tempClass: if data != delete: if line == "": line = data else: line = line + "," + data query3 = "UPDATE users SET classes = '%s' WHERE email = '%s';" % (line, email) cur.execute(query3) db.commit() query3 = "UPDATE users SET classes = CONCAT(classes, ',%s') WHERE email = '%s';" % (course, email) cur.execute(query3) db.commit() elif not course and delete: created = "deleted" for data in tempClass: if data != delete: if line == "": line = data else: line = line + "," + data query3 = "UPDATE users SET classes = '%s' WHERE email = '%s';" % (line, email) cur.execute(query3) db.commit() elif not course and not delete: created = "nothing" return redirect(url_for('editTutor', created = created)) return render_template('editTutor2.html', classes = tempClass, created=created, first=first, last=last)
def sched3(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) selClass = request.form['class'] query = "SELECT firstname, lastname, numId FROM users WHERE classes LIKE '%" + selClass + "%';" cur.execute(query) tutors = cur.fetchall() return render_template('sched3.html', results = tutors, course=selClass)
def damages2(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "SELECT b.address, hd.type, hd.cost FROM basicHouse b INNER JOIN house_damages hd ON b.house_id = hd.house_id AND b.address LIKE '%" + MySQLdb.escape_string(request.form['address']) + "%'ORDER BY b.address;" cur.execute(query) rows = cur.fetchall() print(rows) return render_template('damages2.html', name = currentUser,damages = rows)
def list(): global game db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "SELECT firstname, lastname, school, city, state from users join userInfo on users.id = userInfo.userid WHERE users.game =(SELECT id from games where games.title = '" + game + "')" cur.execute(query) rows = cur.fetchall() return render_template('list.html', users=rows, selectedMenu='List')
def report4(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) cur.execute(query) rows = cur.fetchall() return render_template('locateReturn.html', selectedMenu='List', name = currentUser)
def logout(): global currentUser db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) # if user typed in a post ... if request.method == 'POST': currentUser = '' return redirect(url_for('mainIndex')) return render_template('logout.html', curus = currentUser)
def friendDebtIndex(): global currentUser db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query1 = "SELECT ul.username, ud.transaction, ud.description, ud.debt_amount from user_list ul join user_debt ud on ul.id = ud.id where ul.username <> '%s'" % (currentUser) cur.execute(query1) rows = cur.fetchall() db.commit() return render_template('friendDebt.html', selectedMenu = 'FriendsInDebt',friend_debt=rows)
def report3(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) cur.execute('SELECT b.address, b.county, b.state, b.price, SUM(hd.cost) FROM basicHouse b INNER JOIN house_damages hd ON b.house_id = hd.house_id GROUP BY b.address') rows = cur.fetchall() print(rows) return render_template('houses.html', houses=rows, name = currentUser)
def editTime(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) username = session['username'] error = "error" if request.method == 'POST': date = request.form.getlist('hour') query = "SELECT numId,classes FROM users WHERE email = '%s'" % (username) cur.execute(query) tutor = cur.fetchone() Id = tutor['numId'] subjects = tutor['classes'] query2 = "DELETE FROM times WHERE studentId = '%s';" % (Id) cur.execute(query2) db.commit(); if date: for h in date: hour = h[:2] day = h[2:] if hour == "06": hour = "6:00AM" elif hour == "07": hour = "7:00AM" elif hour == "08": hour = "8:00AM" elif hour == "09": hour = "9:00AM" elif hour == "10": hour = "10:00AM" elif hour == "11": hour = "11:00AM" elif hour == "12": hour = "12:00PM" elif hour == "13": hour = "1:00PM" elif hour == "14": hour = "2:00PM" elif hour == "15": hour = "3:00PM" elif hour == "16": hour = "4:00PM" elif hour == "17": hour = "5:00PM" elif hour == "18": hour = "6:00PM" elif hour == "19": hour = "7:00PM" elif hour == "20": hour = "8:00PM" elif hour == "21": hour = "9:00PM" query3 = "INSERT INTO times (studentId,classes,dayofweek,hourof,available) VALUES('%s','%s','%s','%s',1);" % (Id,subjects,day,hour) cur.execute(query3) db.commit() error = "sucess" return render_template('editTime.html', errors = error)
def validate_username(form, field): db = db_connect() cur = db.cursor() query = "SELECT COUNT(*) FROM users WHERE l_username=LOWER('" + field.data + "')" cur.execute(query) userInfo = cur.fetchone() if userInfo[0] != 0: raise ValidationError('That username is already taken!')
def Schedule(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "SELECT DISTINCT subject FROM classes" cur.execute(query) db.commit() results=cur.fetchall() return render_template('schedule.html', subjects=results)
def search(): db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) adminName = "" adminQuery = "SELECT * FROM users WHERE accountStatus = 1;" cur.execute(adminQuery) row = cur.fetchone() fname = row['firstname'] lname = row['lastname'] username = fname + " " + lname stuff = "" results = "" queryType = "" a="" if request.method == 'POST': queryType = "yes" firstname = request.form['firstname'] lastname = request.form['lastname'] subject = request.form['Subject'] course = request.form['CourseNum'] a = subject+"-"+course if firstname and lastname and not course: query = "SELECT firstname, lastname, classes FROM users WHERE firstname LIKE '" + firstname + "' AND lastname LIKE '" + lastname + "' AND accountStatus = 2 AND classes LIKE '%" + subject + "%';" cur.execute(query) results = cur.fetchall() db.commit() elif (firstname or lastname) and not course: query = "SELECT firstname, lastname, classes FROM users WHERE (firstname LIKE '" + firstname + "' OR lastname LIKE '" + lastname + "') AND accountStatus = 2 AND classes LIKE '%" + subject + "%';" cur.execute(query) results = cur.fetchall() db.commit() elif firstname and lastname and course: query = "SELECT firstname, lastname, classes FROM users WHERE firstname LIKE '" + firstname + "' AND lastname LIKE '" + lastname + "' AND accountStatus = 2 AND classes LIKE '%" + subject + "-" + course + "%';" cur.execute(query) results = cur.fetchall() db.commit() elif (firstname or lastname) and course: query = "SELECT firstname, lastname, classes FROM users WHERE (firstname LIKE '" + firstname + "' OR lastname LIKE '" + lastname + "') AND accountStatus = 2 AND classes LIKE '%" + subject + "-" + course + "%';" cur.execute(query) results = cur.fetchall() db.commit() elif not firstname and not lastname: #Search by course if subject and not course: query = "SELECT firstname, lastname, classes FROM users WHERE classes LIKE '%" + subject + "%';" cur.execute(query) results = cur.fetchall() db.commit() elif subject and course: query = "SELECT firstname, lastname, classes FROM users WHERE classes LIKE '%" + subject + "-" + course + "%';" cur.execute(query) results = cur.fetchall() db.commit() return render_template('search.html', stuff = stuff, selectedMenu='search', results=results, queryType=queryType, adminName=username, a=a)
def appointment2(): subject = request.form['subject'] db = utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) query = "SELECT class FROM classes WHERE subject=\'" + subject + "\'" cur.execute(query) db.commit() classes = cur.fetchall() return render_template('schedule2.html', classes=classes)
def insult( ): db = utils.db_connect() cur = db.cursor() #Getting the verb #search based on intensity query = "SELECT id FROM insult_verbs WHERE intensity = '" + str(intensity) + "'" cur.execute(query) #get all the verbs of that intensity possible = cur.fetchall() numpossible = len(possible) #pick a random index to use rand = random.randint(0,numpossible-1) #get the value at that index target = possible[rand][0] #use that value as the id of the verb query = "SELECT verb FROM insult_verbs WHERE id = " + str(target) cur.execute(query) verb = cur.fetchall() #Getting the noun #search based on intensity query = "SELECT id FROM insult_nouns WHERE intensity = '" + str(intensity) + "'" cur.execute(query) #get all the verbs of that intensity possible = cur.fetchall() numpossible = len(possible) #pick a random index to use rand = random.randint(0,numpossible-1) #get the value at that index target = possible[rand][0] #use that value as the id of the verb query = "SELECT noun FROM insult_nouns WHERE id = " + str(target) cur.execute(query) noun = cur.fetchall() #Getting the adjective #search based on intensity query = "SELECT id FROM insult_adjectives WHERE intensity = '" + str(intensity) + "'" cur.execute(query) #get all the verbs of that intensity possible = cur.fetchall() numpossible = len(possible) #pick a random index to use rand = random.randint(0,numpossible-1) #get the value at that index target = possible[rand][0] #use that value as the id of the verb query = "SELECT adjective FROM insult_adjectives WHERE id = " + str(target) cur.execute(query) adjective = cur.fetchall() return render_template('insult.html', verb = verb, noun = noun, adjective = adjective)
def booking(): tutorName = request.form['name'] selClass = request.form['class'] day = request.form['dayofweek'] time = request.form['time'] names = tutorName.split(" ") firstname = names[0] lastname = names[1] actDay = day.split(" ") day = actDay[1] curUser = session['username'] db= utils.db_connect() cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor) curUserQuery = "SELECT numId FROM users WHERE email=\""+curUser+"\"" cur.execute(curUserQuery) db.commit() userIDDict = cur.fetchone() userID = userIDDict['numId'] tutorQuery = "SELECT numId FROM users WHERE firstname=\""+firstname+"\" AND lastname=\"" + lastname + "\"" cur.execute(tutorQuery) db.commit() tutorIDDict = cur.fetchone() tutorID = tutorIDDict['numId'] bookquery = "UPDATE times SET available = 1 WHERE studentId = '%s' AND hourof = '%s' AND dayofweek = '%s';" % (tutorID, time, day) cur.execute(bookquery) db.commit() appointQuery = "INSERT INTO appointments (datenum,apptime,class,studentId,tutorId) VALUES('%s','%s','%s','%d','%d');" % (day,time,selClass,userID,tutorID) cur.execute(appointQuery) db.commit() emailSubject = "UMW %s Tutoring Appointment" % (selClass) emailToStudent = "Hi There! Your appointment for tutoring in %s with %s %s has been made for %s at %s. Thank you for using the UMW Tutoring Scheduler!" % (selClass, firstname, lastname, day, time) emailToTutor = "blah" mail.connect() studentmsg = Message('Hello', sender='*****@*****.**', recipients=[session['username']]) studentmsg.subject = emailSubject studentmsg.body = emailToStudent mail.send(studentmsg) return render_template('booked.html')
#!/usr/bin/env python3 # import modules from Python Standard library import cgi import cgitb cgitb.enable() # import custom modules from config import config import utils import components # connect to a database db = utils.db_connect(config) # tell browser to expect HTML print("Content-Type: text/html\n") # render header HTML print(utils.render_template(config['TEMPLATE_DIR'] + 'header.html')) # get any data sent with the GET or POST request # this may be required by multiple components sent_data = cgi.FieldStorage() # -------- START OF FUNCTIONAL COMPONENTS ----------->>> # ---------- HANDLE LOGIN FORM SUBMISSIONS ---------- # check if login form was submitted if 'btn_login' in sent_data: