def login():
if request.method == "POST":
#get username/email and password
usernameOrEmail = request.form.get('usernameOrEmail')
password = request.form.get('password')
verification = accounts.account()
verificationResult = verification.login(usernameOrEmail, password)
if verificationResult == "Invalid login credentials":
return render_template('signin.html',
usernameOrEmail=usernameOrEmail,
password=password)
elif verificationResult == None:
return redirect(url_for('signin'))
else:
contact = contacts.contact()
check2FA = contact.check2FA(verificationResult[0])
if check2FA == "N":
session['accountInfo'] = verificationResult
description = "{} signed in".format(session['accountInfo'][1])
log = logs.log(description)
log.addLogs()
flash("Welcome! You've successfully login.", "success")
return redirect(url_for('dashboard'))
else:
session['allowForceLogin'] = 1
session['forceLoginInfo'] = verificationResult
return render_template('otpways.html',
accountInfo=verificationResult)
else:
return redirect(url_for('signin'))
def updateProfileAndContact():
sessionChecker = loginRequired()
if sessionChecker == True:
if request.method == 'POST':
firstName = request.form.get('firstName')
lastName = request.form.get('lastName')
gender = request.form.get('gender')
birthDate = request.form.get('birthDate')
phoneNo = request.form.get('phoneNo')
email = request.form.get('email')
profile = profiles.profile()
profile.updateProfile(session['accountInfo'][0], firstName,
lastName, gender, birthDate)
contact = contacts.contact()
contact.updateContact(session['accountInfo'][0], phoneNo, email)
account = accounts.account()
username = session['accountInfo'][1]
password = session['accountInfo'][2]
session.clear()
accountInfo = account.login(username, password)
session['accountInfo'] = accountInfo
description = "{} update its account info".format(
session['accountInfo'][1])
log = logs.log(description)
log.addLogs()
msg = flash(
"Well Done! You've successfully updated your profile information.",
"success")
return redirect(url_for('accountInfo', msg=msg))
else:
return redirect(url_for("signin"))
def emailCredentialUuniquenessTest():
email = request.args.get('email', 0, type=str)
uniquenessTest = contacts.contact()
uniquenessTest = uniquenessTest.emailUniquenessTest(email)
return jsonify(result=uniquenessTest)
def deletePaymentRecordEmailVerication(userID, bhID):
trusted_proxies_and_IP = ['127.0.0.1']
if 'adminLogin' in session:
if request.remote_addr not in trusted_proxies_and_IP:
abort(403) # Forbidden
else:
#code for renter
renterCode = contacts.contact()
renterEmail = renterCode.findEmailUsingUserID(userID)
renterCode = renterCode.sendEmailVerificationCodeForPaymentUpdate(
renterEmail[0][1])
#code for owner
ownerCode = contacts.contact()
ownerEmail = ownerCode.findEmailUsingbhID(bhID)
ownerCode = ownerCode.sendEmailVerificationCodeForPaymentUpdate(
ownerEmail[1])
return jsonify(result=[renterCode, ownerCode])
else:
return render_template('errorpage.html')
def sendOTPviaSms(phoneNumber):
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
loginCredentials = [username, password]
code = contacts.contact()
code = code.sendOTPviaPhoneNumber(phoneNumber)
return render_template('otp.html',
code=code,
phoneNumber=phoneNumber,
loginCredentials=loginCredentials)
else:
return redirect(url_for('signin'))
def sendOTPviaEmail(email):
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
loginCredentials = [username, password]
code = contacts.contact()
code = code.sendEmailOTP(email)
print(code)
return render_template('otp.html',
code=code,
email=email,
loginCredentials=loginCredentials)
else:
return redirect(url_for('signin'))
def createAccount():
if request.method == "POST":
# info needed in account table
username = request.form.get('username')
password = request.form.get('reg-password')
accountType = request.form.get('reg-accountType')
# info needed in profile tables
firstName = request.form.get('reg-fn')
lastName = request.form.get('reg-ln')
gender = request.form.get('reg-gender')
birthdate = request.form.get('reg-birthdate')
#info needed in contact tables
email = request.form.get('email')
phoneNumber = request.form.get('phoneNumber')
# initialize account,profile , and contacts for a user
userAccount = accounts.account(username, password, accountType)
userID = userAccount.addAccount()
userProfile = profiles.profile(userID, firstName, lastName, birthdate,
gender)
userProfile.addProfile()
userContact = contacts.contact(userID, email, phoneNumber)
userContact.addContacts()
# if account type is owner add boarding house
if accountType == "O":
boardingHousesName = firstName + "'s " + "Boarding House"
boardingHouse = boardingHouses.boardingHouse(
userID, boardingHousesName)
boardingHouse.addBoardingHouse()
verification = accounts.account()
verificationResult = verification.login(username, password)
if verificationResult == "Invalid login credentials":
return redirect(
url_for('signin',
usernameInput=username,
passwordInput=password))
else:
session['accountInfo'] = verificationResult
flash("Welcome! You've successfuly created an account", 'success')
return redirect(
url_for('dashboard', accountInfo=session['accountInfo']))
def verifyPhoneNumber():
sessionChecker = loginRequired()
if sessionChecker == True:
phoneNumber = contacts.contact()
phoneNumber.verifyPhoneNumber(session["accountInfo"][0])
username = session["accountInfo"][1]
password = session["accountInfo"][2]
verification = accounts.account()
verificationResult = verification.login(username, password)
session['accountInfo'] = verificationResult
if session['accountInfo'][3] == "R":
return redirect(url_for('renterPrivacy'))
else:
return redirect(url_for('ownerPrivacy'))
return redirect(url_for("signin"))
def sendPhoneNumberVerification():
sessionChecker = loginRequired()
if sessionChecker == True:
code = ''.join(random.choice('0123456789') for _ in range(6))
emailVerification = contacts.contact()
emailVerification.smsAlert(code, session['accountInfo'][9])
description = "Panimalay sents an sms verification code to {} r".format(
session['accountInfo'][9])
log = logs.log(description)
log.addLogs()
return jsonify(result=code)
return redirect(url_for("signin"))
def unbindVerifyEmail():
sessionChecker = loginRequired()
if sessionChecker == True:
email = contacts.contact()
email.unbindEmail(session['accountInfo'][8])
username = session["accountInfo"][1]
password = session["accountInfo"][2]
verification = accounts.account()
verificationResult = verification.login(username, password)
session['accountInfo'] = verificationResult
if session['accountInfo'][3] == "R":
return redirect(url_for('renterPrivacy'))
else:
return redirect(url_for('ownerPrivacy'))
else:
return redirect(url_for("signin"))
def sendEmailVerification():
sessionChecker = loginRequired()
if sessionChecker == True:
code = secrets.token_hex(16)
msg = "Code: {}".format(code)
emailVerification = contacts.contact()
emailVerification.emailAlert("Panimalay Email Verification", msg,
session['accountInfo'][8])
description = "Panimalay sents an email verification code to {} r".format(
session['accountInfo'][8])
log = logs.log(description)
log.addLogs()
return jsonify(result=code)
return redirect(url_for("signin"))
def changePasswordForce(contact):
if request.method == "POST":
password = request.form.get("newPassword")
checkContact = contacts.contact()
checkContact = checkContact.checkIfExist(contact, contact)
account = accounts.account()
data = account.forceChangePassword(checkContact[0][0], password)
verificationResult = account.login(data[0][1], password)
session['accountInfo'] = verificationResult
description = "{} signed in".format(session['accountInfo'][1])
log = logs.log(description)
log.addLogs()
flash("Welcome! You've successfully login.", "success")
return redirect(url_for('dashboard'))
def forgotPasswordSendCode():
if request.method == "POST":
contactType = request.form.get('emailOrPhoneNumber')
contact = request.form.get('contact')
code = contacts.contact()
checker = code.checkIfExist(contact, contact)
print(checker)
if checker == None:
return render_template('noaccountisdetected.html')
elif len(checker) == 0:
return render_template('noaccountisdetected.html')
elif checker != None:
if contactType == "email":
code = code.sendEmailVerificationCodeForgotPassword(contact)
return render_template('forgotpasswordverification.html',
code=code,
contact=contact)
else:
code = code.smsAlertForgotPassword(contact)
return render_template('forgotpasswordverification.html',
code=code,
contact=contact)
elif len(checker) != 0:
if contactType == "email":
code = code.sendEmailVerificationCodeForgotPassword(contact)
return render_template('forgotpasswordverification.html',
code=code,
contact=contact)
else:
code = code.smsAlertForgotPassword(contact)
return render_template('forgotpasswordverification.html',
code=code,
contact=contact)
def phoneNumberCredentialUniquenessTest():
phoneNumber = request.args.get('phoneNumber', 0, type=str)
uniquenessTest = contacts.contact()
uniquenessTest = uniquenessTest.phoneNumberUniquenessTest(phoneNumber)
return jsonify(result=uniquenessTest)