def signup():
if session.get("logged_user") is not None:
return redirect(url_for('general.home'))
form = SignUpForm()
if form.validate_on_submit():
(username, user_pass, first_name, last_name, birthdate, street, city,
state, zipcode, phone, email,
date_joined) = (form.username.data, form.password.data,
form.first_name.data, form.last_name.data,
form.birthdate.data, form.street.data, form.city.data,
form.state.data, form.zipcode.data, form.phone.data,
form.email.data, datetime.now().strftime("%Y-%m-%d"))
conn = mysql.connect()
cursor = conn.cursor()
cursor.execute(
queries.INSERT_PERSON,
(username, user_pass, first_name, last_name, birthdate, street,
city, state, zipcode, phone, email, date_joined))
conn.commit()
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_PERSON_ID, username)
person_id = cursor.fetchone()
print(f"Person ID: {person_id}")
conn = mysql.connect()
cursor = conn.cursor()
cursor.execute(queries.INSERT_USER, int(person_id["person_id"]))
conn.commit()
flash('Account created successfully!', 'success')
return redirect(url_for('users.login'))
return render_template('users/signup.html', title='Signup', form=form)
def authenticate(username, password):
# Use conn and cursor outside of try block
conn = mysql.connect()
cursor = mysql.get_db().cursor()
try:
cursor.execute("SELECT salt from user_info where email = %s",
(username))
rows = cursor.fetchone()
p = str(password) + str(rows[0])
hash = hashlib.sha256()
hash.update(p.encode('utf-8').decode('latin1').encode())
p = hash.hexdigest()
cursor.execute(
"SELECT id, email, password FROM user_info where email = %s",
(username))
rows = cursor.fetchall()
if rows:
user = User(rows[0][0], rows[0][1], rows[0][2])
if user and safe_str_cmp(user.password, p):
return user
except Exception as e:
print(e)
finally:
cursor.close()
conn.close()
def user_details():
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_USER_DETAILS)
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('admin/user_details.html',
title='User Details',
resultset=data)
def rent_movie_list():
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_USER_RENTABLES, session["logged_user_id"])
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('rental/rent.html',
title='Rent Movie',
resultset=data)
def movie_returned():
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_MOVIE_RETURNED_DETAILS)
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('admin/movies_returned.html',
title='Movies Returned',
resultset=data)
def movie_details():
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_MOVIE_DETAILS)
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('rental/movie_details.html',
title='Movie Details',
resultset=data)
def user_rental_history():
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_USER_RENTAL_HISTORY,
session["logged_user_id"])
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('rental/user_rental_history.html',
title='User Movie Rental',
resultset=data)
def user_rentals():
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_USER_RENTED_MOVIES,
session["logged_user_id"])
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('rental/user_rentals.html',
title='Rented Movies',
resultset=data)
def rent_movie(movie_id):
if movie_id is None:
return redirect(url_for('rental.rent_movie_list'))
else:
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.INSERT_MOVIE_RENT,
(session["logged_user_id"], movie_id))
conn.commit()
flash('Movie rented successfully!', 'success')
return redirect(url_for('rental.user_rentals'))
def add_movie():
form = AddMovieForm()
if form.validate_on_submit():
movie_title = form.movie_title.data
movie_release_date = form.movie_release_date.data
movie_details = form.movie_details.data
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(INSERT_MOVIE,
(movie_title, movie_release_date, movie_details))
conn.commit()
return render_template('rental/add_movie.html', form=form)
def login():
if session.get("logged_user") is not None:
return redirect(url_for('general.home'))
form = LoginForm()
if form.validate_on_submit():
(username, user_pass) = (form.username.data, form.password.data)
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_LOGIN, (username, user_pass))
verify_count = cursor.fetchone()
if int(verify_count['output']) == 0:
flash('Login Unsuccessful. Check Username and Password!', 'danger')
return redirect(url_for('users.login'))
else:
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_USER_ID, username)
user_id = cursor.fetchone()
print(f"USER ID: {user_id}")
session["is_admin"] = False
try:
if user_id["user_id"] is not None:
session["logged_user_id"] = user_id["user_id"]
except Exception as e:
print(f"Could not set logged_user_id session value: {e}")
session["is_admin"] = True
try:
if username is not None:
session["logged_user"] = username
except Exception as e:
print(f"Could not set logged_user session value: {e}")
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(
url_for('general.home'))
return render_template('users/login.html', title='Login', form=form)
def filter_movies():
form = FilterForm()
if form.validate_on_submit():
movie_name = form.filter_text.data
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_FILTER_MOVIE_DETAILS, f"%{movie_name}%")
data = cursor.fetchall()
cursor.close()
conn.close()
return render_template('rental/filtered_movie.html', resultset=data)
return render_template('rental/filter_movies.html',
title='Filter Movies',
form=form)
def delete_movie():
form = DeleteMovieForm()
if form.validate_on_submit():
movie_id = form.movie_id.data
conn = mysql.connect()
cursor = conn.cursor(pymysql.cursors.DictCursor)
cursor.execute(queries.SELECT_DELETEMOVIEACTOR, (movie_id))
cursor.execute(queries.SELECT_DELETEMOVIEDIRECTOR, (movie_id))
cursor.execute(queries.SELECT_DELETEMOVIEGENRE, (movie_id))
cursor.execute(queries.SELECT_DELETEMOVIERATINGS, (movie_id))
cursor.execute(queries.SELECT_DELETEMOVIERENTAL, (movie_id))
cursor.execute(queries.SELECT_DELETEMOVIE, (movie_id))
conn.commit()
return render_template('rental/delete_movie.html', form=form)
def identity(payload):
user_id = payload['identity']
conn = mysql.connect()
cursor = mysql.get_db().cursor()
try:
cursor.execute(
"SELECT id, email, password FROM user_info where id = %s",
(user_id))
rows = cursor.fetchall()
if rows:
user = User(rows[0][0], rows[0][1], rows[0][2])
return user
except Exception as e:
print(e)
finally:
cursor.close()
conn.close()
def get(self):
#return USERS
conn = mysql.connect()
cursor = mysql.get_db().cursor()
try:
cursor.execute(
"SELECT first_name, last_name, email FROM user_info")
row_headers = [x[0] for x in cursor.description]
rows = cursor.fetchall()
# resp = jsonify(rows)
# resp.status_code = 200
# return jsonify(resp)
json_data = []
for result in rows:
json_data.append(dict(zip(row_headers, result)))
return json_data[0]
except Exception as e:
print(e)
finally:
cursor.close()
conn.close()
def get(self, id):
id = int(id)
abort_if_user_doesnt_exist(id)
# return USERS[id]
conn = mysql.connect()
cursor = mysql.get_db().cursor()
try:
cursor.execute(
"SELECT first_name, last_name, email FROM user_info where id = %s",
(int(id)))
row_headers = [x[0] for x in cursor.description]
rows = cursor.fetchall()
json_data = []
for result in rows:
json_data.append(dict(zip(row_headers, result)))
# return json.dumps(json_data)
return jsonify(json_data[0])
except Exception as e:
print(e)
finally:
cursor.close()
conn.close()
