def get_assembly_subset(pen_id, children, parents=None):
# All assemblies
if children and parents is None:
return app.query_db(
"select * from nodes where num_children>0 and pen_id=?;",
(pen_id, ))
# All top-level assemblies
elif children and not parents:
return app.query_db(
"select * from nodes where num_children>0 and num_parents<1 and pen_id=?;",
(pen_id, ))
# All subassemblies
elif children and parents:
return app.query_db(
"select * from nodes where num_children>0 and num_parents>0 and pen_id=?;",
(pen_id, ))
# All component parts
elif not children and parents:
return app.query_db(
"select * from nodes where num_children<1 and num_parents>0 and pen_id=?;",
(pen_id, ))
# All orphan parts
elif not children and not parents:
return app.query_db(
"select * from nodes where num_children<1 and num_parents<1 and pen_id=?;",
(pen_id, ))
def stream(username):
form = PostForm()
user = query_db('SELECT * FROM Users WHERE username= ?;', (username, ),
one=True)
if not user:
return error()
if form.is_submitted():
if form.image.data:
path = os.path.join(app.config['UPLOAD_PATH'],
form.image.data.filename)
form.image.data.save(path)
query_db(
'INSERT INTO Posts (u_id, content, image, creation_time) VALUES (?, ?, ?, ?);',
(user['id'], form.content.data, form.image.data.filename,
datetime.now()))
return redirect(url_for('stream', username=username))
posts = query_db(
'SELECT p.*, u.*, (SELECT COUNT(*) FROM Comments WHERE p_id=p.id) AS cc FROM Posts AS p JOIN Users AS u ON u.id=p.u_id WHERE p.u_id IN (SELECT u_id FROM Friends WHERE f_id={0}) OR p.u_id IN (SELECT f_id FROM Friends WHERE u_id={0}) OR p.u_id={0} ORDER BY p.creation_time DESC;'
.format(user['id']))
return render_template('stream.html',
title='Stream',
username=username,
form=form,
posts=posts)
def stream(username):
if (current_user.username != username):
return redirect(url_for('stream', username=current_user.username))
else:
form = PostForm()
user = query_db('SELECT * FROM Users WHERE username=?',
username,
one=True)
if form.is_submitted() and form.validate_on_submit():
content = sanitizeStr(form.content.data, strip=False)
if form.image.data:
filename = photos.save(form.image.data)
else:
filename = None
# if both content and image is blank.
if form.content.data == '' and not form.image.data:
return redirect(
url_for('stream', username=current_user.username))
query_db(
'INSERT INTO Posts (u_id, content, image, creation_time) VALUES(?, ?, ?, ?)',
user['id'], content, filename, datetime.now())
return redirect(url_for('stream', username=current_user.username))
posts = query_db(
'SELECT p.*, u.*, (SELECT COUNT(*) FROM Comments WHERE p_id=p.id) AS cc FROM Posts AS p JOIN Users AS u ON u.id=p.u_id WHERE p.u_id IN (SELECT u_id FROM Friends WHERE f_id=?) OR p.u_id IN (SELECT f_id FROM Friends WHERE u_id=?) OR p.u_id=? ORDER BY p.creation_time DESC',
user['id'], user['id'], user['id'])
return render_template('stream.html',
title='Stream',
username=username,
form=form,
posts=posts)
def load_user(self,login_user, password, ambient):
#Verifica se Ambiente é válido
cmd = "SELECT string_to_array(string_agg(replace(banco_dados,'softrans_sb','softlog_sb'),','),',') FROM string_conexoes"
ambients = query_db(1,cmd,None,True)
if ('softlog_' + ambient) not in ambients[0]:
return None
#Verifica usuario
cmd = """SELECT
id_usuario,
trim(nome_usuario) as nome_usuario,
trim(email) as email,
id_usuario as id_usuario,
trim(login_name) as login,
senha
FROM
usuarios
WHERE
id_usario = '%i'
""" % current_user.id_usuario
user = query_db('softlog_' + ambient, cmd, None, True)
if user is None:
self.user = None
return None
if user['senha'] != password:
return None
else:
return user
def friends(username):
if username != session["user"]:
session["err"] = "trying to get into anothers friendlist"
return redirect(url_for('error'))
form = FriendsForm()
query = ('SELECT * FROM Users WHERE username=?;', (username, ))
user = query_db(query, one=True)
if form.is_submitted():
query = ('SELECT * FROM Users WHERE username=?;',
(form.username.data, ))
friend = query_db(query, one=True)
if friend is None:
flash('User does not exist')
else:
query = ('INSERT INTO Friends (u_id, f_id) VALUES(?, ?);',
(user['id'], friend['id']))
query_db(query)
query = (
'SELECT * FROM Friends AS f JOIN Users as u ON f.f_id=u.id WHERE f.u_id=? AND f.f_id!=? ;',
(user['id'], user['id']))
all_friends = query_db(query)
return render_template('friends.html',
title='Friends',
username=username,
friends=all_friends,
sessionuser=session["user"],
form=form)
def friends(username):
if (current_user.username != username):
return redirect(url_for('friends', username=current_user.username))
else:
form = FriendsForm()
user = query_db('SELECT * FROM Users WHERE username=?',
username,
one=True)
if form.is_submitted():
userSearch = sanitizeStr(form.username.data)
friend = query_db('SELECT * FROM Users WHERE username=?',
userSearch,
one=True)
if friend is None:
flash('User does not exist')
else:
query_db('INSERT INTO Friends (u_id, f_id) VALUES(?, ?)',
user['id'], friend['id'])
all_friends = query_db(
'SELECT * FROM Friends AS f JOIN Users as u ON f.f_id=u.id WHERE f.u_id=? AND f.f_id!=?',
user['id'], user['id'])
return render_template('friends.html',
title='Friends',
username=username,
friends=all_friends,
form=form)
def stream(username):
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username), one=True)
if user == None:
flash('You are not logged in')
return redirect(url_for('index'))
elif user['password'] == session.get('password'):
# show page
form = PostForm()
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username),
one=True)
if form.validate_on_submit():
if form.image.data:
path = os.path.join(app.config['UPLOAD_PATH'],
form.image.data.filename)
form.image.data.save(path)
query_db(
'INSERT INTO Posts (u_id, content, image, creation_time) VALUES({}, "{}", "{}", \'{}\');'
.format(user['id'], form.content.data,
form.image.data.filename, datetime.now()))
return redirect(url_for('stream', username=username))
posts = query_db(
'SELECT p.*, u.*, (SELECT COUNT(*) FROM Comments WHERE p_id=p.id) AS cc FROM Posts AS p JOIN Users AS u ON u.id=p.u_id WHERE p.u_id IN (SELECT u_id FROM Friends WHERE f_id={0}) OR p.u_id IN (SELECT f_id FROM Friends WHERE u_id={0}) OR p.u_id={0} ORDER BY p.creation_time DESC;'
.format(user['id']))
return render_template('stream.html',
title='Stream',
username=username,
form=form,
posts=posts)
else:
return redirect(url_for('stream', username=session.get('username')))
def get_chaves_cte(lst_id_nfs, parceiro_cnpj, redespachador_cnpj):
#Identifica o id do banco de dados do parceiro
cmd = qry_db % ("'" + parceiro_cnpj.strip() + "'")
r = query_db(1,cmd)
if len(r) > 0:
id_db_parceiro = r[0]['id_bd']
else:
return ''
cmd = qry_cte % (lst_id_nfs,redespachador_cnpj)
nfes = query_db(id_db_parceiro,cmd)
if len(nfes) == 0:
return ''
lista_chaves = []
for nf in nfes:
print(nf['chave_cte'])
lista_chaves.append(str(nf['id_nota_fiscal_imp']) + '_' + nf['chave_cte'])
#print('Lista Chaves', str(lista_chaves))
return ','.join(lista_chaves)
def load_empresa(self,empresa,ambient):
cmd = "SELECT * FROM empresa WHERE codigo_empresa = '%s'" % (empresa)
if ambient not in ['softrans_sb','softlog']:
r = query_db('softlog_' + ambient, cmd, None, True)
else:
r = query_db(ambient, cmd, None, True)
self.reg_empresa = r
return r
def load_filial(self,empresa,filial,ambient):
cmd = "SELECT * FROM filial WHERE codigo_empresa = '%s' AND codigo_filial = '%s'" % (empresa, filial)
if ambient not in ['softrans_sb','softlog']:
r = query_db('softlog_' + ambient, cmd, None, True)
else:
r = query_db(ambient, cmd, None, True)
self.reg_filial = r
return r
def remove_part(id):
app.edit_db("delete from nodes where id=?;", (id, ))
parent_edges = app.query_db(
"select from_node_id, to_node_id from edges where to_node_id=?",
(id, ))
for edge in parent_edges:
remove_edge(edge['from_node_id'], edge['to_node_id'])
child_edges = app.query_db(
"select from_node_id, to_node_id from edges where from_node_id=?",
(id, ))
for edge in child_edges:
remove_edge(edge['from_node_id'], edge['to_node_id'])
def load_filiais(self,ambient):
if self.empresa is None:
cmd = "SELECT * FROM filial ORDER BY codigo_empresa, codigo_filial"
else:
cmd = "SELECT * FROM filial WHERE codigo_empresa = '%s' ORDER BY codigo_empresa, codigo_filial" % self.empresa
if ambient not in ['softrans_sb','softlog']:
r = query_db('softlog_' +ambient,cmd,None,False)
else:
r = query_db(ambient,cmd,None,False)
self.filiais = r
return r
def post(self):
#Consulta todos banco de dados
qry_db = """
SELECT
id_string_conexao,
usuario,
senha,
port,
host,
banco_dados
FROM
string_conexoes
WHERE
softlog_integracao = 1
"""
dbs = query_db(1,qry_db)
lista_filial = []
for db in dbs:
qry_filial = """
SELECT cnpj, trim(razao_social) as razao_social FROM filial
"""
filiais = query_db(db['id_string_conexao'],qry_filial)
for f in filiais:
lista_filial.append(f)
qry_parceiro = """
SELECT
id
FROM
edi_parceiros
WHERE
cnpj_cpf = '%s'
AND id_bd = %i
""" % (f['cnpj'],db['id_string_conexao'])
parceiro = query_db(1,qry_parceiro)
if len(parceiro) == 0:
#print('Cadastrando parceiro!')
upd_parceiro = """
INSERT INTO edi_parceiros (id_bd, cnpj_cpf, razao_social)
VALUES (%i,'%s','%s')
""" % (db['id_string_conexao'],f['cnpj'],f['razao_social'])
db_main = get_db(1)
cur = db_main.cursor()
cur.execute(upd_parceiro)
cur.close()
db_main.commit()
return lista_filial
def create(req):
new_record = req.form['url']
exists = find_by_url(new_record)
if exists == []:
alias = url_shortener.generator()
return_value = app.query_db(
'insert into urls (actual_url, alias_url) values (?, ?);',
(new_record, alias))
check_value = app.query_db(
'select actual_url, alias_url from urls where alias_url = (?);',
(alias, ))
return check_value, 201
else:
alias = exists[0][2]
return alias, 202
def get_data_dashboard(self, id_dash, empresa, filial, data_ref=None):
"""Retorna as configuracoes de um dashboard"""
if data_ref:
p_var_aux = "'" + data_ref + "'"
else:
p_var_aux = 'NULL'
if filial is not None and empresa is not None:
cmd = """
SELECT f_dashboard_view(%i, '%s', '%s',%s) as dados
""" % (id_dash,empresa,filial, p_var_aux)
elif empresa is not None:
cmd = """
SELECT f_dashboard_view(%i, '%s',NULL,%s) as dados
""" % (id_dash,empresa,p_var_aux)
else:
cmd = """
SELECT f_dashboard_view(%i, NULL,NULL,%s) as dados
""" % (id_dash,p_var_aux)
r = query_db(self.id_db, cmd, None, True)
return r['dados']
def getOcorrencias(id_acesso):
str_sql = """WITH t AS (
WITH temp AS (
SELECT row_to_json(row) as dados FROM (
SELECT
codigo_edi as id_ocorrencia,
trim(ocorrencia) as ocorrencia,
pendencia
FROM
scr_ocorrencia_edi
WHERE
ocorrencia_coleta = 0
ORDER BY codigo_edi
) row
)
SELECT
array_agg(temp.dados) as ocorrencias
FROM
temp
)
SELECT row_to_json(t) FROM t
"""
r = query_db(id_acesso,str_sql,None,True)
return r[0]
def get_veiculos(self, id_acesso):
str_sql = """WITH veiculos AS (
WITH temp AS (
SELECT row_to_json(row,true) as veiculos FROM (
SELECT
trim(placa_veiculo) as placa_veiculo,
(COALESCE(trim(nome_marca),'') || ' - ' || COALESCE(trim(descricao_modelo),'')) as descricao
FROM
v_veiculos
ORDER BY
placa_veiculo
) row
)
SELECT array_agg(veiculos) as veiculos FROM temp
)
SELECT row_to_json(v) as veiculos FROM veiculos v"""
r = query_db(id_acesso, str_sql, None, True)
##print(str_sql)
try:
if r[0] is None:
return None
except:
return None
return r[0]
def survey():
if 'logged_in' not in session or not session['logged_in']:
return redirect(url_for('login'))
qns = query_db('select * from questions_list')
# print(':(')
if request.method == 'POST':
results = {}
# print(':)')
for i in range(1, len(qns) + 1):
# print(i)
results[i] = int(request.form[str(i)])
scores = processData(results)
# print('hi')
code = 'abc'
with app.app_context():
db = get_db()
query_string = 'INSERT INTO score_list (user_id, code, growth, confidence, strategic, productive, team) VALUES '
data_string = '(' + str(
session['id']) + ', "' + code + '", "' + str(
scores['growth']) + '", "' + str(
scores['confidence']) + '", "' + str(
scores['strategic']) + '", "' + str(
scores['productive']) + '", "' + str(
scores['team']) + '");'
db.execute(query_string + data_string)
db.commit()
return redirect(url_for('index'))
return render_template('surveypage.html', questions=qns)
def insert_user(detail_dict):
keys = list(detail_dict.keys())
prequel_string = 'INSERT INTO `user_details` (' + ','.join(
["`" + str(key) + "`" for key in keys]) + ') '
format_data = []
for x in keys:
if is_number(detail_dict[x]):
format_data.append(str(detail_dict[x]))
else:
format_data.append("'" + detail_dict[x] + "'")
data_string = 'VALUES (' + ', '.join(format_data) + ');'
# print("Prequel")
# print(prequel_string)
# print("Data")
# print(data_string)
query_string = prequel_string + data_string
with app.app_context():
# insert the user
db = get_db()
cur = get_db().execute(query_string)
# check for debugging
print("Newly inserted user")
new_user = query_db('select * from user_details where username = ?',
[detail_dict['username']],
one=True)
if new_user is None:
print("something is wrong")
else:
print("Yay new user!")
print(new_user)
def index():
if "user" in session.keys():
if session["user"]:
return redirect(
url_for('stream',
username=session["user"],
sessionuser=session["user"]))
else:
session["user"] = None
form = IndexForm()
if form.login.validate_on_submit():
username_entered = form.login.username.data
password_entered = form.login.password.data
query = ('SELECT * FROM Users WHERE username=?;', (username_entered, ))
user = query_db(query, one=True)
if user == None:
flash("Username or password incorrect")
elif not pbkdf2_sha256.verify(password_entered, user['password']):
flash("Username or password incorrect")
elif pbkdf2_sha256.verify(password_entered, user['password']):
session["user"] = form.login.username.data
return redirect(
url_for('stream',
username=username_entered,
sessionuser=session["user"]))
elif form.register.validate_on_submit():
username = form.register.username.data
password = form.register.password.data
encrypt_pswd = pbkdf2_sha256.hash(
password
) #Hashes and adds a 16byte salt, by default adds 29000 iterations.
query = 'SELECT * FROM Users WHERE username=?;', (username, )
user = query_db(query, one=True)
if user == None:
query = 'INSERT INTO Users (username, first_name, last_name, password) VALUES(?, ?, ?, ?);', (
form.register.username.data, form.register.first_name.data,
form.register.last_name.data, encrypt_pswd)
query_db(query, one=True)
return redirect(url_for('index')), flash('New user registered!')
else:
flash('Username already exists.')
return render_template('index.html', title='Welcome', form=form)
def profile(username):
form = ProfileForm()
if form.is_submitted():
query_db(
'UPDATE Users SET education="{}", employment="{}", music="{}", movie="{}", nationality="{}", birthday=\'{}\' WHERE username="******" ;'
.format(form.education.data, form.employment.data, form.music.data,
form.movie.data, form.nationality.data, form.birthday.data,
username))
return redirect(url_for('profile', username=username))
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username), one=True)
return render_template('profile.html',
title='profile',
username=username,
user=user,
form=form)
def set_baixa_entrega_nfe(args):
"""Realiza Baixa de Entregas"""
cmd = qry_db % ("'" + parceiro_cnpj.strip() + "'")
r = query_db(1,cmd)
if len(r) > 0:
id_db = r[0]['id_bd']
else:
return ''
cmd_upd = qry_upd_baixa_nfe % (args)
r = query_db(id_db,cmd_upd)
if r is not None:
pass
return r['numero_nota_fiscal']
def profile(username):
user = query_db('SELECT * FROM Users WHERE username="******";'.format(
session.get('username')),
one=True)
if user == None:
flash('You are not logged in')
return redirect(url_for('index'))
elif user['password'] == session.get('password'):
form = ProfileForm()
if form.is_submitted():
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username),
one=True)
if user == None:
flash(
'you are not logged in. Every error shouldnt happen, but this error really extra shouldnt happen'
)
return redirect(url_for('index'))
elif user['password'] == session.get('password'):
query_db(
'UPDATE Users SET education="{}", employment="{}", music="{}", movie="{}", nationality="{}", birthday=\'{}\' WHERE username="******" ;'
.format(form.education.data, form.employment.data,
form.music.data, form.movie.data,
form.nationality.data, form.birthday.data,
username))
else:
flash(
'You are not logged in as that user you tried to edit the profile of'
)
return redirect(
url_for('stream', username=session.get('username')))
return redirect(url_for('profile', username=username))
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username),
one=True)
return render_template('profile.html',
title='profile',
username=username,
user=user,
form=form)
else:
flash('You are not logged in')
return redirect(url_for('index'))
def exact_results(code):
if 'logged_in' not in session or not session['logged_in']:
return redirect(url_for('login'))
if session['role'] == 0:
survey = query_db('select * from score_list where user_id = ' +
str(session['id']) + ' and code = "' + code + '"',
one=True)
return render_template('resultStudent.html', survey=survey)
else:
return render_template('resultTeacher.html')
def comments(username, p_id):
form = CommentsForm()
if form.is_submitted():
user = query_db('SELECT * FROM Users WHERE username= ?;', (username, ),
one=True)
query_db(
'INSERT INTO Comments (p_id, u_id, comment, creation_time) VALUES(?, ?, ?, ?);',
(p_id, user['id'], form.comment.data, datetime.now()))
post = query_db('SELECT * FROM Posts WHERE id= ?;', (p_id, ), one=True)
all_comments = query_db(
'SELECT DISTINCT * FROM Comments AS c JOIN Users AS u ON c.u_id=u.id WHERE c.p_id= ? ORDER BY c.creation_time DESC;',
(p_id, ))
return render_template('comments.html',
title='Comments',
username=username,
form=form,
post=post,
comments=all_comments)
def results():
if 'logged_in' not in session or not session['logged_in']:
return redirect(url_for('login'))
if session['role'] == 0:
surveys = query_db('select * from score_list where user_id = ' +
str(session['id']))
# benchmark = [4.392084322211362, 4.689655172413798, 5.019002882459691, 4.644646098003628, 5.6243194192377475]
return render_template('studentResultHome.html', surveys=surveys)
else:
return render_template('teacherResultHome.html')
def get_json_clientes(id_db,lst_clientes):
cmd = qry_participantes%({'lst_clientes':lst_clientes})
#print(cmd)
clientes = query_db(id_db,cmd)
if len(clientes) == 0:
return None
else:
resultado = clientes
return resultado
def create_dialog(main, add, commands, latency_from, latency_to):
if session['user']:
q = query_db(
'INSERT INTO dialogs '
'(owner, commands, main_account, add_accounts, '
'latency_from, latency_to, current_step, is_running, time_start) '
'VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)',
(session['user'][0], commands, main, add, latency_from, latency_to, 0, 1, int(time()))
)
return q.lastrowid
def get(self):
parser = reqparse.RequestParser()
parser.add_argument('id_db',type=int,help='O parâmetro Id_db inválido.')
parser.add_argument('token',type=str,help='O parâmetro Token inválido.')
parser.add_argument('dados',type=str,help='O parâmetro Dados inválido.')
args = parser.parse_args()
id_db = args['id_db']
dados = json.loads(args['dados'])
#db = get_db(args['id_db'])
filial = query_db(args['id_db'],'SELECT row_to_json(filial) as json FROM filial WHERE codigo_filial = %(filial)s AND codigo_empresa = %(empresa)s',dados,True)
empresa = query_db(args['id_db'],'SELECT * FROM empresa')
#print(str(db.status))
return filial['json']
return marshal(filial,filial_schema),200
def get_parent_assemblies(id):
parent_parts = []
curr_id = id
while True:
parent = app.query_db(
"select * from nodes left join edges on nodes.id=edges.from_node_id where edges.to_node_id=?;",
(curr_id, ), True)
if parent is None:
break
parent_parts.append(parent)
curr_id = parent['id']
return parent_parts
def users():
'''
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
'''
if 'logged_in' in session:
if session['su'] != 'Yes':
return abort(403)
try:
trash = request.args.get('trash')
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users "
"WHERE su='Yes'", [], one=True)
if request.args.get('token') == session.get('token') and \
int(trash) == 1 and request.args.get('userid') and \
request.args.get('username'):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [],
one=True)
if nb_users['num'] > 1:
if su_users['num'] <= 1:
su_user = query_db("SELECT username FROM users "
"WHERE su='Yes'", [], one=True)
if su_user['username'] == request.args.get('username'):
flash(u'Can\'t delete the last admin user : %s' %
request.args.get('username'), 'error')
return redirect(url_for('lwp_users'))
g.db.execute("DELETE FROM users WHERE id=? AND username=?",
[request.args.get('userid'),
request.args.get('username')])
g.db.commit()
flash(u'Deleted %s' % request.args.get('username'), 'success')
return redirect(url_for('lwp_users'))
flash(u'Can\'t delete the last user!', 'error')
return redirect(url_for('lwp_users'))
if request.method == 'POST':
users = query_db('SELECT id, name, username, su FROM users '
'ORDER BY id ASC')
if request.form['newUser'] == 'True':
if not request.form['username'] in \
[user['username'] for user in users]:
if re.match('^\w+$', request.form['username']) and \
request.form['password1']:
if request.form['password1'] == \
request.form['password2']:
if request.form['name']:
if re.match('[a-z A-Z0-9]{3,32}',
request.form['name']):
g.db.execute(
"INSERT INTO users "
"(name, username, password) "
"VALUES (?, ?, ?)",
[request.form['name'],
request.form['username'],
hash_passwd(
request.form['password1'])])
g.db.commit()
else:
flash(u'Invalid name!', 'error')
else:
g.db.execute("INSERT INTO users "
"(username, password) VALUES "
"(?, ?)",
[request.form['username'],
hash_passwd(
request.form['password1'])])
g.db.commit()
flash(u'Created %s' % request.form['username'],
'success')
else:
flash(u'No password match', 'error')
else:
flash(u'Invalid username or password!', 'error')
else:
flash(u'Username already exist!', 'error')
elif request.form['newUser'] == 'False':
if request.form['password1'] == request.form['password2']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
if su_users['num'] <= 1:
su = 'Yes'
else:
try:
su = request.form['su']
except KeyError:
su = 'No'
if not request.form['name']:
g.db.execute("UPDATE users SET name='', su=? "
"WHERE username=?",
[su, request.form['username']])
g.db.commit()
elif request.form['name'] and \
not request.form['password1'] and \
not request.form['password2']:
g.db.execute("UPDATE users SET name=?, su=? "
"WHERE username=?",
[request.form['name'], su,
request.form['username']])
g.db.commit()
elif request.form['name'] and \
request.form['password1'] and \
request.form['password2']:
g.db.execute("UPDATE users SET "
"name=?, password=?, su=? WHERE "
"username=?",
[request.form['name'],
hash_passwd(
request.form['password1']),
su, request.form['username']])
g.db.commit()
elif request.form['password1'] and \
request.form['password2']:
g.db.execute("UPDATE users SET password=?, su=? "
"WHERE username=?",
[hash_passwd(
request.form['password1']),
su, request.form['username']])
g.db.commit()
flash(u'Updated', 'success')
else:
flash(u'Invalid name!', 'error')
else:
flash(u'No password match', 'error')
else:
flash(u'Unknown error!', 'error')
users = query_db("SELECT id, name, username, su FROM users "
"ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users "
"WHERE su='Yes'", [], one=True)
return render_template('users.html')
return render_template('login.html')
