def confirm_email(token):
try:
email= confirm_token(token)
except:
return render_template('error.html', message = 'The confirmation link is invalid or has expired.')
data = runSQLQuery("""SELECT * FROM USERS WHERE USERNAME = '******'""".format(email), 0)
if data[0][7] == "Y":
return render_template('error.html', username = str(data[0][3]),
message='You have already successfully verified this account [' + str(data[0][8]) + ']')
else:
if runSQLQuery("""UPDATE USERS SET VERIFIED ='Y', DATE_VERIFIED = now() WHERE USERNAME = '******'""".format(email), 1):
return render_template('welcome.html', message='Email successfully verified, please log into to continue!')
def register():
_forename = str(request.form['form-first-name'])
_surname = str(request.form['form-last-name'])
_email = str(request.form['form-email'])
_password = str(generate_password_hash(request.form['form-password']))
_type = request.form['form-select-type']
target = open('server.log', 'w')
target.write('FORM ACCEPTED')
if _type == '1':
_type = 'Y'
else:
_type = 'N'
target.write('FORM ACCEPTED')
_sql = "SELECT * FROM USERS WHERE USERNAME = '******'".format(_email)
data = runSQLQuery(_sql, 0)
target.write(_sql)
if len(data) > 0:
return jsonify({'status': 'EXIST'})
else:
print("Got to here")
# Python SQL is very sensitive to column ordering. Use null for ID value
_sql_insert = """INSERT INTO USERS VALUES (null, '{0}','{1}','{2}','{3}','{4}', now(), 'N', null)""".format(_forename,
_surname, _email, _password, _type)
if runSQLQuery(_sql, 1) == True:
data = runSQLQuery(_sql_insert, 1)
mail_token = generate_confirmation_token(_email)
confirm_url = url_for('confirm_email', token=mail_token, _external=True)
html = render_template('mail.html', _name = str(_forename), confirm_url=confirm_url)
subject = "Please confirm your email"
send_email(_email, subject, html)
return jsonify({'status': 'OK'})
else:
return jsonify({'status': 'ERROR'})
def login():
_email = str(request.form['form-email'])
_password = str(request.form['form-password'])
_sql = "SELECT * FROM USERS WHERE USERNAME = '******'".format(_email)
data = runSQLQuery(_sql, 0)
try:
if len(runSQLQuery(_sql, 0)) > 0:
if str(data[0][7]) == 'N':
return jsonify({'status': 'NON_VERIFIED'})
elif check_password_hash(str(data[0][4]), _password):
session['logged_in'] = True
session['username'] = _email
if data[0][5] == 'Y':
session['admin'] = True
session['vernacular_name'] = str(data[0][1]) + ' ' + str(data[0][2])
return jsonify({'status': 'OK'})
else:
return jsonify({'status': 'WRONG'})
else:
return jsonify({'status': 'NONE'})
except Exception:
return jsonify({'status': 'ERROR'})
def home():
message = str(session['username'])
name = str(session['vernacular_name'])
try:
if 'admin' in session:
_sql="SELECT FORENAME, SURNAME, USERNAME FROM USERS"
data = runSQLQuery(_sql, 0)
entries = []
for x in data:
entry = {'title': str(x[0]) + " " + str(x[1]),'email': str(x[2])}
entries.append(entry)
return render_template('home.html',
message=message,name=name, entries=entries)
else:
#standard users will not see a dictionary of users
return render_template('home.html', message=message, name=name)
except Exception as e:
return render_template('error.html', message=str(e))