def addDetails():
if 'username' in session and session['userrole'] == "Manager":
if request.method == 'POST':
firstname = escape(request.form['FirstName'])
lastname = escape(request.form['LastName'])
age = escape(request.form['Age'])
email = escape(request.form['Email'])
phonenumber = escape(request.form['PhoneNumber'])
address = escape(request.form['Address'])
userroles = escape(request.form['UserRoles'])
input_password = escape(request.form['Password'])
password = hashlib.sha256(
input_password.encode('utf-8')).hexdigest()
sql = "INSERT INTO maindb.users_table(firstname,lastname,age,email,phonenumber,address,userroles,password) VALUES(%s,%s,%s,%s,%s,%s,%s,%s)"
values = (firstname, lastname, age, email, phonenumber, address,
userroles, password)
newcursor.execute(sql, values)
condb.commit()
if newcursor.rowcount > 0:
message = 'Data added succussfuly'
else:
None
flash(message)
return redirect(url_for('users'))
else:
return render_template('users/add_user_details.html')
else:
return redirect(url_for('dashboard'))
def delete_users(user_id):
if 'username' in session and session['userrole'] == 'Manager':
id = user_id
sql = "DELETE FROM maindb.users_table WHERE user_id='%s'"
values = (id, )
newcursor.execute(sql, values)
condb.commit()
return redirect(url_for('users'))
else:
return redirect(url_for('users'))
def login():
if request.method == 'POST':
username = escape(request.form['username'])
input_password = escape(request.form['password'])
password = hashlib.sha256(input_password.encode('utf-8')).hexdigest()
sql = 'SELECT firstname,userroles FROM maindb.users_table WHERE email=%s AND password=%s'
values = (username, password)
newcursor.execute(sql, values)
name = newcursor.fetchone()
condb.commit()
if newcursor.rowcount > 0:
session["username"] = name['firstname']
session["userrole"] = name['userroles']
flash("login success", "success")
return redirect(url_for('dashboard'))
else:
flash('invalid usernmae or password', 'danger')
return render_template("firstview/login.html")
else:
return render_template("firstview/login.html")
def editUser(user_id):
if 'username' in session and session['userrole'] == 'Manager':
if request.method == 'GET':
id = user_id
objectone = UserModel()
form = objectone.edit_userdetails(id)
return render_template("users/edit_user_edtails.html", form=form)
if request.method == 'POST':
firstname = escape(request.form['FirstName'])
lastname = escape(request.form['LastName'])
age = escape(request.form['Age'])
email = escape(request.form['Email'])
phonenumber = escape(request.form['PhoneNumber'])
address = escape(request.form['Address'])
userroles = escape(request.form['UserRoles'])
sql = "UPDATE maindb.users_table SET firstname = %s,lastname = %s,age = %s, email = %s,phonenumber = %s,address = %s,userroles = %s WHERE user_id = %s"
values = (firstname, lastname, age, email, phonenumber, address,
userroles, user_id)
newcursor.execute(sql, values)
condb.commit()
return redirect(url_for('users'))
else:
return redirect(url_for('users'))
def edit_password(self, password, user_id):
sql = "UPDATE maindb.users_table SET password = %s WHERE user_id = %s"
values = (password, user_id)
newcursor.execute(sql, values)
condb.commit()