def dashboard(): if 'loggedin' in session: # We need all the account info for the user so we can display it on the profile page cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() if account['role'] == 'normal': stmt = 'SELECT * FROM devices WHERE location=\"{}\"'.format( account['location']) cursor.execute(stmt) data = cursor.fetchall() length = len(data) return render_template('dashboard-user.html', username=session['username'], values=data, length=length) #Load table cursor.execute('SELECT * FROM devices') data = cursor.fetchall() length = len(data) # Show the profile page with return render_template( 'dashboard.html', username=session['username'], values=data, length=length) # values not transmitting to table return redirect(url_for('login'))
def register(): # Output message if something goes wrong... msg = '' # Check if "username", "password" and "email" POST requests exist (user submitted form) if request.method == 'POST' and 'username' in request.form and 'password' in request.form and 'email' in request.form: # Create variables for easy access username = request.form['username'] password = request.form['password'] email = request.form['email'] # Check if account exists using MySQL cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE username = %s', (username)) account = cursor.fetchone() # If account exists show error and validation checks if account: msg = 'Account already exists!' elif not re.match(r'[^@]+@[^@]+\.[^@]+', email): msg = 'Invalid email address!' elif not re.match(r'[A-Za-z0-9]+', username): msg = 'Username must contain only characters and numbers!' elif not username or not password or not email: msg = 'Please fill out the form!' else: # Account doesnt exists and the form data is valid, now insert new account into accounts table cursor.execute('INSERT INTO accounts VALUES (NULL, %s, %s, %s)', (username, password, email)) mysql.connection.commit() msg = 'You have successfully registered!' elif request.method == 'POST': # Form is empty... (no POST data) msg = 'Please fill out the form!' # Show registration form with message (if any) return render_template('register.html', msg=msg)
def login(): # Output message if something goes wrong... msg = '' # Check if "username" and "password" POST requests exist (user submitted form) if request.method == 'POST' and 'username' in request.form and 'password' in request.form: # Create variables for easy access username = request.form['username'] password = request.form['password'] # Check if account exists using MySQL cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute( 'SELECT * FROM accounts WHERE username = %s AND password = %s', (username, password)) # Fetch one record and return result account = cursor.fetchone() # If account exists in accounts table in out database if account: # Create session data, we can access this data in other routes session['loggedin'] = True session['id'] = account['id'] session['username'] = account['username'] # Redirect to home page return redirect(url_for('home')) else: # Account doesnt exist or username/password incorrect msg = 'Incorrect username/password!' # Show the login form with message (if any) return render_template('login.html', msg=msg)
def home(): # Check if user is loggedin if 'loggedin' in session: # User is loggedin show them the home page return render_template('home.html', username=session['username']) # User is not loggedin redirect to login page return redirect(url_for('login'))
def profile(): # Check if user is loggedin if 'loggedin' in session: # We need all the account info for the user so we can display it on the profile page cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() # Show the profile page with account info return render_template('profile.html', account=account, username=session['username']) # User is not loggedin redirect to login page return redirect(url_for('login'))
def users(): if 'loggedin' in session: cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor) cursor.execute('SELECT * FROM accounts WHERE id = %s', [session['id']]) account = cursor.fetchone() if account['role'] == 'admin': cursor.execute('SELECT * FROM accounts') data = cursor.fetchall() # Show the profile page with return render_template( 'users.html', username=session['username'], values=data) # values not transmitting to table else: return redirect(url_for('home', username=session['username'])) return redirect(url_for('login'))
def page_not_found(e): return render_template('404.html'), 404