def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
record = database.fetchone(
'SELECT password, salt FROM users WHERE username="******";'.format(
username))
if not record:
return render_template('login.html',
error='Invalid username or password')
correct_password, salt = record
hashed_password = sha256((password + salt).encode()).hexdigest()
if hashed_password != correct_password:
return render_template('login.html',
error='Invalid username or password')
session['username'] = username
return redirect(url_for('my_trips'))
if session.get('username', None) is not None:
return redirect(url_for('my_trips'))
return render_template('login.html')
def get_user_info(username):
pinfo = database.fetchone("SELECT avatar, age FROM users WHERE username='******';".format(username))
if not pinfo:
return '', 0
avatar = escape_html(pinfo[0])
age = pinfo[1]
return avatar, age
def delete_trip(id=None):
trip = database.fetchone('SELECT * FROM trips WHERE id="{}";'.format(id))
if not trip:
return render_template('trips.html', error='Invalid trip ID')
trip = get_trip_obj(trip)
database.execute('DELETE FROM trips WHERE id="{}";'.format(id))
database.execute('DELETE FROM carpools WHERE id="{}";'.format(id))
return redirect(url_for('my_trips'))
def leave_trip(id=None):
username = session['username']
trip = database.fetchone('SELECT * FROM trips WHERE id="{}";'.format(id))
if not trip:
return render_template('trips.html', error='Invalid trip ID')
trip = get_trip_obj(trip)
database.execute(
'DELETE FROM carpools WHERE id="{}" AND username="******";'.format(
id, username))
return redirect(url_for('trip', id=id))
def trip(id=None):
trip = database.fetchone('SELECT * FROM trips WHERE id="{}";'.format(id))
if not trip:
return render_template('trips.html', error='Invalid trip ID')
trip = get_trip_obj(trip)
if request.method == 'POST':
username = session['username']
database.execute('INSERT INTO carpools VALUES ("{}", "{}");'.format(
id, username))
passengers = database.fetchall(
'SELECT username FROM carpools WHERE id="{}";'.format(id))
passengers = [p[0] for p in passengers]
return render_template('trip.html',
trip=trip,
passengers=passengers,
success='Trip joined successfully')
passengers = database.fetchall(
'SELECT username FROM carpools WHERE id="{}"'.format(id))
passengers = [p[0] for p in passengers]
return render_template('trip.html', trip=trip, passengers=passengers)
def check_login(username, password):
hashed_password = sha256(password.encode()).hexdigest()
correct_hash = database.fetchone("SELECT hash FROM users WHERE username='******';".format(username))
return correct_hash and correct_hash[0] == hashed_password
def get_username_from_session():
session = request.cookies.get('SESSION_ID', '')
found_session = database.fetchone("SELECT username FROM sessions WHERE id='{}';".format(session))
username = found_session[0] if found_session else None
return username
def is_valid_username(username):
return bool(database.fetchone("SELECT 1 FROM users WHERE username='******';".format(username)))