def register(): # User reached route via POST (as by submitting a form via POST) if request.method == "POST": # Ensure name was submitted by the manager if not request.form.get("full_name"): return manager_apology("Missing name") # Ensure email address was submitted if not request.form.get("email"): return manager_apology("Missing email address") # Ensure password was submitted if not request.form.get("password"): return manager_apology("Missing password") # Ensure password was confirmed and passwords match if not request.form.get("confirmation") or request.form.get( "password") != request.form.get("confirmation"): return manager_apology("Passwords don't match") # Hash the password provided by the user (manager) hashed_password = generate_password_hash(request.form.get("password")) # Insert the new user (manager) (i.e. full name, email address, hashed password, type of user) to the table "user" of the database result = db.execute( "INSERT INTO users (manager_name, email_address, hash, manager_or_employee) \ VALUES (:manager_name, :email_address, :hashed_password, 'manager')", manager_name=request.form.get("full_name"), email_address=request.form.get("email"), hashed_password=hashed_password) # Apologise with the message "Email is not available" if the provided email address already exists in the table "users" if not result: return manager_apology("Email is not available") # Log the new user (manager) in by storing his/her id number in sessions id_ = db.execute( "SELECT id FROM users WHERE email_address = :email_address", email_address=request.form.get("email")) session["user_id"] = id_[0]["id"] # Redirect the new user (manager) to the homepage for managers return redirect("/") # User reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")
def login(): # Forget any user_id session.clear() # User reached route via POST if request.method == "POST": # Ensure email address was submitted if not request.form.get("email"): return manager_apology("must provide email address", 403) # Ensure password was submitted elif not request.form.get("password"): return manager_apology("must provide password", 403) # Query database for username rows = db.execute( "SELECT * FROM users WHERE email_address = :email_address", email_address=request.form.get("email")) # Ensure username exists and password is correct if len(rows) != 1 or not check_password_hash( rows[0]["hash"], request.form.get("password")): return manager_apology("invalid email address and/or password", 403) # Remember which user has logged in session["user_id"] = rows[0]["id"] # If user is manager, redirect user to the homepage for managers if rows[0]["manager_or_employee"] == "manager": return redirect("/") # If user is employee, redirect user to the homepage for employees if rows[0]["manager_or_employee"] == "employee": return redirect("/employee_index") # User reached route via GET else: return render_template("login.html")
def errorhandler(e): """Handle error""" if not isinstance(e, HTTPException): e = InternalServerError() return manager_apology(e.name, e.code)
def employee_provide_feedback(): # User reached route via POST if request.method == "POST": # Store the id of the manager to be assessed in the variable "feedbackee_id_" feedbackee_id = db.execute( "SELECT id_of_manager_to_be_assessed FROM users WHERE id=:id_", id_=session['user_id']) feedbackee_id_ = feedbackee_id[0]["id_of_manager_to_be_assessed"] # Insert the values of the feedback form into the table "surveyanswers" db.execute( "INSERT INTO surveyanswers(feedbacker_id, feedbackee_id, Q1, Q2, Q3, Q4, Q5, Q6, Q7, Q8, Q9, Q10, Q11, \ Q12, Q13, Q14, Q15, Q16, Q17, Q18, Q19, Q20, Q21, Q22, Q23, Q24, Q25, Q26, Q27, Q28, Q29, Q30, Q31, Q32, \ Q33, Q34, Q35, Q36, Q37, Q38, Q39, Q40) VALUES (:feedbacker_id, :feedbackee_id, :Q1, :Q2, :Q3, :Q4, :Q5, \ :Q6, :Q7, :Q8, :Q9, :Q10, :Q11, :Q12, :Q13, :Q14, :Q15, :Q16, :Q17, :Q18, :Q19, :Q20, :Q21, :Q22, :Q23, \ :Q24, :Q25, :Q26, :Q27, :Q28, :Q29, :Q30, :Q31, :Q32, :Q33, :Q34, :Q35, :Q36, :Q37, :Q38, :Q39, :Q40)", feedbacker_id=session['user_id'], feedbackee_id=feedbackee_id_, Q1=request.form.get("Q1"), Q2=request.form.get("Q2"), Q3=request.form.get("Q3"), Q4=request.form.get("Q4"), Q5=request.form.get("Q5"), Q6=request.form.get("Q6"), Q7=request.form.get("Q7"), Q8=request.form.get("Q8"), Q9=request.form.get("Q9"), Q10=request.form.get("Q10"), Q11=request.form.get("Q11"), Q12=request.form.get("Q12"), Q13=request.form.get("Q13"), Q14=request.form.get("Q14"), Q15=request.form.get("Q15"), Q16=request.form.get("Q16"), Q17=request.form.get("Q17"), Q18=request.form.get("Q18"), Q19=request.form.get("Q19"), Q20=request.form.get("Q20"), Q21=request.form.get("Q21"), Q22=request.form.get("Q22"), Q23=request.form.get("Q23"), Q24=request.form.get("Q24"), Q25=request.form.get("Q25"), Q26=request.form.get("Q26"), Q27=request.form.get("Q27"), Q28=request.form.get("Q28"), Q29=request.form.get("Q29"), Q30=request.form.get("Q30"), Q31=request.form.get("Q31"), Q32=request.form.get("Q32"), Q33=request.form.get("Q33"), Q34=request.form.get("Q34"), Q35=request.form.get("Q35"), Q36=request.form.get("Q36"), Q37=request.form.get("Q37"), Q38=request.form.get("Q38"), Q39=request.form.get("Q39"), Q40=request.form.get("Q40")) # Ensure all questions have been answered if not request.form.get("Q1") or not request.form.get("Q2") or not request.form.get("Q3") or not request.form.get("Q4") \ or not request.form.get("Q5") or not request.form.get("Q6") or not request.form.get("Q7") or not request.form.get("Q8") \ or not request.form.get("Q9") or not request.form.get("Q10") or not request.form.get("Q11") or not request.form.get("Q12") \ or not request.form.get("Q13") or not request.form.get("Q14") or not request.form.get("Q15") or not request.form.get("Q16") \ or not request.form.get("Q17") or not request.form.get("Q18") or not request.form.get("Q19") or not request.form.get("Q20") \ or not request.form.get("Q21") or not request.form.get("Q22") or not request.form.get("Q23") or not request.form.get("Q24") \ or not request.form.get("Q25") or not request.form.get("Q26") or not request.form.get("Q27") or not request.form.get("Q28") \ or not request.form.get("Q29") or not request.form.get("Q30") or not request.form.get("Q31") or not request.form.get("Q32") \ or not request.form.get("Q33") or not request.form.get("Q34") or not request.form.get("Q35") or not request.form.get("Q36") \ or not request.form.get("Q37") or not request.form.get("Q38") or not request.form.get("Q39") or not request.form.get("Q49"): return manager_apology("Please answer all questions!") # Render employee provide feedback success form return render_template("employee_provide_feedback_success.html") # User reached route via GET else: # Query database whether the logged-in user has already submitted feedback feedbacker_id_ = db.execute( "SELECT feedbacker_id FROM surveyanswers WHERE feedbacker_id=:feedbacker_id", feedbacker_id=session['user_id']) # If the logged-in employee did not provide feedback so far, do the below: if not feedbacker_id_: # Query the database for the name of the manager to be assessed and store it in the variable "manager_name_" id_of_manager_to_be_assessed = db.execute( "SELECT id_of_manager_to_be_assessed FROM users WHERE id=:id_", id_=session['user_id']) id_of_manager_to_be_assessed_ = id_of_manager_to_be_assessed[0][ "id_of_manager_to_be_assessed"] manager_name = db.execute( "SELECT manager_name FROM users WHERE id=:id_of_manager_to_be_assessed_", id_of_manager_to_be_assessed_=id_of_manager_to_be_assessed_) manager_name_ = manager_name[0]["manager_name"] # Render employee provide feedback form return render_template("employee_provide_feedback.html", manager_name_=manager_name_) # If the logged-in employee has already provided feedback, render employee feedback already submitted form else: return render_template("employee_feedback_already_submitted.html")
def manager_self_assessment(): # User reached route via POST if request.method == "POST": # Insert the values of the self-assessment form into the table "surveyanswers" db.execute( "INSERT INTO surveyanswers(feedbacker_id, feedbackee_id, Q1, Q2, Q3, Q4, Q5, Q6, Q7, Q8, Q9, Q10, Q11, Q12, Q13, Q14, Q15, \ Q16, Q17, Q18, Q19, Q20, Q21, Q22, Q23, Q24, Q25, Q26, Q27, Q28, Q29, Q30, Q31, Q32, Q33, Q34, Q35, Q36, \ Q37, Q38, Q39, Q40) VALUES (:feedbacker_id, :feedbackee_id, :Q1, :Q2, :Q3, :Q4, :Q5, :Q6, :Q7, :Q8, :Q9, :Q10, \ :Q11, :Q12, :Q13, :Q14, :Q15, :Q16, :Q17, :Q18, :Q19, :Q20, :Q21, :Q22, :Q23, :Q24, :Q25, :Q26, :Q27, \ :Q28, :Q29, :Q30, :Q31, :Q32, :Q33, :Q34, :Q35, :Q36, :Q37, :Q38, :Q39, :Q40)", feedbacker_id=session['user_id'], feedbackee_id=session['user_id'], Q1=request.form.get("Q1"), Q2=request.form.get("Q2"), Q3=request.form.get("Q3"), Q4=request.form.get("Q4"), Q5=request.form.get("Q5"), Q6=request.form.get("Q6"), Q7=request.form.get("Q7"), Q8=request.form.get("Q8"), Q9=request.form.get("Q9"), Q10=request.form.get("Q10"), Q11=request.form.get("Q11"), Q12=request.form.get("Q12"), Q13=request.form.get("Q13"), Q14=request.form.get("Q14"), Q15=request.form.get("Q15"), Q16=request.form.get("Q16"), Q17=request.form.get("Q17"), Q18=request.form.get("Q18"), Q19=request.form.get("Q19"), Q20=request.form.get("Q20"), Q21=request.form.get("Q21"), Q22=request.form.get("Q22"), Q23=request.form.get("Q23"), Q24=request.form.get("Q24"), Q25=request.form.get("Q25"), Q26=request.form.get("Q26"), Q27=request.form.get("Q27"), Q28=request.form.get("Q28"), Q29=request.form.get("Q29"), Q30=request.form.get("Q30"), Q31=request.form.get("Q31"), Q32=request.form.get("Q32"), Q33=request.form.get("Q33"), Q34=request.form.get("Q34"), Q35=request.form.get("Q35"), Q36=request.form.get("Q36"), Q37=request.form.get("Q37"), Q38=request.form.get("Q38"), Q39=request.form.get("Q39"), Q40=request.form.get("Q40")) # Ensure all questions have been answered if not request.form.get("Q1") or not request.form.get("Q2") or not request.form.get("Q3") or not request.form.get("Q4") \ or not request.form.get("Q5") or not request.form.get("Q6") or not request.form.get("Q7") or not request.form.get("Q8") \ or not request.form.get("Q9") or not request.form.get("Q10") or not request.form.get("Q11") or not request.form.get("Q12") \ or not request.form.get("Q13") or not request.form.get("Q14") or not request.form.get("Q15") or not request.form.get("Q16") \ or not request.form.get("Q17") or not request.form.get("Q18") or not request.form.get("Q19") or not request.form.get("Q20") \ or not request.form.get("Q21") or not request.form.get("Q22") or not request.form.get("Q23") or not request.form.get("Q24") \ or not request.form.get("Q25") or not request.form.get("Q26") or not request.form.get("Q27") or not request.form.get("Q28") \ or not request.form.get("Q29") or not request.form.get("Q30") or not request.form.get("Q31") or not request.form.get("Q32") \ or not request.form.get("Q33") or not request.form.get("Q34") or not request.form.get("Q35") or not request.form.get("Q36") \ or not request.form.get("Q37") or not request.form.get("Q38") or not request.form.get("Q39") or not request.form.get("Q49"): return manager_apology("Please answer all questions!") # Render manager self-assessment form return render_template("manager_self_assessment_success.html") # User reached route via GET else: # Query database whether the manager has already submitted his/her self-assessment feedbacker_ids = db.execute( "SELECT feedbacker_id FROM surveyanswers WHERE feedbacker_id=:feedbacker_id", feedbacker_id=session['user_id']) # If manager has not assessed himself so far, render self-assessment form if not feedbacker_ids: return render_template("manager_self_assessment.html") # If manager has already assessed himself, render self assessment already submitted form else: return render_template( "manager_self_assessment_already_submitted.html")
def manager_request_feedback(): # User reached route via POST if request.method == "POST": # Create random password for the requested employee (for employee login) and store it in the variable "random_[...]_requested_employee" password_length = 12 random_password_for_requested_employee = ''.join( choice(ascii_uppercase + digits) for i in range(password_length)) # Hash the password and store it in the variable "hashed_password" hashed_password = generate_password_hash( random_password_for_requested_employee) # Insert the requested employee (i.e. email address, hashed password, type of user, id of his/her manager) in the table "users" result = db.execute( "INSERT INTO users (email_address, hash, manager_or_employee, id_of_manager_to_be_assessed) \ VALUES (:email_address, :hashed_password, 'employee', :id_of_manager_to_be_assessed)", email_address=request.form.get("email"), hashed_password=hashed_password, id_of_manager_to_be_assessed=session['user_id']) # Ensure employee has not already been requested by the logged-in manager (or another manager) if not result: return manager_apology( "A request has already been sent to this email address") # Store the content of the email (i.e. login credentials) which will be sent to the requested employee in the variables part1, part2 # And part3 a = "Dear Sir or Madam, \n\n this is a request to provide feedback for Mr/Mrs " b = db.execute("SELECT manager_name FROM users WHERE id=:id_", id_=session['user_id']) b_ = b[0]["manager_name"] c = ". Please click on the link below to start the process. \n\n Your login credentials are: \n Email address: " d = request.form.get("email") e = "\n Password: "******"\n\n" part1__ = [a, b_, c, d, e, f, g] part1_ = "".join(part1__) part1 = MIMEText(part1_, 'plain') part2 = MIMEText( u'<a href="http://ide50-morrisgunther.cs50.io:8080/">XXXwww.anmoleadership.com</a>', 'html') part3_ = "\n\n Sincerely, \n Your ANMO Team" part3 = MIMEText(part3_, 'plain') # Store the from address, to address, subject as well as gmail account and password of sender in corresponding variables sent_from = '*****@*****.**' to = request.form.get("email") msg = MIMEMultipart('multipart') msg.attach(part1) msg.attach(part2) msg.attach(part3) msg['Subject'] = 'Feedback request for your manager' msg['From'] = sent_from msg['To'] = to gmail_user = '******' gmail_password = '******' # Set up gmail server, login and send email to requested emplyoee server = smtplib.SMTP("smtp.gmail.com", 587) server.starttls() server.login(gmail_user, gmail_password) server.sendmail(sent_from, to, msg.as_string()) # Redirect user (manager) to request feedback form return redirect("/manager_request_feedback") # User reached route via GET else: # Query database for the email addresses requested by the logged-in manager email_addresses = db.execute( "SELECT email_address FROM users WHERE id_of_manager_to_be_assessed=:id_of_manager_to_be_assessed", id_of_manager_to_be_assessed=session['user_id']) # Render request feedback form return render_template("manager_request_feedback.html", email_addresses=email_addresses)