def book_info(id_book):
allow_com = False
if 'auth' in session:
cur.execute(
"SELECT id_br FROM librarians.borrows WHERE book_id=%s AND name_id=%s;",
(id_book, session['auth']['id']))
if cur.fetchone():
allow_com = True
if request.method == 'GET':
cur.execute(
"SELECT * FROM librarians.comments WHERE id_b =%s AND accept='1';",
(id_book, ))
comments = cur.fetchall()
cur.execute("SELECT * FROM librarians.books WHERE id_b=%s;",
(id_book, ))
resp = cur.fetchone()
get_image = get_api() + "/api/get_image?name=" + secure_filename(
resp[1])
image = get(get_image)
print(image.status_code)
if image.status_code == 200:
image = get_image
if resp[3] == 1:
item = 'Dostępny jeden egzemplarz'
elif resp[3] > 0:
item = 'Dostępnych ' + str(resp[3]) + ' egzemplarzy'
else:
cur.execute(
"SELECT return FROM librarians.borrows WHERE book_id=%s AND give_back='false' ORDER BY return;",
(id_book, ))
ret = cur.fetchall()
item = 'Książka będzie dostępna najwcześniej w ' + ret[0][
0].isoformat()
return render_template('book.html',
book=resp,
item=item,
allow_com=allow_com,
comments=comments,
image=image)
else:
if not 'auth' in session or not allow_com:
return redirect(
url_for('book_blueprint.book_info', id_book=id_book))
cur.execute(
"INSERT INTO librarians.comments VALUES (default , %s, %s, %s, %s, '0');",
(id_book, request.form['comment'],
datetime.datetime.now().strftime('%d-%m-%y'),
session['auth']['username']))
return redirect(url_for('book_blueprint.book_info', id_book=id_book))
def profile(user_id):
cur.execute(
"SELECT * FROM librarians.readers WHERE id_r=%s AND loged='true';",
(user_id, ))
resp = cur.fetchone()
if not resp:
cur.execute(
"SELECT * FROM librarians.readers_pref WHERE reader_id = %s;",
(user_id, ))
pref = cur.fetchone()
if not pref[3] and not 'auth' in session:
return abort(404)
else:
cur.execute(
"""
SELECT bo.title, bo.id_b
FROM librarians.books AS bo, librarians.borrows AS br
WHERE br.name_id=%s AND br.book_id=bo.id_b AND br.give_back='true';
""", (user_id, ))
count = cur.fetchall()
info = {
'name': resp[1],
'book_count': len(count),
'book_title': '',
'email': 'ukryto',
'address': 'ukryto',
'owner': False
}
books = []
for book in count:
if not any(book[0] in s for s in books):
books.append((book[1], book[0]))
if pref[1] or 'auth' in session and user_id == session['auth'][
'id']:
info['email'] = resp[3]
if pref[2] or 'auth' in session and user_id == session['auth'][
'id']:
info['address'] = resp[2]
return render_template('profile.html', user=info, books=books)
else:
return abort(404)
def settings():
cur.execute("SELECT * FROM librarians.readers_pref WHERE reader_id = %s;",
(session['auth']['id'], ))
pref = cur.fetchone()
if request.method == 'POST':
if 'pass' in request.form:
cur.execute("SELECT pass FROM librarians.readers WHERE id_r=%s;",
(session['auth']['id'], ))
if sha512(request.form['old_pass'].encode('UTF-8')).hexdigest() == cur.fetchone()[0]\
and request.form['new_pass'] == request.form['new_pass2']:
cur.execute(
"UPDATE librarians.readers SET pass=%s WHERE id_r = %s;",
(sha512(
request.form['new_pass'].encode('UTF-8')).hexdigest(),
str(session['auth']['id'])))
return render_template('settings.html', pref=pref, update=True)
else:
return render_template('settings.html',
pref=pref,
update='Hasła się nie zgadzają')
elif 'email' in request.form:
cur.execute(
"UPDATE librarians.readers SET email=%s WHERE id_r = %s;",
(request.form['email'], session['auth']['id']))
return render_template('settings.html', pref=pref, update=True)
elif 'privacy' in request.form:
if request.form.getlist('allow_email'): allow_email = 'true'
else: allow_email = 'false'
if request.form.getlist('allow_address'): allow_address = 'true'
else: allow_address = 'false'
if request.form.getlist('allow_profile'): allow_profile = 'true'
else: allow_profile = 'false'
cur.execute(
"UPDATE librarians.readers_pref"
"SET allow_email=%s, allow_address=%s, allow_profile=%s"
"WHERE reader_id = %s;",
(allow_email, allow_address, allow_profile,
session['auth']['id']))
return render_template('settings.html', pref=pref, update=True)
else:
return render_template('settings.html', pref=pref)
def remind():
if request.method == 'POST':
if 'email' in request.form:
cur.execute("SELECT id_r FROM librarians.readers WHERE email=%s;",
(request.form['email'], ))
resp = cur.fetchone()
if resp:
code = ''.join(
sample('qwertyuiopasdfghjklzxcvbnm1234567890', 32))
pass_code.append((code, resp[0]))
text = open("email/RemindPass.txt").read()
smtp.sendEmail(request.form['email'],
'Sort Books - Przypomnienie hasła',
text.format(url=request.url + '?key=' + code))
return render_template('remind.html', step=2)
else:
return render_template(
'remind.html',
step=1,
error="Żadne konto nie jest przypisane do tego adresu email"
)
elif 'key' in request.form:
if request.form['pass'] == request.form['pass2']:
index = [x for x in pass_code
if x[0] == request.form['key']][0]
pass_code.remove(index)
cur.execute(
"UPDATE librarians.readers SET pass=%s WHERE id_r=%s;",
(sha512(request.form['pass'].encode('UTF-8')).hexdigest(),
index[1]))
return render_template('remind.html', step=4)
else:
return render_template('remind.html',
step=3,
key=request.form['key'],
error="Hasła nie są identyczne")
else:
return render_template('remind.html',
step=1,
error="Wystąpił błąd w zapytaniu")
else:
if request.args.get("key"):
try:
if request.args.get("key") == [x[0] for x in pass_code][0]:
return render_template('remind.html',
step=3,
key=request.args.get("key"))
except IndexError:
pass
return render_template('remind.html',
step=1,
error="Wystąpił błąd w zapytaniu")
else:
return render_template('remind.html', step=1)
def auth_adjust():
if session['auth']['adj']:
if request.method == 'POST':
if 'email' in request.form:
if request.form['email'] == request.form['email2']:
cur.execute(
"SELECT * FROM librarians.readers WHERE email=%s;",
(request.form['email'], ))
if not cur.fetchone():
cur.execute(
"UPDATE librarians.readers SET email=%s WHERE id_r=%s;",
(request.form['email'], session['auth']['id']))
cache = session['auth']
cache['email'] = request.form['email']
session['auth'] = cache
return render_template('adj.html', step=2)
else:
return render_template(
'adj.html',
error="Podany adres email jest już w użyciu",
step=1)
else:
return render_template(
'adj.html',
step=1,
error="Podane adresy email nie są identyczne")
elif 'pass' in request.form:
if request.form['pass'] == request.form['pass2']:
cur.execute(
"UPDATE librarians.readers SET pass=%s WHERE id_r=%s;",
(sha512(
request.form['pass'].encode('UTF-8')).hexdigest(),
session['auth']['id']))
return render_template('adj.html', step=3)
else:
return render_template(
'adj.html',
step=2,
error="Podane hasła nie są identyczne")
else:
if request.form.getlist('allow_email'): allow_email = 'true'
else: allow_email = 'false'
if request.form.getlist('allow_address'):
allow_address = 'true'
else:
allow_address = 'false'
if request.form.getlist('allow_profile'):
allow_profile = 'true'
else:
allow_profile = 'false'
cur.execute(
"INSERT INTO librarians.readers_pref VALUES (%s, %s, %s, %s);",
(session['auth']['id'], allow_email, allow_address,
allow_profile))
cur.execute(
"UPDATE librarians.readers SET loged=true WHERE id_r=%s;",
(session['auth']['id'], ))
text = open("email/NewUserEmail.txt").read()
smtp.sendEmail(session['auth']['email'],
'Sort Books - Witamy!',
text.format(name=session['auth']['username']))
return render_template('adj.html', step=4)
else:
return render_template('adj.html', step=1)
else:
return redirect(url_for('index_blueprint.index'))
def auth(login, pas):
cur.execute(
"SELECT * FROM librarians.readers WHERE (login=%s OR email=%s) AND pass=%s;",
(login, login, pas))
return cur.fetchone()