def load_logged_in_user():
user_id = session.get('user_id')
admin_id = session.get('admin_id')
if user_id is not None:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
g.admin = None
elif admin_id is not None:
g.admin = get_db().execute('SELECT * FROM admins WHERE id = ?',
(admin_id, )).fetchone()
g.user = None
else:
g.user = None
g.admin = None
def history():
user_id = session.get('user_id')
db = get_db()
transfers = db.execute(
'SELECT title, account_no, amount FROM transfers WHERE sender_id == ? ORDER BY id DESC',
(user_id, )).fetchall()
return render_template('logged/history.html', transfers=transfers)
def register():
if request.method == 'POST':
username = request.form['username']
email = request.form['email']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'no username'
elif not email:
error = 'no email'
elif not password:
error = 'no password'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'user already registered'
elif db.execute('SELECT email FROM user WHERE email = ?',
(email, )).fetchone() is not None:
error = 'email already used'
if error is None:
db.execute(
'INSERT INTO user (username, email, password) VALUES (?, ?, ?)',
(username, email, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
# user = db.execute(
# 'SELECT * FROM user WHERE username = ?', (username,)
# ).fetchone()
query = 'SELECT * FROM user WHERE username ="******"'
click.echo(query)
user = db.execute(query).fetchone()
click.echo(user['username'])
if user is None:
error = 'incorrect username'
elif not check_password_hash(user['password'], password):
error = 'incorrect password'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('logged.start'))
flash(error)
return render_template('auth/login.html')
def accepted():
error = None
user_id = session.get('user_id')
db = get_db()
transfer_data = db.execute('SELECT * FROM transfers WHERE sender_id == ? ORDER BY id DESC LIMIT 1', (user_id,) ).fetchone()
return render_template('logged/accepted.html', data=transfer_data)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def comment():
db = get_db()
if request.method == 'POST':
comment = request.form['comment']
db.execute('INSERT INTO comments ("comment") VALUES ("{}")'.format(comment))
db.commit()
comments = db.execute('SELECT comment FROM comments').fetchall()
return render_template('logged/comments.html', comments=comments)
def search():
if request.method == 'POST':
title = request.form['title']
user_id = session.get('user_id')
query = 'SELECT title, account_no, amount FROM transfers WHERE title == "{}" AND sender_id == "{}"'.format(title, user_id)
db = get_db()
results = db.execute(query).fetchall()
return render_template('logged/search.html', results=results, query=query)
return render_template('logged/search.html')
def start():
db = get_db()
if request.method == 'POST':
id_to_accept = request.form['id']
db.execute(
'''UPDATE transfers
SET accepted = 1
WHERE
id == ?''', (id_to_accept, ))
db.commit()
# dodać join i nazwa nadawcy
data = db.execute(
'SELECT id, account_no, amount, title FROM transfers WHERE accepted == 0'
).fetchall()
return render_template('admin/start.html', data=data)
def transfer():
if request.method == 'POST':
error = None
sender_id = session.get('user_id')
account_no = request.form['account_no']
amount = request.form['amount']
title = request.form['title']
if error is None:
db = get_db()
db.execute(
'INSERT INTO transfers (sender_id, account_no, amount, title) VALUES (?, ?, ?, ?)',
(sender_id, account_no, amount, title)
)
db.commit()
return redirect(url_for('logged.start'))
flash(error)
return render_template('logged/transfer.html')
def accept():
if request.method == 'POST':
error = None
sender_id = session.get('user_id')
account_no = request.form['account_no']
amount = request.form['amount']
title = request.form['title']
if error is None:
db = get_db()
db.execute(
'INSERT INTO transfers (sender_id, account_no, amount, title) VALUES (?, ?, ?, ?)',
(sender_id, account_no, amount, title))
db.commit()
session.pop('transfer_data', None)
return redirect(url_for('logged.accepted'))
flash(error)
transfer_data = session.get('transfer_data')
return render_template('logged/accept.html', data=transfer_data)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM admins WHERE admin_name = ?',
(username, )).fetchone()
if user is None:
error = 'incorrect username'
elif not check_password_hash(user['password'], password):
error = 'incorrect password'
if error is None:
session.clear()
session['admin_id'] = user['id']
g.user = user
return redirect(url_for('admin.start'))
flash(error)
return render_template('admin/login.html')
def start():
id = session.get('user_id')
user = get_db().execute('SELECT username FROM user WHERE id = ?',
(id, )).fetchone()
return render_template('logged/start.html', user=user)