def sign_in(): email = request.form['email'] password = request.form['password'] check_user = db_select_queries.check_user_by_email(email) if not check_user: return jsonify(error=True, message='invalid credentials') pw_check = check_password(password, check_user['password']) if not pw_check: return jsonify(error=True, message='invalid credentials') user = db_select_queries.get_user_by_username(check_user['username']) user_session['session_id'] = uniqueValue() user_session['you_id'] = user["id"] user_session['you_username'] = user['username'] user_session['you'] = user return jsonify( message='Signed In Successfully!', success=True, user_id=user_session['you_id'], username=user_session['you_username'], )
def signin(request, sse): try: data = json.loads(request.data) if not data: return jsonify(error=True, message='request body is empty, check headers/data') print(data) email = str(data['email']).encode() password = str(data['password']).encode() account = db_session.query(Accounts).filter_by(email=email).first() if not account: return jsonify(error=True, message='invalid credentials') if bcrypt.checkpw(password, account.password.encode()) == False: return jsonify(error=True, message='invalid credentials') session_id = chamber.uniqueValue() user_session['session_id'] = session_id user_session['account_id'] = account.id user_session['account_type'] = account.type return jsonify(account=account.serialize, message='Signed In!') except Exception as err: print(err) return jsonify(error=True, errorMessage=str(err), message='error signing in...')
def sign_in(request): data = json.loads(request.data) print('--- data ---', data) if "email" not in data: return jsonify(error = True, message = "Email Address field is required") if "password" not in data: return jsonify(error = True, message = "Password field is required") email = cgi.escape( data['email'] ) password = cgi.escape( data['password'] ).encode('utf8') if not email or chamber.isValidEmail(email) != True: return jsonify(error = True, message = "Email Address must be in proper format") if not password: return jsonify(error = True, message = "Password must be at least 6 characters") you = db_session.query(Users).filter_by(email = email).first() if not you: return jsonify(error = True, message = "Invalid credentials") checkPassword = bcrypt.hashpw(password, you.password.encode('utf8')) if checkPassword != you.password: return jsonify(error = True, message = "Invalid credentials") you.last_loggedin = func.now() db_session.add(you) db_session.commit() user_session["session_id"] = chamber.uniqueValue() user_session["you_id"] = you.id return jsonify(message = "Signed In!")
def signup(request, sse): try: data = json.loads(request.data) if not data: return jsonify(error=True, message='request body is empty, check headers/data') print(data) username = str(data['username']).encode() account_email = str(data['account_email']).encode() booking_email = str(data['booking_email']).encode() account_type = str(data['account_type']).encode() password = str(data['password']).encode() hashed = bcrypt.hashpw(password, bcrypt.gensalt()) check_username = db_session.query(Accounts).filter_by( username=username).first() check_account_email = db_session.query(Accounts).filter_by( email=account_email).first() check_booking_email = db_session.query(Accounts).filter_by( booking_email=booking_email).first() if check_username: return jsonify(error=True, message='username is already in use') if check_account_email: return jsonify(error=True, message='account email is already in use') if check_booking_email: return jsonify(error=True, message='booking email is already in use') new_account = Accounts(username=username, email=account_email, booking_email=booking_email, password=hashed, type=account_type) db_session.add(new_account) db_session.commit() session_id = chamber.uniqueValue() user_session['session_id'] = session_id user_session['account_id'] = new_account.id user_session['account_type'] = new_account.type return jsonify(message='Signed Up!') except Exception as err: print(err) return jsonify(error=True, errorMessage=str(err), message='error signing up...')
def account_page(request, sse, username): user_session['auth_key'] = uniqueValue() account = db_session.query(Accounts).filter_by(username=username).first() if account == None: message = '''No account exists with this username''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('user-page.html', session=logged_in())
def event_attending_page(request, sse, event_id): user_session['auth_key'] = uniqueValue() event = db_session.query(Events).filter_by(id=event_id).first() if event == None: message = '''Event not found.''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('event-attending-page.html', session=logged_in())
def requests_page(request, sse): if 'session_id' not in user_session: return redirect('/') if user_session['account_type'] == 'USER': message = '''USERs do not have a requests page.''' return render_template('error-page.html', session=logged_in(), message=message) user_session['auth_key'] = uniqueValue() return render_template('requests-page.html', session=logged_in())
def event_page(request, sse, event_id): user_session['auth_key'] = uniqueValue() event = db_session.query(Events).filter_by(id=event_id).first() if event == None: message = '''No event exists with this id''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('event-page.html', session=logged_in())
def profile_attending(request, sse): user_session['auth_key'] = uniqueValue() if 'session_id' not in user_session: return render_template('error-page.html', session=logged_in(), message='Not logged in...') if user_session['account_type'] != 'USER': message = '''Your account is not of type: USER. Only Users can attend events.''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('profile-attending.html', session=logged_in())
def profile_shows(request, sse): user_session['auth_key'] = uniqueValue() if 'session_id' not in user_session: return render_template('error-page.html', session=logged_in(), message='Not logged in...') if user_session['account_type'] != 'ARTIST': message = '''Your account is not of type: ARTIST. Only Artists can have shows.''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('profile-shows.html', session=logged_in())
def profile_events(request, sse): user_session['auth_key'] = uniqueValue() if 'session_id' not in user_session: return render_template('error-page.html', session=logged_in(), message='Not logged in...') if user_session['account_type'] != 'VENUE': message = '''Your account is not of type: VENUE. Only Venues can have events.''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('profile-events.html', session=logged_in())
def account_shows(request, sse, username): user_session['auth_key'] = uniqueValue() account = db_session.query(Accounts).filter_by(username=username).first() if account == None: message = '''No account exists with this username''' return render_template('error-page.html', session=logged_in(), message=message) if account.type != 'ARTIST': message = '''This account is not of type: ARTIST. Only Artists can have shows.''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('user-shows.html', session=logged_in())
def account_attending(request, sse, username): user_session['auth_key'] = uniqueValue() account = db_session.query(Accounts).filter_by(username=username).first() if account == None: message = '''No account exists with this username''' return render_template('error-page.html', session=logged_in(), message=message) if account.type != 'USER': message = '''This account is not of type: USER. Only Users can attend events.''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('user-attending.html', session=logged_in())
def submit_password_reset_code(request): data = json.loads(request.data) if "code" not in data: return jsonify(error = True, message = "Code field is required") code = cgi.escape(data['code']) if not code: return jsonify(error = True, message = "Code field cannot be blank") reset_request = db_session.query(ResetPasswordRequests).filter_by(unique_value = code).first() if not reset_request: return jsonify(error = True, message = "Invalid code") you = db_session.query(Users).filter_by(email = reset_request.user_email).first() new_password = chamber.uniqueValue() hash = bcrypt.hashpw(new_password, bcrypt.gensalt()).encode('utf8') print("reset - ", new_password, hash, you) you.password = hash db_session.add(you) db_session.delete(reset_request) db_session.commit() checkPassword = bcrypt.hashpw(new_password, you.password.encode('utf8')) if checkPassword != you.password: print("new password test failed...") return jsonify(error = True, message = "Server error: could not reset password...") else: print("new password test successful!") body = render_template("email/PasswordResetSuccess.html", data = { "user": you.serialize_small, "password": new_password, "link": request.host + "/signin" } ) mail_sent = chamber.send_email(you.email, "Password Reset Successful!", "text/html", body) return jsonify(message = "New password reset successful! Check your email.")
def sign_up(): form_dict = { "displayname": str(request.form['displayname']).encode('utf-8'), "username": str(request.form['username']).encode('utf-8'), "email": str(request.form['email']).encode('utf-8'), "password": str(request.form['password']).encode('utf-8'), } password = str(form_dict['password']).encode('utf-8') password_confirm = str(request.form['password_confirm']).encode('utf-8') passwords_do_not_match = password != password_confirm if passwords_do_not_match: return jsonify(error=True, message='passwords do not match') check_username = db_select_queries.check_user_by_username( form_dict['username']) if check_username: return jsonify(error=True, message='username already in use') check_email = db_select_queries.check_user_by_email(form_dict['email']) if check_email: return jsonify(error=True, message='email already in use') new_user_id = db_insert_queries.create_new_user(form_dict) new_user = db_select_queries.get_user_by_username(form_dict['username']) user_session['session_id'] = uniqueValue() user_session['you_id'] = new_user_id user_session['you_username'] = form_dict['username'] user_session['you'] = new_user return jsonify( message='Signed Up Successfully!', success=True, new_user_id=user_session['you_id'], new_username=user_session['you_username'], )
def edit_event(request, sse, event_id): user_session['auth_key'] = uniqueValue() if 'session_id' not in user_session: return render_template('error-page.html', session=logged_in(), message='Not logged in...') event = db_session.query(Events).filter_by(id=event_id).first() if event == None: message = '''Event not found.''' return render_template('error-page.html', session=logged_in(), message=message) if event.host_id != user_session['account_id']: message = '''You cannot make edits because you do not own this event''' return render_template('error-page.html', session=logged_in(), message=message) return render_template('edit-event.html', session=logged_in())
def signup(request, sse): user_session['auth_key'] = uniqueValue() if 'session_id' in user_session: return redirect('/') return render_template('signup.html', session=logged_in())
def search_page(request, sse): user_session['auth_key'] = uniqueValue() return render_template('search.html', session=logged_in())
def info(request, sse): user_session['auth_key'] = uniqueValue() return render_template('info.html', session=logged_in())
def account_settings(request, sse): if 'session_id' not in user_session: return redirect('/') user_session['auth_key'] = uniqueValue() return render_template('account-settings.html', session=logged_in())
def messages_page(request, sse): if 'session_id' not in user_session: return redirect('/') user_session['auth_key'] = uniqueValue() return render_template('messages-page.html', session=logged_in())
def sign_up(request): data = json.loads(request.data) if "displayname" not in data: return jsonify(error=True, message="Display Name field is required") if "email" not in data: return jsonify(error=True, message="Email Address field is required") if "password" not in data: return jsonify(error=True, message="Password field is required") if "confirmpassword" not in data: return jsonify(error=True, message="Confirm Password field is required") displayname = cgi.escape(data['displayname']) email = cgi.escape(data['email']) password = cgi.escape(data['password']).encode('utf8') confirmpassword = cgi.escape(data['confirmpassword']).encode('utf8') if not displayname: return jsonify( error=True, message= "Display Name must be letters only; dashes, apostrophes and periods are allowed" ) if not email or chamber.isValidEmail(email) != True: return jsonify(error=True, message="Email Address must be in proper format") if not password or len(password) < 6: return jsonify(error=True, message="Password must be at least 6 characters") if not confirmpassword: return jsonify( error=True, message="Confirm Password must be at least 6 characters") if password != confirmpassword: return jsonify(error=True, message="Passwords must match") check_account = db_session.query(Users).filter_by(email=email).first() if check_account: return jsonify(error=True, message="Email already in use") hash = bcrypt.hashpw(password, bcrypt.gensalt()).encode('utf8') new_user = Users(displayname=displayname, email=email, password=hash) db_session.add(new_user) db_session.commit() user_session["session_id"] = chamber.uniqueValue() user_session["you_id"] = new_user.id try: html = render_template("email/SignedUp.html", user={"displayname": new_user.displayname}) mail_sent = chamber.send_email(new_user.email, "Welcome!", "text/html", html) print("mail_sent", mail_sent) except Exception as e: print('error - ', e) pass return jsonify(message="Signed Up!")