def FUN_add_user(): if session.get("current_user", None) == "ADMIN": # only Admin should be able to add user. # before we add the user, we need to ensure this is doesn't exsit in database. We also need to ensure the id is valid. if request.form.get('id').upper() in list_users(): user_list = list_users() all_fields = user_db_all_fields() user_table = zip(range(1, len(user_list)+1),\ user_list,\ [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)], all_fields[2]) return (render_template("admin.html", id_to_add_is_duplicated=True, users=user_table)) if " " in request.form.get('id') or "'" in request.form.get( 'id') or not request.form.get( 'id' ): # 3rd condition I have added..for not adding empty string user_list = list_users() all_fields = user_db_all_fields() user_table = zip(range(1, len(user_list)+1),\ user_list,\ [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)], all_fields[2]) return (render_template("admin.html", id_to_add_is_invalid=True, users=user_table)) else: add_user(request.form.get('id'), request.form.get('pw')) return (redirect(url_for("FUN_admin"))) else: return abort(401)
def FUN_add_user(): if session.get("current_user", None) == "ADMIN": # only Admin should be able to add user. # before we add the user, we need to ensure this is doesn't exsit in database. We also need to ensure the id # is valid. if request.form.get('id').upper() in database.list_users(): user_list = database.list_users() user_table = zip(range(1, len(user_list) + 1), user_list, [ x + y for x, y in zip(["/delete_user/"] * len(user_list), user_list) ]) return render_template("admin.html", id_to_add_is_duplicated=True, users=user_table) if " " in request.form.get('id') or "'" in request.form.get('id'): user_list = database.list_users() user_table = zip(range(1, len(user_list) + 1), user_list, [ x + y for x, y in zip(["/delete_user/"] * len(user_list), user_list) ]) return render_template("admin.html", id_to_add_is_invalid=True, users=user_table) else: database.add_user(request.form.get('id'), request.form.get('pw')) return redirect(url_for("FUN_admin")) else: return abort(401)
def users(self): users = database.list_users() message = 'USERS :' for user in users: if self.name != user: message += user + ' ' self.send_message(message.strip())
def FUN_login(): id_submitted = request.form.get("id").upper() if (id_submitted in list_users()) and verify(id_submitted, request.form.get("pw")): session['current_user'] = id_submitted return (redirect(url_for("FUN_root")))
def FUN_admin(): if session.get("current_user", None) == "ADMIN": user_list = list_users() user_table = zip(range(1, len(user_list)+1),\ user_list,\ [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)]) return render_template("admin.html", users = user_table) else: return abort(401)
def FUN_admin(): if session.get("current_user", None) == "ADMIN": user_list = list_users() all_fields = user_db_all_fields( ) # Added this to access all fields of user db, here all_fields[0] is same as user_list user_table = zip(range(1, len(user_list)+1),\ user_list,\ [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)], all_fields[2]) return render_template("admin.html", users=user_table) else: return abort(401)
def FUN_login(): id_submitted = request.form.get("id").upper() if (id_submitted in list_users()) and verify(id_submitted, request.form.get("pw")): session['current_user'] = id_submitted return (redirect(url_for("welcome"))) else: #return(redirect(url_for("FUN_root"))) return render_template("index.html", wrong_id_pass=True)
def FUN_register_user(): if request.form.get('id').upper() in list_users(): user_list = list_users() user_table = zip(range(1, len(user_list)+1),\ user_list,\ [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)]) return (render_template("index.html", id_to_add_is_duplicated=True, users=user_table)) if " " in request.form.get('id') or "'" in request.form.get('id'): user_list = list_users() user_table = zip(range(1, len(user_list)+1),\ user_list,\ [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)]) return (render_template("index.html", id_to_add_is_invalid=True, users=user_table)) else: add_user(request.form.get('id'), request.form.get('pw')) return (redirect(url_for("FUN_root")))
def get_users(): users = list_users() return render_template('users_list.html', theusers=users)
def check_database_init(): res = db.list_users() print(res)
import sys import os sys.path.insert(0, os.path.abspath("libraries")) import database print database.list_users() print database.login('test', 'test')