def profile(username):
username = username.lower()
preparedQuery = 'SELECT * FROM Users WHERE username=?;'
user = safe_query(preparedQuery, (username,), one=True)
edit = False
form = ProfileForm()
if username == current_user.username:
if form.validate_on_submit():
preparedQuery = 'UPDATE Users ' \
'SET education=?, employment=?, music=?, movie=?, nationality=?, birthday=? ' \
'WHERE id=?;'
data = (form.education.data, form.employment.data, form.music.data, form.movie.data, form.nationality.data,
form.birthday.data, current_user.id)
safe_query(preparedQuery, data)
return redirect(url_for('profile', username=username))
elif form.is_submitted():
edit = True
if user['education'] != 'Unknown':
form.education.data = user['education']
if user['nationality'] != 'Unknown':
form.nationality.data = user['nationality']
if user['music'] != 'Unknown':
form.music.data = user['music']
if user['movie'] != 'Unknown':
form.movie.data = user['movie']
if user['employment'] != 'Unknown':
form.employment.data = user['employment']
if user['birthday'] != 'Unknown':
form.birthday.data = datetime.strptime(user['birthday'], '%Y-%m-%d')
return render_template('profile.html', title='Profile', user=user, form=form, edit=edit)
def profile(username):
form = ProfileForm()
if form.is_submitted():
query_db(
'UPDATE Users SET education="{}", employment="{}", music="{}", movie="{}", nationality="{}", birthday=\'{}\' WHERE username="******" ;'
.format(form.education.data, form.employment.data, form.music.data,
form.movie.data, form.nationality.data, form.birthday.data,
username))
return redirect(url_for('profile', username=username))
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username), one=True)
return render_template('profile.html',
title='profile',
username=username,
user=user,
form=form)
def profile(username):
user = query_db('SELECT * FROM Users WHERE username="******";'.format(
session.get('username')),
one=True)
if user == None:
flash('You are not logged in')
return redirect(url_for('index'))
elif user['password'] == session.get('password'):
form = ProfileForm()
if form.is_submitted():
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username),
one=True)
if user == None:
flash(
'you are not logged in. Every error shouldnt happen, but this error really extra shouldnt happen'
)
return redirect(url_for('index'))
elif user['password'] == session.get('password'):
query_db(
'UPDATE Users SET education="{}", employment="{}", music="{}", movie="{}", nationality="{}", birthday=\'{}\' WHERE username="******" ;'
.format(form.education.data, form.employment.data,
form.music.data, form.movie.data,
form.nationality.data, form.birthday.data,
username))
else:
flash(
'You are not logged in as that user you tried to edit the profile of'
)
return redirect(
url_for('stream', username=session.get('username')))
return redirect(url_for('profile', username=username))
user = query_db(
'SELECT * FROM Users WHERE username="******";'.format(username),
one=True)
return render_template('profile.html',
title='profile',
username=username,
user=user,
form=form)
else:
flash('You are not logged in')
return redirect(url_for('index'))
def profile(username):
form = ProfileForm()
if form.is_submitted():
education = sanitizeStr(form.education.data)
employment = sanitizeStr(form.employment.data)
music = sanitizeStr(form.movie.data)
movie = sanitizeStr(form.movie.data)
nationality = sanitizeStr(form.nationality.data)
birthday = form.birthday.data
query_db(
'UPDATE Users SET education=?, employment=?, music=?, movie=?, nationality=?, birthday=? WHERE username=?',
education, employment, music, movie, nationality, birthday,
username)
return redirect(url_for('profile', username=current_user.username))
user = query_db('SELECT * FROM Users WHERE username=?', username, one=True)
return render_template('profile.html',
title='profile',
username=username,
user=user,
form=form)
def profile(username):
form = ProfileForm()
owner = True
if username != current_user.username:
owner = False
user = User.query.filter_by(username = username).first()
if not user:
return error()
if username == current_user.username and form.is_submitted():
user.education = form.education.data
user.employment = form.employment.data
user.music = form.music.data
user.movie = form.movie.data
user.nationality = form.nationality.data
user.birthday = form.birthday.data
db.session.add(user)
db.session.commit()
return redirect(url_for('profile', username=username))
return render_template('profile.html', title='profile', username=username, user=user, form=form, owner=owner)
def profile(username):
form = ProfileForm()
if form.is_submitted():
if username == session['user']:
query = (
'UPDATE Users SET education=?, employment=?, music=?, movie=?, nationality=?, birthday=? WHERE username=? ;',
(form.education.data, form.employment.data, form.music.data,
form.movie.data, form.nationality.data, form.birthday.data,
username))
query_db(query)
else:
session["err"] = "trying to edit someone elses profile"
return redirect(url_for('error'))
return redirect(url_for('profile', username=username))
query = ('SELECT * FROM Users WHERE username=?;', (username, ))
user = query_db(query, one=True)
return render_template('profile.html',
title='profile',
username=username,
user=user,
sessionuser=session["user"],
form=form)
