def user_confirmation(token):
try:
ts = URLSafeTimedSerializer(app.config["SECRET_KEY"])
user_id = ts.loads(token, salt="email-confirm-key")
except:
abort(403)
dbUser = DBAccess.GetDBUserById(user_id)
DBAccess.ExecuteUpdate('update users set level=1 where id=%s', (user_id, ))
email_text = f'''<html> Dobrý den,
<br>
<br> Váš účet byl ověřen a nyní se můžete <a href="https://app.seniore.org/login/">přihlásit </a>. (Pokud odkaz nefunguje, prosíme, je nutné ho zkopírovat a celý vložit do vašeho prohlížeče.)<br>
<br>
Věnujte prosím chviličku instrukcím, jak aplikaci používat. <br>
1. Na mapce uvidíte svojí polohu. V blízkosti se zobrazí lidé, kteří mohou pomoci, nebo pomoc potřebují. <br>
Je možné, že se ve Vaší lokalitě zatím nikdo nepřihlásil. Kontaktujte prosím kohokoliv, kdo by se mohl zapojit. <br>
2. Pro ostatní uživatele jste zatím neviditení! Abyste se i vy zobrazil jiným uživatelům, je potřeba kliknout na tlačítko “Zobrazit mě na mapě” na kartě "Vyhledat".<br>
V následujícím kroku vyplníte, zda pomoc potřebujete, nebo jí můžete poskytnout.<br>
3. Kliknutím na Pin (znaménko v mapě) u jiného uživatele jej můžete kontaktovat. Přijde Vám i jí/jemu mail, který Vás vzájemně propojí. Domluvíte se potom už sami.<br>
<br>
Budete-li mít jakékoliv dotazy, pište na [email protected].<br>
Pojďme společně obnovit svět, kde si sousedé pomáhají.<br>
<br>
Váš tým Seniore
</html>'''
SendMail(GetEmail('noreplyMail'), dbUser.email,
'Seniore.org - ověření účtu', email_text)
return f'Uživatel {dbUser.first_name} {dbUser.surname} byl nastaven jako schválený a byl mu odeslán informační email.'
def sluzby_update():
services = DBAccess.ExecuteSQL("select * from services")
form = regFormBuilder(
services
) # put all services to form, but I need to display it - by for cycle below
form.checkBoxes.clear() # not to have duplicates on website
form.checkBoxes = []
for index in form.checkBoxIndexes:
form.checkBoxes.append(
getattr(form, "checkbox%d" % index)
) # displaying checkboxes on
# set all existing services with checked button, to be developed
# for checkbox in form.checkBoxes:
# existing_services = DBAccess.ExecuteScalar(
# "select * from users_services where id_users=%s and "
# "id_services=%s and id_demand_offer=%s",
# (nextId, checkbox.id, form.demandOffer.data),
# )
# if service in existing_services:
# checkbox.data = True
if form.validate_on_submit(): # if validated, save in db
nextId = session["id_user"]
services_checked = []
for index in form.checkBoxIndexes:
checkbox = getattr(form, "checkbox%d" % index)
if checkbox.data:
existing_combination = DBAccess.ExecuteScalar(
"select count(*) from users_services where id_users=%s and "
"id_services=%s and id_demand_offer=%s",
(nextId, checkbox.id, form.demandOffer.data),
)
text = DictionaryDemandOffer.get(
form.demandOffer.data, "unknown").lower()
if existing_combination == 0:
flash(
f'Zadaná kombinace {session["user"]}, {text} a {checkbox.label.text} neexistuje.'
)
else:
DBAccess.ExecuteUpdate(
"delete from users_services where id_users = %s and id_services = %s and id_demand_offer= %s", (nextId, checkbox.id, form.demandOffer.data), )
services_checked.append(checkbox.label)
kwargs = {
"demand_offer": DictionaryDemandOffer.get(form.demandOffer.data, "unknown"),
"category": services_checked,
}
# return redirect(url_for("overview_bp.prehled_all"))
return render_template("sluzby_success.html", **kwargs)
return render_template("sluzby_update.html", form=form)
def remove_service():
id = request.args.get("id", type=int)
#check if there was argument
if (id is None):
abort(403)
#check if service belongs to logged user..
dbUser = DBUser.LoadFromSession('dbUser')
user_service = DBAccess.ExecuteScalar(
"select id from users_services where id = %s and id_users=%s",
(id, dbUser.id))
if (user_service is None):
abort(403)
#delete service
DBAccess.ExecuteUpdate("delete from users_services where id=%s", (id, ))
return redirect(url_for("profile_bp.profil"))
def requests_detail():
rid = request.args.get("id", type=int)
if request.method == "POST":
# status = request.form["submit_button"]
status = RequestStatus[request.form["submit_button"]]
DBAccess.ExecuteUpdate(
"UPDATE requests SET id_requests_status= %s where id= %s",
(status, rid))
requests = DBAccess.ExecuteSQL(
"""select
ud.first_name,
ud.surname,
ud.email,
ud.telephone,
ud.town,
uo.first_name,
uo.surname,
uo.email,
uo.telephone,
uo.town,
s.category,
r.date_time,
r.add_information,
to_char(r.timestamp, 'YYYY-mm-DD HH12:MI'),
rs.status,
r.id,
ud.id,
uo.id
from requests r
inner join services s on r.id_services = s.id
inner join users ud on r.id_users_demand = ud.id
inner join users uo on r.id_users_offer = uo.id
inner join requests_status rs on r.id_requests_status = rs.id
where r.id =%s""", (rid, ))
if (requests is None):
abort(403)
requests = requests[0]
dbUser = DBUser.LoadFromSession('dbUser')
if dbUser.level < 2 and dbUser.id != int(
requests[16]) and dbUser.id != int(requests[17]):
abort(403)
return render_template("requests_detail.html", entries=requests)
def new_password(token):
try:
ts = URLSafeTimedSerializer(app.config["SECRET_KEY"])
email = ts.loads(token, salt="email-renew-key", max_age=86400)
except:
abort(403)
form = NewPasswordForm()
if (form.validate_on_submit()):
if (form.password.data != form.passwordAgain.data):
flash('Hesla nejsou stejná.', FlashStyle.Danger)
return render_template('new_password.html', form=form, email=email)
#salt = DBAccess.ExecuteScalar("select salt()")
#md5Pass = hashlib.md5((form.password.data+salt).encode()).hexdigest()
bcrypt = Bcrypt()
bcryptHash = bcrypt.generate_password_hash(
form.password.data).decode('UTF -8')
DBAccess.ExecuteUpdate(
'update users set password=%s where email like %s',
(bcryptHash, email))
flash('Nové heslo nastaveno, nyní se zkuste přihlásit.',
FlashStyle.Success)
return redirect(url_for('login_bp.login'), )
return render_template('new_password.html', form=form, email=email)
def feedback():
range_evaluation = range(1, 6)
form = FeedbackFormular()
rid = request.args.get("id", type=int)
dbUser = DBUser.LoadFromSession('dbUser')
id_user_review = dbUser.id
id_users = DBAccess.ExecuteSQL(
"""select
id_users_demand, id_users_offer
from requests
where id =%s""", (rid, ))
if id_users[0][0] == id_user_review:
id_user_evaluated = id_users[0][1]
else:
id_user_evaluated = id_users[0][0]
if form.validate_on_submit():
comment = form.comment.data
number_evaluation = request.form["number_evaluation"]
DBAccess.ExecuteInsert(
"""insert into feedback
(id_requests, id_user, id_user_review, comment, evaluation)
values (%s, %s, %s, %s, %s)""",
(rid, id_user_evaluated, id_user_review, comment,
number_evaluation))
DBAccess.ExecuteUpdate(
"""update requests
set id_requests_status = 5
where id =%s""", (rid, ))
return render_template("feedback_thanks.html")
return render_template("feedback.html",
form=form,
range_evaluation=range_evaluation)
def requests_detail_user():
rid = request.args.get("id", type=int)
dbUser = DBUser.LoadFromSession('dbUser')
userId = dbUser.id
requests = DBAccess.ExecuteSQL(
"""select s.category,
case when ud.id = %s
then uo.first_name
else ud.first_name
end,
case when ud.id = %s
then uo.surname
else ud.surname
end,
case when ud.id = %s
then uo.email
else ud.email
end,
r.date_time,
r.id,
ud.id,
uo.id,
r.id_users_creator
from requests r
inner join services s on r.id_services = s.id
inner join users ud on r.id_users_demand = ud.id
inner join users uo on r.id_users_offer = uo.id
inner join requests_status rs on r.id_requests_status = rs.id
where r.id =%s""", (userId, userId, userId, rid))
if (requests is None):
abort(403)
requests = requests[0]
dbUser = DBUser.LoadFromSession('dbUser')
if dbUser.level < 2 and dbUser.id != int(requests[6]) and dbUser.id != int(
requests[7]):
abort(403)
acceptButtonVisible = (int(requests[8]) != userId)
if request.method == "POST":
# status = request.form["submit_button"]
status = RequestStatusUser[request.form["submit_button"]]
DBAccess.ExecuteUpdate(
"UPDATE requests SET id_requests_status= %s where id= %s",
(status, rid))
text = 'potvrzena' if status == '2' else 'zamítnuta'
SendMail(
GetEmail('noreplyMail'), requests[3],
'Seniore.org - změna stavu vaší žádosti',
f'Vaše žádost / nabídka na činnost {requests[0]} dne {requests[4]} byla {text}.'
)
return redirect(url_for("profile_bp.user_request_overview"))
return render_template("request_detail_user.html",
entries=requests,
acceptButtonVisible=acceptButtonVisible)
def sluzby_delete():
DBAccess.ExecuteUpdate('delete from users_services where id_users = %s',(session['id_user'],))
flash('''Byly smazány všechny vaše poskytované/poptávané služby a proto budete skryti na mapě dobrovolníků/seniorů.
Pro znovuzobrazení na mapě stačí kliknout na "Zobrazit mě ostatním" a přidat nějakou službu.''',FlashStyle.Success)
return redirect(url_for("overview_bp.prehled_all"))