def login():
"""Log user in"""
# Forget any user_id
session.clear()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return errorPage("must provide username", 403)
# Ensure password was submitted
elif not request.form.get("password"):
return errorPage("must provide password", 403)
# Query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# Ensure username exists and password is correct
if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
return errorPage("invalid username and or password", 403)
# Remember which user has logged in
session["user_id"] = rows[0]["user_id"]
# Redirect user to home page
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
def index():
"""Render home page"""
# Find last quote submitted and populate tweet button with it
username = db.execute("SELECT * FROM users WHERE user_id = :user_id", user_id=session["user_id"])
#last_quote = db.execute("SELECT * FROM quotes WHERE username = :username ORDER BY quote_id DESC LIMIT 1", username=username[0]["username"])
# User reached via post
if request.method == "POST":
# Ensure a quote was submitted
if not request.form.get("quote") and not request.form.get("date"):
return errorPage("You did not write a quote or submit a date", 400)
# Insert user quote into quote database if user submitted a quote
username = db.execute("SELECT username FROM users WHERE user_id = :user_id", user_id=session["user_id"])
db.execute("INSERT INTO quotes (username, quote, picture_url, picture_title) VALUES (:user, :quote, :picture_url, :picture_title)",
user=username[0]["username"], quote=request.form.get("quote"), picture_url=request.form.get("image_link"), picture_title=request.form.get("image_title"))
# Show the quotes user has submitted
username = db.execute("SELECT * FROM users WHERE user_id = :user_id", user_id=session["user_id"])
quote = db.execute("SELECT * FROM quotes WHERE username=:username ORDER BY quote_id DESC", username=username[0]["username"])
#last_quote = db.execute("SELECT * FROM quotes WHERE username = :username ORDER BY quote_id DESC LIMIT 1", username=username[0]["username"])
return render_template("index.html", quote=quote, username=username)
def errorhandler(e):
"""Handle error"""
return errorPage(e.name, e.code)
def register():
"""Register user"""
# User reached route via POST (submitted a form)
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return errorPage("must provide username", 400)
# Ensure username was submitted
if not request.form.get("firstname"):
return errorPage("must provide first name", 400)
# Ensure username was submitted
if not request.form.get("lastname"):
return errorPage("must provide last name", 400)
# Ensure password was submitted
elif not request.form.get("email"):
return errorPage("must provide email", 400)
# Ensure confirmation was submitted
elif not request.form.get("confirmation"):
return errorPage("must confirm password", 400)
# Ensure password and confirmation are the same
elif request.form.get("confirmation") != request.form.get("password"):
return errorPage("password and confirmation do not match", 400)
# Does password pass strength requirements
pswd = request.form.get("password")
if pswd.islower():
return errorPage("password must contain at least one capital letter")
elif pswd.isupper():
return errorPage("password must contain at least one lower case letter")
elif pswd.isalpha():
return errorPage("password must contain at least one number")
elif len(pswd) < 6:
return errorPage("password must contain at least 6 characters")
# Encrypt password
hash = generate_password_hash(request.form.get("password"))
# Insert user into database
rows = db.execute("INSERT INTO users (username, firstname, lastname, email, hash) VALUES(:username, :firstname, :lastname, :email, :hash)",
username=request.form.get("username"), firstname=request.form.get("firstname"), lastname=request.form.get("lastname"), email=request.form.get("email"), hash=hash)
if not rows:
return errorPage("username already exists", 400)
# Automatically log user in after they register
rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))
session["user_id"] = rows[0]["user_id"]
# Redirect user to home page
return redirect("/")
else:
return render_template("register.html")