def result(): num_user = int(request.form.get("num_user")) token_session = request.cookies.get("token_session") user = db.query(User).filter_by(token_session=token_session, delete=False).first() if user and num_user == user.secret_number: mensaje = "Enhorabuena!! El numero correcto es: " + str(num_user) new_secret = random.randint(1, 30) user.secret_number = new_secret db.add(user) db.commit() return render_template("result.html", mensaje=mensaje) elif num_user > user.secret_number: mensaje = "Tu numero no es correcto! Intentalo con uno mas pequeño!" return render_template("result.html", mensaje=mensaje) elif num_user < user.secret_number: mensaje = "Tu numero no es correcto! Intentalo con uno mas grande!" return render_template("result.html", mensaje=mensaje)
def password_check(): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() new_password = request.form.get("new-password") new_password2 = request.form.get("new-password2") if new_password != new_password2: return "The Passwords Do Not Match" else: user.password = hashlib.sha256(new_password.encode()).hexdigest() session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() response = make_response(redirect(url_for('profile'))) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response
def profile_edit(): token_session = request.cookies.get("token_session") user = db.query(User).filter_by(token_session=token_session, delete=False).first() if request.method == "GET": if user: return render_template("profile_edit.html", user=user) else: return redirect(url_for("index")) elif request.method == "POST": name = request.form.get("profile-name") email = request.form.get("profile-email") old_password = request.form.get("old-password") new_password = request.form.get("new-password") if old_password and new_password: h_old_password = hashlib.sha256(old_password.encode()).hexdigest() h_new_password = hashlib.sha256(new_password.encode()).hexdigest() if h_old_password == user.password: user.password = h_new_password else: return "Operacion incorrecta! Su antigua contraseña no es correcta" user.name = name user.email = email db.add(user) db.commit() return redirect(url_for("profile"))
def login(): if request.method == "POST": username = request.form.get("username") password = request.form.get("password") # query, check if there is a user with this username in the DB # user = db.query(User).filter(User.username == username).one() # -> needs to find one, otherwise raises Error # user = db.query(User).filter(User.username == username).first() # -> find first entry, if no entry, return None # users = db.query(User).filter(User.username == username).all() # -> find all, always returns list. if not entry found, empty list password_hash = hashlib.sha256(password.encode()).hexdigest() # right way to find user with correct password user = db.query(User) \ .filter(User.username == username, User.password_hash == password_hash) \ .first() session_cookie = str(uuid.uuid4()) expiry_time = datetime.datetime.now() + datetime.timedelta( seconds=COOKIE_DURATION) if user is None: flash("Username or password is wrong", "warning") app.logger.info( f"User {username} failed to login with wrong password.") redirect_url = request.args.get('redirectTo', url_for('index')) return redirect(url_for('login', redirectTo=redirect_url)) else: user.session_cookie = session_cookie user.session_expiry_datetime = expiry_time db.add(user) db.commit() app.logger.info(f"User {username} is logged in") redirect_url = request.args.get('redirectTo', url_for('index')) response = make_response(redirect(redirect_url)) response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME, session_cookie, httponly=True, samesite='Strict') return response elif request.method == "GET": cookie = request.cookies.get(WEBSITE_LOGIN_COOKIE_NAME) user = None if cookie is not None: user = db.query(User) \ .filter_by(session_cookie=cookie) \ .filter(User.session_expiry_datetime >= datetime.datetime.now()) \ .first() if user is None: logged_in = False else: logged_in = True return render_template("login.html", logged_in=logged_in, user=request.user)
def blog(): current_user = request.user if request.method == "POST": title = request.form.get("posttitle") text = request.form.get("posttext") post = Post(title=title, text=text, user=current_user) db.add(post) db.commit() # send notification email msg = Message(subject="WebDev Blog - Registration Successful", sender=SENDER, recipients=[current_user.email]) msg.body = f"Hi {current_user.username}!\nWelcome to our WebDev Flask site!\nEnjoy!" msg.html = render_template("new_post.html", username=current_user.username, link=f"{HOST_ADDR}/posts/{post.id}", post=post) mail.send(msg) return redirect(url_for('blog')) if request.method == "GET": posts = db.query(Post).all() return render_template("blog.html", posts=posts, user=request.user)
def success(): active = "active" name = request.form["name"] email = request.form["email"] password = request.form["pwd"] password_hash = generate_password_hash(password) name_exists = db.query(User).filter_by(name=name).first() email_exists = db.query(User).filter_by(email=email).first() if name_exists or email_exists: successMessage = "The username or email address already exists!" successClass = "alert alert-danger" return render_template("form.html", active1=active, successMessage = successMessage, successClass = successClass) else: user_registration = User(name=name, email=email, password_hash=password_hash) successMessage = "You have successfully registered!" successClass = "alert alert-success" db.add(user_registration) db.commit() response = make_response(render_template("index.html", successMessage=successMessage, successClass=successClass, emailAddress=email, active0=active, user=name)) response.set_cookie("email", email) return response
def delete(id): task_to_delete = db.query(Todo).get(id) db.delete(task_to_delete) db.commit() return redirect("/")
def result(): guess = int(request.form.get("guess")) session_token = request.cookies.get("session_token") # get user from the database based on her/his email address user = db.query(User).filter_by(session_token=session_token).first() if guess == user.secret_number: message = "Correct! The secret number is {0}".format(str(guess)) # create a new random secret number new_secret = random.randint(1, 30) # update the user's secret number user.secret_number = new_secret # update the user object in a database db.add(user) db.commit() elif guess > user.secret_number: message = "Your guess is not correct... try something smaller." elif guess < user.secret_number: message = "Your guess is not correct... try something bigger." return render_template("result.html", message=message)
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") hashed_password = hashlib.sha256(password.encode()).hexdigest() content = "Welcome" date = datetime.datetime.now() user = db.query(ToDo).filter_by(email=email).first() if not user: user = ToDo(name=name, email=email, password=hashed_password, content=content, date=date) db.add(user) db.commit() if hashed_password != user.password: return "Wrong Password" else: session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() response = make_response(redirect("/task")) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response
def zipget(): """get zipfile from another machine, save to current machine""" import zipfile user = root.authorized() cid = request.query.cid app = request.query.app try: worker = config.remote_worker_url except: exc_type, exc_value, exc_traceback = sys.exc_info() print traceback.print_exception(exc_type, exc_value, exc_traceback) worker = request.query.url # if config.worker != "remote" or config.remote_worker_url is None: if worker is None: params = { 'app': app, 'err': "worker and remote_worker_url parameters must be set " + " in config.py for this feature to work" } return template('error', params) requests.get(worker + "/zipcase", params={ 'app': app, 'cid': cid, 'user': user }) path = os.path.join(user_dir, user, app, cid) file_path = path + ".zip" url = os.path.join(worker, file_path) print "url is:", url if not os.path.exists(path): os.makedirs(path) print "downloading " + url fh, _ = urllib.urlretrieve(url) z = zipfile.ZipFile(fh, 'r', compression=zipfile.ZIP_DEFLATED) z.extractall() # add case to database uid = users(user=user).id db.jobs.insert(uid=uid, app=app, cid=cid, state="REMOTE", description="", time_submit=time.asctime(), walltime="", np="", priority="") db.commit() # status = "file_downloaded" # redirect(request.headers.get('Referer')) #+ "&status=" + status) redirect("/jobs")
def delete(self, appid, del_files=False): # remove db entry del apps[appid] db.commit() # if delete files checkbox ticked if del_files: # delete app directory if not self.appname == '': path = os.path.join(apps_dir, self.appname) print "deleting app dir:", path if os.path.isdir(path): shutil.rmtree(path) # remove static assets path = os.path.join('static/apps', self.appname) print "deleting static assets:", path if os.path.isdir(path): shutil.rmtree(path) # remove template file path = "views/apps/" + self.appname + ".tpl" print "deleting template:", path if os.path.isfile(path): os.remove(path) return True else: return False
def login(): name = request.form.get("user-name") # like in bind.param in PHP email = request.form.get("user-email") # like in bind.param in PHP password = request.form.get("user-password") # like in bind.param in PHP hashed_pw = hashlib.sha256(password.encode()).hexdigest() #new Object from tpe User (model) user = db.query(User).filter_by(email=email).first() if not user: user = User(name=name, email=email, password=hashed_pw) db.add(user) db.commit() if hashed_pw != user.password: return "Wrong Password!!!" elif hashed_pw == user.password: session_token = str(uuid.uuid4()) # SESSION user.session_token = session_token db.add(user) db.commit() #Cookie response = make_response(redirect(url_for('index'))) response.set_cookie('session_token', session_token, httponly=True, samesite='Strict') return response
def get_all_jobs(): user = root.authorized() if not user == "admin": return template("error", err="must be admin to use this feature") cid = request.query.cid app = request.query.app or root.active_app() n = request.query.n if not n: n = config.jobs_num_rows else: n = int(n) # sort by descending order of jobs.id result = db((db.jobs.uid==users.id)).select(orderby=~jobs.id)[:n] # clear notifications users(user=user).update_record(new_shared_jobs=0) db.commit() params = {} params['cid'] = cid params['app'] = app params['user'] = user params['n'] = n params['num_rows'] = config.jobs_num_rows return template('shared', params, rows=result)
def get_shared(): """Return the records from the shared table.""" user = root.authorized() cid = request.query.cid app = request.query.app or root.active_app() n = request.query.n if not n: n = config.jobs_num_rows else: n = int(n) # sort by descending order of jobs.id result = db((db.jobs.shared=="True") & (db.jobs.uid==users.id)).select(orderby=~jobs.id)[:n] # result = db((db.jobs.shared=="True") & # (jobs.gid == users.gid)).select(orderby=~jobs.id)[:n] # clear notifications users(user=user).update_record(new_shared_jobs=0) db.commit() params = {} params['cid'] = cid params['app'] = app params['user'] = user params['n'] = n params['num_rows'] = config.jobs_num_rows return template('shared', params, rows=result)
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") hashed_pw = hashlib.sha256(password.encode()).hexdigest() #neues Objekt User(Model user = db.query(User).filter_by(email=email).first() if not user: user = User(name=name, email=email, password=hashed_pw) db.add(user) db.commit() if hashed_pw != user.password: return "Wrong Password! Tra again!" elif hashed_pw == user.password: session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() #cookie response = make_response(redirect(url_for('index'))) response.set_cookie("session_token", session_token, httponly=True, samesite="Strict") return response
def delete_plot(pltid): user = root.authorized() if user != 'admin': return template('error', err="must be admin to edit plots") app = request.query.app del db.plots[pltid] db.commit() redirect('/plots/edit?app=' + app)
def save_theme(): user = root.authorized() uid = users(user=user).id print "saving theme:", request.forms.theme user_meta.update_or_insert(user_meta.uid == uid, uid=uid, theme=request.forms.theme) db.commit()
def register(request): form = SQLFORM(db.user) if form.accepts(request.vars): db.commit() request.session['flash'] = 'You\'ve been registered. ' return redirect('/') return render('form.html', form=form)
def useapp(): user = root.authorized() uid = users(user=user).id app = request.forms.app appid = apps(name=app).id print "allowing user", user, uid, "to access app", app, appid app_user.insert(uid=uid, appid=appid) db.commit() redirect('/apps')
def update(id): task = db.query(Todo).get(id) if request.method == "POST": task.content = request.form["content"] db.commit() return redirect("/") else: return render_template("/update.html", task=task)
def post_aws_creds(): user = root.authorized() a = request.forms.account_id s = request.forms.secret k = request.forms.key uid = users(user=user).id db.aws_creds.insert(account_id=a, secret=s, key=k, uid=uid) db.commit() redirect('/aws')
def annotate_job(): root.authorized() cid = request.forms.cid # jid = request.forms.jid desc = request.forms.description desc = desc.replace(',', ', ') jobs(cid=cid).update_record(description=desc) db.commit() redirect('/jobs')
def del_instance(aid): root.authorized() try: del aws_instances[aid] db.commit() return "true" except: exc_type, exc_value, exc_traceback = sys.exc_info() print traceback.print_exception(exc_type, exc_value, exc_traceback) return "false"
def client(request): test_client = app.app.test_client() db.execute("TRUNCATE TABLE lbs2.location CASCADE") db.execute("TRUNCATE TABLE lbs2.object2user CASCADE") db.execute("TRUNCATE TABLE lbs2.objects CASCADE") db.execute("TRUNCATE TABLE lbs2.settings CASCADE") db.execute("TRUNCATE TABLE lbs2.providers CASCADE") db.execute("TRUNCATE TABLE lbs2.users CASCADE") db.commit() return test_client
async def delete_step2(message: types.Message, state: FSMContext): birthday = db.query(Birthday).filter(Birthday.name == message.text).first() if birthday is None: await message.reply('No such name in the list') else: db.delete(birthday) db.commit() await state.finish()
def post(self): try: data = request.json entity = self.get_entity() user = entity.insert(**(data)) db.commit() return row2dict(user) except Exception as e: db.rollback() abort(500, message=str(e))
def delete_datasource(): user = root.authorized() if user != 'admin': return template('error', err="must be admin to edit plots") app = request.forms.get('app') pltid = request.forms.get('pltid') dsid = request.forms.get('dsid') del db.datasource[dsid] db.commit() redirect('/plots/' + str(pltid) + '/datasources?app=' + app)
def removeapp(): user = root.authorized() uid = users(user=user).id app = request.forms.app appid = apps(name=app).id auid = app_user(uid=uid, appid=appid).id del app_user[auid] print "removing user", user, uid, "access to app", app, appid db.commit() redirect('/myapps')
def create(self, name, desc, cat, lang, info, cmd, pre, post): apps.insert(name=name, description=desc, category=cat, language=lang, input_format=info, command=cmd, preprocess=pre, postprocess=post) db.commit()
def share_case(): root.authorized() jid = request.forms.jid jobs(id=jid).update_record(shared="True") db.commit() # increase count in database for every user for u in db().select(users.ALL): nmsg = users(user=u.user).new_shared_jobs or 0 users(user=u.user).update_record(new_shared_jobs=nmsg+1) db.commit() redirect('/jobs')
def edit(id): task_to_edit = db.query(ToDo).get(id) if request.method == "POST": task_to_edit.content = request.form.get("new-content") db.commit() return redirect("/task") else: return render_template("edit.html", task_to_edit=task_to_edit)
def create_plot(): user = root.authorized() if user != 'admin': return template('error', err="must be admin to edit plots") app = request.forms.get('app') r = request plots.insert(appid=root.myapps[app].appid, ptype=r.forms['ptype'], title=r.forms['title'], options=r.forms['options']) db.commit() redirect('/plots/edit?app=' + app)
def index(): if request.method == "POST": task_content = request.form['content'] new_task = Todo(content=task_content) db.add(new_task) db.commit() return redirect("/") else: tasks = db.query(Todo).all() return render_template("index.html", tasks=tasks)
def post(self): try: data = request.json vehicles = '' # only one relation can be set on creation if ('vehicles' in data): vehicles = int(data['vehicles']) del data['vehicles'] user = db.users.insert(**(data)) if (vehicles != ''): v = db.objects.filter(db.objects.nid == vehicles).first() user.objects.append(v) db.commit() return row2dict(user) except Exception as e: db.rollback() abort(500, message=str(e))
def post(self): try: data = request.json entity = self.get_entity() users = '' # only one relation can be set on creation if ('users' in data): users = int(data['users']) del data['users'] vehicle = entity.insert(**(data)) if (users != ''): u = db.users.filter(db.users.nid == users).first() vehicle.users.append(u) db.commit() return row2dict(vehicle) except Exception as e: db.rollback() abort(500, message=str(e))