def register():
if request.method == 'GET':
return render_template('register.html')
else:
the_username = request.form['username']
the_password = generate_password_hash(request.form['password'])
the_email = request.form['email']
the_type = request.form['type']
sqlCommand = """select * from users where name = '{0}' or email = '{1}'""".format(the_username , the_email)
with dbConnect.dbConnecting(config) as cursor:
cursor.execute(sqlCommand)
result = cursor.fetchone()
if result is None:
sqlCommand = """insert into users (name,password,email,user_type) values ('{0}','{1}','{2}','{3}')""".format(the_username,the_password, the_email,the_type)
print(sqlCommand)
with dbConnect.dbConnecting(config) as cursor:
cursor.execute(sqlCommand)
sendEmail(the_email,the_username)
flash('Please check your email to confirm registration')
return redirect(url_for('index_page'))
else:
flash('username or email already exists already exists')
return redirect(url_for('register'))
def confirm(id):
sqlCommand = """select * from users where regString = '{0}'""".format(id)
print(sqlCommand)
with dbConnect.dbConnecting(config) as cursor:
cursor.execute(sqlCommand)
result = cursor.fetchone()
if result is None:
return 'an error'
else:
sqlCommand = """update users set registered = 1 where name = '{0}'""".format(result[1])
with dbConnect.dbConnecting(config) as cursor:
cursor.execute(sqlCommand)
flash('sucessfully registered')
return redirect(url_for('login_page'))
def login_page():
if request.method == 'GET':
return render_template('Login.html')
else:
the_username = request.form['username']
the_password = request.form['password']
sqlCommand = """select * from users where name = '{0}' or email = '{0}'""".format(the_username)
print(sqlCommand)
with dbConnect.dbConnecting(config) as cursor:
cursor.execute(sqlCommand)
result = cursor.fetchone()
if result is None:
flash('username doesnt exist')
return redirect(url_for('login_page'))
else:
if result[5] == 1:
if check_password_hash(result[2],the_password) is True:
if result[4] == 'user':
session.clear()
session['logged_in_user'] = True
flash('normal log in')
return redirect(url_for('start_page'))
elif result[4] == 'Administrator':
session.clear()
session['logged_in_admin'] = True
flash('Admin log in')
return redirect(url_for('start_page'))
flash('Incorrect password')
return redirect(url_for('login_page'))
else:
flash('Please verify your email')
return redirect(url_for('login_page'))
def sendEmail(email, username):
randomword = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(32)])
randomword = username + randomword
sqlCommand = """update users set regString = '{0}' where name = '{1}'""".format(randomword,username)
with dbConnect.dbConnecting(config) as cursor:
cursor.execute(sqlCommand)
try:
msg = Message(
'Email confirmation',
sender='*****@*****.**',
recipients= [email])
msg.body = "http://liamstrevens.pythonanywhere.com/regConfirm/" + randomword
mail.send(msg)
return "render_template('index.html')"
except SMTPException as e:
print('exception test failed')
return 'test'