def signin(): """Routing function for signin page.""" conn, cur = getDb() error = None roles = None if request.method == "POST": username = request.form["username"] password = request.form["password"] if login_success(username, password): error = "Logged in!" cur.execute("SELECT role, lastlogin FROM users WHERE username='******';" % username) role, lastlogin = cur.fetchone() g.role = role g.lastlogin = lastlogin session["username"] = request.form["username"] now = getCurrTimeStr() cur.execute("UPDATE users SET lastlogin='******' WHERE username='******'" % (now, username)) cur.execute("UPDATE users SET online=TRUE WHERE username='******'" % username) conn.commit() else: error = "Invalid username or password!" if "username" in session: username = session["username"] cur.execute("SELECT role, lastlogin FROM users WHERE username='******';" % username) role, lastlogin = cur.fetchone() g.role = role g.lastlogin = lastlogin return render_template("signin.html")
def admin(): """Routing function for admin page. This page allows *POST* and *GET* requests. *GET request:* If the user signed in adminpanel page is rendered. Otherwise signin page is rendered. *POST request:* Checks the request.form values for registered users. If the values are valid it adds user to the session and renders the adminpanel. Otherwise error message is flashed. """ conn, cur = getDb() error = None roles = None if request.method == "POST": username = request.form["username"] password = request.form["password"] if login_success(username, password): error = "Logged in!" query = "SELECT role, lastlogin FROM users WHERE username=%s" cur.execute(query, (username,)) role, lastlogin = cur.fetchone() g.role = role g.lastlogin = lastlogin session["username"] = request.form["username"] now = getCurrTimeStr() query = "UPDATE users SET lastlogin=%s WHERE username=%s" cur.execute(query, (now, username)) query = "UPDATE users SET online=TRUE WHERE username=%s" cur.execute(query, (username,)) conn.commit() else: error = "Invalid username or password!" if "username" in session: username = session["username"] query = "SELECT role, lastlogin FROM users WHERE username=%s" cur.execute(query, (username,)) role, lastlogin = cur.fetchone() g.role = role g.lastlogin = lastlogin else: flash("Wrong username or password") return render_template("signin.html") return render_template("adminpanel.html", error=error, roles=roles)