def blog(): current_user = request.user if request.method == "POST": title = request.form.get("posttitle") text = request.form.get("posttext") post = Post(title=title, text=text, user=current_user) db.add(post) db.commit() # send notification email msg = Message(subject="WebDev Blog - Registration Successful", sender=SENDER, recipients=[current_user.email]) msg.body = f"Hi {current_user.username}!\nWelcome to our WebDev Flask site!\nEnjoy!" msg.html = render_template("new_post.html", username=current_user.username, link=f"{HOST_ADDR}/posts/{post.id}", post=post) mail.send(msg) return redirect(url_for('blog')) if request.method == "GET": posts = db.query(Post).all() return render_template("blog.html", posts=posts, user=request.user)
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") hashed_password = hashlib.sha256(password.encode()).hexdigest() content = "Welcome" date = datetime.datetime.now() user = db.query(ToDo).filter_by(email=email).first() if not user: user = ToDo(name=name, email=email, password=hashed_password, content=content, date=date) db.add(user) db.commit() if hashed_password != user.password: return "Wrong Password" else: session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() response = make_response(redirect("/task")) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response
def profile_edit(): token_session = request.cookies.get("token_session") user = db.query(User).filter_by(token_session=token_session, delete=False).first() if request.method == "GET": if user: return render_template("profile_edit.html", user=user) else: return redirect(url_for("index")) elif request.method == "POST": name = request.form.get("profile-name") email = request.form.get("profile-email") old_password = request.form.get("old-password") new_password = request.form.get("new-password") if old_password and new_password: h_old_password = hashlib.sha256(old_password.encode()).hexdigest() h_new_password = hashlib.sha256(new_password.encode()).hexdigest() if h_old_password == user.password: user.password = h_new_password else: return "Operacion incorrecta! Su antigua contraseña no es correcta" user.name = name user.email = email db.add(user) db.commit() return redirect(url_for("profile"))
def login(): if request.method == "POST": username = request.form.get("username") password = request.form.get("password") # query, check if there is a user with this username in the DB # user = db.query(User).filter(User.username == username).one() # -> needs to find one, otherwise raises Error # user = db.query(User).filter(User.username == username).first() # -> find first entry, if no entry, return None # users = db.query(User).filter(User.username == username).all() # -> find all, always returns list. if not entry found, empty list password_hash = hashlib.sha256(password.encode()).hexdigest() # right way to find user with correct password user = db.query(User) \ .filter(User.username == username, User.password_hash == password_hash) \ .first() session_cookie = str(uuid.uuid4()) expiry_time = datetime.datetime.now() + datetime.timedelta( seconds=COOKIE_DURATION) if user is None: flash("Username or password is wrong", "warning") app.logger.info( f"User {username} failed to login with wrong password.") redirect_url = request.args.get('redirectTo', url_for('index')) return redirect(url_for('login', redirectTo=redirect_url)) else: user.session_cookie = session_cookie user.session_expiry_datetime = expiry_time db.add(user) db.commit() app.logger.info(f"User {username} is logged in") redirect_url = request.args.get('redirectTo', url_for('index')) response = make_response(redirect(redirect_url)) response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME, session_cookie, httponly=True, samesite='Strict') return response elif request.method == "GET": cookie = request.cookies.get(WEBSITE_LOGIN_COOKIE_NAME) user = None if cookie is not None: user = db.query(User) \ .filter_by(session_cookie=cookie) \ .filter(User.session_expiry_datetime >= datetime.datetime.now()) \ .first() if user is None: logged_in = False else: logged_in = True return render_template("login.html", logged_in=logged_in, user=request.user)
def result(): num_user = int(request.form.get("num_user")) token_session = request.cookies.get("token_session") user = db.query(User).filter_by(token_session=token_session, delete=False).first() if user and num_user == user.secret_number: mensaje = "Enhorabuena!! El numero correcto es: " + str(num_user) new_secret = random.randint(1, 30) user.secret_number = new_secret db.add(user) db.commit() return render_template("result.html", mensaje=mensaje) elif num_user > user.secret_number: mensaje = "Tu numero no es correcto! Intentalo con uno mas pequeño!" return render_template("result.html", mensaje=mensaje) elif num_user < user.secret_number: mensaje = "Tu numero no es correcto! Intentalo con uno mas grande!" return render_template("result.html", mensaje=mensaje)
def success(): active = "active" name = request.form["name"] email = request.form["email"] password = request.form["pwd"] password_hash = generate_password_hash(password) name_exists = db.query(User).filter_by(name=name).first() email_exists = db.query(User).filter_by(email=email).first() if name_exists or email_exists: successMessage = "The username or email address already exists!" successClass = "alert alert-danger" return render_template("form.html", active1=active, successMessage = successMessage, successClass = successClass) else: user_registration = User(name=name, email=email, password_hash=password_hash) successMessage = "You have successfully registered!" successClass = "alert alert-success" db.add(user_registration) db.commit() response = make_response(render_template("index.html", successMessage=successMessage, successClass=successClass, emailAddress=email, active0=active, user=name)) response.set_cookie("email", email) return response
def password_check(): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() new_password = request.form.get("new-password") new_password2 = request.form.get("new-password2") if new_password != new_password2: return "The Passwords Do Not Match" else: user.password = hashlib.sha256(new_password.encode()).hexdigest() session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() response = make_response(redirect(url_for('profile'))) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response
def result(): guess = int(request.form.get("guess")) session_token = request.cookies.get("session_token") # get user from the database based on her/his email address user = db.query(User).filter_by(session_token=session_token).first() if guess == user.secret_number: message = "Correct! The secret number is {0}".format(str(guess)) # create a new random secret number new_secret = random.randint(1, 30) # update the user's secret number user.secret_number = new_secret # update the user object in a database db.add(user) db.commit() elif guess > user.secret_number: message = "Your guess is not correct... try something smaller." elif guess < user.secret_number: message = "Your guess is not correct... try something bigger." return render_template("result.html", message=message)
def login(): name = request.form.get("user-name") # like in bind.param in PHP email = request.form.get("user-email") # like in bind.param in PHP password = request.form.get("user-password") # like in bind.param in PHP hashed_pw = hashlib.sha256(password.encode()).hexdigest() #new Object from tpe User (model) user = db.query(User).filter_by(email=email).first() if not user: user = User(name=name, email=email, password=hashed_pw) db.add(user) db.commit() if hashed_pw != user.password: return "Wrong Password!!!" elif hashed_pw == user.password: session_token = str(uuid.uuid4()) # SESSION user.session_token = session_token db.add(user) db.commit() #Cookie response = make_response(redirect(url_for('index'))) response.set_cookie('session_token', session_token, httponly=True, samesite='Strict') return response
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") hashed_pw = hashlib.sha256(password.encode()).hexdigest() #neues Objekt User(Model user = db.query(User).filter_by(email=email).first() if not user: user = User(name=name, email=email, password=hashed_pw) db.add(user) db.commit() if hashed_pw != user.password: return "Wrong Password! Tra again!" elif hashed_pw == user.password: session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() #cookie response = make_response(redirect(url_for('index'))) response.set_cookie("session_token", session_token, httponly=True, samesite="Strict") return response
def index(): if request.method == "POST": task_content = request.form['content'] new_task = Todo(content=task_content) db.add(new_task) db.commit() return redirect("/") else: tasks = db.query(Todo).all() return render_template("index.html", tasks=tasks)
async def update_time_step2(message: types.Message, state: FSMContext): birthday = db.query(Notification).filter(Notification.chat_id == message.chat.id).first() if birthday is None: notification = Notification(chat_id=message.chat.id, time=message.text) db.add(notification) db.commit() else: db.query(Notification).filter(Notification.chat_id == message.chat.id).update({'time': message.text}) db.commit() await state.finish()
async def add_step3(message: types.Message, state: FSMContext): data = await state.get_data() day, month, year = map(int, message.text.split('.')) birthday = Birthday(chat_id=message.chat.id, name=data.get('name'), year=year, month=month, day=day) db.add(birthday) db.commit() await state.finish()
def logout(): response = make_response(redirect(url_for('index'))) response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME, expires=0) user = db.query(User) \ .filter_by(username=request.user.username) \ .first() if user is not None: # reset user user.session_expiry_datetime = None user.session_cookie = None db.add(user) db.commit() app.logger.info(f"{user.username} has logged out.") return response
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") password_hashed = hashed_password(password) # user = User(name=name, email=email, password=password) user = db.query(User).filter_by(email=email).first() if not user: user = User(name=name, email=email, password=password_hashed) db.add(user) db.commit() # Cookie response = make_response(redirect(url_for('index'))) response.set_cookie("email", email) # response.set_cookie("name", name) return response
def posts(post_id): current_user = request.user post = db.query(Post).filter(Post.id == post_id).first() if request.method == "POST": text = request.form.get("text") comment = Comment(text=text, post=post, user=current_user) db.add(comment) db.commit() return redirect('/posts/{}'.format(post_id)) elif request.method == "GET": comments = db.query(Comment).filter(Comment.post_id == post_id).all() return render_template('posts.html', post=post, comments=comments, user=request.user)
def task(): session = request.cookies.get("session_token") user = db.query(ToDo).filter_by(session_token=session).first() name = user.name if request.method == "POST": task_content = request.form.get("content") new_content = ToDo(name=name, content=task_content, session_token=session) db.add(new_content) db.commit() return redirect("/task") else: tasks = db.query(ToDo).filter_by(name=name).all() return render_template("task.html", tasks=tasks)
def message_reply(message_id): message = db.query(Message).get(int(message_id)) if request.method == "POST": sender = message.receiver receiver = message.sender title = "Re:" + message.title message_text = request.form.get("poruka") print(message_text) new_message = Message(sender=sender, receiver=receiver, title=title, message=message_text) db.add(new_message) db.commit() response = make_response(redirect(url_for("profile"))) return response elif request.method == "GET": return render_template("message_reply.html", message=message)
def profile_delete(): token_session = request.cookies.get("token_session") user = db.query(User).filter_by(token_session=token_session, delete=False).first() if request.method == "GET": if user: return render_template("profile_delete.html", user=user) else: return redirect(url_for("index")) elif request.method == "POST": user.delete = True db.add(user) db.commit() return redirect(url_for("index"))
def login(): if request.method == "GET": return render_template("login.html") elif request.method == "POST": session_token = request.cookies.get("session_token") if not session_token: session_token = str(uuid.uuid4()) name = request.form.get("user-name") email = request.form.get("user-email") location = request.form.get("user-location") password = request.form.get("user-password") # hash the password - to smo koristili za sakriti pass kad dizemo app. hashed_password = hashlib.sha256(password.encode()).hexdigest() # see if user already exists user = db.query(User).filter_by(email=email).first() if not user: # create a User object user = User(name=name, email=email, password=hashed_password, location=location, session_token=session_token) db.add(user) db.commit() else: # check if password is incorrect, but only if it exists in database if user.password: if hashed_password != user.password: return render_template("wrong_password.html") elif hashed_password == user.password: # save the session token in a database user.session_token = session_token db.add(user) db.commit() # save user's session token into a cookie response = make_response(redirect(url_for("profile"))) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response
def profile_delete(): session_token = request.cookies.get("session_token") # get user from the database based on her/his email address user = db.query(User).filter_by(session_token=session_token, deleted=False).first() if request.method == "GET": if user: # if user is found return render_template("profile_delete.html", user=user) else: return redirect(url_for("index")) elif request.method == "POST": # delete the user in the database user.deleted = True db.add(User) db.commit() return redirect(url_for("index"))
def initiate(): # Input aus dem Login/Registrierungsformular name = request.form.get("name") email = request.form.get("email") secret = random.randint(1, 50) # User in Datenbank finden user = db.query(User).filter_by(email=email).first() # User hinzufügen, falls noch nicht vorhanden if not user: user = User(name=name, email=email, secret=secret) db.add(user) db.commit() # User Email-Adresse als Cookie eintragen (ist aber eine böse Lösung) response = make_response(redirect(url_for('game'))) response.set_cookie("email", email) return response
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") hashed_password = hashlib.sha256(password.encode()).hexdigest() #create secret number secret_number = random.randint(1, 30) #check if user exists user = db.query(User).filter_by(email=email).first() if not user: # create user object user = User(name=name, email=email, secret_number=secret_number, password=hashed_password) # save to db db.add(user) db.commit() # check if password is incorrect if hashed_password != user.password: return "WRONG PASSWORD. Please try again." elif hashed_password == user.password: # create a random token session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() response = make_response(redirect(url_for("index"))) # response.set_cookie("email", email) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response
def message_edit(): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() users = db.query(User).filter(User.name != user.name) if request.method == "POST": sender = user.name receiver = request.form.get("receiver") title = request.form.get("title") if title == "": title = "°" message_text = request.form.get("poruka") new_message = Message(sender=sender, receiver=receiver, title=title, message=message_text) db.add(new_message) db.commit() response = make_response(redirect(url_for("profile"))) return response elif request.method == "GET": return render_template("message_edit.html", users=users)
def profile_edit(): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() if request.method == "GET": if user: return render_template("profile_edit.html", user=user) else: return redirect(url_for("index")) elif request.method == "POST": name = request.form.get("profile-name") email = request.form.get("profile-email") user.name = name user.email = email db.add(user) db.commit() return redirect(url_for("profile"))
def login(): name = request.form.get("user-name") email = request.form.get("user-email") secret_num = random.randint(1, 50) password = request.form.get("user-password") hashed_password = hashlib.sha256(password.encode()).hexdigest() delete = "no" user = db.query(User).filter_by(email=email).first() if not user: user = User(name=name, email=email, secret_num=secret_num, password=hashed_password, delete=delete) db.add(user) db.commit() if hashed_password != user.password: return "Wrong Password" elif user.delete == "no": session_token = str(uuid.uuid4()) user.session_token = session_token db.add(user) db.commit() response = make_response(redirect(url_for('index'))) response.set_cookie("session_token", session_token, httponly=True, samesite='Strict') return response else: return redirect(url_for("logout"))
def login(): name = request.form.get("user-name") email = request.form.get("user-email") password = request.form.get("user-password") # hash the password hashed_password = hashlib.sha256(password.encode()).hexdigest() # create a secret number secret_number = random.randint(1, 30) # see if user already exists user = db.query(User).filter_by(email=email).first() if not user: # create a User object user = User(name=name, email=email, secret_number=secret_number, password=hashed_password) # save the user object into a database db.add(user) db.commit() # check if password is incorrect if hashed_password != user.password: return "WRONG PASSWORD! Go back and try again." elif hashed_password == user.password: # create a random session token for this user session_token = str(uuid.uuid4()) # save the session token in a database user.session_token = session_token db.add(user) db.commit() # save user's session token into a cookie response = make_response(redirect(url_for('index'))) response.set_cookie("session_token", session_token, httponly=True) return response
def result(): guess = int(request.form.get("guess")) # email_address = request.cookies.get("email") session_token = request.cookies.get("session_token") # get user from db user = db.query(User).filter_by(session_token=session_token).first() if guess == user.secret_number: message = "Correct" new_secret = random.randint(1, 30) user.secret_number = new_secret db.add(user) db.commit() elif guess > user.secret_number: message = "Your guess is not correct, try something smaller" elif guess < user.secret_number: message = "Your guess is not correct, try something bigger" return render_template("result.html", message=message)
def add(): username = request.json.get('username') password = bcrypt.generate_password_hash( request.get_json()['password']).decode('utf-8') obj = (username, password) check = db.add('student', obj) if check != 0: result = {'student_name': username, 'student_password': password} else: result = '' return jsonify({'result': result})
def guess(): guess = int(request.form.get("your-guess")) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() if not guess: return "Please choose a number between 1 - 50" elif guess == user.secret_num: message = "Success. You guessed correctly" user.secret_num = random.randint(1, 50) db.add(user) db.commit() elif guess < user.secret_num: message = "Try a bigger number" else: message = "Try a smaller number" return render_template("results.html", message=message)