Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from flask import Flask, session, redirect, url_for, escape, request, render_template
- from hashlib import md5
- import MySQLdb
- from MySQLdb import escape_string as thwart
- import gc
- app = Flask(__name__)
- #######################
- # DATABASE CONFIG #
- #######################
- conn = MySQLdb.connect(host="localhost",
- user="root",
- passwd="jccofficial",
- db="test")
- cur = conn.cursor()
- @app.route('/')
- def home():
- return render_template('index.html')
- @app.route('/about/')
- def about():
- return render_template('about.html')
- @app.route('/contact/')
- def contact():
- return render_template('contact.html')
- @app.route('/hire/')
- def hire():
- return render_template('hire.html')
- @app.route('/admin/')
- def dash():
- if 'username' in session:
- username_session = escape(session['username']).capitalize()
- return render_template('dashboard.html', session_user_name=username_session)
- return redirect(url_for('login'))
- @app.route('/register/submit', methods=["GET", "POST"])
- def register_page():
- try:
- return render_template('register.html')
- if request.method == "POST":
- username = request.form['username']
- print(username)
- email = request.form['email']
- print(email)
- password = request.form['password']
- print(password)
- x = cur.execute("SELECT * FROM users WHERE username = (%s)",
- (username))
- if int(x) > 0:
- flash("That username is already taken, please choose another")
- return render_template('register.html', form=form)
- else:
- cur.execute("INSERT INTO users (username,email,password,)VALUES (%s,%s,%s)", (username, email, password))
- conn.commit()
- flash("Thanks for registering!")
- cur.close()
- #conn.close()
- session['logged_in'] = True
- session['username'] = username
- return redirect(url_for('dashboard'))
- return render_template("register.html", form=form)
- #flash('idiot')
- except Exception as e:
- return(str(e))
- @app.route('/login/', methods=["GET", "POST"])
- def login():
- error = None
- if 'username' in session:
- return redirect(url_for('dashboard.html'))
- if request.method == 'POST':
- username_form = request.form['username']
- password_form = request.form['password']
- cur.execute("SELECT COUNT(1) FROM users WHERE username = %s;", [username_form]) # CHECKS IF USERNAME EXSIST
- if cur.fetchone()[0]:
- cur.execute("SELECT password FROM users WHERE username = %s;", [username_form]) # FETCH THE HASHED PASSWORD
- for row in cur.fetchall():
- if md5(password_form).hexdigest() == row[0]:
- session['username'] = request.form['username']
- return redirect(url_for('dashboard.html'))
- else:
- error = "Invalid Credential"
- else:
- error = "Invalid Credential"
- return render_template('login.html', error=error)
- @app.route('/logout/')
- def logout():
- session.pop('username', None)
- return redirect(url_for('index'))
- app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
- if __name__ == '__main__':
- app.run(debug=True)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement