Untitled

from flask import *
import os
from werkzeug.wrappers import BaseRequest
from werkzeug.wsgi import responder
from werkzeug.exceptions import HTTPException, NotFound
from flask_wtf import Form,RecaptchaField
from wtforms.widgets import TextArea, PasswordInput, SubmitInput, FileInput, TextInput, HiddenInput, CheckboxInput, \
    Option, RadioInput, Select
from wtforms import StringField, PasswordField, BooleanField, IntegerField, RadioField, SubmitField, TextField, \
    SelectField, FileField, DateField, DateTimeField, TextAreaField
from wtforms.validators import InputRequired, Length, AnyOf, Email, DataRequired
from flask_sqlalchemy import SQLAlchemy
from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user, current_user
from flask_bcrypt import Bcrypt,check_password_hash,generate_password_hash
import re
from werkzeug.utils import secure_filename
from datetime import timezone, datetime, timedelta
import requests
import arrow
from werkzeug.urls import url_parse
import random
import flask_excel as excel
STATIC_FOLDER = os.path.join(os.path.dirname(__file__), "static")
app = Flask(__name__, static_url_path="/static", static_folder=STATIC_FOLDER)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///my_project.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
app.config['SECRET_KEY'] = "myproject"
app.config['UPLOAD_FOLDER_IMAGE'] = 'static/img'
#app.config['UPLOAD_FOLDER_videos'] = 'static/videos'


db = SQLAlchemy(app)
bcrypt = Bcrypt(app)
excel.init_excel(app)

langs_dir = os.path.realpath(os.path.dirname(__file__))
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'
#
class Users(UserMixin,db.Model):
    __tablename__ = 'users'
    id = db.Column(db.BIGINT, unique=True,nullable=False,primary_key=True,autoincrement=True)
    username = db.Column(db.String(50), unique=True,nullable=False)
    password = db.Column(db.String(250),nullable=False)
    name = db.Column(db.String(50),nullable=False)
    email = db.Column(db.String(50), unique=False,nullable=False)
    type = db.Column(db.INTEGER,nullable=False)
    stop_user = db.Column(db.INTEGER,nullable=False)
    photo = db.Column(db.String(250),nullable=False)
    token_id = db.Column(db.String(250),nullable=False)
    created_at = db.Column(db.String(30),nullable=False)
class Idea(db.Model):
    __tablename__ = 'ideas'
    id = db.Column(db.BIGINT, unique=True,nullable=False,primary_key=True,autoincrement=True)
    title = db.Column(db.String(50), unique=False,nullable=False)
    description = db.Column(db.String(5000),nullable=False)
    created_at = db.Column(db.String(30), nullable=False)
    who_user_add = db.Column(db.INTEGER, nullable=False)
class Comment(db.Model):
    __tablename__ = 'comments'
    id = db.Column(db.BIGINT, unique=True,nullable=False,primary_key=True,autoincrement=True)
    idea_id = db.Column(db.BIGINT, unique=False,nullable=False)
    comment = db.Column(db.String(5000), nullable=False)
    created_at = db.Column(db.String(30), nullable=False)
    who_user_add = db.Column(db.INTEGER, nullable=False)
class Group(db.Model):
    __tablename__ = 'groups'
    id = db.Column(db.BIGINT, unique=True,nullable=False,primary_key=True,autoincrement=True)
    idea_id = db.Column(db.BIGINT, unique=False,nullable=False)
    faculty_id = db.Column(db.BIGINT, unique=False, nullable=False)
    faculty_id_done = db.Column(db.BIGINT, unique=False, nullable=False)
    created_at = db.Column(db.String(30), nullable=False)
    who_user_add = db.Column(db.INTEGER, nullable=False)
class Group_Member(db.Model):
    __tablename__ = 'Group_Member'
    id = db.Column(db.BIGINT, unique=True,nullable=False,primary_key=True,autoincrement=True)
    idea_id = db.Column(db.BIGINT, unique=False,nullable=False)
    student_id = db.Column(db.BIGINT, unique=False,nullable=False)
    student_id_done = db.Column(db.BIGINT, unique=False,nullable=False)
    created_at = db.Column(db.String(30), nullable=False)
    who_user_add = db.Column(db.INTEGER, nullable=False)

db.create_all()

class LoginForm(Form):
    username = StringField('username', validators=[InputRequired('A description is required!'),
        Length(min=4, max=12, message='Must be between 5 and 10 characters.')],widget=TextInput())

@login_manager.user_loader
def load_user(token_id):
    return Users.query.get(str(token_id))

def random_string(size=100000):
    return ''.join(random.choice("aMNO9bdeRS4fghKLijklBmnPop3TUqEF1rs9AcGHXYZVWtuvCDwxyz175IJQ") for x in range(size))
def random_number(size=100000):
    return ''.join(random.choice("0123456789") for x in range(size))

def username_filter(variable):
    return re.sub('[^A-Za-z0-9_]','' ,str(variable))
def img_filter(variable):
    return re.sub('[^A-Za-z0-9_#.]','' ,str(variable))
def name_ar_filter(variable):
    return re.sub('[^A-Za-z0-9_\w ]','' ,str(variable))
def password_filter(variable):
    return re.sub('[^A-Za-z0-9_@$?]','' ,str(variable))
def email_filter(variable):
    email_regex = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
    return bool(re.match(email_regex, variable))
def number_filter(variable):
    return re.sub('[^0-9]','' ,str(variable))
def date_filter(variable):
    return re.sub('[^0-9-]','' ,str(variable))

allowedExtensions = set(['jpg', 'jpeg', 'png', 'gif', 'tiff', 'bmp', 'svg'])
def allowed(file):
    extension = file.rsplit('.', 1)[1].lower()
    return extension in allowedExtensions

@app.before_request
def make_session_permanent():
    session.permanent = True
    app.permanent_session_lifetime = timedelta(minutes=30)#

def view(request):
    raise NotFound()

@responder
def application(environ, start_response):
    request = BaseRequest(environ)
    try:
        return view(request)
    except HTTPException as e:
        return e

date_now =  arrow.now('Asia/Riyadh').format('YYYY-MM-DD')
time_now =  arrow.now('Asia/Riyadh').format('HH:mm')
year_now =  arrow.now('Asia/Riyadh').format('YYYY')
month_now =  arrow.now('Asia/Riyadh').format('MM')
day_now =  arrow.now('Asia/Riyadh').format('DD')
#strat
@app.errorhandler(400)
def custom_400(error):
    try:
        return render_template("error_pages.html",  error=400, year_now=year_now)
    except Exception as e:
        print("custom_400:{}".format(e))
        return error
@app.errorhandler(401)
def custom_401(error):
    try:
        return render_template("error_pages.html",  error=401, year_now=year_now)
    except Exception as e:
        print("custom_401:{}".format(e))
        return error
@app.errorhandler(403)
def custom_403(error):
    try:
        return render_template("error_pages.html",  error=403, year_now=year_now)
    except Exception as e:
        print("custom_403:{}".format(e))
        return error

@app.errorhandler(404)
def custom_404(error):
    try:
        return render_template("error_pages.html",  error=404, year_now=year_now)
    except Exception as e:
        print("custom_404:{}".format(e))
        return error
@app.errorhandler(405)
def custom_405(error):
    try:
        return render_template("error_pages.html",  error=405, year_now=year_now)
    except Exception as e:
        print("custom_405:{}".format(e))
        return error

@app.errorhandler(406)
def custom_406(error):
    try:
        return render_template("error_pages.html",  error=406, year_now=year_now)
    except Exception as e:
        print("custom_406:{}".format(e))
        return error
@app.errorhandler(408)
def custom_408(error):
    try:
        return render_template("error_pages.html",  error=408, year_now=year_now)
    except Exception as e:
        print("custom_408:{}".format(e))
        return error
@app.errorhandler(409)
def custom_409(error):
    try:
        return render_template("error_pages.html",  error=409, year_now=year_now)
    except Exception as e:
        print("custom_409:{}".format(e))
        return error
@app.errorhandler(410)
def custom_410(error):
    try:
        return render_template("error_pages.html",  error=410, year_now=year_now)
    except Exception as e:
        print("custom_410:{}".format(e))
        return error
@app.errorhandler(411)
def custom_411(error):
    try:
        return render_template("error_pages.html",  error=411, year_now=year_now)
    except Exception as e:
        print("custom_411:{}".format(e))
        return error
@app.errorhandler(412)
def custom_412(error):
    try:
        return render_template("error_pages.html",  error=412, year_now=year_now)
    except Exception as e:
        print("custom_412:{}".format(e))
        return error
@app.errorhandler(413)
def custom_413(error):
    try:
        return render_template("error_pages.html",  error=413, year_now=year_now)
    except Exception as e:
        print("custom_413:{}".format(e))
        return error
@app.errorhandler(414)
def custom_414(error):
    try:
        return render_template("error_pages.html",  error=414, year_now=year_now)
    except Exception as e:
        print("custom_414:{}".format(e))
        return error
@app.errorhandler(415)
def custom_415(error):
    try:
        return render_template("error_pages.html",  error=415, year_now=year_now)
    except Exception as e:
        print("custom_415:{}".format(e))
        return error
@app.errorhandler(416)
def custom_416(error):
    try:
        return render_template("error_pages.html",  error=416, year_now=year_now)
    except Exception as e:
        print("custom_416:{}".format(e))
        return error
@app.errorhandler(417)
def custom_417(error):
    try:
        return render_template("error_pages.html",  error=417, year_now=year_now)
    except Exception as e:
        print("custom_417:{}".format(e))
        return error
@app.errorhandler(418)
def custom_418(error):
    try:
        return render_template("error_pages.html",  error=418, year_now=year_now)
    except Exception as e:
        print("custom_418:{}".format(e))
        return error
@app.errorhandler(428)
def custom_428(error):
    try:
        return render_template("error_pages.html",  error=428, year_now=year_now)
    except Exception as e:
        print("custom_428:{}".format(e))
        return error
@app.errorhandler(429)
def custom_429(error):
    try:
        return render_template("error_pages.html",  error=429, year_now=year_now)
    except Exception as e:
        print("custom_429:{}".format(e))
        return error
@app.errorhandler(431)
def custom_431(error):
    try:
        return render_template("error_pages.html",  error=431, year_now=year_now)
    except Exception as e:
        print("custom_431:{}".format(e))
        return error
@app.errorhandler(500)
def custom_500(error):
    try:
        return render_template("error_pages.html",  error=500, year_now=year_now)
    except Exception as e:
        print("custom_500:{}".format(e))
        return error
@app.errorhandler(501)
def custom_501(error):
    try:
        return render_template("error_pages.html",  error=501, year_now=year_now)
    except Exception as e:
        print("custom_501:{}".format(e))
        return error
@app.errorhandler(502)
def custom_502(error):
    try:
        return render_template("error_pages.html",  error=502, year_now=year_now)
    except Exception as e:
        print("custom_502:{}".format(e))
        return error
@app.errorhandler(503)
def custom_503(error):
    try:
        return render_template("error_pages.html",  error=503, year_now=year_now)
    except Exception as e:
        print("custom_503:{}".format(e))
        return error
@app.route("/", methods=['GET', 'POST'])
def index():
    return render_template("index.html", error=503, year_now=year_now)


@app.route("/login/", methods=['GET', 'POST'])
def login():
    if "id" in session:
       return redirect(url_for("dashboard"))
    else:
        try:
            form = LoginForm(request.form)
            token = random_string(250)
            if request.method == "POST":
                if len(request.form['username']) == 0:
                    return  render_template("login.html", error="Enter username", form=form, year_now=year_now)
                elif len(request.form['password']) == 0:
                    return  render_template("login.html", error="Enter password", form=form, year_now=year_now)
                else:
                    user = Users.query.filter_by(username=username_filter(request.form['username'])).first()
                    if user and bcrypt.check_password_hash(user.password, password_filter(request.form['password'])):
                        if user.type == 0:
                            if user.stop_user == 0:
                                session['admin'] = username_filter(request.form['username'])
                                session['id'] = user.id
                                session['type'] = user.type
                                session['name'] = user.name
                                user.token_id = token
                                db.session.commit()
                                login_user(user)
                                session['token_id'] = user.token_id
                                next_page = request.args.get('next')
                                if not next_page or url_parse(next_page).netloc != '':
                                    return redirect(url_for("dashboard"))
                                return redirect(next_page)
                            else:
                                return render_template("login.html", error="Your account is blocked", form=form, year_now=year_now)
                        elif user.type == 2:
                            print(user.id)
                            if user.stop_user == 0:
                                session['student'] = username_filter(request.form['username'])
                                session['id'] = user.id
                                session['type'] = user.type
                                session['name'] = user.name
                                user.token_id = token
                                db.session.commit()
                                login_user(user)
                                session['token_id'] = user.token_id
                                next_page = request.args.get('next')
                                if not next_page or url_parse(next_page).netloc != '':
                                    return redirect(url_for("dashboard"))
                                return redirect(next_page)
                            else:
                                return render_template("login.html", error="Your account is blocked", form=form, year_now=year_now)
                        elif user.type ==1:
                            if user.stop_user == 0:
                                session['faculty'] = username_filter(request.form['username'])
                                session['id'] = user.id
                                session['type'] = user.type
                                session['name'] = user.name
                                user.token_id = token
                                db.session.commit()
                                login_user(user)
                                session['token_id'] = user.token_id
                                next_page = request.args.get('next')
                                if not next_page or url_parse(next_page).netloc != '':
                                    return redirect(url_for("dashboard"))
                                return redirect(next_page)
                            else:
                                return render_template("login.html", error="Your account is blocked", form=form, year_now=year_now)
                        else:
                            return render_template("login.html", error="Account not available", form=form,
                                                   year_now=year_now)
                    else:
                        return render_template("login.html", error="Error username or password", form=form,
                                               year_now=year_now)
            else:
                return render_template("login.html", form=form, year_now=year_now)
        except Exception as e:
            print(e)
            return e

@app.route("/register/", methods=['GET', 'POST'])
def register():
    if "id" in session:
        return redirect(url_for("login"))
    else:
        try:
            token = random_string(250)
            form = LoginForm(request.form)
            if request.method == "POST":
                if len(request.form['username']) == 0:
                    return  render_template("register.html", error="Enter username", form=form, year_now=year_now)
                elif len(request.form['password']) == 0:
                    return  render_template("register.html", error="Enter password", form=form, year_now=year_now)
                elif len(request.form['name']) == 0:
                    return  render_template("register.html", error="Enter name", form=form, year_now=year_now)
                elif len(request.form['email']) == 0:
                    return  render_template("register.html", error="Enter email", form=form, year_now=year_now)
                else:
                    use = Users.query.filter((Users.username == username_filter(request.form['username'])) |
                                             (Users.email == email_filter(request.form['email']))).count()
                    if use == 0:
                        new_user = Users(username=username_filter(request.form['username']),
                                         password=bcrypt.generate_password_hash(
                                             password_filter(request.form['password'])),
                                         email=request.form['email'],
                                         created_at="{} {}".format(date_now,time_now),
                                         stop_user=0,photo="index.png",
                                         type=number_filter(request.form['type']), token_id=token,
                                         name=name_ar_filter(request.form['name']))

                        db.session.add(new_user)
                        db.session.commit()
                        user=Users.query.filter_by(username=username_filter(request.form['username'])).first()
                        if user.type == 1:
                            session['faculty'] =user.username
                            session['id'] = user.id
                            session['type'] = user.type
                            session['token_id'] = user.token_id
                            session['name'] = user.name
                            login_user(user)
                            return redirect(url_for("dashboard"))
                        elif user.type == 2:
                            session['student'] = username_filter(request.form['username'])
                            session['id'] = user.id
                            session['type'] = user.type
                            session['token_id'] = user.token_id
                            session['name'] = user.name
                            login_user(user)
                            return redirect(url_for("dashboard"))
                        else:
                            return redirect(url_for("login"))

                    else:
                        return render_template("register.html", form=form, year_now=year_now, error="Account already registered")
            else:
                return render_template("register.html", form=form, year_now=year_now)
        except Exception as e:
            print(e)
            return e
@app.route("/dashboard/", methods=['GET', 'POST'])
@login_required
def dashboard():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            users=Users.query.count()
            ideas=Idea.query.count()
            group=Group.query.count()
            group_Member=Group_Member.query.count()
            comment=Comment.query.count()
            return render_template("admin/dashboard.html",admin=admin,users=users,ideas=ideas,group=group,group_Member=group_Member,comment=comment)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))
@app.route("/edit_my_profile/", methods=['GET', 'POST'])
@login_required
def edit_my_profile():
    form = LoginForm(request.form)
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if request.method == 'POST':
                if 'profile_photo' not in request.files:
                    if not request.form['password']:
                        admin.username = username_filter(request.form['username'])
                        admin.email = request.form['email']
                        admin.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['admin'] = username_filter(request.form['username'])
                        return render_template("admin/edit_my_profile.html", admin=admin,
                                               mass="Your profile has been updated successfully", form=form,
                                               year_now=year_now)
                    else:
                        admin.username = username_filter(request.form['username'])
                        admin.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        admin.email = request.form['email']
                        admin.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['admin'] = username_filter(request.form['username'])
                        return render_template("admin/edit_my_profile.html",
                                               mass="Your profile has been updated successfully", form=form,
                                               admin=admin,
                                               year_now=year_now)
                if request.files['profile_photo'].filename == '':
                    return redirect(request.url)
                if request.files['profile_photo']:
                    filename = secure_filename(request.files['profile_photo'].filename)
                    rand = random_string(8)
                    photo = "{}_{}".format(rand, img_filter(filename))
                    request.files['profile_photo'].save(os.path.join(app.config['UPLOAD_FOLDER_IMAGE'], photo))
                    if not request.form['password']:
                        admin.photo=photo
                        admin.username=username_filter(request.form['username'])
                        admin.email = request.form['email']
                        admin.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['admin'] = username_filter(request.form['username'])
                        return render_template("admin/edit_my_profile.html",admin=admin,mass="Your profile has been updated successfully",form=form,year_now=year_now)
                    else:
                        admin.photo = photo
                        admin.username = username_filter(request.form['username'])
                        admin.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        admin.email = request.form['email']
                        admin.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['admin'] = username_filter(request.form['username'])
                        return render_template("admin/edit_my_profile.html",admin=admin,
                                               mass="Your profile has been updated successfully", form=form,
                                               year_now=year_now)
                else:
                    return render_template("admin/edit_my_profile.html",
                                           mass="Your profile has been updated successfully", form=form,admin=admin,
                                           year_now=year_now)
            else:
                return render_template("admin/edit_my_profile.html", form=form, year_now=year_now,admin=admin)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            if request.method == 'POST':
                if 'profile_photo' not in request.files:
                    if not request.form['password']:
                        faculty.username = username_filter(request.form['username'])
                        faculty.email = request.form['email']
                        faculty.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['faculty'] = username_filter(request.form['username'])
                        return render_template("faculty/edit_my_profile.html", faculty=faculty,
                                               mass="Your profile has been updated successfully", form=form,
                                               year_now=year_now)
                    else:
                        faculty.username = username_filter(request.form['username'])
                        faculty.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        faculty.email = request.form['email']
                        faculty.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['admin'] = username_filter(request.form['username'])
                        return render_template("faculty/edit_my_profile.html",
                                               mass="Your profile has been updated successfully", form=form,
                                               faculty=faculty,
                                               year_now=year_now)
                if request.files['profile_photo'].filename == '':
                    return redirect(request.url)
                if request.files['profile_photo']:
                    filename = secure_filename(request.files['profile_photo'].filename)
                    rand = random_string(8)
                    photo = "{}_{}".format(rand, img_filter(filename))
                    request.files['profile_photo'].save(os.path.join(app.config['UPLOAD_FOLDER_IMAGE'], photo))
                    if not request.form['password']:
                        faculty.photo = photo
                        faculty.username = username_filter(request.form['username'])
                        faculty.email = request.form['email']
                        faculty.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['faculty'] = username_filter(request.form['username'])
                        return render_template("faculty/edit_my_profile.html", faculty=faculty,
                                               mass="Your profile has been updated successfully", form=form,
                                                   year_now=year_now)
                    else:
                        use = Users.query.filter((Users.username == username_filter(request.form['username'])) |
                                                 (Users.email == number_filter(request.form['email']))).first()
                        if use.username == session['admin'] or use.name == session['name']:
                            faculty.photo = photo
                            faculty.username = username_filter(request.form['username'])
                            faculty.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                            faculty.email = request.form['email']
                            faculty.name = name_ar_filter(request.form['name'])
                            db.session.commit()
                            session['name'] = name_ar_filter(request.form['name'])
                            session['faculty'] = username_filter(request.form['username'])
                            return render_template("faculty/edit_my_profile.html", faculty=faculty,
                                                   mass="Your profile has been updated successfully", form=form,
                                                   year_now=year_now)
                        else:
                            return render_template("faculty/edit_my_profile.html", faculty=faculty,
                                                   mass="Sorry some data is registered to another account", form=form,
                                                   year_now=year_now)

                else:
                    return render_template("faculty/edit_my_profile.html",
                                           mass="Your profile has been updated successfully", form=form, faculty=faculty,
                                           year_now=year_now)
            else:
                return render_template("faculty/edit_my_profile.html", form=form, year_now=year_now, faculty=faculty)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            if request.method == 'POST':
                if 'profile_photo' not in request.files:
                    if not request.form['password']:
                        student.username = username_filter(request.form['username'])
                        student.email = request.form['email']
                        student.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['student'] = username_filter(request.form['username'])
                        return render_template("student/edit_my_profile.html", student=student,
                                               mass="Your profile has been updated successfully", form=form,
                                               year_now=year_now)
                    else:
                        student.username = username_filter(request.form['username'])
                        student.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        student.email = request.form['email']
                        student.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['student'] = username_filter(request.form['username'])
                        return render_template("student/edit_my_profile.html",
                                               mass="Your profile has been updated successfully", form=form,
                                               student=student,
                                               year_now=year_now)
                if request.files['profile_photo'].filename == '':
                    return redirect(request.url)
                if request.files['profile_photo']:
                    filename = secure_filename(request.files['profile_photo'].filename)
                    rand = random_string(8)
                    photo = "{}_{}".format(rand, img_filter(filename))
                    request.files['profile_photo'].save(os.path.join(app.config['UPLOAD_FOLDER_IMAGE'], photo))
                    if not request.form['password']:
                        student.photo = photo
                        student.username = username_filter(request.form['username'])
                        student.email = request.form['email']
                        student.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['student'] = username_filter(request.form['username'])
                        return render_template("student/edit_my_profile.html", student=student,
                                               mass="Your profile has been updated successfully", form=form,
                                                   year_now=year_now)
                    else:
                        student.photo = photo
                        student.username = username_filter(request.form['username'])
                        student.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        student.email = request.form['email']
                        student.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        session['name'] = name_ar_filter(request.form['name'])
                        session['student'] = username_filter(request.form['username'])
                        return render_template("student/edit_my_profile.html", student=student,
                                               mass="Your profile has been updated successfully", form=form,
                                               year_now=year_now)

                else:
                    return render_template("student/edit_my_profile.html",
                                           mass="Your profile has been updated successfully", form=form, student=student,
                                           year_now=year_now)
            else:
                return render_template("student/edit_my_profile.html", form=form, year_now=year_now, student=student)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))
@app.route("/edit_user_profile/<id>", methods=['GET', 'POST'])
@login_required
def edit_user_profile(id):
    form = LoginForm(request.form)
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            user=Users.query.filter_by(id=id).first()
            if request.method == 'POST':
                if 'profile_photo' not in request.files:
                    if not request.form['password']:
                        user.username = username_filter(request.form['username'])
                        user.email = request.form['email']
                        user.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        return render_template("admin/users/edit_user_profile.html", admin=admin,user=user,
                                               mass="User profile has been updated successfully", form=form,
                                               year_now=year_now)
                    else:
                        user.username = username_filter(request.form['username'])
                        user.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        user.email = request.form['email']
                        user.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        return render_template("admin/users/edit_user_profile.html",user=user,
                                               mass="Your profile has been updated successfully", form=form,
                                               admin=admin,
                                               year_now=year_now)
                if request.files['profile_photo'].filename == '':
                    return redirect(request.url)
                if request.files['profile_photo']:
                    filename = secure_filename(request.files['profile_photo'].filename)
                    rand = random_string(8)
                    photo = "{}_{}".format(rand, img_filter(filename))
                    request.files['profile_photo'].save(os.path.join(app.config['UPLOAD_FOLDER_IMAGE'], photo))
                    if not request.form['password']:
                        user.photo=photo
                        user.username=username_filter(request.form['username'])
                        user.email = request.form['email']
                        user.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        return render_template("admin/edit_my_profile.html",user=user,admin=admin,mass="User profile has been updated successfully",form=form,year_now=year_now)
                    else:
                        user.photo = photo
                        user.username = username_filter(request.form['username'])
                        user.password = bcrypt.generate_password_hash(password_filter(request.form['password']))
                        user.email = request.form['email']
                        user.name = name_ar_filter(request.form['name'])
                        db.session.commit()
                        return render_template("admin/users/edit_user_profile.html",admin=admin,user=user,
                                               mass="User profile has been updated successfully", form=form,
                                               year_now=year_now)
                else:
                    return render_template("admin/users/edit_user_profile.html",user=user,
                                           mass="User profile has been updated successfully", form=form,admin=admin,
                                           year_now=year_now)
            else:
                return render_template("admin/users/edit_user_profile.html", user=user,form=form, year_now=year_now,admin=admin)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))
@app.route("/status/<id>/<status>", methods=['GET', 'POST'])
@login_required
def status(status,id):
    form = LoginForm(request.form)
    user = Users.query.filter_by(id=id).first()
    data = Users.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if status=="active":
                user.stop_user = 0
                db.session.commit()
            elif status == "inactive":
                user.stop_user = 1
                db.session.commit()
            return render_template("admin/users/users.html", admin=admin, user=user,
                                   mass="User profile has been updated successfully", form=form,
                                   year_now=year_now,data=data)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))
@app.route("/users/", methods=['GET', 'POST'])
@login_required
def users():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            data = Users.query.all()
            return render_template("admin/users/users.html",admin=admin,data=data)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))
@app.route("/add_new_user/", methods=['GET', 'POST'])
@login_required
def add_new_user():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            token = random_string(250)
            form = LoginForm(request.form)
            if request.method == "POST":
                if len(request.form['username']) == 0:
                    return render_template("admin/users/add_new_user.html", error="Enter username", form=form, year_now=year_now,
                                            admin=admin)
                elif len(request.form['password']) == 0:
                    return render_template("admin/users/add_new_user.html", error="Enter password", form=form, year_now=year_now,
                                            admin=admin)
                elif len(request.form['name']) == 0:
                    return render_template("admin/users/add_new_user.html", error="Enter name", form=form, year_now=year_now,
                                            admin=admin)
                elif len(request.form['email']) == 0:
                    return render_template("admin/users/add_new_user.html", error="Enter email", form=form, year_now=year_now,
                                            admin=admin)
                else:
                    use = Users.query.filter((Users.username == username_filter(request.form['username'])) |
                                             (Users.email == number_filter(request.form['email']))).count()
                    if use == 0:
                        new_user = Users(username=username_filter(request.form['username']),
                                         password=bcrypt.generate_password_hash(
                                             password_filter(request.form['password'])),
                                         email=request.form['email'],
                                         created_at="{} {}".format(date_now, time_now),
                                         stop_user=0, photo="index.png",
                                         type=number_filter(request.form['type']), token_id=token,
                                         name=name_ar_filter(request.form['name']))

                        db.session.add(new_user)
                        db.session.commit()
                        return render_template("admin/users/add_new_user.html", form=form, year_now=year_now,

                                               error="ADD", admin=admin)
                    else:
                        return render_template("admin/users/add_new_user.html", form=form, year_now=year_now,
                                               error="Account already registered", admin=admin)
            else:
                return render_template("admin/users/add_new_user.html", form=form, year_now=year_now, admin=admin)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))
@app.route("/add_new_idea/", methods=['GET', 'POST'])
@login_required
def add_new_idea():
    form = LoginForm(request.form)
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if request.method == "POST":
                if len(request.form['title']) == 0:
                    return render_template("admin/ideas/add_new_idea.html", error="Enter title", form=form, year_now=year_now,
                                            admin=admin)
                elif len(request.form['description']) == 0:
                    return render_template("admin/ideas/add_new_idea.html", error="Enter description", form=form, year_now=year_now,
                                            admin=admin)
                else:
                    new_idea = Idea(title=name_ar_filter(request.form['title']),
                                    description=name_ar_filter(request.form['description']),
                                     created_at="{} {}".format(date_now, time_now), who_user_add=admin.id)

                    db.session.add(new_idea)
                    db.session.commit()
                    return render_template("admin/ideas/add_new_idea.html", form=form, year_now=year_now,

                                               error="Your idea has been successfully added", admin=admin)
            else:
                return render_template("admin/ideas/add_new_idea.html", form=form, year_now=year_now, admin=admin)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            if request.method == "POST":
                check_add_idea = Idea.query.filter_by(who_user_add=session['id']).count()
                if check_add_idea != 0:
                    return render_template("faculty/ideas/add_new_idea.html", form=form, year_now=year_now,
                                            faculty=faculty, e="You have a pre-recorded idea")
                else:
                    if len(request.form['title']) == 0:
                        return render_template("faculty/ideas/add_new_idea.html", error="Enter title", form=form,
                                               year_now=year_now,
                                                faculty=faculty)
                    elif len(request.form['description']) == 0:
                        return render_template("faculty/ideas/add_new_idea.html", error="Enter description", form=form,
                                               year_now=year_now,
                                                faculty=faculty)
                    else:
                        new_idea = Idea(title=name_ar_filter(request.form['title']),
                                        description=name_ar_filter(request.form['description']),
                                        created_at="{} {}".format(date_now, time_now), who_user_add=faculty.id)

                        db.session.add(new_idea)
                        db.session.commit()
                        return render_template("faculty/ideas/add_new_idea.html", form=form, year_now=year_now,

                                               error="Your idea has been successfully added", faculty=faculty)
            else:
                check_add_idea=Idea.query.filter_by(who_user_add = session['id']).count()
                if check_add_idea !=0:
                    return render_template("faculty/ideas/add_new_idea.html", form=form, year_now=year_now, faculty=faculty,e="You have a pre-recorded idea")
                else:
                    return render_template("faculty/ideas/add_new_idea.html", form=form, year_now=year_now,
                                            faculty=faculty)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            if request.method == "POST":
                check_add_idea = Idea.query.filter_by(who_user_add=session['id']).count()
                if check_add_idea != 0:
                    return render_template("faculty/ideas/add_new_idea.html", form=form, year_now=year_now,
                                            faculty=faculty, e="You have a pre-recorded idea")
                else:
                    if len(request.form['title']) == 0:
                        return render_template("student/ideas/add_new_idea.html", error="Enter title", form=form,
                                               year_now=year_now,
                                                student=student)
                    elif len(request.form['description']) == 0:
                        return render_template("student/ideas/add_new_idea.html", error="Enter description", form=form,
                                               year_now=year_now,
                                                student=student)
                    else:
                        new_idea = Idea(title=name_ar_filter(request.form['title']),
                                        description=name_ar_filter(request.form['description']),
                                        created_at="{} {}".format(date_now, time_now), who_user_add=student.id)

                        db.session.add(new_idea)
                        db.session.commit()
                        return render_template("student/ideas/add_new_idea.html", form=form, year_now=year_now,

                                               error="Your idea has been successfully added", student=student)
            else:
                check_add_idea=Idea.query.filter_by(who_user_add = session['id']).count()
                if check_add_idea !=0:
                    return render_template("student/ideas/add_new_idea.html", form=form, year_now=year_now, student=student,e="You have a pre-recorded idea")
                else:
                    return render_template("student/ideas/add_new_idea.html", form=form, year_now=year_now,
                                            student=student)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route('/ideas/',methods=['POST',"GET"])
@login_required
def ideas():
    ideas = Idea.query.all()
    users = Users.query.all()
    comments = Comment.query.all()
    gm = Group_Member.query.all()
    gmm = Group_Member.query.filter(Group_Member.student_id!=session['id']).all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            return render_template("admin/ideas/ideas.html",admin=admin,ideas=ideas,users=users,comments=comments,gm=gm)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            return render_template("faculty/ideas/ideas.html",faculty=faculty,ideas=ideas,users=users,comments=comments,gm=gm)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            return render_template("student/ideas/ideas.html",student=student,ideas=ideas,users=users,comments=comments,gm=gm,gmm=gmm)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route('/joins/',methods=['POST',"GET"])
@login_required
def joins():
    ideas = Idea.query.filter_by(who_user_add=session['id']).all()
    idea = Idea.query.all()
    users = Users.query.all()
    group = Group.query.all()
    me_group = Group.query.filter_by(faculty_id=session['id']).all()
    me_group_member = Group_Member.query.filter_by(student_id=session['id']).all()
    group_member = Group_Member.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            return render_template("admin/ideas/joins.html", admin=admin, ideas=ideas, users=users, group=group
                                   , group_member=group_member,idea=idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            return render_template("faculty/ideas/joins.html", faculty=faculty, ideas=ideas, users=users, group=group
                                   , group_member=group_member,me_group=me_group,idea=idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            return render_template("student/ideas/joins.html", student=student, ideas=ideas, users=users, group=group
                                   , group_member=group_member,me_group_member=me_group_member,idea=idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route('/my_ideas/',methods=['POST',"GET"])
@login_required
def my_ideas():
    ideas = Idea.query.filter_by(who_user_add=session['id']).all()
    users = Users.query.all()
    group = Group.query.all()
    comment = Comment.query.all()
    group_member = Group_Member.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            return render_template("admin/ideas/my_ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                   , group_member=group_member,comment=comment)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            return render_template("faculty/ideas/my_ideas.html", faculty=faculty, ideas=ideas, users=users, group=group
                                   , group_member=group_member,comment=comment)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            return render_template("student/ideas/my_ideas.html", student=student, ideas=ideas, users=users, group=group
                                   , group_member=group_member,comment=comment)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/delete_my_idea/<idea_id>',methods=['POST',"GET"])
@login_required
def delete_my_idea(idea_id):
    delete_idea = Idea.query.filter((Idea.who_user_add==session['id'])&(Idea.id==idea_id)).first()
    ideas = Idea.query.filter_by(who_user_add=session['id']).all()
    users = Users.query.all()
    group = Group.query.all()
    group_member = Group_Member.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            db.session.delete(delete_idea)
            db.session.commit()
            return render_template("admin/ideas/my_ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                   , group_member=group_member,error="Your idea has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            db.session.delete(delete_idea)
            db.session.commit()
            return render_template("faculty/ideas/my_ideas.html", faculty=faculty, ideas=ideas, users=users, group=group
                                   , group_member=group_member,error="Your idea has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            db.session.delete(delete_idea)
            db.session.commit()
            return render_template("student/ideas/my_ideas.html", student=student, ideas=ideas, users=users, group=group
                                   , group_member=group_member,error="Your idea has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/edit_my_idea/<idea_id>',methods=['POST',"GET"])
@login_required
def edit_my_idea(idea_id):
    edit_idea = Idea.query.filter((Idea.who_user_add==session['id'])&(Idea.id==idea_id)).first()
    ideas = Idea.query.filter_by(who_user_add=session['id']).all()
    users = Users.query.all()
    group = Group.query.all()
    group_member = Group_Member.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if request.method == "POST":
                edit_idea.title=name_ar_filter(request.form['title'])
                edit_idea.description=name_ar_filter(request.form['description'])
                db.session.commit()
                return render_template("admin/ideas/ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                       , group_member=group_member,error="Your idea has been successfully edited",edit_idea=edit_idea)
            else:
                return render_template("admin/ideas/edit_my_idea.html", admin=admin, ideas=ideas, users=users, group=group
                                       , group_member=group_member, edit_idea=edit_idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            if request.method == "POST":
                edit_idea.title = name_ar_filter(request.form['title'])
                edit_idea.description = name_ar_filter(request.form['description'])
                db.session.commit()
                return render_template("faculty/ideas/my_ideas.html", faculty=faculty, ideas=ideas, users=users, group=group,edit_idea=edit_idea
                                       , group_member=group_member, error="Your idea has been successfully edited")
            else:
                return render_template("faculty/ideas/edite_my_idea.html", faculty=faculty, ideas=ideas, users=users,
                                       group=group
                                       , group_member=group_member,edit_idea=edit_idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            if request.method == "POST":
                edit_idea.title = name_ar_filter(request.form['title'])
                edit_idea.description = name_ar_filter(request.form['description'])
                db.session.commit()
                return render_template("student/ideas/my_ideas.html", student=student, ideas=ideas, users=users, group=group,edit_idea=edit_idea
                                       , group_member=group_member, error="Your idea has been successfully edited")
            else:
                return render_template("student/ideas/edite_my_idea.html", student=student, ideas=ideas, users=users,
                                       group=group
                                       , group_member=group_member,edit_idea=edit_idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/edit_idea/<idea_id>',methods=['POST',"GET"])
@login_required
def edit_idea(idea_id):
    edit_idea = Idea.query.filter((Idea.id==idea_id)).first()
    ideas = Idea.query.all()
    users = Users.query.all()
    group = Group.query.all()
    group_member = Group_Member.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if request.method == "POST":
                edit_idea.title=name_ar_filter(request.form['title'])
                edit_idea.description=name_ar_filter(request.form['description'])
                db.session.commit()
                return render_template("admin/ideas/ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                       , group_member=group_member,error="Your idea has been successfully edited",edit_idea=edit_idea)
            else:
                return render_template("admin/ideas/edit_idea.html", admin=admin, ideas=ideas, users=users, group=group
                                       , group_member=group_member, edit_idea=edit_idea)
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/delete_idea/<idea_id>',methods=['POST',"GET"])
@login_required
def delete_idea(idea_id):
    delete_idea = Idea.query.filter((Idea.id==idea_id)).first()
    ideas = Idea.query.all()
    users = Users.query.all()
    group = Group.query.all()
    group_member = Group_Member.query.all()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            db.session.delete(delete_idea)
            db.session.commit()
            return render_template("admin/ideas/ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                   , group_member=group_member,error="Your idea has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/delete_my_comment/<comment_id>',methods=['POST',"GET"])
@login_required
def delete_my_comment(comment_id):
    ideas = Idea.query.filter_by(who_user_add=session['id']).all()
    users = Users.query.all()
    group = Group.query.all()
    delete_comment=Comment.query.filter((Comment.id==comment_id)&(Comment.who_user_add == session['id'])).first()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            delete_comments = Comment.query.filter((Comment.id == comment_id)).first()
            db.session.delete(delete_comments)
            db.session.commit()
            return render_template("admin/ideas/ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                   , error="comment has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            db.session.delete(delete_comment)
            db.session.commit()
            return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users, group=group
                                   , error="Your comment has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            db.session.delete(delete_comment)
            db.session.commit()
            return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users, group=group
                                   , error="Your comment has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/delete_comment/<comment_id>',methods=['POST',"GET"])
@login_required
def delete_comment(comment_id):
    ideas = Idea.query.filter_by(who_user_add=session['id']).all()
    users = Users.query.all()
    group = Group.query.all()
    delete_comment=Comment.query.filter((Comment.id==comment_id)&(Comment.who_user_add == session['id'])).first()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            delete_comments = Comment.query.filter((Comment.id == comment_id)).first()
            db.session.delete(delete_comments)
            db.session.commit()
            return render_template("admin/ideas/my_ideas.html", admin=admin, ideas=ideas, users=users, group=group
                                   , error="comment has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            db.session.delete(delete_comment)
            db.session.commit()
            return render_template("faculty/ideas/my_ideas.html", faculty=faculty, ideas=ideas, users=users, group=group
                                   , error="Your comment has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            db.session.delete(delete_comment)
            db.session.commit()
            return render_template("student/ideas/my_ideas.html", student=student, ideas=ideas, users=users, group=group
                                   , error="Your comment has been successfully deleted")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/case_faculty/<faculty_id>/<idea_id>/<case>',methods=['POST',"GET"])
@login_required
def case_faculty(faculty_id,idea_id,case):
    group_accept = Group.query.filter((Group.faculty_id == faculty_id) & (Group.idea_id == idea_id)).first()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if case =="accept":
                group_accept.faculty_id_done = 2
                db.session.commit()
                refusal= Group.query.filter((Group.idea_id == idea_id)&(Group.faculty_id_done == 1)).all()
                for i in refusal:
                    print(i.faculty_id)
                    i.faculty_id_done = 3
                    db.session.commit()
            elif case == "refusal":
                group_accept.faculty_id_done = 3
                db.session.commit()
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            if case =="accept":
                group_accept.faculty_id_done = 2
                db.session.commit()
                refusal = Group.query.filter((Group.idea_id == idea_id) & (Group.faculty_id_done == 1)).all()
                for i in refusal:
                    print(i.faculty_id)
                    i.faculty_id_done = 3
                    db.session.commit()
            elif case == "refusal":
                group_accept.faculty_id_done = 3
                db.session.commit()
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            if case =="accept":
                group_accept.faculty_id_done = 2
                db.session.commit()
                refusal = Group.query.filter((Group.idea_id == idea_id) & (Group.faculty_id_done == 1)).all()
                for i in refusal:
                    print(i.faculty_id)
                    i.faculty_id_done = 3
                    db.session.commit()
            elif case == "refusal":
                group_accept.faculty_id_done = 3
                db.session.commit()
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/case_student/<student_id>/<idea_id>/<case>',methods=['POST',"GET"])
@login_required
def case_student(student_id,idea_id,case):
    group_member = Group_Member.query.filter(
        (Group_Member.student_id == student_id) & (Group_Member.idea_id == idea_id)).first()
    group = Group.query.filter_by(idea_id=idea_id).first()
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if case =="accept":
                group_member.student_id_done = 2
                db.session.commit()
            elif case == "refusal":
                group_member.student_id_done = 3
                db.session.commit()
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            if case == "accept":
                group_member.student_id_done = 2
                db.session.commit()
            elif case == "refusal":
                group_member.student_id_done = 3
                db.session.commit()
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            if case == "accept":
                group_member.student_id_done = 2
                db.session.commit()
            elif case == "refusal":
                group_member.student_id_done = 3
                db.session.commit()
            return redirect(url_for("joins"))
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route('/join/<idea_id>',methods=['POST',"GET"])
@login_required
def join(idea_id):
    ideas = Idea.query.all()
    users = Users.query.all()
    comments = Comment.query.all()
    gm = Group_Member.query.all()
    if "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            gm = Group.query.filter((Group.faculty_id==session['id'])&(Group.idea_id==idea_id)).count()
            gd= Group.query.filter((Group.faculty_id_done==2)&(Group.idea_id==idea_id)).count()
            gr = Group.query.filter((Group.faculty_id == session['id'])).count()
            gra = Group.query.filter((Group.idea_id==idea_id)&(Group.faculty_id == session['id'])&(Group.faculty_id_done==2)).count()
            grr = Group.query.filter((Group.idea_id==idea_id)&(Group.faculty_id == session['id'])&(Group.faculty_id_done==3)).count()
            if gd == 1:
                return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users, gm=gm,
                                       comments=comments, error="This group has ben admin")
            else:
                if gr==1:
                    return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users, gm=gm,
                                           comments=comments, error="You have a pre-order request")
                elif gra==1:
                    return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users, gm=gm,
                                           comments=comments, error="Your request has been refusal")
                elif grr ==1:
                    return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users, gm=gm,
                                           comments=comments, error="Your request has been approved")
                elif gm == 0:
                    id_idea = Idea.query.filter_by(id=idea_id).first()
                    new_faculty = Group(idea_id=idea_id, faculty_id=session['id'], faculty_id_done=1,
                                        who_user_add=id_idea.who_user_add,
                                        created_at="{} {}".format(date_now, time_now))
                    db.session.add(new_faculty)
                    db.session.commit()
                    return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users, gm=gm,
                                           comments=comments, error="The request to join was sent successfully")
                else:
                    return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users,gm=gm,
                                           comments=comments, error="You have a pre-order request")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            gmc = Group_Member.query.filter_by(idea_id=idea_id).count()
            if gmc !=4:
                gm = Group_Member.query.filter((Group_Member.student_id==session['id'])).count()
                gma = Group_Member.query.filter((Group_Member.student_id==session['id'])
                                                &(Group_Member.idea_id==idea_id)&(Group_Member.student_id_done == 2)).count()
                gmr = Group_Member.query.filter((Group_Member.student_id == session['id'])
                                                & (Group_Member.idea_id == idea_id) & (
                                                            Group_Member.student_id_done == 3)).count()
                if gm == 0:
                    id_idea = Idea.query.filter_by(id=idea_id).first()
                    new_student = Group_Member(idea_id=idea_id, student_id=session['id'], student_id_done=1,who_user_add=id_idea.who_user_add,
                                               created_at="{} {}".format(date_now, time_now))
                    db.session.add(new_student)
                    db.session.commit()

                    return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users,gm=gm,
                                               comments=comments, error="The request to join was sent successfully")
                elif gma ==1:
                    return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users, gm=gm,
                                           comments=comments, error="Your request has been approved")
                elif gmr == 1:
                    return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users, gm=gm,
                                           comments=comments, error="Your request has been refusal")
                else:
                    return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users,gm=gm,
                                           comments=comments, error="You have a pre-order request")
            else:
                return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users,gm=gm,
                                   comments=comments, error="this group full")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route("/add_new_comment/<idea_id>/", methods=['POST'])
@login_required
def add_new_comment(idea_id):
    ideas = Idea.query.all()
    users = Users.query.all()
    comments = Comment.query.all()
    gm = Group_Member.query.all()
    gmm = Group_Member.query.filter(Group_Member.student_id != session['id']).all()
    form = LoginForm(request.form)
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            if len(request.form['comment']) == 0:
                return render_template("admin/ideas/ideas.html", error="Enter comment", form=form, year_now=year_now, admin=admin,gm=gm,gmm=gmm)
            else:
                new_idea = Comment(idea_id=idea_id,comment=name_ar_filter(request.form['comment']),
                                 created_at="{} {}".format(date_now, time_now), who_user_add=admin.id)

                db.session.add(new_idea)
                db.session.commit()
                return render_template("admin/ideas/ideas.html", admin=admin, ideas=ideas, users=users,gm=gm,gmm=gmm,
                                       comments=comments,error="Your comment has been successfully added")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "faculty" in session and "token_id" in session and "type" in session and "id" in session:
        faculty = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['faculty']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if faculty:
            if len(request.form['comment']) == 0:
                return render_template("faculty/ideas/ideas.html", error="Enter comment", form=form, year_now=year_now,gm=gm,gmm=gmmm, faculty=faculty)
            else:
                new_idea = Comment(idea_id=idea_id, comment=name_ar_filter(request.form['comment']),
                                   created_at="{} {}".format(date_now, time_now), who_user_add=faculty.id)

                db.session.add(new_idea)
                db.session.commit()
                return render_template("faculty/ideas/ideas.html", faculty=faculty, ideas=ideas, users=users,
                                       comments=comments, error="Your comment has been successfully added")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    elif "student" in session and "token_id" in session and "type" in session and "id" in session:
        student = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['student']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if student:
            if len(request.form['comment']) == 0:
                return render_template("student/ideas/ideas.html", error="Enter comment", form=form, year_now=year_now,gm=gm,gmm=gmm, student=student)
            else:
                new_idea = Comment(idea_id=idea_id, comment=name_ar_filter(request.form['comment']),
                                   created_at="{} {}".format(date_now, time_now), who_user_add=student.id)

                db.session.add(new_idea)
                db.session.commit()
                return render_template("student/ideas/ideas.html", student=student, ideas=ideas, users=users,gm=gm,gmm=gmm,
                                       comments=comments, error="Your comment has been successfully added")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route("/users_export", methods=['GET'])
@login_required
def users_export():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            query_sets = Users.query.all()
            column_names = ['id', 'name','username','email','created_at']
            return excel.make_response_from_query_sets(query_sets, column_names, "xls")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route("/idea_export", methods=['GET'])
@login_required
def idea_export():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            query_sets = Idea.query.all()
            column_names = ['id', 'title','description','created_at','who_user_add']
            return excel.make_response_from_query_sets(query_sets, column_names, "xls")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route("/comment_export", methods=['GET'])
@login_required
def comment_export():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            query_sets = Comment.query.all()
            column_names = ['id', 'idea_id','comment','created_at','who_user_add']
            return excel.make_response_from_query_sets(query_sets, column_names, "xls")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))


@app.route("/group_member_export", methods=['GET'])
@login_required
def group_member_export():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            query_sets = Group_Member.query.all()
            column_names = ['id', 'idea_id','student_id','created_at','who_user_add']
            return excel.make_response_from_query_sets(query_sets, column_names, "xls")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route("/group_export", methods=['GET'])
@login_required
def group_export():
    if "admin" in session and "token_id" in session and "type" in session and "id" in session:
        admin = Users.query.filter(
            (Users.token_id == session['token_id']) & (Users.username == session['admin']) &
            (Users.id == session['id']) & (Users.type == session['type'])).first()
        if admin:
            query_sets = Group.query.all()
            column_names = ['id', 'idea_id','faculty_id','created_at','who_user_add']
            return excel.make_response_from_query_sets(query_sets, column_names, "xls")
        else:
            logout_user()
            session.clear()
            return redirect(url_for("login"))
    else:
        logout_user()
        session.clear()
        return redirect(url_for("login"))

@app.route('/logout/',methods=['POST',"GET"])
@login_required
def logout():
    logout_user()
    session.clear()
    return redirect(url_for("login"))

if __name__ == '__main__':
    app.run(debug=True)