# -*- coding: utf-8 -*-"""Created on Thu Jan 26 16:30:19 2017Consists of

1. # -*- coding: utf-8 -*-
2. """
3. Created on Thu Jan 26 16:30:19 2017
4.  
5. Consists of following functions:
6.  
7. postScore          @ /postScore/
8. getImage           @ /getImage/
9. createUser         @ /createUser/
10. userLogin          @ /userLogin/
11. changeUserPassword @ /changeUserPassword/
12.  
13. @author: nja
14. """
15. import pyodbc
16. from flask import Flask
17. from flask import request
18.  
19.  
20. connection = pyodbc.connect('Driver={ODBC Driver 13 for SQL Server};'
21.                                'Server=tcp:nja-training.database.windows.net,1433;'
22.                                'Database=RateMe;Uid=nja-admin@nja-training;'
23.                                'Pwd={Porsche911};'
24.                                'Encrypt=yes;'
25.                                'TrustServerCertificate=no;'
26.                                'Connection Timeout=30;')
27.                                
28. cursor = connection.cursor()
29.  
30. app = Flask(__name__)
31. ##########################################################################
32. #                            for testing                                 #
33. #                                                                        #
34. #http://127.0.0.1:5000/postScore/?score=9&candidateId=10.jpg&userName=ali#
35. ##########################################################################
36. '''
37. Posts new image score for given user
38. '''
39. @app.route('/postScore/')
40. def postScore():  
41.     score = request.args.get('score')
42.     candidateId = request.args.get('candidateId')
43.     userName = request.args.get('userName')
44.    
45.     cursor.execute(
46.     """
47.    select Id
48.    from [dbo].[Users]
49.    where UserName = ?
50.    """, userName)
51.    
52.     ID = cursor.fetchall()[0][0]
53.  
54.     cursor.execute(
55.         """
56.        INSERT INTO [dbo].[Scores]
57.        (UserId, CandidateId, Score)
58.        values
59.        (?,?,?)
60.        """, ID, candidateId, score)
61.     cursor.commit()
62.  
63.     return "Success posting score"
64.    
65. ##########################################################################
66. #                            for testing                                 #
67. #                                                                        #
68. #            http://127.0.0.1:5000/getImage/?&userName=ali               #
69. ##########################################################################
70. '''
71. Returns an image and removes it from the database
72. '''
73. @app.route('/getImage/')
74. def getImage():
75.     userName = request.args.get('userName')
76.            
77.     cursor.execute(
78.         """
79.        WITH alreadyRated AS
80.        (
81.        SELECT Scores.UserId, Scores.CandidateId,Scores.Score, Users.UserName
82.        FROM Scores
83.        INNER JOIN Users
84.        ON Scores.userId = users.Id
85.        WHERE UserName = ?
86.        )
87.        SELECT TOP 1 url
88.        FROM candidates
89.        LEFT OUTER JOIN alreadyRated
90.        ON alreadyRated.CandidateId = candidates.URL
91.        WHERE UserID IS NULL
92.        ORDER BY NEWID()
93.        """, userName)
94.        
95.     image = cursor.fetchall()[0][0]
96.        
97.     return image
98.    
99.  
100. ##########################################################################
101. #                            for testing                                 #
102. #                                                                        #
103. #    http://127.0.0.1:5000/createUser/?userName=mathias&password=1234    #
104. ##########################################################################
105. '''
106. Creates a user
107. '''
108. @app.route('/createUser/')
109. def createUser():
110.     #Getting user name and password from http request.
111.     userName = request.args.get('userName')
112.     password = request.args.get('password')
113.    
114.     #Checking if user exists
115.     cursor.execute(
116.     """
117.    select count(1)
118.    from [dbo].[Users]
119.    where UserName = ?
120.    """, userName)
121.    
122.     row = cursor.fetchall()[0][0]
123.    
124.     if row == 0:
125.         #creating user
126.         cursor.execute("INSERT INTO [dbo].[Users](UserName, UserPassword) values (?, ?)", userName, password)
127.         cursor.commit()
128.            
129.         return 'Success creating user'
130.     else:
131.         return 'User already exists'
132.        
133. ##########################################################################
134. #                            for testing                                 #
135. #                                                                        #
136. #    http://127.0.0.1:5000/userLogin/?userName=nicolai&password=1234     #
137. ##########################################################################
138. '''
139. Logs in a user
140. '''
141. @app.route('/userLogin/')
142. def userLogin():
143.     #Getting user name and password from http request.
144.     userName = request.args.get('userName')
145.     password = request.args.get('password')
146.    
147.     #Checking if user exists
148.     cursor.execute(
149.     """
150.    select UserPassword
151.    from [dbo].[Users]
152.    where UserName = ?
153.    """, userName)
154.    
155.     response = cursor.fetchall()
156.    
157.     #check if no response
158.     if len(response) == 0:
159.         return "No user found"
160.        
161.     dbPassword = response[0][0]
162.    
163.     #check if password is correct
164.     if dbPassword == password:
165.         return "Success. Logged in"
166.     else:
167.         return "Error. Wrong password"
168.  
169. ####################################################################################
170. #                            for testing                                           #
171. #                                                                                  #
172. #http://127.0.0.1:5000/changeUserPassword/?userName=n&password=1&newPassword=1     #
173. ####################################################################################    
174. '''
175. Change user password
176. '''
177. @app.route('/changeUserPassword/')
178. def changeUserPassword():
179.     #Getting user name and password from http request.
180.     userName = request.args.get('userName')
181.     password = request.args.get('password')
182.     newPassword = request.args.get('newPassword')
183.    
184.     #Checking if user exists
185.     cursor.execute(
186.     """
187.    select UserPassword
188.    from [dbo].[Users]
189.    where UserName = ?
190.    """, userName)
191.        
192.     dbPassword = cursor.fetchall()[0][0]
193.  
194.     #check if password is correct
195.     if dbPassword == password:
196.        
197.         cursor.execute(
198.             """
199.            UPDATE [dbo].[Users]
200.            SET UserPassword=?
201.            WHERE UserName=?;
202.            """, newPassword, userName)
203.         cursor.commit()
204.        
205.         return "Success. Password Changed"
206.     else:
207.         return "Error. Wrong password"
208.  
209. '''
210. test connection
211. '''
212. @app.route('/test/')
213. def test():
214.     return "Hello World"
215.  
216. if __name__ == "__main__":
217.     app.run(host='0.0.0.0')