from flask import Flaskfrom flask import render_template, request, session, re

1. from flask import Flask
2. from flask import render_template, request, session, redirect, escape, url_for
3. import MySQLdb
4. import hashlib
5. import os
6. import uuid
7.  
8. db = MySQLdb.connect(
9. host = 'localhost',
10. user = 'root',
11. passwd = '',
12. db = 'logowanie')
13.  
14. cur = db.cursor()
15.  
16. app = Flask(__name__)
17.  
18. @app.route('/', methods=['GET', 'POST'])
19. def index():
20. if 'username' in session:
21. return 'Zalogowany jako {}.'.format(escape(session['username']))
22. return 'Nie jestes zalogowany'
23.  
24. @app.route('/add', methods=['GET', 'POST'])
25. def add():
26. error = None
27. success_add = None
28. class ServerError(Exception): pass
29. if 'username' in session:
30. if request.method == "POST":
31. if request.form["add"] == "dodaj":
32. try:
33. name_product = request.form['name']
34. cur.execute('SELECT COUNT(1) FROM products WHERE name=%s', (name_product,))
35.  
36. if cur.fetchone()[0]:
37. raise ServerError ('Produkt juz istnieje')
38.  
39. cost_product = request.form['cost']
40. description_product = request.form['description']
41. cur.execute('INSERT into products VALUES (NULL, %s, %s, %s, %s)', (name_product, cost_product, description_product, session['username']))
42. db.commit()
43. success_add = "Dodano produkt!"
44. except ServerError as e:
45. error = str(e)
46. return render_template('add.html', error=error, success_add=success_add)
47. else:
48. return "Musisz byc zalogowany by dodac produkt!"
49.  
50. @app.route('/products', methods=['GET', 'POST'])
51. def products():
52. cur.execute('SELECT * from products')
53. data = cur.fetchall()
54. return render_template('products.html', data=data)
55.  
56. @app.route('/profile', methods=['GET', 'POST'])
57. def profile():
58. if 'username' in session:
59. profile_name = session['username']
60. cur.execute('SELECT * from products WHERE author=%s', (profile_name,))
61. data = cur.fetchall()
62. else:
63. return 'Nie jestes zalogowany'
64. return render_template('profile.html', profile_name=profile_name, data=data)
65. @app.route('/newpassword', methods=['GET', 'POST'])
66. def newpassword():
67. error = None
68. success = None
69. class ServerError(Exception):pass
70. if request.method=='POST':
71. if request.form["changepass"]=="change password":
72. try:
73. old_pass=request.form['oldpass']
74. cur.execute('SELECT salt FROM users WHERE nickname=%s', (session['username'],))
75. salt_user = cur.fetchone()[0]
76. cur.execute('SELECT password FROM users WHERE nickname=%s', (session['username'],))
77.  
78. for row in cur.fetchall():
79. if hashlib.sha512(old_pass.encode('utf-8')+salt_user.encode('utf-8')).hexdigest() == row[0]:
80. new_pass = request.form['newpass']
81. new_pass_again = request.form['newpassagain']
82. if new_pass == new_pass_again:
83. new_pass_hashed = hashlib.sha512(new_pass.encode('utf-8')+salt_user.encode('utf-8')).hexdigest()
84. cur.execute('UPDATE users SET password=%s WHERE nickname=%s', (new_pass_hashed, session['username']))
85. db.commit()
86. success='Haslo zostalo zmienione!'
87. raise ServerError('Nowe hasla nie pasuja')
88. raise ServerError('Bledne stare haslo')
89. except ServerError as e:
90. error=str(e)
91. return render_template('changepassword.html', error=error, success=success)
92. @app.route('/login', methods=['GET', 'POST'])
93. def login():
94. error = None
95. class ServerError(Exception):pass
96. if request.method == 'POST':
97. if request.form["action"] == "Log in":
98. try:
99. username_form = request.form['username']
100. cur.execute('SELECT COUNT(1) FROM users WHERE nickname=%s', (username_form,))
101. if not cur.fetchone()[0]:
102. raise ServerError('Bledna nazwa uzytkownika')
103.  
104. cur.execute('SELECT salt FROM users WHERE nickname=%s', (username_form,))
105. salt_user = cur.fetchone()[0]
106. password_form = request.form['password']
107. cur.execute('SELECT password FROM users WHERE nickname=%s', (username_form,))
108.  
109. for row in cur.fetchall():
110. if hashlib.sha512(password_form.encode('utf-8') + salt_user.encode('utf-8')).hexdigest() == row[0]:
111. session['username'] = request.form['username']
112. return redirect(url_for('index'))
113.  
114. raise ServerError('Bledne haslo')
115. except ServerError as e:
116. error=str(e)
117. return render_template('login.html', error=error)
118.  
119. @app.route('/register', methods=['GET', 'POST'])
120. def register():
121. error_register = None
122. success_register = None
123. class ServerError(Exception):pass
124. if request.method == 'POST':
125. if request.form["action"] == "Register":
126. _username = request.form['username']
127. _password = request.form['password']
128. _email = request.form['email']
129.  
130. try:
131. cur.execute('SELECT COUNT(1) FROM users WHERE nickname=%s', (_username,))
132.  
133. if cur.fetchone()[0]:
134. raise ServerError('Nazwa uzytkownika zajeta')
135.  
136. else:
137. salt = uuid.uuid4().hex
138. _hashpassword = hashlib.sha512(_password.encode('utf-8')+salt.encode('utf-8')).hexdigest()
139. cur.execute('INSERT INTO users (id,nickname,password,salt,email) VALUES (NULL,%s,%s,%s,%s)', (_username, _hashpassword, salt, _email))
140. db.commit()
141. success_register = 'Zarejestrowales sie!'
142.  
143. except ServerError as e:
144. error_register = str(e)
145.  
146. return render_template('register.html',error_register=error_register, success_register=success_register)
147.  
148. @app.route('/logout')
149. def logout():
150. session.pop('username', None)
151. return redirect(url_for('index'))
152.  
153. if __name__ == "__main__":
154. app.secret_key = 't4jn3Has3lko'
155. app.run(debug=True)