Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from flask import Flask
- from flask import render_template, request, session, redirect, escape, url_for
- import MySQLdb
- import hashlib
- import os
- import uuid
- db = MySQLdb.connect(
- host = 'localhost',
- user = 'root',
- passwd = '',
- db = 'logowanie')
- cur = db.cursor()
- app = Flask(__name__)
- @app.route('/', methods=['GET', 'POST'])
- def index():
- if 'username' in session:
- return 'Zalogowany jako {}.'.format(escape(session['username']))
- return 'Nie jestes zalogowany'
- @app.route('/add', methods=['GET', 'POST'])
- def add():
- error = None
- success_add = None
- class ServerError(Exception): pass
- if 'username' in session:
- if request.method == "POST":
- if request.form["add"] == "dodaj":
- try:
- name_product = request.form['name']
- cur.execute('SELECT COUNT(1) FROM products WHERE name=%s', (name_product,))
- if cur.fetchone()[0]:
- raise ServerError ('Produkt juz istnieje')
- cost_product = request.form['cost']
- description_product = request.form['description']
- cur.execute('INSERT into products VALUES (NULL, %s, %s, %s, %s)', (name_product, cost_product, description_product, session['username']))
- db.commit()
- success_add = "Dodano produkt!"
- except ServerError as e:
- error = str(e)
- return render_template('add.html', error=error, success_add=success_add)
- else:
- return "Musisz byc zalogowany by dodac produkt!"
- @app.route('/products', methods=['GET', 'POST'])
- def products():
- cur.execute('SELECT * from products')
- data = cur.fetchall()
- return render_template('products.html', data=data)
- @app.route('/profile', methods=['GET', 'POST'])
- def profile():
- if 'username' in session:
- profile_name = session['username']
- cur.execute('SELECT * from products WHERE author=%s', (profile_name,))
- data = cur.fetchall()
- else:
- return 'Nie jestes zalogowany'
- return render_template('profile.html', profile_name=profile_name, data=data)
- @app.route('/newpassword', methods=['GET', 'POST'])
- def newpassword():
- error = None
- success = None
- class ServerError(Exception):pass
- if request.method=='POST':
- if request.form["changepass"]=="change password":
- try:
- old_pass=request.form['oldpass']
- cur.execute('SELECT salt FROM users WHERE nickname=%s', (session['username'],))
- salt_user = cur.fetchone()[0]
- cur.execute('SELECT password FROM users WHERE nickname=%s', (session['username'],))
- for row in cur.fetchall():
- if hashlib.sha512(old_pass.encode('utf-8')+salt_user.encode('utf-8')).hexdigest() == row[0]:
- new_pass = request.form['newpass']
- new_pass_again = request.form['newpassagain']
- if new_pass == new_pass_again:
- new_pass_hashed = hashlib.sha512(new_pass.encode('utf-8')+salt_user.encode('utf-8')).hexdigest()
- cur.execute('UPDATE users SET password=%s WHERE nickname=%s', (new_pass_hashed, session['username']))
- db.commit()
- success='Haslo zostalo zmienione!'
- raise ServerError('Nowe hasla nie pasuja')
- raise ServerError('Bledne stare haslo')
- except ServerError as e:
- error=str(e)
- return render_template('changepassword.html', error=error, success=success)
- @app.route('/login', methods=['GET', 'POST'])
- def login():
- error = None
- class ServerError(Exception):pass
- if request.method == 'POST':
- if request.form["action"] == "Log in":
- try:
- username_form = request.form['username']
- cur.execute('SELECT COUNT(1) FROM users WHERE nickname=%s', (username_form,))
- if not cur.fetchone()[0]:
- raise ServerError('Bledna nazwa uzytkownika')
- cur.execute('SELECT salt FROM users WHERE nickname=%s', (username_form,))
- salt_user = cur.fetchone()[0]
- password_form = request.form['password']
- cur.execute('SELECT password FROM users WHERE nickname=%s', (username_form,))
- for row in cur.fetchall():
- if hashlib.sha512(password_form.encode('utf-8') + salt_user.encode('utf-8')).hexdigest() == row[0]:
- session['username'] = request.form['username']
- return redirect(url_for('index'))
- raise ServerError('Bledne haslo')
- except ServerError as e:
- error=str(e)
- return render_template('login.html', error=error)
- @app.route('/register', methods=['GET', 'POST'])
- def register():
- error_register = None
- success_register = None
- class ServerError(Exception):pass
- if request.method == 'POST':
- if request.form["action"] == "Register":
- _username = request.form['username']
- _password = request.form['password']
- _email = request.form['email']
- try:
- cur.execute('SELECT COUNT(1) FROM users WHERE nickname=%s', (_username,))
- if cur.fetchone()[0]:
- raise ServerError('Nazwa uzytkownika zajeta')
- else:
- salt = uuid.uuid4().hex
- _hashpassword = hashlib.sha512(_password.encode('utf-8')+salt.encode('utf-8')).hexdigest()
- cur.execute('INSERT INTO users (id,nickname,password,salt,email) VALUES (NULL,%s,%s,%s,%s)', (_username, _hashpassword, salt, _email))
- db.commit()
- success_register = 'Zarejestrowales sie!'
- except ServerError as e:
- error_register = str(e)
- return render_template('register.html',error_register=error_register, success_register=success_register)
- @app.route('/logout')
- def logout():
- session.pop('username', None)
- return redirect(url_for('index'))
- if __name__ == "__main__":
- app.secret_key = 't4jn3Has3lko'
- app.run(debug=True)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement