API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 8th, 2018
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.48 KB | None | 0 0
raw download clone embed print report
  1. import sqlite3
  2. import os, base64
  3.  
  4. from flask import render_template, request, session, redirect, url_for, g, flash, abort
  5.  
  6. import flask_bcrypt as Bcrypt
  7.  
  8. from .forms import LoginForm, SignUpForm
  9.  
  10. from .dbhelper import DBHelper
  11.  
  12. from .passwdbuilder import PassBuilder
  13.  
  14. DB = DBHelper()
  15. PB = PassBuilder()
  16.  
  17. from storeapp import app
  18.  
  19. app.config.update(dict(
  20. DATABASE=os.path.join(app.root_path, 'store.db'),
  21. SECRET_KEY='vqE/O0iNhARuC1e6c9AM9mg0C2DLUGkHfrZDwN3/qgHJFdYP14TRmIuZngPrrwKVd1KcD+KfyEkh/yxxkPyi5nhlyk8OF32wC6HM',
  22. USERNAME='admin',
  23. PASSWORD='default'
  24. ))
  25. app.config.from_envvar('STOREAPP_SETTINGS', silent=True)
  26.  
  27. def connect_db():
  28. #connects to the db
  29. rv = sqlite3.connect(app.config['DATABASE'])
  30. rv.row_factory = sqlite3.Row
  31. return rv
  32.  
  33. def init_db():
  34. db = get_db()
  35. with app.open_resource('schema.sql', mode='r') as f:
  36. db.cursor().executescript(f.read())
  37. db.commit()
  38.  
  39. @app.cli.command('initdb')
  40. def initdb_command():
  41. #inits the db
  42. init_db()
  43. print('Initialized the database')
  44.  
  45.  
  46. def get_db():
  47. #Opens a new DB connection if there is none for the app
  48. if not hasattr(g, 'sqlite_db'):
  49. g.sqlite_db=connect_db()
  50. return g.sqlite_db
  51.  
  52. @app.teardown_appcontext
  53. def close_db(error):
  54. #closes the db at end of request
  55. if hasattr(g, 'sqlite_db'):
  56. g.sqlite_db.close()
  57.  
  58.  
  59.  
  60.  
  61. @app.route('/')
  62. def index():
  63. db = get_db()
  64. cur = db.execute('select title, author from books order by id desc')
  65. books = cur.fetchall()
  66.  
  67. return render_template('index.html', books=books)
  68.  
  69.  
  70. @app.route('/signup', methods=['GET', 'POST'])
  71. def signup():
  72.  
  73. db = get_db()
  74.  
  75. cur = db.cursor()
  76.  
  77. form = SignUpForm()
  78. if request.method == 'POST':
  79. if form.validate_on_submit():
  80. username = request.form.get("username")
  81. email = request.form.get("email")
  82. password1 = request.form.get("password1")
  83. password2 = request.form.get("password2")
  84.  
  85.  
  86. if password1 != password2:
  87. flash('Sorry your passwords must match, please try again')
  88. return redirect(url_for('signup'))
  89.  
  90.  
  91.  
  92. salt = PB.SaltBuilder()
  93. print(salt)
  94.  
  95. hashed_pw = PB.HashBuilder(password1) + salt
  96. print(hashed_pw)
  97.  
  98. try:
  99.  
  100. db.execute('insert into users (username, email, password) values (?, ?, ?)',
  101. [username, email, hashed_pw])
  102.  
  103. db.commit()
  104.  
  105. flash('Thanks for registering')
  106.  
  107. return redirect(url_for('index'))
  108.  
  109. except sqlite3.IntegrityError:
  110. flash('Username already taken')
  111.  
  112.  
  113. return render_template('signup.html', form=form)
  114.  
  115.  
  116.  
  117.  
  118. @app.route('/login', methods=('GET', 'POST'))
  119. def login():
  120.  
  121. form = LoginForm(request.form)
  122. if request.method == 'POST':
  123. username = request.form.get("username")
  124. password = request.form.get("password")
  125. completion = validate(username, password)
  126. if completion == False:
  127. flash('Invalid login, please try again. Are you registered?')
  128. else:
  129. return redirect(url_for('members'))
  130. return render_template('login.html', form=form)
  131.  
  132. def validate(username, password):
  133. print('Inside validate')
  134. db = get_db()
  135. completion = False
  136. with db:
  137. cur = db.cursor()
  138. cur.execute('SELECT * FROM users')
  139. rows = cur.fetchall()
  140. for row in rows:
  141. dbUser = row[1]
  142. print(dbUser)
  143. dbPass = row[3]
  144. print(dbPass)
  145. if dbUser==username:
  146. if Bcrypt.check_password_hash(dbPass, password) == True:
  147. completion == True
  148. else:
  149. flash('Invalid login!')
  150. return completion
  151.  
  152.  
  153.  
  154. @app.route('/logout')
  155. def logout():
  156. session.pop('logged_in', None)
  157. flash('You were logged out')
  158. return redirect(url_for('index'))
  159.  
  160. @app.route('/members')
  161. def members():
  162.  
  163. if not session.get('logged_in'):
  164. abort(401)
  165.  
  166. return render_template('members.html')
  167.  
  168. @app.route('/books')
  169. def books():
  170.  
  171. db = get_db()
  172. cur = db.execute('select title, author, category from books order by id desc')
  173. books = cur.fetchall()
  174.  
  175.  
  176. return render_template('books.html', books=books)
  177.  
  178. @app.route('/add', methods=['GET','POST'])
  179. def addbook():
  180. if not session.get('logged_in'):
  181. abort(401)
  182. db = get_db()
  183. db.execute('insert into books (title, author, category) values (?, ?, ?)',
  184. [request.form['title'], request.form['author'], request.form['category']])
  185.  
  186. db.commit()
  187. flash('New book added!')
  188. return redirect(url_for('books'))
  189.  
  190. @app.route('/users')
  191. def showusers():
  192. #if not session.get('logged_in'):
  193. #abort(401)
  194. db = get_db()
  195. cur = db.execute('select username from users order by id desc')
  196. members = cur.fetchall()
  197.  
  198. return render_template('users.html', members=members)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!