Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################################
- # author ben lawson <balawson@bu.edu>
- ######################################
- # Some code adapted from
- # CodeHandBook at http://codehandbook.org/python-web-application-development-using-flask-and-mysql/
- # and MaxCountryMan at https://github.com/maxcountryman/flask-login/
- # and Flask Offical Tutorial at http://flask.pocoo.org/docs/0.10/patterns/fileuploads/
- # see links for further understanding
- ###################################################
- import flask
- from flask import Flask, Response, request, render_template, redirect, url_for
- from flaskext.mysql import MySQL
- import flask.ext.login as flask_login
- #for image uploading
- from werkzeug import secure_filename
- import os, base64
- mysql = MySQL()
- app = Flask(__name__)
- app.secret_key = 'super secret string' # Change this!
- #These will need to be changed according to your creditionals
- app.config['MYSQL_DATABASE_USER'] = 'root'
- app.config['MYSQL_DATABASE_PASSWORD'] = ''
- app.config['MYSQL_DATABASE_DB'] = 'photoshare'
- app.config['MYSQL_DATABASE_HOST'] = 'localhost'
- mysql.init_app(app)
- #begin code used for login
- login_manager = flask_login.LoginManager()
- login_manager.init_app(app)
- conn = mysql.connect()
- cursor = conn.cursor()
- cursor.execute("SELECT email from Users")
- users = cursor.fetchall()
- def getUserList():
- cursor = conn.cursor()
- cursor.execute("SELECT email from Users")
- return cursor.fetchall()
- class User(flask_login.UserMixin):
- pass
- @login_manager.user_loader
- def user_loader(email):
- users = getUserList()
- if not(email) or email not in str(users):
- return
- user = User()
- user.id = email
- return user
- @login_manager.request_loader
- def request_loader(request):
- users = getUserList()
- email = request.form.get('email')
- if not(email) or email not in str(users):
- return
- user = User()
- user.id = email
- cursor = mysql.connect().cursor()
- cursor.execute("SELECT password FROM Users WHERE email = '{0}'".format(email))
- data = cursor.fetchall()
- pwd = str(data[0][0] )
- user.is_authenticated = request.form['password'] == pwd
- return user
- '''
- A new page looks like this:
- @app.route('new_page_name')
- def new_page_function():
- return new_page_html
- '''
- @app.route('/login', methods=['GET', 'POST'])
- def login():
- if flask.request.method == 'GET':
- return '''
- <form action='login' method='POST'>
- <input type='text' name='email' id='email' placeholder='email'></input>
- <input type='password' name='password' id='password' placeholder='password'></input>
- <input type='submit' name='submit'></input>
- </form></br>
- <a href='/'>Home</a>
- '''
- #The request method is POST (page is recieving data)
- email = flask.request.form['email']
- cursor = conn.cursor()
- #check if email is registered
- if cursor.execute("SELECT password FROM Users WHERE email = '{0}'".format(email)):
- data = cursor.fetchall()
- pwd = str(data[0][0] )
- if flask.request.form['password'] == pwd:
- user = User()
- user.id = email
- flask_login.login_user(user) #okay login in user
- return flask.redirect(flask.url_for('protected')) #protected is a function defined in this file
- #information did not match
- return "<a href='/login'>Try again</a>\
- </br><a href='/register'>or make an account</a>"
- @app.route('/logout')
- def logout():
- flask_login.logout_user()
- return render_template('hello.html', message='Logged out')
- @login_manager.unauthorized_handler
- def unauthorized_handler():
- return render_template('unauth.html')
- #you can specify specific methods (GET/POST) in function header instead of inside the functions as seen earlier
- @app.route("/register", methods=['GET'])
- def register():
- return render_template('register.html', supress='True')
- @app.route("/register", methods=['POST'])
- def register_user():
- try:
- email=request.form.get('email')
- password=request.form.get('password')
- except:
- print "couldn't find all tokens" #this prints to shell, end users will not see this (all print statements go to shell)
- return flask.redirect(flask.url_for('register'))
- cursor = conn.cursor()
- test = isEmailUnique(email)
- if test:
- print cursor.execute("INSERT INTO Users (email, password) VALUES ('{0}', '{1}')".format(email, password))
- conn.commit()
- #log user in
- user = User()
- user.id = email
- flask_login.login_user(user)
- return render_template('hello.html', name=email, message='Account Created!')
- else:
- print "couldn't find all tokens"
- return flask.redirect(flask.url_for('register'))
- def getUsersPhotos(uid):
- cursor = conn.cursor()
- cursor.execute("SELECT imgdata, picture_id FROM Pictures WHERE user_id = '{0}'".format(uid))
- return cursor.fetchall() #NOTE list of tuples, [(imgdata, pid), ...]
- def getUserIdFromEmail(email):
- cursor = conn.cursor()
- cursor.execute("SELECT user_id FROM Users WHERE email = '{0}'".format(email))
- return cursor.fetchone()[0]
- def isEmailUnique(email):
- #use this to check if a email has already been registered
- cursor = conn.cursor()
- if cursor.execute("SELECT email FROM Users WHERE email = '{0}'".format(email)):
- #this means there are greater than zero entries with that email
- return False
- else:
- return True
- #end login code
- @app.route('/profile')
- @flask_login.login_required
- def protected():
- return render_template('hello.html', name=flask_login.current_user.id, message="Here's your profile")
- #begin photo uploading code
- # photos uploaded using base64 encoding so they can be directly embeded in HTML
- ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'gif'])
- def allowed_file(filename):
- return '.' in filename and filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS
- @app.route('/upload', methods=['GET', 'POST'])
- @flask_login.login_required
- def upload_file():
- if request.method == 'POST':
- uid = getUserIdFromEmail(flask_login.current_user.id)
- imgfile = request.files['file']
- photo_data = base64.standard_b64encode(imgfile.read())
- cursor = conn.cursor()
- cursor.execute("INSERT INTO Pictures (imgdata, user_id) VALUES ('{0}', '{1}' )".format(photo_data,uid))
- conn.commit()
- return render_template('hello.html', name=flask_login.current_user.id, message='Photo uploaded!', photos=getUsersPhotos(uid) )
- #The method is GET so we return a HTML form to upload the a photo.
- return '''
- <!doctype html>
- <title>Upload new Picture</title>
- <h1>Upload new Picture</h1>
- <form action="" method=post enctype=multipart/form-data>
- <p><input type=file name=file>
- <input type=submit value=Upload>
- </form></br>
- <a href='/'>Home</a>
- '''
- #end photo uploading code
- #default page
- @app.route("/", methods=['GET'])
- def hello():
- return render_template('hello.html', message='Welecome to Photoshare')
- if __name__ == "__main__":
- #this is invoked when in the shell you run
- #$ python app.py
- app.run(port=5000, debug=True)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement