benjamyn/shoplist2
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge branch 'adminpage' into 'master'

Browse Source 
Added in a admin page and auth checks

See merge request benjamyn/shoplist2!1
This commit is contained in:
Benjamyn Love 2020-01-29 11:56:55 +11:00
commit 30cc797ba1
5 changed files with 168 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
shop.py
View File

@ -1,4 +1,4 @@
from flask import Flask, render_template, make_response, request, redirect, url_for, session from flask import Flask, render_template, make_response, request, redirect, url_for, session, abort
from pprint import pprint from pprint import pprint
import mysql.connector import mysql.connector
import configparser import configparser
@ -37,7 +37,7 @@ def runQuery(query):
mydb = dbConnect() mydb = dbConnect()
c = mydb.cursor() c = mydb.cursor()
c.execute(query) c.execute(query)
if "select" in query.lower(): if query.lower().startswith("select"):
ret = c.fetchall() ret = c.fetchall()
else: else:
ret = [] ret = []
@ -66,7 +66,20 @@ def getItem(rowID):
def unGetItem(rowID): def unGetItem(rowID):
query = f"UPDATE SHOPLIST set gotten = 0 where id = {rowID}" query = f"UPDATE SHOPLIST set gotten = 0 where id = {rowID}"
runQuery(query)
def get_users(username=None):
if username == None:
#return all users
query = "select username, admin from USERS"
return runQuery(query)
query = f"select username, admin from USERS where username like '{username}'"
return runQuery(query)
def add_user(userData):
username = userData["username"]
password = userData["password"]
query = f"insert into USERS (username, password, admin) values ('{username}', md5('{password}'), False)"
runQuery(query) runQuery(query)
app = Flask(__name__) app = Flask(__name__)
@ -80,7 +93,7 @@ def index():
return render_template("auth.html", data=data) return render_template("auth.html", data=data)
query = readFromDB() query = readFromDB()
data = {"title":"Shopping List", "results":query} data = {"title": "Shopping List", "results": query, "username": session["username"]}
for device in MOBILES: for device in MOBILES:
if device in request.user_agent.platform: if device in request.user_agent.platform:
return render_template('mobile.html', data=data) return render_template('mobile.html', data=data)
@ -103,17 +116,42 @@ def handle_data():
unGetItem(request.form["ungot"]) unGetItem(request.form["ungot"])
if "loginform" in request.form: if "loginform" in request.form:
query = "select id, username from USERS where username = '%s' and password = md5('%s')" % (request.form["username"].lower(), request.form["password"]) query = "select id, username, admin from USERS where username = '%s' and password = md5('%s')" % (request.form["username"].lower(), request.form["password"])
res = runQuery(query) res = runQuery(query)
if len(res) != 0: if len(res) != 0:
session["id"] = res[0][0] session["id"] = res[0][0]
session["username"] = res[0][1] session["username"] = res[0][1]
session["isAdmin"] = res[0][2]
if "newuser" in request.form:
#first check if the user exists
usrCheck = get_users(request.form["username"])
print(usrCheck)
if len(usrCheck) != 0:
return "Username Exists"
userData = {"username": request.form["username"], "password": request.form["password"]}
add_user(userData)
return redirect(url_for("admin"))
if "logout" in request.form: if "logout" in request.form:
session.clear() session.clear()
return redirect(url_for('index')) return redirect(url_for('index'))
@app.route("/admin")
def admin():
if session.get('id') is None:
data = {"title":"Login"}
return render_template("auth.html", data=data)
elif session.get('isAdmin') == 0:
return redirect(url_for("index"))
#get a list of users
userList = get_users()
data = {"users": userList}
return render_template("admin.html", data=data)
if __name__ == '__main__': if __name__ == '__main__':
doesTableExist() doesTableExist()
app.run(host="0.0.0.0") app.run(host="0.0.0.0")

1
static/css/main.css
View File

@ -37,5 +37,6 @@ aside {
body { body {
background-color: #2a2a2a; background-color: #2a2a2a;
color: azure;
} }

61
templates/admin.html Normal file
View File

@ -0,0 +1,61 @@
{% include "header.html" %}
<body>
<h1 class="text-center">LIST USERS</h1>
<div class="container">
<table class="table table-striped table-dark table-hover">
<thead>
<tr>
<th scope="col">Username</th>
<th scope="col">Admin</th>
<th scope="col">Change Password</th>
</tr>
</thead>
<tbody>
{% for x in data["users"] %}
<tr scope="row">
<td>{{x[0]}}</td>
<td>{% if x[1] == 1 %} Yes {% else %} No {% endif %}</td>
<td> Implement later </td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<hr>
<h1 class="text-center">ADD NEW USERS</h1>
<div class="container">
<form class="loginform" action="/post" method="POST">
<div class="form-group row">
<label for="addbox" class="col-sm-2 col-form-label" >Username</label>
<div class="col-sm-10">
<input type=text class="form-control" id="addbox" type="text" name="username" />
</div>
</div>
<div class="form-group row">
<label for="addbox" class="col-sm-2 col-form-label" >Password</label>
<div class="col-sm-10">
<input class="form-control" id="addbox" type="password" name="password"/>
</div>
<div class="form-group" style="padding-top: 10px; padding-left: 10px;">
<input class="btn btn-secondary" id="logbtn" type="submit" name="newuser" value="Create new account" />
</div>
</div>
</form>
<div id="logout" style="padding-top: 3px;">
<a href="/">
<button onclick="window.location='admin'" class="btn btn-secondary"><i style="padding-top: 3px;"
class="material-icons">
home
</i></button></a>
</div>
</div>
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<!-- Popper JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
</body>
</html>

58
templates/index.html
View File

@ -1,29 +1,39 @@
{% include "header.html" %} {% include "header.html" %}
<body>
<h1 class="container" style="text-align: center">{{ data["title"] }}</h1> <body>
<!-- <aside> --> <h1 class="container" style="text-align: center">{{ data["title"] }}, {{data["username"].title()}}</h1>
<div id="addForm"> <!-- <aside> -->
{% include "addForm.html" %} <div id="addForm">
{% include "addForm.html" %}
</div>
</div>
<!-- </aside> -->
<div class="container">
{% include "list.html" %}
</div>
<div id="logout">
<form action="/post" method="POST">
<button type="submit" name="logout" class="btn btn-secondary"><i style="padding-top: 3px;"
class="material-icons">
exit_to_app
</i></button>
</form>
<div style="padding-top: 3px;">
<a href="admin">
<button onclick="window.location='admin'" class="btn btn-secondary"><i style="padding-top: 3px;"
class="material-icons">
vpn_key
</i></button></a>
</div> </div>
</div> </div>
<!-- </aside> --> <!-- jQuery library -->
<div class="container" > <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
{% include "list.html" %}
</div>
<div id="logout">
<form action="/post" method="POST">
<button type="submit" name="logout" class="btn btn-secondary"><i style="padding-top: 3px;" class="material-icons">
exit_to_app
</i></button>
</form>
</div>
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<!-- Popper JS --> <!-- Popper JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<!-- Latest compiled JavaScript --> <!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
</body> </body>
</html>
</html>

54
templates/list.html
View File

@ -1,27 +1,31 @@
<table class="table table-striped table-dark table-hover"> <table class="table table-striped table-dark table-hover">
<thead class=""> <thead class="">
<tr> <tr>
<th scope="col">Item</th> <th scope="col">Item</th>
<th scope="col">Requester</th> <th scope="col">Requester</th>
<th scope="col">Gottem?</th> <th scope="col">Gottem?</th>
<th scope="col">Remove</th> <th scope="col">Remove</th>
</tr> </tr>
{% for x in data["results"] %} </thead>
<tbody> <tbody>
<tr scope="row" id="row-{{x[0]}}"> {% for x in data["results"] %}
<td>{{x[1]}}</td> <tr scope="row" id="row-{{x[0]}}">
<td>{{x[3].title()}}</td> <td>{{x[1]}}</td>
<td>{{x[3].title()}}</td>
<td> {% if x[2] == 0 %} <td> {% if x[2] == 0 %}
<form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="got" value="{{x[0]}}">No</button></form> <form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="got"
{% else %} value="{{x[0]}}">No</button></form>
<form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="ungot" value="{{x[0]}}">Yes</button></form> {% else %}
{% endif %}</td> <form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="ungot"
<td><form> value="{{x[0]}}">Yes</button></form>
<button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="rem" value="{{x[0]}}">Remove</button> {% endif %}</td>
</form> <td>
</td> <form>
</tr> <button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="rem"
{% endfor %} value="{{x[0]}}">Remove</button>
</tbody> </form>
</td>
</tr>
{% endfor %}
</tbody>
</table> </table>