benjamyn/shoplist2
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Items can only be removed by the requester

Browse Source
This commit is contained in:
Benjamyn Love 2020-01-29 14:10:27 +11:00
parent 58fa1d5b22
commit b98750e169
3 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
shop.py
View File

@ -71,7 +71,7 @@ def unGetItem(rowID):
def get_users(username=None): def get_users(username=None):
if username == None: if username == None:
#return all users #return all users
query = "select username, admin from USERS" query = "select username, admin, id from USERS"
return runQuery(query) return runQuery(query)
query = f"select username, admin from USERS where username like '{username}'" query = f"select username, admin from USERS where username like '{username}'"
return runQuery(query) return runQuery(query)
@ -82,6 +82,10 @@ def add_user(userData):
query = f"insert into USERS (username, password, admin) values ('{username}', md5('{password}'), False)" query = f"insert into USERS (username, password, admin) values ('{username}', md5('{password}'), False)"
runQuery(query) runQuery(query)
def update_pass(user_id, newpass):
query = f"update USERS set password=md5('{newpass}') where id={user_id}"
runQuery(query)
app = Flask(__name__) app = Flask(__name__)
app.config["DEBUG"] = True app.config["DEBUG"] = True
app.secret_key = b'*$#@U9423jr92jioJKL_)_;dasfj()12' app.secret_key = b'*$#@U9423jr92jioJKL_)_;dasfj()12'
@ -134,6 +138,12 @@ def handle_data():
add_user(userData) add_user(userData)
return redirect(url_for("admin")) return redirect(url_for("admin"))
if "newpass" in request.form:
user_id = request.form['updatepass']
newpass = request.form['newpass']
update_pass(user_id, newpass)
return redirect(url_for("admin"))
if "logout" in request.form: if "logout" in request.form:
session.clear() session.clear()
return redirect(url_for('index')) return redirect(url_for('index'))

4
templates/admin.html
View File

@ -8,7 +8,7 @@
<tr> <tr>
<th scope="col">Username</th> <th scope="col">Username</th>
<th scope="col">Admin</th> <th scope="col">Admin</th>
<th scope="col">Change Password</th> <th style="text-align: right" scope="col">Change Password</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -16,7 +16,7 @@
<tr scope="row"> <tr scope="row">
<td>{{x[0]}}</td> <td>{{x[0]}}</td>
<td>{% if x[1] == 1 %} Yes {% else %} No {% endif %}</td> <td>{% if x[1] == 1 %} Yes {% else %} No {% endif %}</td>
<td> Implement later </td> <td align="right"><form action="/post" method="POST"><input style="width: 70%; display: inline;" class="form-control" type="text" name="newpass" id="addbox"><button class="btn btn-secondary" type="submit" name="updatepass" value="{{x[2]}}"> Change Password </button></form></td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>

2
templates/list.html
View File

@ -21,8 +21,10 @@
{% endif %}</td> {% endif %}</td>
<td> <td>
<form> <form>
{% if data["username"] == x[3] %}
<button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="rem" <button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="rem"
value="{{x[0]}}">Remove</button> value="{{x[0]}}">Remove</button>
{% endif %}
</form> </form>
</td> </td>
</tr> </tr>