from flask import Flask, render_template, make_response, request, redirect, url_for, session, abort from pprint import pprint import mysql.connector import configparser import os.path config = configparser.ConfigParser() MOBILES = ["android", "iphone", "blackberry"] try: config.read(".config") except Exception as E: print(E) def dbConnect(): mydb = mysql.connector.connect( host="localhost", user=config["mysql"]["Username"], passwd=config["mysql"]["Password"], database=config["mysql"]["Database"] ) return mydb def doesTableExist(): mydb = dbConnect() mycursor = mydb.cursor() mycursor.execute('''SHOW TABLES''') tables = mycursor.fetchall() if len(tables) == 0: mycursor.execute('''CREATE TABLE SHOPLIST (id INT AUTO_INCREMENT PRIMARY KEY, item VARCHAR(255), gotten BOOLEAN, user_id INT, FOREIGN KEY (`user_id`) REFERENCES `USERS`(`id`) ON DELETE CASCADE)''') mycursor.execute('''CREATE TABLE USERS (id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(255), password VARCHAR(255))''') mydb.close() def runQuery(query): mydb = dbConnect() c = mydb.cursor() c.execute(query) if query.lower().startswith("select"): ret = c.fetchall() else: ret = [] mydb.commit() mydb.close() return ret def readFromDB(): # query = '''select * from SHOPLIST''' query = '''select SHOPLIST.id, SHOPLIST.item, SHOPLIST.gotten, USERS.username from SHOPLIST inner join USERS on SHOPLIST.user_id = USERS.id''' return runQuery(query) def insertToDB(data): query = f"INSERT INTO SHOPLIST (item, gotten, user_id) VALUES (\"{data['item']}\", 0, {data['name']})" # print(query) runQuery(query) def deleteRow(rowID): query = f"DELETE FROM SHOPLIST WHERE id = {rowID}" runQuery(query) def getItem(rowID): query = f"UPDATE SHOPLIST set gotten = 1 where id = {rowID}" runQuery(query) def unGetItem(rowID): query = f"UPDATE SHOPLIST set gotten = 0 where id = {rowID}" runQuery(query) def get_users(username=None): if username == None: #return all users query = "select username, admin, id from USERS" return runQuery(query) query = f"select username, admin from USERS where username like '{username}'" return runQuery(query) def add_user(userData): username = userData["username"] password = userData["password"] query = f"insert into USERS (username, password, admin) values ('{username}', md5('{password}'), False)" runQuery(query) def update_pass(user_id, newpass): query = f"update USERS set password=md5('{newpass}') where id={user_id}" runQuery(query) app = Flask(__name__) app.config["DEBUG"] = True app.secret_key = b'*$#@U9423jr92jioJKL_)_;dasfj()12' @app.route('/') def index(): if session.get('id') is None: data = {"title":"Login"} return render_template("auth.html", data=data) query = readFromDB() data = {"title": "Shopping List", "results": query, "username": session["username"]} for device in MOBILES: if device in request.user_agent.platform: return render_template('mobile.html', data=data) return render_template('index.html', data=data) @app.route('/post', methods=['POST']) def handle_data(): if "addValue" in request.form: for x in request.form: if request.form[x] == '': return redirect(url_for('index')) insertToDB({"item": request.form["item"], "name": session["id"]}) if "rem" in request.form: deleteRow(request.form["rem"]) if "got" in request.form: getItem(request.form["got"]) if "ungot" in request.form: unGetItem(request.form["ungot"]) if "loginform" in request.form: query = "select id, username, admin from USERS where username = '%s' and password = md5('%s')" % (request.form["username"].lower(), request.form["password"]) res = runQuery(query) if len(res) != 0: session["id"] = res[0][0] session["username"] = res[0][1] session["isAdmin"] = res[0][2] if "newuser" in request.form: #first check if the user exists usrCheck = get_users(request.form["username"]) print(usrCheck) if len(usrCheck) != 0: return "Username Exists" userData = {"username": request.form["username"], "password": request.form["password"]} add_user(userData) return redirect(url_for("admin")) if "newpass" in request.form: user_id = request.form['updatepass'] newpass = request.form['newpass'] update_pass(user_id, newpass) return redirect(url_for("admin")) if "logout" in request.form: session.clear() return redirect(url_for('index')) @app.route("/admin") def admin(): if session.get('id') is None: data = {"title":"Login"} return render_template("auth.html", data=data) elif session.get('isAdmin') == 0: return redirect(url_for("index")) #get a list of users userList = get_users() data = {"users": userList} return render_template("admin.html", data=data) if __name__ == '__main__': doesTableExist() app.run(host="0.0.0.0")