179 lines
5.4 KiB
Python
179 lines
5.4 KiB
Python
from flask import Flask, render_template, make_response, request, redirect, url_for, session, abort
|
|
from pprint import pprint
|
|
import mysql.connector
|
|
import configparser
|
|
import os.path
|
|
|
|
config = configparser.ConfigParser()
|
|
MOBILES = ["android", "iphone", "blackberry"]
|
|
|
|
try:
|
|
config.read(".config")
|
|
except Exception as E:
|
|
print(E)
|
|
|
|
def dbConnect():
|
|
mydb = mysql.connector.connect(
|
|
host="localhost",
|
|
user=config["mysql"]["Username"],
|
|
passwd=config["mysql"]["Password"],
|
|
database=config["mysql"]["Database"]
|
|
)
|
|
return mydb
|
|
|
|
|
|
def doesTableExist():
|
|
mydb = dbConnect()
|
|
mycursor = mydb.cursor()
|
|
mycursor.execute('''SHOW TABLES''')
|
|
tables = mycursor.fetchall()
|
|
if len(tables) == 0:
|
|
mycursor.execute('''CREATE TABLE SHOPLIST (id INT AUTO_INCREMENT PRIMARY KEY, item VARCHAR(255), gotten BOOLEAN, user_id INT, FOREIGN KEY (`user_id`) REFERENCES `USERS`(`id`)
|
|
ON DELETE CASCADE)''')
|
|
mycursor.execute('''CREATE TABLE USERS (id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(255), password VARCHAR(255), admin BOOLEAN)''')
|
|
mydb.close()
|
|
|
|
def runQuery(query, data=None):
|
|
mydb = dbConnect()
|
|
c = mydb.cursor()
|
|
if data is not None:
|
|
c.execute(query, data)
|
|
else:
|
|
c.execute(query)
|
|
if query.lower().startswith("select"):
|
|
ret = c.fetchall()
|
|
else:
|
|
ret = []
|
|
mydb.commit()
|
|
mydb.close()
|
|
return ret
|
|
|
|
def readFromDB():
|
|
# query = '''select * from SHOPLIST'''
|
|
query = '''select SHOPLIST.id, SHOPLIST.item, SHOPLIST.gotten, USERS.username from SHOPLIST inner join USERS on SHOPLIST.user_id = USERS.id'''
|
|
return runQuery(query)
|
|
|
|
def insertToDB(data):
|
|
query = f"INSERT INTO SHOPLIST (item, gotten, user_id) VALUES (%s, 0, %s)"
|
|
data = (data['item'], data['name'])
|
|
# print(query)
|
|
runQuery(query, data)
|
|
|
|
|
|
def deleteRow(rowID):
|
|
query = f"DELETE FROM SHOPLIST WHERE id = %s"
|
|
data = (rowID, )
|
|
runQuery(query, data)
|
|
|
|
def getItem(rowID):
|
|
query = f"UPDATE SHOPLIST set gotten = 1 where id = %s"
|
|
data = (rowID, )
|
|
runQuery(query, data)
|
|
|
|
def unGetItem(rowID):
|
|
query = f"UPDATE SHOPLIST set gotten = 0 where id = %s"
|
|
data = (rowID, )
|
|
runQuery(query, data)
|
|
|
|
def get_users(username=None):
|
|
if username == None:
|
|
#return all users
|
|
query = "select username, admin, id from USERS"
|
|
return runQuery(query)
|
|
query = f"select username, admin from USERS where username like %s"
|
|
data = (username, )
|
|
return runQuery(query, data)
|
|
|
|
def add_user(userData):
|
|
username = userData["username"]
|
|
password = userData["password"]
|
|
query = f"insert into USERS (username, password, admin) values (%s, md5(%s), False)"
|
|
data = (username, password)
|
|
runQuery(query, data)
|
|
|
|
def update_pass(user_id, newpass):
|
|
query = f"update USERS set password=md5(%s) where id=%s"
|
|
data = (newpass, user_id)
|
|
runQuery(query, data)
|
|
|
|
app = Flask(__name__)
|
|
app.config["DEBUG"] = True
|
|
app.secret_key = b'*$#@U9423jr92jioJKL_)_;dasfj()12'
|
|
|
|
@app.route('/')
|
|
def index():
|
|
if session.get('id') is None:
|
|
data = {"title":"Login"}
|
|
return render_template("auth.html", data=data)
|
|
|
|
query = readFromDB()
|
|
data = {"title": "Shopping List", "results": query, "username": session["username"]}
|
|
for device in MOBILES:
|
|
if device in request.user_agent.platform:
|
|
return render_template('mobile.html', data=data)
|
|
return render_template('index.html', data=data)
|
|
|
|
@app.route('/post', methods=['POST'])
|
|
def handle_data():
|
|
if "addValue" in request.form:
|
|
for x in request.form:
|
|
if request.form[x] == '':
|
|
return redirect(url_for('index'))
|
|
insertToDB({"item": request.form["item"], "name": session["id"]})
|
|
if "rem" in request.form:
|
|
deleteRow(request.form["rem"])
|
|
|
|
if "got" in request.form:
|
|
getItem(request.form["got"])
|
|
|
|
if "ungot" in request.form:
|
|
unGetItem(request.form["ungot"])
|
|
|
|
if "loginform" in request.form:
|
|
query = "select id, username, admin from USERS where username = %s and password = md5(%s)"
|
|
data = (request.form["username"].lower(), request.form["password"])
|
|
|
|
res = runQuery(query, data)
|
|
if len(res) != 0:
|
|
session["id"] = res[0][0]
|
|
session["username"] = res[0][1]
|
|
session["isAdmin"] = res[0][2]
|
|
|
|
if "newuser" in request.form:
|
|
#first check if the user exists
|
|
usrCheck = get_users(request.form["username"])
|
|
print(usrCheck)
|
|
if len(usrCheck) != 0:
|
|
return "Username Exists"
|
|
userData = {"username": request.form["username"], "password": request.form["password"]}
|
|
add_user(userData)
|
|
return redirect(url_for("admin"))
|
|
|
|
if "newpass" in request.form:
|
|
user_id = request.form['updatepass']
|
|
newpass = request.form['newpass']
|
|
update_pass(user_id, newpass)
|
|
return redirect(url_for("admin"))
|
|
|
|
if "logout" in request.form:
|
|
session.clear()
|
|
return redirect(url_for('index'))
|
|
|
|
@app.route("/admin")
|
|
def admin():
|
|
if session.get('id') is None:
|
|
data = {"title":"Login"}
|
|
return render_template("auth.html", data=data)
|
|
elif session.get('isAdmin') == 0:
|
|
return redirect(url_for("index"))
|
|
|
|
#get a list of users
|
|
userList = get_users()
|
|
data = {"users": userList}
|
|
|
|
return render_template("admin.html", data=data)
|
|
|
|
if __name__ == '__main__':
|
|
doesTableExist()
|
|
app.run(host="0.0.0.0")
|