Commits

Fran Peruzzi  committed 0c3f877 Draft

Some basic login/logout code and some more todo notes

  • Participants
  • Parent commits f66950a

Comments (0)

Files changed (6)

 import sqlite3
-from flask import Flask, g, render_template, request, flash, redirect, url_for
+from werkzeug.security import generate_password_hash, check_password_hash
+from flask import (Flask, g, render_template, request, flash, redirect,
+                   url_for, session)
 
 # configuration
 DATABASE = './nicelist.db'
 def index():
     # if the user is logged in, it will take them directly to their page,
     # otherwise, it will take theme to the intro page
-    return render_template('index.html')
+    if 'logged_in' in session and session['logged_in']:
+        return user_homepage()
+    return render_template('intro.html')
 
 
 def user_homepage():
     return render_template('user_homepage.html')
 
 
-def intro():
-    # this is the front page of the site if you are not logged in when you get
-    # to the site
-    return render_template('intro.html')
-
-
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     # login page
-    # TODO: initialize the form
-    error = None
-    return render_template('login.html', error=error)
+    if request.method == 'POST':
+        # we'll take the username or email for logging in
+        sql = '''SELECT id, name, pw_hash, email
+                 FROM PERSON
+                 WHERE name=? or email=?'''
+        data = g.db.execute(sql, (request.form['name'], request.form['name']))
+        data = data.fetchone()
+        if data is not None:
+            valid_pw = check_password_hash(data[2], request.form['password'])
+            if valid_pw:
+                session['logged_in'] = True
+                session['person_id'] = data[0]
+                session['person_name'] = data[1]
+                session['person_email'] = data[3]
+                return redirect(url_for('index'))
+            else:
+                flash('Invalid Password.')
+        else:
+            flash('Invalid Name.')
+    return render_template('login.html')
 
 
 @app.route('/logout')
 def logout():
-    # log out
-    # TODO: log the user out and destroy the session
+    session_keys = [key for key in session]
+    for k in session_keys:
+        session.pop(k, None)
+    flash('Successfully logged out.')
     return redirect(url_for('index'))
 
 
 @app.route('/sign_up', methods=['GET', 'POST'])
 def sign_up():
     # sign up page
-    # TODO: initialize the form object
-    error = None
+    errors = None
     if request.methd == 'POST':
         # TODO: process the entry values and redirect to the user_homepage
-        # if there are no errors
-        flash('You were logged in successfully')
-        return redirect(url_for('user_homepage'))
-    return render_template('login.html', error=error)
+        # make sure the email is not registered already
+        # make sure the email verification matches
+        # make sure the password is not null
+        # make sure the password verification matches
+        # if the user provides a name, make sure it is valid
+        # generate the password hash
+        # insert the record into the database
+        if errors is None:
+            flash('Your account has been created. Please log in.')
+            return redirect(url_for('login'))
+    return render_template('sign_up.html', errors=errors)
 
 
 @app.route('/settings', method=['GET', 'POST'])
     return render_template('settings.html', error=error)
 
 
-@app.route('/<user_id>')
+@app.route('/user/<int:user_id>')
 def user_page(user_id):
     # this is the page when you go to someone else's list
     # TODO: get the information for the page from the database
 
 # TODO: need to create API functions to change settings
 
+# TODO: need a method of resetting forgotten passwords
+
 if __name__ == '__main__':
     app.run()
 DROP TABLE IF EXISTS Person;
 CREATE TABLE Person (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
-    name TEXT NOT NULL,
-    email TEXT 
+    pw_hash NOT NULL,
+    email TEXT NOT NULL,
+    name TEXT
 );
 
 DROP TABLE IF EXISTS Friend;

File templates/intro.html

Empty file added.

File templates/login.html

Empty file added.

File templates/sign_up.html

Empty file added.

File templates/user_homepage.html

Empty file added.