-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.py
122 lines (86 loc) · 3.89 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
from flask import Flask, render_template
from turbo_flask import Turbo
from cs50 import SQL
from flask import Flask, flash, redirect, render_template, request, session
from flask_session import Session
from werkzeug.security import check_password_hash, generate_password_hash
from helpers import apology, login_required
app = Flask(__name__)
turbo = Turbo(app)
# Ensure templates are auto-reloaded
app.config["TEMPLATES_AUTO_RELOAD"] = True
# Configure session to use filesystem (instead of signed cookies)
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
Session(app)
# Configure CS50 Library to use SQLite database
db = SQL("sqlite:///beSober.db")
@app.route('/')
@login_required
def index():
return render_template('index.html')
@app.route("/register", methods=["GET", "POST"])
def register():
# makes sure the account is submitted through post
if request.method == "POST":
# ensures that the username field is filled out
if not request.form.get("username"):
return apology("must provide username")
# ensures that the password field is filled out
elif not request.form.get("password"):
return apology("must provide password")
# ensures that the confirmation field is filled out and matches the value of the password field
elif not request.form.get("confirmation"):
return apology("must provide password confirmation")\
elif request.form.get("password") != request.form.get("confirmation"):
return apology("passwords must match")
# ensures that the username does not previously exist in the database
names = db.execute("SELECT username FROM users")
for name in names:
if request.form.get("username").lower() in name.values():
return apology("username already exists")
db.execute("INSERT INTO users (username, hash) VALUES (?, ?)", request.form.get("username").lower(),
generate_password_hash(request.form.get("password"), method="pbkdf2:sha256", salt_length=8))
else:
return render_template("register.html")
flash("Account successfully registered.")
return render_template("login.html")
@app.after_request
def after_request(response):
"""Ensure responses aren't cached"""
response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
response.headers["Expires"] = 0
response.headers["Pragma"] = "no-cache"
return response
@app.route("/login", methods=["GET", "POST"])
def login():
"""Log user in"""
# Forget any user_id
session.clear()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return apology("must provide username", 403)
# Ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password", 403)
# Query database for username
rows = db.execute("SELECT * FROM users WHERE username = ?", request.form.get("username"))
# Ensure username exists and password is correct
if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
return apology("invalid username and/or password", 403)
# Remember which user has logged in
session["user_id"] = rows[0]["id"]
# Redirect user to home page
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
@app.route("/logout")
def logout():
"""Log user out"""
# Forget any user_id
session.clear()
# Redirect user to login form
return redirect("/")