from cs50 import SQL from flask import Flask, flash, redirect, render_template, request, session from flask_session import Session from werkzeug.security import check_password_hash, generate_password_hash from helpers import apology, login_required # Configure application app = Flask(__name__) # Configure session to use filesystem (instead of signed cookies) app.config["SESSION_PERMANENT"] = False app.config["SESSION_TYPE"] = "filesystem" Session(app) # Configure CS50 Library to use SQLite database db = SQL("sqlite:///eeao.db") @app.after_request def after_request(response): """Ensure responses aren't cached""" response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate" response.headers["Expires"] = 0 response.headers["Pragma"] = "no-cache" return response @app.route("/") @login_required def index(): # Get actual cash of the logged-in user user = db.execute("SELECT * FROM users WHERE id = ?", session["user_id"]) return render_template("index.html", user=user[0]) @app.route("/login", methods=["GET", "POST"]) def login(): """Log user in""" # Forget any user_id session.clear() # User reached route via POST (as by submitting a form via POST) if request.method == "POST": # Ensure username was submitted if not request.form.get("username"): return apology("must provide username", 400) username = request.form.get("username") # Ensure password was submitted if not request.form.get("password"): return apology("must provide password", 400) password = request.form.get("password") # Query database for username rows = db.execute("SELECT * FROM users WHERE username = ?", username) # Ensure username exists and password is correct if len(rows) != 1 or not check_password_hash(rows[0]["hash"], password): return apology("invalid username and/or password", 400) # Remember which user has logged in session["user_id"] = rows[0]["id"] # Redirect user to home page return redirect("/") # User reached route via GET (as by clicking a link or via redirect) else: return render_template("login.html") @app.route("/logout") def logout(): """Log user out""" # Forget any user_id session.clear() # Redirect user to login form return redirect("/") @app.route("/register", methods=["GET", "POST"]) def register(): """Register user""" # User reached route via POST (as by submitting a form via POST) if request.method == "POST": username = request.form.get("username") # Ensure username was submitted if not username: return apology("must provide username", 400) # Check if user already existing if db.execute("SELECT * FROM users WHERE username = ?", username): return apology("user already exists", 400) password = request.form.get("password") # Ensure password was submitted if not password: return apology("must provide password", 400) confirmation = request.form.get("confirmation") # Ensure password was submitted if not confirmation: # Query database for username return apology("must provide confirmation", 400) # Ensure password is identical with confirmation if password != confirmation: return apology("password and confirmation does not match", 400) # Add user to db password_hash = generate_password_hash(password) db.execute("INSERT INTO users (username, hash) VALUES(?, ?)", username, password_hash) # Redirect user to home page return redirect("/") # User reached route via GET (as by clicking a link or via redirect) else: return render_template("register.html")