-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.py
187 lines (139 loc) · 6.57 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
from flask import render_template, request, redirect, url_for, flash, Blueprint,session
import mysql.connector
from werkzeug.security import generate_password_hash, check_password_hash
from db import db, cursor
from functools import wraps
# Blueprint
auth = Blueprint('auth',__name__)
# ------------------------------------------------Registration Code -----------------------------------------
@auth.route('/register')
def register_form():
return render_template('auth/registration.html')
@auth.route('/register', methods=['POST'])
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
confirm_password = request.form['confirm_password']
# Check if the password and confirmation match
if password != confirm_password:
flash('Password and confirmation do not match', 'danger')
return redirect(url_for('auth.register_form'))
# Check if the username already exists
check_user_query = "SELECT Username FROM User WHERE Username = %s"
cursor.execute(check_user_query, (username,))
existing_user = cursor.fetchone()
if existing_user:
flash('Username already exists. Please choose a different username.', 'danger')
return redirect(url_for('auth.register_form'))
# Hash the password before storing it in the database
hashed_password = generate_password_hash(password, method='pbkdf2:sha256')
# Insert the user into the database
insert_user_query = "INSERT INTO User (Username, Password, role) VALUES (%s, %s, 'User')"
user_data = (username, hashed_password)
try:
cursor.execute(insert_user_query, user_data)
db.commit()
flash('Registration successful! You can now login.', 'success')
return redirect(url_for('auth.user_login_form'))
except mysql.connector.Error as e:
db.rollback()
flash(f'Registration failed: {e}', 'danger')
# ------------------------------------------------Admin Login Code -----------------------------------------
@auth.route('/login')
def login_form():
return render_template('auth/adminlogin.html')
@auth.route('/login', methods=['POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
# Query the database to fetch the user's hashed password
get_user_query = "SELECT Username, Password, role FROM Admin WHERE Username = %s"
cursor.execute(get_user_query, (username,))
user_data = cursor.fetchone()
if user_data and password:
# Successful login, store user data in session
session['username'] = user_data[0] # Store the username in the session
session['role'] = user_data[2] # Store the role in the session
flash('Login successful!', 'success')
return redirect(url_for('auth.dashboard'))
else:
flash('Invalid username or password', 'danger')
return render_template('auth/adminlogin.html')
# -------------------------------------------- User Login Code ----------------------------------------
@auth.route('/userlogin')
def user_login_form():
return render_template('auth/userlogin.html')
@auth.route('/userlogin', methods=['POST'])
def user_login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
# Query the database to fetch the user's hashed password
get_user_query = "SELECT Username, Password, role FROM User WHERE Username = %s"
cursor.execute(get_user_query, (username,))
user_data = cursor.fetchone()
if user_data and check_password_hash(user_data[1], password):
# Successful login, store user data in session
session['username'] = user_data[0] # Store the username in the session
session['role'] = user_data[2] # Store the role in the session
flash('Login successful!', 'success')
return redirect(url_for('auth.dashboard'))
else:
flash('Invalid username or password', 'danger')
return render_template('auth/userlogin.html')
# ------------------------------------------------Logout Code -----------------------------------------
@auth.route('/logout')
def logout():
# Clear the session to log the user out
session.pop('username', None)
# flash('You have been logged out.', 'info')
return render_template('index.html')
# ------------------------------------------- Login Required for Authentification -------------------------
# the login_required function
def login_required(view):
@wraps(view)
def wrapped_view(*args, **kwargs):
if session.get('username'):
# User is authenticated, execute the original view function
return view(*args, **kwargs)
else:
# User is not authenticated, redirect to the login page
flash("You are not logged in..! Login to perform action")
return redirect(url_for('auth.login_form'))
return wrapped_view
# ------------------------------------------------ Dashboard -----------------------------------------
# Fetch count of tables
# Car Count
cursor.execute("SELECT COUNT(*) FROM Car")
car_count = cursor.fetchone()
# Car Model Count
cursor.execute("SELECT COUNT(*) FROM CarModel")
model_count = cursor.fetchone()
# Variant Count
cursor.execute("SELECT COUNT(*) FROM CarVariant")
variant_count = cursor.fetchone()
# Color Count
cursor.execute("SELECT COUNT(*) FROM CarColor")
color_count = cursor.fetchone()
# Engine Count
cursor.execute("SELECT COUNT(*) FROM CarEngine")
engine_count = cursor.fetchone()
# Category Count
cursor.execute("SELECT COUNT(*) FROM CarCategory")
category_count = cursor.fetchone()
# ---------------------------- Route for DASHBOARD ------------------------------------------
@auth.route('/dashboard')
def dashboard():
# Check if the user is logged in
if 'username' in session:
return render_template('dashboard.html',
car_count=car_count[0], # Access the count value directly
model_count=model_count[0], # Access the first element of the tuple
variant_count=variant_count[0],
color_count=color_count[0],
engine_count=engine_count[0],
category_count=category_count[0])
else:
return redirect(url_for('auth.login_form'))