· 6 years ago · Sep 25, 2019, 11:16 PM
1from flask import Flask
2from flask import render_template
3from flask import request
4from flask import redirect
5from string import Template
6import sqlite3
7import os
8from sys import exit
9import random
10from random import shuffle
11
12app = Flask(__name__)
13#Check for users.db . If doesn't exist, create it.
14#if os.path.exists('webapp.db') == False:
15# print("\n\t\tWomp! You're DB doesnt exist. Make it and try again.")
16# exit(0)
17
18#Creates the user table and adds admin acct.
19conn = sqlite3.connect("webapp.db")
20c = conn.cursor()
21c.execute("""CREATE TABLE IF NOT EXISTS users (id integer primary key, username text NOT NULL, password text NOT NULL)""")
22c.execute("""INSERT INTO users VALUES(1,"admin","admin");""")
23conn.commit()
24conn.close()
25
26login_template = ("""
27<html><head><title>Login</title></head>
28 <body>
29 <h1>Cool! Let's login.</h1> <br>
30 <form method="post">
31 Username: <br>
32 <input type="text" name="username" value=""> <br>
33 Password: <br>
34 <input type="password" name="password" value=""> <br>
35 <br>
36 <input type="submit" name="" value="Submit!">
37 </form>
38 </body>
39</html>
40""")
41
42register_template = ("""
43<html lang="en" dir="ltr">
44 <head><title>Register</title></head>
45 <body>
46 <h1>Welcome to the Register Page!</h1>
47 <h2>Choose a username & password. <br>
48 <form method="post">
49 Username: <br>
50 <input type="text" name="username" value=""> <br>
51 Password: <br>
52 <input type="password" name="password" value=""> <br>
53 Confirm Password: <br>
54 <input type="confirm password" name="confirm_password" value=""> <br>
55 <br>
56 <input type="submit" name="" value="Submit!"> <br>
57 </form>
58 </body>
59</html>
60""")
61
62table_template = Template("""
63<table style="border:1px solid black">
64 <tr>
65 <td style="border:1px solid black">ID</td>
66 <td style="border:1px solid black">Name</td>
67 <td style="border:1px solid black">Description</td>
68 <td style="border:1px solid black">Action</td>
69 <td style="border:1px solid black">List Name:</td>
70 </tr>
71 ${data}
72</table>
73""")
74
75row_template = Template("""
76 <tr>
77 <td style="border:1px solid black">${id}</td>
78 <td style="border:1px solid black">${name}</td>
79 <td style="border:1px solid black">${description}</td>
80 <td style="border:1px solid black"><a href="/todo/delete/${id}">Delete</a></td>
81 <td style="border:1px solid black"><a href="/todo/update/${id}">Update</a></td>
82 </tr>
83""")
84
85add_row_template = Template("""
86<form method="POST" action="/todo/add">
87Table Name: Test! |
88ID #:<input type="number" name="id"></input>
89Task Name:<input name="task_name"></input>
90Task Description:<input name="task_description"></input>
91<input type="submit" name="send" value="Create task">
92</form>
93""")
94
95change_template = Template("""
96<form method="POST" action="/todo/update/${id}">
97ID # Being Edited:<h2>${id}</h2>
98Task Name:<input name="task_name"></input>
99Task Description:<input name="task_description"></input>
100<input type="submit" name="send" value="Update Task">
101</form>
102""")
103
104def check_existent_id():
105 existing_IDs = []
106 for l in open("todolists_names.txt").readlines():
107 (existent_id, name, description) = l.strip('\n').split('-', 2)
108 existing_IDs.append(int(existent_id))
109 return existing_IDs
110
111def sanitize_for_dash(user_parameter):
112 broken_up = list(user_parameter)
113 bad_chars = ["-","=","<",">","[","]","/","&","`","|","^","\\","\'","\"","^","$","%","\a","\b","\f","\n","\r","\t","\v"]
114 new_line = []
115 for c in broken_up:
116 if c not in bad_chars:
117 new_line.append(c)
118 return ''.join(new_line)
119
120def username_taken(desired_username):
121 conn = sqlite3.connect("webapp.db")
122 c = conn.cursor()
123 c.execute("""SELECT username FROM users""")
124 rows = c.fetchall()
125 conn.close()
126 print("desired_username: "+ desired_username)
127 print("rows: "+str(rows))
128 print("each row: ")
129 usr_list = []
130 for a in rows:
131 usr_list.append(a[0])
132 print(usr_list)
133 if desired_username in usr_list:
134 return True
135 else:
136 return False
137
138def check_password(username, password):
139 conn = sqlite3.connect("webapp.db")
140 c = conn.cursor()
141 c.execute(f"""SELECT password FROM users WHERE username='{username}'""")
142 stored_password = c.fetchone()
143 conn.close()
144 print("password passed is:",password)
145 print("stored password[0] is:",stored_password[0])
146 if password == stored_password[0]:
147 return True
148 else:
149 return False
150
151
152@app.route('/')
153def index():
154 greeting = "Hello World"
155 return render_template("index.html") #greeting=greeting)
156
157@app.route('/login', methods=['GET','POST'])
158def login():
159 if request.method == 'GET':
160 return login_template
161
162 if request.method == 'POST':
163 username = sanitize_for_dash(request.form['username'])
164 password = sanitize_for_dash(request.form['password'])
165 if username_taken(username) == True:
166 if check_password(username,password) == True:
167 return("Congrats! You've logged in. Welcome.<a href='/'>Return to Index.</a>")
168 else:
169 return("Sorry. Username OR Password is incorrect.<a href='/login'>Try Again.</a>")
170 else:
171 return("Sorry. Username OR Password is incorrect.<a href='/login'>Try Again.</a>")
172
173unshuffled_list = list(range(1000))
174random_id_list = random.sample(unshuffled_list, len(unshuffled_list))
175@app.route('/register', methods=['GET','POST'])
176def register():
177 if request.method == "GET":
178 return register_template
179 if request.method == "POST":
180 username = sanitize_for_dash(request.form['username'])
181 password = sanitize_for_dash(request.form['password'])
182 confirm_password = sanitize_for_dash(request.form['confirm_password'])
183 if confirm_password != password:
184 return ('Sorry! Passwords do not match. Try again.<a href="/register">Go Back.</a>')
185 elif username_taken(username) == True:
186 return('Sorry! Username taken. <a href="/register">Try again.</a>')
187 elif username_taken(username) == False:
188 random_id = random_id_list.pop()
189 conn = sqlite3.connect("webapp.db")
190 c = conn.cursor()
191 c.execute(f"""INSERT INTO users VALUES ({random_id},'{username}','{password}');""")
192 conn.commit()
193 return (f'Welcome! {username}!' + '<a href="/dbtable">See Users.</a>')
194
195@app.route('/dbtable')
196def dbtable():
197 conn = sqlite3.connect('webapp.db')
198 c = conn.cursor()
199 c.execute("SELECT * FROM users")
200 return (str(c.fetchall()) + '<a href="/">Go To Main.</a>')
201
202
203@app.route('/todo/view', methods=['GET'])
204def todolist():
205 data = ''
206 lines = open('todolists_names.txt').readlines()
207 for l in lines:
208 (id, name, description) = l.strip('\n').split('-', 2)
209 data += row_template.substitute(id=id, name=name, description=description)
210 return (add_row_template.substitute(table_name="test")+
211 table_template.substitute(data=data))
212
213@app.route('/todo/add', methods=["POST"])
214def add():
215 if int(request.form['id']) > 0:
216 id = int(request.form['id'])
217 task_name = sanitize_for_dash(request.form['task_name'])
218 task_description = sanitize_for_dash(request.form['task_description'])
219 existing_IDs = check_existent_id()
220 if int(id) in existing_IDs:
221 return('Sorry! Please use a unique ID. <a href="/todo/view">Go Back.</a>')
222 else:
223 f = open("todolists_names.txt","a")
224 f.write(f"{id} - {task_name} - {task_description}" + "\n")
225 f.close()
226 return redirect('/todo/view')
227 else:
228 return "No Negative Integers! Stay positive dude!!"
229
230@app.route('/todo/delete/<some_id>', methods=["GET"])
231def delete(some_id):
232 existing_IDs=check_existent_id()
233 if request.method == "GET" and (int(some_id) in existing_IDs):
234 with open("todolists_names.txt","r+") as f:
235 new_f = f.readlines()
236 f.seek(0)
237 for line in new_f:
238 if some_id not in line:
239 f.write(line)
240 f.truncate()
241 return redirect('/todo/view')
242 else:
243 return('Hmm. Invalid ID#!<a href="../view">Go Back.</a>')
244
245@app.route('/todo/update/<id>', methods=["GET","POST"])
246def change(id):
247 try:
248 new_id = int(id)
249 if new_id < 0:
250 return("Sorry dude! Positive #s only.")
251 else:
252 existing_IDs = check_existent_id()
253 if request.method == "GET" and (new_id in existing_IDs):
254 return(change_template.substitute(id=new_id))
255
256 elif request.method == "POST":
257 task_name = sanitize_for_dash(request.form['task_name'])
258 task_description = sanitize_for_dash(request.form['task_description'])
259 with open("todolists_names.txt","r+") as f:
260 new_f = f.readlines()
261 f.seek(0)
262 for line in new_f:
263 if new_id not in line:
264 f.write(line)
265 f.truncate()
266 f.write(f"{new_id} - {task_name} - {task_description}" + "\n")
267 return redirect('/todo/view')
268 else:
269 return('Hmm. Invalid ID#!<a href="/todo/view">Go Back.</a>')
270 except:
271 return('Uhh. Please use an integer and not a string! <a href="/todo/view">Go Back.</a>')
272
273if __name__ == "__main__":
274 app.run()