· 6 years ago · Nov 28, 2019, 07:22 PM
1from flask import Flask, render_template, request, redirect, url_for, session
2from flask_mysqldb import MySQL
3import MySQLdb.cursors
4import re
5
6app = Flask(__name__)
7
8# Change this to your secret key (can be anything, it's for extra protection)
9app.secret_key = 'your secret key'
10
11# Enter your database connection details below
12app.config['MYSQL_HOST'] = 'localhost'
13app.config['MYSQL_USER'] = 'root'
14app.config['MYSQL_PASSWORD'] = ''
15app.config['MYSQL_DB'] = 'pythonlogin'
16
17# Intialize MySQL
18mysql = MySQL(app)
19
20# http://localhost:5000/membershipregistration/ - this will be the login page, we need to use both GET and POST requests
21@app.route('/membership registration/', methods=['GET', 'POST'])
22def login():
23 return render_template('index.html', msg='')
24
25def login():
26
27 # Output message if something goes wrong...
28 msg = ''
29 # Check if "username" and "password" POST requests exist (user submitted form)
30 if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
31 # Create variables for easy access
32 username = request.form['username']
33 password = request.form['password']
34
35 # Check if account exists using MySQL
36 cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
37 cursor.execute('SELECT * FROM accounts WHERE username = %s AND password = %s', (username, password))
38 # Fetch one record and return result
39 account = cursor.fetchone()
40
41@app.route('/membership registration/', methods=['GET', 'POST'])
42def login():
43 # Output message if something goes wrong...
44 msg = ''
45 # Check if "username" and "password" POST requests exist (user submitted form)
46 if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
47 # Create variables for easy access
48 username = request.form['username']
49 password = request.form['password']
50 # Check if account exists using MySQL
51 cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
52 cursor.execute('SELECT * FROM accounts WHERE username = %s AND password = %s', (username, password))
53 # Fetch one record and return result
54 account = cursor.fetchone()
55 # If account exists in accounts table in out database
56 if account:
57 # Create session data, we can access this data in other routes
58 session['loggedin'] = True
59 session['id'] = account['id']
60 session['username'] = account['username']
61 # Redirect to home page
62 return 'Logged in successfully!'
63 else:
64 # Account doesnt exist or username/password incorrect
65 msg = 'Incorrect username/password!'
66 # Show the login form with message (if any)
67 return render_template('index.html', msg=msg)
68
69# http://localhost:5000/python/logout - this will be the logout page
70@app.route('/pythonlogin/logout')
71def logout():
72 # Remove session data, this will log the user out
73 session.pop('loggedin', None)
74 session.pop('id', None)
75 session.pop('username', None)
76 # Redirect to login page
77 return redirect(url_for('login'))
78
79# http://localhost:5000/membershipregistration/home - this will be the home page, only accessible for loggedin users
80@app.route('/pythonlogin/home')
81def home():
82 # Check if user is loggedin
83 if 'loggedin' in session:
84 # User is loggedin show them the home page
85 return render_template('home.html', username=session['username'])
86 # User is not loggedin redirect to login page
87 return redirect(url_for('login'))