Profile Application using Python Flask and MySQL (original) (raw)

from flask import Flask, render_template, request, redirect, url_for, session

from flask_mysqldb import MySQL

import MySQLdb.cursors

import re

app = Flask(__name__)

app.secret_key = 'your secret key'

app.config[ 'MYSQL_HOST' ] = 'localhost'

app.config[ 'MYSQL_USER' ] = 'root'

app.config[ 'MYSQL_PASSWORD' ] = 'password'

app.config[ 'MYSQL_DB' ] = 'geekprofile'

mysql = MySQL(app)

@app .route( '/' )

@app .route( '/login' , methods = [ 'GET' , 'POST' ])

def login():

`` msg = ''

`` if request.method = = 'POST' and 'username' in

`` request.form and 'password' in request.form:

`` username = request.form[ 'username' ]

`` password = request.form[ 'password' ]

`` cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)

`` cursor.execute(

`` 'SELECT * FROM accounts WHERE username = % s \

`` AND password = % s', (username, password, ))

`` account = cursor.fetchone()

`` if account:

`` session[ 'loggedin' ] = True

`` session[ 'id' ] = account[ 'id' ]

`` session[ 'username' ] = account[ 'username' ]

`` msg = 'Logged in successfully !'

`` return render_template( 'index.html' , msg = msg)

`` else :

`` msg = 'Incorrect username / password !'

`` return render_template( 'login.html' , msg = msg)

@app .route( '/logout' )

def logout():

session.pop( 'loggedin' , None )

session.pop( 'id' , None )

session.pop( 'username' , None )

return redirect(url_for( 'login' ))

@app .route( '/register' , methods = [ 'GET' , 'POST' ])

def register():

`` msg = ''

`` if request.method = = 'POST' and 'username' in

`` request.form and 'password' in request.form and

`` 'email' in request.form and 'address' in

`` request.form and 'city' in request.form and

`` 'country' in request.form and 'postalcode'

`` in request.form and 'organisation' in request.form:

`` username = request.form[ 'username' ]

`` password = request.form[ 'password' ]

`` email = request.form[ 'email' ]

`` organisation = request.form[ 'organisation' ]

`` address = request.form[ 'address' ]

`` city = request.form[ 'city' ]

`` state = request.form[ 'state' ]

`` country = request.form[ 'country' ]

`` postalcode = request.form[ 'postalcode' ]

`` cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)

`` cursor.execute(

`` 'SELECT * FROM accounts WHERE username = % s' , (username, ))

`` account = cursor.fetchone()

`` if account:

`` msg = 'Account already exists !'

`` elif not re.match(r '[^@]+@[^@]+\.[^@]+' , email):

`` msg = 'Invalid email address !'

`` elif not re.match(r '[A-Za-z0-9]+' , username):

`` msg = 'name must contain only characters and numbers !'

`` else :

`` cursor.execute('INSERT INTO accounts VALUES \

`` (NULL, % s, % s, % s, % s, % s, % s, % s, % s, % s)',

`` (username, password, email,

`` organisation, address, city,

`` state, country, postalcode, ))

`` mysql.connection.commit()

`` msg = 'You have successfully registered !'

`` elif request.method = = 'POST' :

`` msg = 'Please fill out the form !'

`` return render_template( 'register.html' , msg = msg)

@app .route( "/index" )

def index():

`` if 'loggedin' in session:

`` return render_template( "index.html" )

`` return redirect(url_for( 'login' ))

@app .route( "/display" )

def display():

`` if 'loggedin' in session:

`` cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)

`` cursor.execute( 'SELECT * FROM accounts WHERE id = % s' ,

`` (session[ 'id' ], ))

`` account = cursor.fetchone()

`` return render_template( "display.html" , account = account)

`` return redirect(url_for( 'login' ))

@app .route( "/update" , methods = [ 'GET' , 'POST' ])

def update():

`` msg = ''

`` if 'loggedin' in session:

`` if request.method = = 'POST' and 'username' in request.form

`` and 'password' in request.form and 'email' in request.form and

`` 'address' in request.form and 'city' in request.form and 'country'

`` in request.form and 'postalcode' in request.form and

`` 'organisation' in request.form:

`` username = request.form[ 'username' ]

`` password = request.form[ 'password' ]

`` email = request.form[ 'email' ]

`` organisation = request.form[ 'organisation' ]

`` address = request.form[ 'address' ]

`` city = request.form[ 'city' ]

`` state = request.form[ 'state' ]

`` country = request.form[ 'country' ]

`` postalcode = request.form[ 'postalcode' ]

`` cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)

`` cursor.execute(

`` 'SELECT * FROM accounts WHERE username = % s' ,

`` (username, ))

`` account = cursor.fetchone()

`` if account:

`` msg = 'Account already exists !'

`` elif not re.match(r '[^@]+@[^@]+\.[^@]+' , email):

`` msg = 'Invalid email address !'

`` elif not re.match(r '[A-Za-z0-9]+' , username):

`` msg = 'name must contain only characters and numbers !'

`` else :

`` cursor.execute('UPDATE accounts SET username = % s,\

`` password = % s, email = % s, organisation = % s, \

`` address = % s, city = % s, state = % s, \

`` country = % s, postalcode = % s WHERE id = % s', (

`` username, password, email, organisation,

`` address, city, state, country, postalcode,

`` (session[ 'id' ], ), ))

`` mysql.connection.commit()

`` msg = 'You have successfully updated !'

`` elif request.method = = 'POST' :

`` msg = 'Please fill out the form !'

`` return render_template( "update.html" , msg = msg)

`` return redirect(url_for( 'login' ))

if __name__ = = "__main__" :

`` app.run(host = "localhost" , port = int ( "5000" ))