From 4534502468182b01e454955fb4ed96d4faa38808 Mon Sep 17 00:00:00 2001 From: jonager Date: Thu, 31 Aug 2017 11:17:24 -0400 Subject: [PATCH 1/6] working on teacher_login route, need to change master to hash passwords first --- main.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/main.py b/main.py index 87f346a..ea70f02 100644 --- a/main.py +++ b/main.py @@ -19,6 +19,11 @@ def index(): @app.route("/teacher_login", methods=['GET', 'POST']) def teacher_login(): if request.method == 'POST': + email = request.form['email'] + password = request.form['password'] + teacher = Teacher.query.filter_by(email = email).first() + + return redirect("/") else: return render_template("teacher_login.html") @@ -26,6 +31,9 @@ def teacher_login(): @app.route("/teacher_login", methods=['GET', 'POST']) def teacher_signup(): if request.method == 'POST': + + + return redirect("/") else: return render_template("teacher_login.html") From 5b26041c226b293a616aa9ebc9c897de648b1953 Mon Sep 17 00:00:00 2001 From: jonager Date: Thu, 31 Aug 2017 11:40:05 -0400 Subject: [PATCH 2/6] Added hashing to teacher password --- hash_tools.py | 24 ++++++++++++++++++++++++ main.py | 1 + models.py | 3 ++- 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 hash_tools.py diff --git a/hash_tools.py b/hash_tools.py new file mode 100644 index 0000000..42c55ee --- /dev/null +++ b/hash_tools.py @@ -0,0 +1,24 @@ +from hashlib import sha256 +from random import choice +POSTS_PER_PAGE = 3 + + +def make_salt(): + '''returns a salt ''' + alpha_digits = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" + return ''.join([choice(alpha_digits) for x in range(16)]) + +def make_hash(value, salt = None): + ''' returns value hashed and salted, and salt''' + if not salt: + salt = make_salt() + hashed = sha256(str.encode(value + salt)).hexdigest() + return '{0},{1}'.format(hashed, salt) + +def check_hash(user_input, hash_db): + '''returns True if both values are equal''' + salt = hash_db.split(',')[1] + if make_hash(user_input, salt) == hash_db: + return True + else: + return False diff --git a/main.py b/main.py index 6fcd364..c3480ee 100644 --- a/main.py +++ b/main.py @@ -5,6 +5,7 @@ # from sqlalchemy.sql import func from app import app, db from models import Student, Teacher, Attendance +from hash_tools import make_hash, check_hash # Main View @app.route('/') diff --git a/models.py b/models.py index d6f242b..b7b15fb 100644 --- a/models.py +++ b/models.py @@ -1,6 +1,7 @@ from app import db from flask_sqlalchemy import SQLAlchemy from datetime import datetime, date +from hash_tools import make_hash, check_hash class Student(db.Model): id = db.Column(db.Integer, primary_key=True) @@ -31,7 +32,7 @@ def __init__(self, first_name, last_name, email, password): self.first_name = first_name self.last_name = last_name self.email = email - self.password = password + self.password = make_hash(password) class Attendance(db.Model): From c50a535c4d7621d03ffbcbff4e74dbd9434c4c8e Mon Sep 17 00:00:00 2001 From: jonager Date: Thu, 31 Aug 2017 12:02:09 -0400 Subject: [PATCH 3/6] login route done --- main.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 2ad090d..113d3a1 100644 --- a/main.py +++ b/main.py @@ -56,18 +56,28 @@ def require_login(): def index(): return render_template("index.html") + @app.route("/teacher_login", methods=['GET', 'POST']) def teacher_login(): + if request.method == 'POST': email = request.form['email'] password = request.form['password'] teacher = Teacher.query.filter_by(email = email).first() - - return redirect("/") + if teacher and check_hash(password, teacher.password): + session['email'] = email + return redirect('/') + elif teacher and not check_hash(password, teacher.password):: + flash('Wrong password') + return redirect('/teacher_login') + else: + flash('Wrong username') + return redirect('/teacher_login') else: return render_template("teacher_login.html") + @app.route("/teacher_login", methods=['GET', 'POST']) def teacher_signup(): if request.method == 'POST': From e7989afdd364a67d01ba2cdb0aa875a211a29086 Mon Sep 17 00:00:00 2001 From: jonager Date: Thu, 31 Aug 2017 12:17:22 -0400 Subject: [PATCH 4/6] reworking login --- main.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.py b/main.py index 113d3a1..8c400dd 100644 --- a/main.py +++ b/main.py @@ -78,8 +78,9 @@ def teacher_login(): return render_template("teacher_login.html") -@app.route("/teacher_login", methods=['GET', 'POST']) +@app.route("/teacher_signup", methods=['POST']) def teacher_signup(): + if request.method == 'POST': From 56462118b98750d7c498d7e420d17824c28c29c3 Mon Sep 17 00:00:00 2001 From: jonager Date: Thu, 31 Aug 2017 15:42:56 -0400 Subject: [PATCH 5/6] Student login done --- main.py | 98 +++++++++++++++++++++++++++++++++++++++++++++++---------- val.py | 30 ++++++++++++++++++ 2 files changed, 112 insertions(+), 16 deletions(-) create mode 100644 val.py diff --git a/main.py b/main.py index 8c400dd..3d43f8e 100644 --- a/main.py +++ b/main.py @@ -7,13 +7,14 @@ from app import app, db from models import Student, Teacher, Attendance from hash_tools import make_hash, check_hash +import val # Main View @app.route('/') def index(): return render_template('index.html') - +session['username'] = username # Teacher Signup @app.route('/teacher_signup', methods=["POST", "GET"]) @@ -31,7 +32,24 @@ def logout(): # Student Login @app.route('/student_login', methods=["POST", "GET"]) def student_login(): - return render_template('student_login.html') + if request.method == 'POST': + first_last = request.form['name'].split() + first = first_last[0] + last = first_last[1] + pin = request.form['pin'] + student = Student.query.filter_by(first = first, last = last).first() + + if student and student.pin == pin: + # push student into attendance table + new_attendee = Attendance(student) + db.session.add( new_attendee) + db.session.commit() + elif student and student.pin != pin: + return render_template('student_login.html', title = 'Student Login', + pin_err = 'Wrong Pin') + else: + students = Student.query.order_by(Student.last_name).all() + return render_template('student_login.html', title = 'Student Login', students = students) # Attendance List @@ -68,27 +86,75 @@ def teacher_login(): if teacher and check_hash(password, teacher.password): session['email'] = email return redirect('/') - elif teacher and not check_hash(password, teacher.password):: - flash('Wrong password') - return redirect('/teacher_login') + elif teacher and not check_hash(password, teacher.password): + return render_template('teacher_login.html', title = 'Login', login='active', + password_err = 'Wrong password') else: - flash('Wrong username') - return redirect('/teacher_login') + return render_template('teacher_login.html', title = 'Login', login='active', + email_err = 'Wrong username') else: - return render_template("teacher_login.html") + return render_template('teacher_login.html', title = 'Signup', signup='active') @app.route("/teacher_signup", methods=['POST']) def teacher_signup(): - + if request.method == 'POST': + first = request.form['firstname'] + last = request.form['lastname'] + email = request.form['email'] + password = request.form['password'] + confirm_pass = request.form['confirm'] + # email_DB will be None if email not in DB. + email_DB = Teacher.query.filter_by(email=email).first() + + #### VALIDATION #### + + # check for empty fields + if val.is_empty(first): + return render_template('teacher_login.html', title = 'Signup', signup='active', + firstname_err = 'Please fill in the first name') + elif val.is_empty(last): + return render_template('teacher_login.html', title = 'Signup', signup='active', + lastname_err = 'Please fill in the last name') + elif val.is_empty(email): + return render_template('teacher_login.html', title = 'Signup', signup='active', + email_err = 'Please fill in the email') + elif val.is_empty(password): + return render_template('teacher_login.html', title = 'Signup', signup='active', + password_err = 'Please fill in the password') + + # check for spaces + if val.space(email): + return render_template('teacher_login.html', title = 'Signup', signup='active', + email_err = 'Email can\'t have space') + + #check if email already exists + if email_DB: + if email_DB.email: + return render_template('teacher_login.html', title = 'Signup', signup='active', + email_err = 'Email already in use') + + # check for match + if password != confirm_pass: + return render_template('teacher_login.html', title = 'Signup', signup='active', + password_err = 'Email already in use', confirm_err = 'Passwords must match') + + # checks length is bigger than 3 characters. + if val.wrong_len(password) or val.wrong_len(confirm_pass): + return render_template('teacher_login.html', title = 'Signup', signup='active', + password_err = 'Password must be longer than 3 characters') + + # Checks that email contains only one period after @ and only one @ + if val.wrong_email(email): + flash() + return render_template('teacher_login.html', title = 'Signup', signup='active', + email_err = 'Email must contain only one @, one " . " after @') + + new_teacher = Teacher(first, last, email, password) + db.session.add(new_teacher) + db.session.commit() + session['email'] = username - - - return redirect("/") - else: - return render_template("teacher_login.html") - - if __name__ == "__main__": app.run() \ No newline at end of file diff --git a/val.py b/val.py new file mode 100644 index 0000000..929431a --- /dev/null +++ b/val.py @@ -0,0 +1,30 @@ +import re + +def is_empty(x): + """checks if the string x is empty""" + if not x: + return True + else: + return False + +def space(x): + """Checks if x has space in it""" + if ' ' in x: + return True + else: + return False + +def wrong_len(x): + """Checks x length is less than 3""" + if len(x) < 3: + return True + else: + return False + +def wrong_email(x): + '''Checks that email contains only one period after @, one @ and''' + + if not re.match(r"[^@]+@[^@]+\.[^@.]+", x): + return True + else: + return False \ No newline at end of file From 2132b73322655293e330d0fd367fae741d40904a Mon Sep 17 00:00:00 2001 From: jonager Date: Thu, 31 Aug 2017 18:47:04 -0400 Subject: [PATCH 6/6] start_date route almost done, need to add error messages --- main.py | 174 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 99 insertions(+), 75 deletions(-) diff --git a/main.py b/main.py index eb562e1..2aa3e3f 100644 --- a/main.py +++ b/main.py @@ -1,81 +1,38 @@ from app import app, db from flask import request, redirect, render_template, session, flash from models import Student, Teacher, Attendance -<<<<<<< HEAD from datetime import datetime, date from app import app, db from models import Student, Teacher, Attendance from hash_tools import make_hash, check_hash import val -# # Main View -# @app.route('/') -# def index(): -# return render_template('index.html') +# Main View +@app.route('/') +def index(): + return render_template('index.html') -# # Logout -# @app.route('/logout') -# def logout(): -# del session['email'] -# return redirect('/') +# Logout +@app.route('/logout') +def logout(): + del session['email'] + return redirect('/') -# Student Login -@app.route('/student_login', methods=["POST", "GET"]) -def student_login(): - if request.method == 'POST': - first_last = request.form['name'].split() - first = first_last[0] - last = first_last[1] - pin = request.form['pin'] - student = Student.query.filter_by(first = first, last = last).first() - - if student and student.pin == pin: - # push student into attendance table - new_attendee = Attendance(student) - db.session.add( new_attendee) - db.session.commit() - elif student and student.pin != pin: - return render_template('student_login.html', title = 'Student Login', - pin_err = 'Wrong Pin') - else: - students = Student.query.order_by(Student.last_name).all() - return render_template('student_login.html', title = 'Student Login', students = students) - +# Attendance List +@app.route('/attendance_list', methods=["POST", "GET"]) +def attendance_list(): + return render_template('attendance_list.html') -# # Attendance List -# @app.route('/attendance_list', methods=["POST", "GET"]) -# def attendance_list(): -# return render_template('attendance_list.html') - -# # Student List +# Student List # @app.route('/student_list', methods=["POST", "GET"]) # def student_list(): # return render_template('student_list.html') - - -@app.route("/teacher_login", methods=['GET', 'POST']) -def teacher_login(): - - if request.method == 'POST': - email = request.form['email'] - password = request.form['password'] - teacher = Teacher.query.filter_by(email = email).first() - - if teacher and check_hash(password, teacher.password): - session['email'] = email - return redirect('/') - elif teacher and not check_hash(password, teacher.password): - return render_template('teacher_login.html', title = 'Login', login='active', - password_err = 'Wrong password') - else: - return render_template('teacher_login.html', title = 'Login', login='active', - email_err = 'Wrong username') - else: - return render_template('teacher_login.html', title = 'Signup', signup='active') +# else: +# return render_template('teacher_login.html', title = 'Signup', signup='active') @app.route("/teacher_signup", methods=['POST']) @@ -94,33 +51,33 @@ def teacher_signup(): # check for empty fields if val.is_empty(first): - return render_template('teacher_login.html', title = 'Signup', signup='active', - firstname_err = 'Please fill in the first name') + return render_template('teacher_login.html', title = 'Signup', + signup='active', firstname_err = 'Please fill in the first name') elif val.is_empty(last): - return render_template('teacher_login.html', title = 'Signup', signup='active', - lastname_err = 'Please fill in the last name') + return render_template('teacher_login.html', title = 'Signup', + signup='active', lastname_err = 'Please fill in the last name') elif val.is_empty(email): - return render_template('teacher_login.html', title = 'Signup', signup='active', - email_err = 'Please fill in the email') + return render_template('teacher_login.html', title = 'Signup', + signup='active', email_err = 'Please fill in the email') elif val.is_empty(password): - return render_template('teacher_login.html', title = 'Signup', signup='active', - password_err = 'Please fill in the password') - + return render_template('teacher_login.html', title = 'Signup', + signup='active', password_err = 'Please fill in the password') + # check for spaces if val.space(email): - return render_template('teacher_login.html', title = 'Signup', signup='active', - email_err = 'Email can\'t have space') + return render_template('teacher_login.html', title = 'Signup', + signup='active', email_err = 'Email can\'t have space') #check if email already exists if email_DB: if email_DB.email: - return render_template('teacher_login.html', title = 'Signup', signup='active', - email_err = 'Email already in use') + return render_template('teacher_login.html', title = 'Signup', + signup='active', email_err = 'Email already in use') # check for match if password != confirm_pass: - return render_template('teacher_login.html', title = 'Signup', signup='active', - password_err = 'Email already in use', confirm_err = 'Passwords must match') + return render_template('teacher_login.html', title = 'Signup', + signup='active', confirm_err = 'Passwords must match') # checks length is bigger than 3 characters. if val.wrong_len(password) or val.wrong_len(confirm_pass): @@ -137,6 +94,73 @@ def teacher_signup(): db.session.add(new_teacher) db.session.commit() session['email'] = username - + + +@app.route("/teacher_login", methods=['GET', 'POST']) +def teacher_login(): + + if request.method == 'POST': + email = request.form['email'] + password = request.form['password'] + teacher = Teacher.query.filter_by(email = email).first() + + if teacher and check_hash(password, teacher.password): + session['email'] = email + return redirect('/') + elif teacher and not check_hash(password, teacher.password): + return render_template('teacher_login.html', title = 'Login', login='active', + password_err = 'Wrong password') + else: + return render_template('teacher_login.html', title = 'Login', login='active', + email_err = 'Wrong username') + + +@app.route('/start_day') +def start_day(): + students = Student.query.all() + students_att = Attendance.query.filter_by(date_now = date.today()).all() + + # checks if not attendace list has been created for the day. + if not students_att: + if students: + # pushes all students into the attendance table, creating + # a list for today's date. + for student in students: + record = Attendance(student) + db.session.add(record) + db.session.commit() + return redirect('/student_login') + else: + # the day's list already created + return redirect ('/') + + + + +@app.route('/student_login', methods=["POST", "GET"]) +def student_login(): + + students = Student.query.order_by(Student.last_name).all() + + if request.method == 'POST': + student_id = request.form['student_id'] + pin = request.form['pin'] + student = Student.query.get(student_id) + student_att = Attendance.query.filter_by(owner_id = student_id, + date_now = date.today()) + + if student and student.pin == pin: + # make student present in attendance table + student_att.present = True + db.session.commit() + elif student and student.pin != pin: + return render_template('student_login.html', title ='Student Login', + pin_err = 'Wrong Pin', students = students, + student_id = student_id) + else: + return render_template('student_login.html', title = 'Student Login', + students = students) + + if __name__ == "__main__": app.run() \ No newline at end of file