From 0acccf8e47d05d5b10564b7af9ff94d14ea04319 Mon Sep 17 00:00:00 2001
From: jakobsn <jakob_sn_@hotmail.com>
Date: Thu, 3 Oct 2019 21:39:03 +0200
Subject: [PATCH] error on insert query

---
 mysql/sql/init.sql              |  8 ++---
 src/app/main.py                 | 64 +++++++++++++++++++++++++--------
 src/app/templates/index.html    |  6 ++--
 src/app/templates/register.html | 17 +++++++++
 4 files changed, 75 insertions(+), 20 deletions(-)
 create mode 100644 src/app/templates/register.html

diff --git a/mysql/sql/init.sql b/mysql/sql/init.sql
index 51bb84e..89ef7bd 100644
--- a/mysql/sql/init.sql
+++ b/mysql/sql/init.sql
@@ -1,12 +1,12 @@
 
 CREATE TABLE `db`.`users` (
-  `userid` INT NOT NULL,
+  'id' INT AUTO_INCREMENT PRIMARY KEY,
   `username` VARCHAR(45) NULL,
   `password` VARCHAR(45) NULL,
-  PRIMARY KEY (`userid`));
+  );
 
-insert into users values (0, "admin", "password");
-insert into users values (1, "bernt", "inge");
+insert into users values ("admin", "password");
+insert into users values ("bernt", "inge");
 
 CREATE USER 'root'@'10.5.0.6' IDENTIFIED BY 'root';
 GRANT ALL PRIVILEGES ON db.* TO 'root'@'10.5.0.6';
diff --git a/src/app/main.py b/src/app/main.py
index c35b92e..93dce6f 100644
--- a/src/app/main.py
+++ b/src/app/main.py
@@ -6,6 +6,7 @@ import mysql.connector
 urls = (
     '/', 'index',
     '/logout', 'logout',
+    '/register', 'register',
 )
 
 # Access datavase using mysql connector package
@@ -35,39 +36,74 @@ render._add_global(session, 'session')
 
 class index():
 
+    # Define the login form 
     login_form = form.Form(
         form.Textbox("username", description="Username"),
         form.Password("password", description="Password"),
-        form.Button("submit", type="submit", description="Login"),
+        form.Button("Log In", type="submit", description="Login"),
     )
 
+    # Get main page
     def GET(self):
-        cursor = db.cursor()
-        query = ("SELECT userid, username from users")
-        cursor.execute(query)
-        friends = cursor.fetchall()
-        cursor.close()
+        # Show other registered users if the user is logged in
+        if session.username:
+            cursor = db.cursor()
+            query = ("SELECT userid, username from users")
+            cursor.execute(query)
+            friends = cursor.fetchall()
+            cursor.close()
+        else:
+            friends = [[],[]]
         return render.index(self.login_form, friends)
 
+    # Log In
     def POST(self):
+        # Validate login credential with database query
         cursor = db.cursor()
-        query = ("SELECT userid, username, password from users")
-        cursor.execute(query)
+        query = ("SELECT userid, username from users where username = (%s) and password = (%s)")
+        data = web.input()
+        cursor.execute(query, (data.username, data.password))
         friends = cursor.fetchall()
+        # If there is a matching user/password in the database the user is logged in
+        if len(friends) == 1:
+            query = ("SELECT userid, username from users")
+            cursor.execute(query)
+            friends = cursor.fetchall()
+            session.username = data.username
+            cursor.close()
+            return render.index(self.login_form, friends)
         cursor.close()
+
+
+class register:
+
+    # Define the register form 
+    register_form = form.Form(
+        form.Textbox("username", description="Username"),
+        form.Password("password", description="Password"),
+        form.Button("Register", type="submit", description="Register"),
+    )
+
+    # Get the registration form
+    def GET(self):
+        return render.register(self.register_form)
+
+    # Register new user in database
+    def POST(self):
+        cursor = db.cursor()
+        query = ("INSERT INTO users VALUES ((%s), (%s))")
         data = web.input()
-        print("name:", data.username)
-        for user in friends:
-            if data.username == user[1] and data.password == user[2]:
-                session.username = data.username
-                return render.index(self.login_form, friends[:2])
+        cursor.execute(query, (data.username, data.password))
+        cursor.close()
+        return render.register(self.register_form)
 
 
 class logout:
 
+    # Kill session
     def GET(self):
         session.kill()
-        return "Logged out"
+        return "Logged Out"
 
 if __name__ == "__main__":
     app.run()
diff --git a/src/app/templates/index.html b/src/app/templates/index.html
index 8316f82..68d58bb 100644
--- a/src/app/templates/index.html
+++ b/src/app/templates/index.html
@@ -12,9 +12,11 @@ $def with (login_form, friends)
     <h1>Friends</h1>
 
     <img src="static/friends.jpeg" alt="Friends">
+    
+    <br>
+    <a href="register">Become A Friend</a>
 
-    <h3>Login, or become a friend!</h3>
-
+    <h3>Log In</h3>
     <form method="POST">
         $:login_form.render()
     </form> 
diff --git a/src/app/templates/register.html b/src/app/templates/register.html
new file mode 100644
index 0000000..18f898c
--- /dev/null
+++ b/src/app/templates/register.html
@@ -0,0 +1,17 @@
+$def with (register_form)
+
+<head>
+    <title>Friends</title>
+    <meta charset="utf-8">
+    <link rel="stylesheet" type="text/css" href="static/stylesheet.css">
+
+</head>
+
+<body>
+    <h2>Become a friend!</h2>
+    <form method="POST">
+        $:register_form.render()
+    </form>
+</body>
+
+<footer></footer>
\ No newline at end of file