6 年前 · 4d85f51209
--- a/src/app/models/user.py
+++ b/src/app/models/user.py
@@ -0,0 +1,70 @@
 from models.database import db

 def get_users():
    """
    Retreive all registrered users from the database
        :return: users
    """
    db.connect()
    cursor = db.cursor()
    query = ("SELECT userid, username from users")
    cursor.execute(query)
    users = cursor.fetchall()
    cursor.close()
    return users

 def get_user_id_by_name(username):
    """
    Get the id of the unique username
        :param username: Name of the user
        :return: The id of the user
    """
    db.connect()
    cursor = db.cursor()
    query = ("SELECT userid from users WHERE username =\"" + username + "\"")
    cursor.execute(query)
    try:
        userid = cursor.fetchall()[0][0]
    except:
        userid = None
    cursor.close()
    return userid

 def get_user_name_by_id(userid):
    """
    Get username from user id
        :param userid: The id of the user
        :return: The name of the user
    """
    db.connect()
    cursor = db.cursor()
    query = ("SELECT username from users WHERE userid =\"" + userid + "\"")
    cursor.execute(query)
    try:
        username = cursor.fetchall()[0][0]
    except:
        username = None
    cursor.close()
    return username

 def match_user(username, password):
    """
    Check if user credentials are correct, return if exists

        :param username: The user attempting to authenticate
        :param password: The corresponding password
        :type username: str
        :type password: str
        :return: user
    """
    db.connect()
    cursor = db.cursor()
    query = ("SELECT userid, username from users where username = \"" + username + 
            "\" and password = \"" + password + "\"")
    cursor.execute(query)
    try:
        user = cursor.fetchall()[0]
    except:
        user = None
    cursor.close()
    return user
--- a/src/app/views/app.py
+++ b/src/app/views/app.py
@@ -4,7 +4,6 @@ from views.utils import get_nav_bar
 from views.login import Login
 from views.logout import Logout
 from views.register import Register
 from views.admin import Admin
 from views.new_project import New_project
 from views.open_projects import Open_projects
 from views.project import Project
@@ -20,7 +19,6 @@ urls = (
    '/new_project', 'New_project',
    '/open_projects', 'Open_projects',
    '/project', 'Project',
    '/admin', 'Admin',
    '/apply', 'Apply',
 )
                              
--- a/src/app/views/apply.py
+++ b/src/app/views/apply.py
@@ -1,6 +1,6 @@
 import web
 import models.project
 from models.login import get_user_name_by_id
 from models.user import get_user_name_by_id
 from views.utils import get_nav_bar, get_element_count
 from views.forms import get_apply_form, get_apply_permissions_form

--- a/src/app/views/forms.py
+++ b/src/app/views/forms.py
@@ -1,6 +1,6 @@
 from web import form
 from models.project import get_categories 
 from models.login import get_users, get_user_id_by_name
 from models.user import get_users, get_user_id_by_name


 # Regex for input validation
--- a/src/app/views/login.py
+++ b/src/app/views/login.py
@@ -1,6 +1,6 @@
 import web
 from views.forms import login_form
 import models.login
 import models.user
 from views.utils import get_nav_bar
 import os, hmac, base64, pickle
 import hashlib
@@ -39,7 +39,7 @@ class Login():

        # Validate login credential with database query
        password_hash = hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest()
        user = models.login.match_user(data.username, password_hash)
        user = models.user.match_user(data.username, password_hash)
        
        # If there is a matching user/password in the database the user is logged in
        if user:
@@ -81,7 +81,7 @@ class Login():

        # If the users signed cookie matches the host signature then log in
        if self.sign_username(username) == sign:
            userid = models.login.get_user_id_by_name(username)
            userid = models.user.get_user_id_by_name(username)
            self.login(username, userid, False)

    def rememberme(self):
--- a/src/app/views/new_project.py
+++ b/src/app/views/new_project.py
@@ -2,7 +2,7 @@ import web
 from web import form
 from views.forms import get_task_form_elements, get_project_form_elements, get_user_form_elements, project_buttons
 import models.project
 import models.login
 import models.user
 from views.utils import get_nav_bar, get_element_count

 # Get html templates
@@ -74,7 +74,7 @@ class New_project:

            # Validate the input user names
            for i in range(0, user_count):
                if len(data["user_name_"+str(i)]) and not models.login.get_user_id_by_name(data["user_name_"+str(i)]):    
                if len(data["user_name_"+str(i)]) and not models.user.get_user_id_by_name(data["user_name_"+str(i)]):    
                    return render.new_project(nav, project_form, project_buttons,  "Invalid user: " + data["user_name_"+str(i)])

            # Save the project to the database
@@ -89,7 +89,7 @@ class New_project:
            # Save the users in the database given that the input field is not empty
            for i in range(0, user_count):
                    if len(data["user_name_"+str(i)]):
                        userid = models.login.get_user_id_by_name(data["user_name_"+str(i)])
                        userid = models.user.get_user_id_by_name(data["user_name_"+str(i)])
                        read, write, modify = "FALSE", "FALSE", "FALSE"
                        try:
                            data["read_permission_"+str(i)]
--- a/src/app/views/register.py
+++ b/src/app/views/register.py
@@ -1,7 +1,7 @@
 import web
 from views.forms import register_form
 import models.register
 import models.login
 import models.user
 from views.utils import get_nav_bar
 import hashlib
 import re
@@ -37,7 +37,7 @@ class Register:
            return render.register(nav, register, "All fields must be valid.")

        # Check if user exists
        if models.login.get_user_id_by_name(data.username):
        if models.user.get_user_id_by_name(data.username):
            return render.register(nav, register, "Invalid user, already exists.")

        models.register.set_user(data.username,