Code cleanup. Login is now functional.

There is a script createdb.py to create the db from the schema.sql file

1 files changed, 31 insertions, 40 deletions

diff --git a/famille.py b/famille.py
index 4c0f2e3..5a09c5e 100644
--- a/famille.py
+++ b/famille.py
@@ -3,6 +3,7 @@ import sqlite3
 #all the imports
 from flask import Flask, request, session, g, redirect, url_for, \
 	 abort, render_template, flash, _app_ctx_stack
+from functools import wraps
 import hashlib
 
 # configuration
@@ -10,68 +11,58 @@ app = Flask(__name__)
 app.config.from_envvar('CONF')
 
 def connect_db():
-	return sqlite3.connect(app.config['DATABASE'])
-
-def init_db():
-    """Creates the database tables."""
-    with app.app_context():
-        db = get_db()
-        db.row_factory = sqlite3.Row
-        with app.open_resource('schema.sql') as f:
-            db.cursor().executescript(f.read())
-        db.commit()
-
-def get_db():
-    """Opens a new database connection if there is none yet for the
-    current application context.
-    """
-    top = _app_ctx_stack.top
-    if not hasattr(top, 'sqlite_db'):
-        top.sqlite_db = sqlite3.connect(app.config['DATABASE'])
-    return top.sqlite_db
+    conn = sqlite3.connect(app.config['DATABASE'])
+    conn.row_factory = sqlite3.Row 
+    return conn
 
 def query_db(query, args=(), one=False):
-    cur = get_db().execute(query, args)
-    rv = cur.fetchall()
+    cur = g.db.execute(query, args)
+    rv = cur.fetchone() if one else cur.fetchall()
     cur.close()
-    return (rv[0] if rv else None) if one else rv
+    return rv
+
+@app.before_request
+def before_request():
+    g.db = connect_db()
 
 @app.teardown_appcontext
 def close_db_connection(exception):
     """Closes the database again at the end of the request."""
-    top = _app_ctx_stack.top
-    if hasattr(top, 'sqlite_db'):
-        top.sqlite_db.close()
+    g.db.close()
 
+def login_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if 'username' not in session:
+            return redirect(url_for('login', next=request.url))
+        return f(*args, **kwargs)
+    return decorated_function
 
 @app.route('/')
+@login_required
 def main():
-    try:
-        if session['logged_in']:
-            return redirect(url_for('nouvelles'))
-        else:
-            return redirect(url_for('login'))
-    except KeyError:
-        return redirect(url_for('login'))
+    return redirect(url_for('show_news'))
 
 @app.route('/nouvelles')
 def show_news():
-    pass
+    return render_template("toto.html")
 
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     error = None
     if request.method == 'POST':
-        #TODO: do something better, maybe scrypt
-        if query_db('select * from users where user = ? and password = ?',
-            (request.form['username'],
-            hashlib.md5(request.form['password']).hexdigest())):
-            session['logged_in'] = True
-            return redirect(url_for('nouvelles'))
+        username = request.form['username']
+        password = hashlib.md5(request.form['password']).hexdigest();
+        user = query_db('select * from users where name = ?', (username,), True)
+        if user:
+            if user['password'] == password:
+                session['name'] = user['name']
+                return redirect(url_for('show_news'))
+            else:
+                error = u'Mot de passe incorrect'
         else:
             error = u'Utilisateur non enregistré'
     return render_template('login.html', error=error)
 
 if __name__=="__main__":
-    init_db()
     app.run()