5 files changed, 54 insertions, 41 deletions

diff --git a/createdb.py b/createdb.py
new file mode 100644
index 0000000..7f50807
--- /dev/null
+++ b/createdb.py
@@ -0,0 +1,17 @@
+import sqlite3
+from argparse import ArgumentParser
+
+if __name__ == "__main__":
+    arg_parser = ArgumentParser()
+    arg_parser.add_argument("-d", "--database", help="Name of the database file",
+                            required=True)
+    arg_parser.add_argument("-s", "--schema", help="File containing the db schema",
+                            required=True)
+    args = arg_parser.parse_args()
+
+    conn = sqlite3.connect(args.database)
+    c = conn.cursor()
+    schema = open(args.schema)
+    c.executescript( schema.read() )
+    conn.commit()
+    c.close()
diff --git a/famille.db b/famille.db
deleted file mode 100644
index 5092263..0000000
--- a/famille.db
+++ /dev/null
diff --git a/famille.py b/famille.py
index 4c0f2e3..5a09c5e 100644
--- a/famille.py
+++ b/famille.py
@@ -3,6 +3,7 @@ import sqlite3
 #all the imports
 from flask import Flask, request, session, g, redirect, url_for, \
 	 abort, render_template, flash, _app_ctx_stack
+from functools import wraps
 import hashlib
 
 # configuration
@@ -10,68 +11,58 @@ app = Flask(__name__)
 app.config.from_envvar('CONF')
 
 def connect_db():
-	return sqlite3.connect(app.config['DATABASE'])
-
-def init_db():
-    """Creates the database tables."""
-    with app.app_context():
-        db = get_db()
-        db.row_factory = sqlite3.Row
-        with app.open_resource('schema.sql') as f:
-            db.cursor().executescript(f.read())
-        db.commit()
-
-def get_db():
-    """Opens a new database connection if there is none yet for the
-    current application context.
-    """
-    top = _app_ctx_stack.top
-    if not hasattr(top, 'sqlite_db'):
-        top.sqlite_db = sqlite3.connect(app.config['DATABASE'])
-    return top.sqlite_db
+    conn = sqlite3.connect(app.config['DATABASE'])
+    conn.row_factory = sqlite3.Row 
+    return conn
 
 def query_db(query, args=(), one=False):
-    cur = get_db().execute(query, args)
-    rv = cur.fetchall()
+    cur = g.db.execute(query, args)
+    rv = cur.fetchone() if one else cur.fetchall()
     cur.close()
-    return (rv[0] if rv else None) if one else rv
+    return rv
+
+@app.before_request
+def before_request():
+    g.db = connect_db()
 
 @app.teardown_appcontext
 def close_db_connection(exception):
     """Closes the database again at the end of the request."""
-    top = _app_ctx_stack.top
-    if hasattr(top, 'sqlite_db'):
-        top.sqlite_db.close()
+    g.db.close()
 
+def login_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if 'username' not in session:
+            return redirect(url_for('login', next=request.url))
+        return f(*args, **kwargs)
+    return decorated_function
 
 @app.route('/')
+@login_required
 def main():
-    try:
-        if session['logged_in']:
-            return redirect(url_for('nouvelles'))
-        else:
-            return redirect(url_for('login'))
-    except KeyError:
-        return redirect(url_for('login'))
+    return redirect(url_for('show_news'))
 
 @app.route('/nouvelles')
 def show_news():
-    pass
+    return render_template("toto.html")
 
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     error = None
     if request.method == 'POST':
-        #TODO: do something better, maybe scrypt
-        if query_db('select * from users where user = ? and password = ?',
-            (request.form['username'],
-            hashlib.md5(request.form['password']).hexdigest())):
-            session['logged_in'] = True
-            return redirect(url_for('nouvelles'))
+        username = request.form['username']
+        password = hashlib.md5(request.form['password']).hexdigest();
+        user = query_db('select * from users where name = ?', (username,), True)
+        if user:
+            if user['password'] == password:
+                session['name'] = user['name']
+                return redirect(url_for('show_news'))
+            else:
+                error = u'Mot de passe incorrect'
         else:
             error = u'Utilisateur non enregistré'
     return render_template('login.html', error=error)
 
 if __name__=="__main__":
-    init_db()
     app.run()
diff --git a/schema.sql b/schema.sql
index 3c3231f..15787e6 100644
--- a/schema.sql
+++ b/schema.sql
@@ -1,6 +1,6 @@
 drop table if exists users;
 create table users (
     id integer primary key autoincrement,
-    user string not null,
+    name string not null,
     password string not null
 );
diff --git a/templates/toto.html b/templates/toto.html
new file mode 100644
index 0000000..cfe9772
--- /dev/null
+++ b/templates/toto.html
@@ -0,0 +1,5 @@
+{% extends "layout.html" %}
+{% block content %}
+    salut
+{% endblock %}
+