pr-request-testing/app.py at main · periyavicky06/pr-request-testing · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
from flask import Flask, render_template, request, flash, jsonify, redirect, url_for, session
import secrets
import mysql.connector
import hashlib
from dotenv import load_dotenv
import os

app = Flask(__name__)

# ---- Load environment variables ----
load_dotenv()

# ---- Set secret key (for session + flash) ----
# ✅ For production, store this key in .env file (SECRET_KEY=your_random_key)
app.secret_key = os.getenv("SECRET_KEY") or secrets.token_hex(16)

# ---- Database connection function ----
def get_db_connection():
    return mysql.connector.connect(
        host=os.getenv("DB_HOST"),
        user=os.getenv("DB_USER"),
        password=os.getenv("DB_PASSWORD"),
        database=os.getenv("DB_NAME")
    )

# -------------------------------
# LOGIN ROUTE
# -------------------------------
@app.route("/")
@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        identifier = request.form.get("identifier")  # username or email
        password = request.form.get("password")

        # ✅ Check input validity
        if not identifier or not password:
            flash("Please enter username/email and password ❗", "error")
            return redirect(url_for("login"))

        conn = None
        cursor = None
        try:
            conn = get_db_connection()
            cursor = conn.cursor(dictionary=True)

            # ✅ Search by username or email
            cursor.execute(
                "SELECT * FROM users WHERE username = %s OR email = %s",
                (identifier, identifier)
            )
            user = cursor.fetchone()

            if not user:
                flash("No account found with that username or email 📧", "error")
                return redirect(url_for("login"))

            # ✅ Password check
            hashed_input = hashlib.sha256(password.encode()).hexdigest()
            if hashed_input == user["password"]:
                session["user_id"] = user["id"]
                session["username"] = user["username"]
                flash(f"Welcome back, {user['username']} 👋", "success")
                return redirect(url_for("dashboard"))
            else:
                flash("Incorrect password ❌", "error")

        except mysql.connector.Error as err:
            flash(f"Database Error: {err}", "error")

        finally:
            if cursor:
                cursor.close()
            if conn:
                conn.close()

    return render_template("login.html")

# -------------------------------
# SIGNUP ROUTE
# -------------------------------
@app.route("/signup", methods=["GET", "POST"])
def signup():
    if request.method == "POST":
        username = request.form.get("username")
        email = request.form.get("email")
        password = request.form.get("password")
        c_password = request.form.get("ConfirmPassword")

        if password != c_password:
            flash("Password is Mismatch !!!", "error")
            return redirect(url_for("signup", username=username, email=email))

        conn = None
        cursor = None
        try:
            conn = get_db_connection()
            cursor = conn.cursor()

            random_id = secrets.randbelow(900000) + 100000
            hashed = hashlib.sha256(password.encode()).hexdigest()

            sql = "INSERT INTO users (id, username, email, password) VALUES (%s, %s, %s, %s)"
            cursor.execute(sql, (random_id, username, email, hashed))
            conn.commit()

            flash("Account created successfully ✅", "success")
            return redirect(url_for("login"))

        except mysql.connector.Error as err:
            flash(f"Database Error: {err}", "error")

        finally:
            if cursor:
                cursor.close()
            if conn:
                conn.close()

    username = request.args.get("username", "")
    email = request.args.get("email", "")
    return render_template("signup.html", username=username, email=email)

# -------------------------------
# DASHBOARD (after login)
# -------------------------------
@app.route("/dashboard")
def dashboard():
    return render_template('index.html')

# -------------------------------
# LOGOUT
# -------------------------------
@app.route("/logout")
def logout():
    session.clear()
    flash("Logged out successfully 👋", "success")
    return redirect(url_for("login"))

# -------------------------------
# MAIN
# -------------------------------
if __name__ == "__main__":
    app.run(port=4000, debug=True)