`from flask import Flask, request, redirect, session, flash
import bcrypt
import mysql.connector
app = Flask(name)
app.secret_key = "secret"
CREATE CONNECTION (important: autocommit OFF, we handle it)
conn = mysql.connector.connect(
host="localhost",
user="root",
password="password",
database="your_db"
)
QUERY FUNCTION (FIXED)
def q(sql, params=(), one=False, write=False):
cur = conn.cursor(dictionary=True)
cur.execute(sql, params)
if write:
conn.commit() # ✅ ensure commit
cur.close()
return True
result = cur.fetchone() if one else cur.fetchall()
cur.close()
return result
@app.route('/login', methods=['POST'])
def login():
user = q(
"SELECT * FROM users WHERE email=%s",
(request.form['email'],),
one=True
)
if user:
# DEBUG check (optional)
print("DB HASH:", user['password_hash'])
if user and bcrypt.checkpw(
request.form['password'].encode(),
user['password_hash'].encode()
):
session['uid'] = user['id']
session['name'] = f"{user['first_name']} {user['last_name']}"
session['role'] = user['role']
return redirect('/')
flash('Invalid credentials', 'error')
return redirect('/')
@app.route('/register', methods=['POST'])
def register():
hashed = bcrypt.hashpw(
request.form['password'].encode(),
bcrypt.gensalt()
).decode()
try:
q(
"INSERT INTO users(first_name,last_name,email,password_hash,role) VALUES(%s,%s,%s,%s,%s)",
(
request.form['first_name'],
request.form['last_name'],
request.form['email'],
hashed,
'customer'
),
write=True
)
print("USER INSERTED") # ✅ debug
except Exception as e:
print("ERROR:", e) # ✅ SHOW REAL ERROR
flash('Email taken or DB error', 'error')
return redirect('/')
flash('Account created', 'success')
return redirect('/')
@app.route('/logout')
def logout():
session.clear()
return redirect('/')`
Top comments (0)