@app.get("/api/user/profile")defget_profile():conn,cursor=get_cursor()try:user_id=request.args.get("userId")ifnotuser_id:returnjsonify({"success":False,"message":"Missing userId"}),400cursor.execute("""
SELECT id, firstName, lastName, email, phone, userPoints
FROM users
WHERE id = %s
""",(user_id,))user=cursor.fetchone()ifnotuser:returnjsonify({"success":False,"message":"User not found"}),404returnjsonify({"success":True,"user":user}),200exceptExceptionase:print("PROFILE ERROR:",e)returnjsonify({"success":False,"message":"Server error"}),500finally:cursor.close()conn.close()
fromflaskimportFlask,jsonify,requestfromflask_corsimportCORSfromwerkzeug.securityimportgenerate_password_hash,check_password_hashimportmysql.connectorimportosfromdotenvimportload_dotenvload_dotenv()app=Flask(__name__)CORS(app)# ---------- DB CONNECTION ----------
defget_cursor():conn=mysql.connector.connect(host=os.getenv("DB_HOST","localhost"),port=int(os.getenv("DB_PORT",3306)),user=os.getenv("DB_USER"),password=os.getenv("DB_PASSWORD"),database=os.getenv("DB_NAME","task_db"))returnconn,conn.cursor(dictionary=True)# ---------- REGISTER ----------
@app.post("/api/register")defregister():conn,cursor=get_cursor()try:data=request.jsonor{}firstName=data.get("firstName","").strip()lastName=data.get("lastName","").strip()email=data.get("email","").strip()password=data.get("password","").strip()confirmPassword=data.get("confirmPassword","").strip()# Validation
ifnotfirstName:returnjsonify({"success":False,"message":"First name is required."}),400ifnotlastName:returnjsonify({"success":False,"message":"Last name is required."}),400ifnotemail:returnjsonify({"success":False,"message":"Email is required."}),400ifnotpassword:returnjsonify({"success":False,"message":"Password is required."}),400iflen(password)<8:returnjsonify({"success":False,"message":"Password must be at least 8 characters."}),400ifpassword!=confirmPassword:returnjsonify({"success":False,"message":"Passwords do not match."}),400# Check duplicate email
cursor.execute("SELECT id FROM user WHERE email = %s",(email,))ifcursor.fetchone():returnjsonify({"success":False,"message":"Email already registered."}),400# Hash password before storing
hashed_password=generate_password_hash(password)# Insert new user (role_id 2 = customer)
cursor.execute("""
INSERT INTO user (role_id, firstName, lastName, email, password_hash)
VALUES (%s, %s, %s, %s, %s)
""",(2,firstName,lastName,email,hashed_password))conn.commit()# Get new user ID
cursor.execute("SELECT LAST_INSERT_ID() AS id")new_user=cursor.fetchone()returnjsonify({"success":True,"message":"User registered successfully!","user":{"id":new_user["id"]}}),200exceptExceptionase:conn.rollback()print("REGISTER ERROR:",e)returnjsonify({"success":False,"message":"Server error"}),500finally:cursor.close()conn.close()# ---------- LOGIN ----------
@app.post("/api/login")deflogin():conn,cursor=get_cursor()try:data=request.jsonor{}email=data.get("email","").strip()password=data.get("password","").strip()# Validation
ifnotemail:returnjsonify({"success":False,"message":"Email is required."}),400ifnotpassword:returnjsonify({"success":False,"message":"Password is required."}),400cursor.execute("SELECT * FROM user WHERE email = %s",(email,))user=cursor.fetchone()ifnotuser:returnjsonify({"success":False,"message":"Email not found."}),400# Check hashed password
ifnotcheck_password_hash(user["password_hash"],password):returnjsonify({"success":False,"message":"Incorrect password."}),400returnjsonify({"success":True,"message":"Login successful.","user":{"id":user["id"],"firstName":user["firstName"],"lastName":user["lastName"],"email":user["email"],"phone":user.get("phone"),}}),200exceptExceptionase:print("LOGIN ERROR:",e)returnjsonify({"success":False,"message":"Server error"}),500finally:cursor.close()conn.close()# ---------- GET PROFILE ----------
@app.get("/api/user/profile")defget_profile():conn,cursor=get_cursor()try:user_id=request.args.get("userId")ifnotuser_id:returnjsonify({"success":False,"message":"Missing userId"}),400cursor.execute("""
SELECT id, firstName, lastName, email, phone
FROM user
WHERE id = %s
""",(user_id,))user=cursor.fetchone()ifnotuser:returnjsonify({"success":False,"message":"User not found"}),404returnjsonify({"success":True,"user":user}),200exceptExceptionase:print("PROFILE ERROR:",e)returnjsonify({"success":False,"message":"Server error"}),500finally:cursor.close()conn.close()# ---------- UPDATE PROFILE ----------
@app.post("/api/user/update")defupdate_profile():conn,cursor=get_cursor()try:data=request.jsonor{}user_id=data.get("userId")ifnotuser_id:returnjsonify({"success":False,"message":"Missing userId"}),400firstName=data.get("firstName","").strip()lastName=data.get("lastName","").strip()email=data.get("email","").strip()phone=data.get("phone","").strip()ifnotfirstName:returnjsonify({"success":False,"message":"First name is required."}),400ifnotlastName:returnjsonify({"success":False,"message":"Last name is required."}),400ifnotemail:returnjsonify({"success":False,"message":"Email is required."}),400# Check if new email is taken by another user
cursor.execute("SELECT id FROM user WHERE email = %s AND id != %s",(email,user_id))ifcursor.fetchone():returnjsonify({"success":False,"message":"Email already in use."}),400cursor.execute("""
UPDATE user
SET firstName=%s, lastName=%s, email=%s, phone=%s
WHERE id=%s
""",(firstName,lastName,email,phone,user_id))conn.commit()returnjsonify({"success":True,"message":"Profile updated"}),200exceptExceptionase:conn.rollback()print("UPDATE ERROR:",e)returnjsonify({"success":False,"message":"Server error"}),500finally:cursor.close()conn.close()if__name__=="__main__":app.run(debug=True)
Top comments (0)
Subscribe
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Top comments (0)