from flask import Blueprint, render_template, request, redirect, url_for, session, jsonify import sqlite3 import hashlib import os auth_bp = Blueprint('auth', __name__) def get_db_connection(): conn = sqlite3.connect('pt_manager.db') conn.row_factory = sqlite3.Row return conn @auth_bp.route('/login', methods=['GET', 'POST']) def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] conn = get_db_connection() user = conn.execute('SELECT * FROM users WHERE username = ?', (username,)).fetchone() conn.close() if user and user['password_hash'] == password: # In production, use proper password hashing session['user_id'] = user['id'] session['username'] = user['username'] session['role'] = user['role'] return redirect(url_for('main.index')) else: return render_template('auth/login.html', error='Invalid credentials') return render_template('auth/login.html') @auth_bp.route('/logout') def logout(): session.clear() return redirect(url_for('auth.login')) @auth_bp.route('/change_password', methods=['GET', 'POST']) def change_password(): if 'user_id' not in session: return redirect(url_for('auth.login')) if request.method == 'POST': current_password = request.form['current_password'] new_password = request.form['new_password'] confirm_password = request.form['confirm_password'] if new_password != confirm_password: return render_template('auth/change_password.html', error='New passwords do not match') conn = get_db_connection() user = conn.execute('SELECT * FROM users WHERE id = ?', (session['user_id'],)).fetchone() if user and user['password_hash'] == current_password: # In production, use proper password hashing conn.execute('UPDATE users SET password_hash = ? WHERE id = ?', (new_password, session['user_id'])) conn.commit() conn.close() return redirect(url_for('main.index')) else: conn.close() return render_template('auth/change_password.html', error='Current password is incorrect') return render_template('auth/change_password.html')