Tidying up SQL

SQL statement cleanup
Moving SQL statements
2020-12-11 10:51:21 +08:00 · 2020-12-11 10:31:57 +08:00 · 2020-12-11 10:14:23 +08:00 · 2020-12-11 10:08:14 +08:00 · 2020-12-11 09:55:29 +08:00 · 2020-12-11 09:45:18 +08:00
6 changed files with 251 additions and 124 deletions
--- a/main.py
+++ b/main.py
@ -23,48 +23,36 @@ app.register_blueprint(routes)
@app.route('/hkfc-d/vote-chart', methods=['GET', 'POST'])
 def hkfc_d_vote_chart():
    form = LoginForm()
-    print('Here we are')
+    user_lookup = "SELECT username FROM hockeyUsers WHERE (username= '" + form.username.data + "')"
    if form.validate_on_submit():
-        sql = "SELECT username FROM hockeyUsers WHERE (username= '" + form.username.data + "')"
-        print(sql)
-        rows = sql_read(sql)
-        print(rows)
+        rows = sql_read(user_lookup)
        return redirect(url_for('/hkfc-d/voting'))
-#    return '<h1>Something went wrong there</h1>'
-
-    return render_template('hkfc-d/login-vote.html', form=form)
+    else:
+        return render_template('hkfc-d/login-vote.html', form=form)

@app.route('/login', methods=['GET', 'POST'])
 def login():
    form = LoginForm()
-    print('Here we are')
+    user_lookup = "SELECT username FROM hockeyUsers WHERE (username= '" + form.username.data + "')"
    if form.validate_on_submit():
-        sql = "SELECT username FROM hockeyUsers WHERE (username= '" + form.username.data + "')"
-        print(sql)
-        rows = sql_write(sql)
-        print(rows)
-        print(rows[0])
+        rows = sql_write(user_lookup)
        return redirect(url_for('/hkfc-d/voting'))
    else:
        return 'Something went wrong'
-#    return '<h1>Something went wrong there</h1>'
    return render_template('login.html', form=form)

@app.route('/register', methods=['GET', 'POST'])
 def register():
    form = RegisterForm()
+    user_create = "INSERT INTO hockeyUsers (username, email, password) VALUES ('" + form.username.data + "', '" + form.email.data + "', '" + hashed_password + "')"
    if form.validate_on_submit():
        salt = uuid.uuid4().hex
        hashed_password = hashlib.sha512(form.password.data + salt).hexdigest()
-
-        sql = "INSERT INTO hockeyUsers (username, email, password) VALUES ('" + form.username.data + "', '" + form.email.data + "', '" + hashed_password + "')"
-        print(sql)
        db = write_cloudsql()
        cursor = db.cursor()
-        cursor.execute(sql)
+        cursor.execute(user_create)
        db.commit()
        return '<h2>New user has been created!</h2>'
-
    return render_template('register.html', form=form)

 if __name__ == "__main__":
--- a/routes/_convenor.py
+++ b/routes/_convenor.py
@ -17,11 +17,9 @@ basic_auth = BasicAuth(app)


@routes.route('/convenor/clubList')
-@basic_auth.required
 def convenorListClub():
-    sql = "SELECT club, team, league from _clubTeams ORDER BY club, team"
-    rows = sql_read(sql)
-    print(rows)
+    clubTeam_lookup = "SELECT club, team, league from _clubTeams ORDER BY club, team"
+    rows = sql_read(clubTeam_lookup)
    table = clubList(rows)
    table.border = True
    table.classes = ['table-striped', 'table-condensed', 'table-hover']
@ -29,92 +27,84 @@ def convenorListClub():


@routes.route('/convenor/clubAdd')
-@basic_auth.required
 def convenorAddClub():
    form = addClubForm()
    return render_template('_convenorClubAdd.html', form = form)

@routes.route('/convenor/clubAddResult', methods=['POST'])
-@basic_auth.required
 def convenorAddClubResult():
    try:
        _club = request.form['clubName']
+        club_lookup = "SELECT club FROM _clubTeams WHERE club='" + _club + "' GROUP BY club"
+        club_create = "INSERT INTO _clubTeams (club, team) VALUES ('" + _club + "', 'A')"
+
        # validate that this data has been entered
        if _club and request.method == 'POST':
-            sql = "SELECT club FROM _clubTeams WHERE club='" + _club + "' GROUP BY club"
-            clubExist = sql_read(sql)
+            clubExist = sql_read(club_lookup)
            if clubExist:
                return 'Club already exists - try adding a team instead'
            else:
-                sql2 = "INSERT INTO _clubTeams (club, team) VALUES ('" + _club + "', 'A')"
-                sql_write(sql2)
+                sql_write(club_create)
                return render_template('_convenorClubAddResults.html', data=_club)
    except Exception as e:
        print(e)

-
@routes.route('/convenor/teamAdd')
-@basic_auth.required
 def convenorAddTeam():
-    sql = "SELECT club FROM _clubTeams GROUP BY club ORDER BY club"
-    clubs = sql_read(sql)
+    clubs_query = "SELECT club FROM _clubTeams GROUP BY club ORDER BY club"
+    clubs = sql_read(clubs_query)
    form = addTeamForm()
    return render_template('_convenorTeamAdd.html', data=clubs, form=form)

@routes.route('/convenor/teamAddResult', methods=['POST'])
-@basic_auth.required
 def convenorAddTeamResult():
    try:
        _club = request.form['clubName']
        _team = request.form['teamName']
+        clubTeam_lookup = "SELECT club, team FROM _clubTeams WHERE club='" + _club + "' AND team='" + _team + "'"
+        clubTeam_create = "INSERT INTO _clubTeams (club, team) VALUES ('" + _club + "', '" + _team + "')"
        if _club and _team and request.method == 'POST':
-            sql = "SELECT club, team FROM _clubTeams WHERE club='" + _club + "' AND team='" + _team + "'"
-            teamExist = sql_read(sql)
+            teamExist = sql_read(clubTeam_lookup)
            if teamExist:
                return 'Team already exists in the database'
            else:
-                sql2 = "INSERT INTO _clubTeams (club, team) VALUES ('" + _club + "', '" + _team + "')"
-                sql_write(sql2)
+                sql_write(clubTeam_create)
                return render_template('_convenorTeamAddResults.html', club=_club, team=_team)
    except Exception as e:
        print(e)


@routes.route('/convenor/playerDbCreate')
-@basic_auth.required
 def playerDbCreate():
-    sql = "SELECT club FROM _clubTeams GROUP BY club ORDER BY club"
-    clubs = sql_read(sql)
+    club_lookup = "SELECT club FROM _clubTeams GROUP BY club ORDER BY club"
+    clubs = sql_read(club_lookup)
    form = playerDbCreateForm()
    return render_template('_convenorPlayerDbCreate.html', data=clubs, form=form)

@routes.route('/convenor/playerDbCreateResults', methods=['POST'])
-@basic_auth.required
 def playerDbCreateResults():
    try:
        _club = request.form['clubName']
 #        _year = request.form['year']
        _year = "2018"
+        playerTable_create = "CREATE TABLE IF NOT EXISTS _" + _club + "_players (playerTeam varchar(6) NOT NULL, playerForenames varchar(50) NOT NULL, playerSurname varchar(30) NOT NULL, playerNickName varchar(30), playerChineseName varchar(10) CHARACTER SET utf8, playerEmail varchar(255) NOT NULL, playerDob DATE NOT NULL, playerHkid varchar(20) NOT NULL, playerNumber smallint NOT NULL, playerTelNumber varchar(30) NOT NULL, PRIMARY KEY (playerNumber))"
        if _club and request.method == 'POST':
-            sql = "CREATE TABLE IF NOT EXISTS _" + _club + "_players (playerTeam varchar(6) NOT NULL, playerForenames varchar(50) NOT NULL, playerSurname varchar(30) NOT NULL, playerNickName varchar(30), playerChineseName varchar(10) CHARACTER SET utf8, playerEmail varchar(255) NOT NULL, playerDob DATE NOT NULL, playerHkid varchar(20) NOT NULL, playerNumber smallint NOT NULL, playerTelNumber varchar(30) NOT NULL, PRIMARY KEY (playerNumber))"
-            sql_write(sql)
+            sql_write(playerTable_create)
            return render_template('_convenorPlayerDbCreateResults.html', club=_club, year=_year)
    except Exception as e:
        print(e)


@routes.route('/convenor/playerAdd')
-@basic_auth.required
 def convenorAddPlayer():
-    sql = "SELECT hockeyClub, logoURL FROM mensHockeyClubs ORDER BY hockeyClub"
-    clubs = sql_read_static(sql)
+    clubLogo_lookup = "SELECT hockeyClub, logoURL FROM mensHockeyClubs ORDER BY hockeyClub"
+    clubs = sql_read_static(clubLogo_lookup)
    form = addPlayerForm()
    form.playerClub.choices = [(club['hockeyClub'], club['hockeyClub']) for club in clubs]
    clubLogo = clubs[0]['logoURL']
    return render_template('_convenorPlayerAdd.html', form=form, clubLogo=clubLogo)

@routes.route('/convenor/playerAddResult', methods=['POST'])
-@basic_auth.required
 def convenorAddPlayerResult():
    try:
 #        _year = request.form['year']
@ -132,30 +122,28 @@ def convenorAddPlayerResult():
        _playerHkid = request.form['playerHkid']
        _playerNumber = request.form['playerNumber']
        _playerTelNumber = request.form['playerTelNumber']
+        playerRecord_create = "INSERT INTO _" + _club + "_players (playerTeam, playerForenames, playerSurname, playerNickname, playerEmail, playerDob, playerHkid, playerNumber, playerTelNumber) VALUES ('" + _team + "', '" + _playerForename + "', '" + _playerSurname + "', '" + _playerNickname + "', '" + _playerEmail + "', '" + _playerDob + "', '" + _playerHkid + "', '" + _playerNumber + "', '" + _playerTelNumber + "')"
        if _team and _playerSurname and _playerHkid and _playerNumber and request.method == 'POST':
-            sql = "INSERT INTO _" + _club + "_players (playerTeam, playerForenames, playerSurname, playerNickname, playerEmail, playerDob, playerHkid, playerNumber, playerTelNumber) VALUES ('" + _team + "', '" + _playerForename + "', '" + _playerSurname + "', '" + _playerNickname + "', '" + _playerEmail + "', '" + _playerDob + "', '" + _playerHkid + "', '" + _playerNumber + "', '" + _playerTelNumber + "')"
-            sql_write(sql)
+            sql_write(playerRecord_create)
            return render_template('_convenorPlayerAddResults.html', club=_club, firstname=_playerForename, nickname=_playerNickname, surname=_surname, shirt=_playerNumber)
    except Exception as e:
        print(e)


@routes.route('/convenor/squadList')
-@basic_auth.required
 def convenorSquadList():
-    sql = "SELECT team FROM _clubTeams WHERE club='HKFC' ORDER BY team"
-    teams = sql_read(sql)
+    team_lookup = "SELECT team FROM _clubTeams WHERE club='HKFC' ORDER BY team"
+    teams = sql_read(team_lookup)
    form = squadListForm()
    return render_template('_convenorSquadList.html', data=teams, form=form)

@routes.route('/convenor/squadListResults', methods=['POST'])
-@basic_auth.required
 def convenorSquadListResults():
    try:
        _team = request.form['teamName']
+        teamPlayer_lookup = "SELECT playerForenames, playerSurname, playerNickname, playerChineseName, playerEmail, playerDob, playerHkid, playerNumber, playerTelNumber FROM _HKFC_players WHERE (playerTeam='" + _team + "') ORDER BY playerNumber"
        # validate that this data has been entered
        if _team and request.method == 'POST':
-            sql = "SELECT playerForenames, playerSurname, playerNickname, playerChineseName, playerEmail, playerDob, playerHkid, playerNumber, playerTelNumber FROM _HKFC_players WHERE (playerTeam='" + _team + "') ORDER BY playerNumber"
            rows = sql_read(sql)
            table = convenorSquadListTable(rows)
            table.border = True
@ -168,14 +156,12 @@ def convenorSquadListResults():


@routes.route('/convenor/editPlayer', methods=['POST'])
-@basic_auth.required
 def convenorEditPlayer():
    _playerNumber = request.args['playerNumber']
-    sql = "SELECT playerTeam, playerForenames, playerSurname, playerNickname, playerChineseName, playerEmail, playerDob, playerHkid, playerNumber, playerTelNumber FROM _HKFC_players WHERE playerNumber='" + _playerNumber + "'"
-    sql2 = "SELECT hockeyClub, logoURL FROM mensHockeyClubs ORDER BY hockeyClub"
-    playerData = sql_read(sql)
-    print(playerData)
-    clubs = sql_read_static(sql2)
+    player_lookup = "SELECT playerTeam, playerForenames, playerSurname, playerNickname, playerChineseName, playerEmail, playerDob, playerHkid, playerNumber, playerTelNumber FROM _HKFC_players WHERE playerNumber='" + _playerNumber + "'"
+    clubLogo_lookup = "SELECT hockeyClub, logoURL FROM mensHockeyClubs ORDER BY hockeyClub"
+    playerData = sql_read(player_lookup)
+    clubs = sql_read_static(clubLogo_lookup)
    form = addPlayerForm()
    form.playerClub.choices = [(club['hockeyClub'], club['hockeyClub']) for club in clubs]
    form.playerForenames.data = playerData[0]['playerForenames']
@ -191,16 +177,14 @@ def convenorEditPlayer():


@routes.route('/convenor/deletePlayer', methods=['POST'])
-@basic_auth.required
 def convenorDeletePlayer():
    _playerNumber = request.args['playerNumber']
-    sql = "DELETE FROM _HKFC_players WHERE playerNumber=" + _playerNumber + ""
-    sql_write(sql)
+    player_delete = "DELETE FROM _HKFC_players WHERE playerNumber=" + _playerNumber + ""
+    sql_write(player_delete)
    return render_template('_hkfcPlayerDeleted.html', number=_playerNumber)


@routes.route('/convenor/editPlayerResult', methods=['POST'])
-@basic_auth.required
 def convenorEditPlayerResult():
    try:
        _club = request.form['playerClub']
@ -216,19 +200,18 @@ def convenorEditPlayerResult():
        _playerHkid = request.form['playerHkid']
        _playerNumber = request.form['playerNumber']
        _playerTelNumber = request.form['playerTelNumber']
+        player_update = "UPDATE _" + _club + "_players SET playerTeam='" + _team + "', playerForenames='" + _playerForename + "', playerSurname='" + _playerSurname + "', playerNickname='" + _playerNickname + "', playerEmail='" + _playerEmail + "', playerTelNumber='" + _playerTelNumber + "' WHERE playerHkid='" + _playerHkid + "'"
        if _team and _playerSurname and _playerHkid and _playerNumber and request.method == 'POST':
-            sql = "UPDATE _" + _club + "_players SET playerTeam='" + _team + "', playerForenames='" + _playerForename + "', playerSurname='" + _playerSurname + "', playerNickname='" + _playerNickname + "', playerEmail='" + _playerEmail + "', playerTelNumber='" + _playerTelNumber + "' WHERE playerHkid='" + _playerHkid + "'"
-            sql_write(sql)
+            sql_write(player_update)
            return render_template('_convenorEditPlayerResults.html', club=_club, firstname=_playerForename, nickname=_playerNickname, surname=_playerSurname, shirt=_playerNumber)
    except Exception as e:
        print(e)


@routes.route('/convenor/fixtureList')
-@basic_auth.required
 def convenorFixturesList():
-    sql = "SELECT date, division, homeTeam, awayTeam, venue, time, umpire1, umpire2 FROM hockeyFixtures"
-    rows = sql_read(sql)
+    fixtures_lookup = "SELECT date, division, homeTeam, awayTeam, venue, time, umpire1, umpire2 FROM hockeyFixtures"
+    rows = sql_read(fixtures_lookup)
    table = convenorFixtureList(rows)
    table.border = True
    table.classes = ['table-striped', 'table-condensed', 'table-hover']
--- a/routes/_hkfcD_motm.py
+++ b/routes/_hkfcD_motm.py
@ -3,14 +3,15 @@ import pymysql
 import os
 import json
 import datetime
-from datetime import datetime
-from flask import render_template, request, jsonify, flash
+from datetime import datetime, timedelta
+from flask import render_template, request, jsonify, flash, make_response
 from flask_basicauth import BasicAuth
 from app import app, randomUrlSuffix
 from readSettings import mySettings
 from dbWrite import sql_write, sql_write_static, sql_read, sql_read_static
 from tables import matchSquadTable, convenorFixtureList
 from forms import adminSettingsForm, motmForm, goalsAssistsForm, adminSettingsForm2
+from logging import warn, error
 from . import routes

 app.config['BASIC_AUTH_USERNAME'] = 'admin'
@ -19,10 +20,16 @@ basic_auth = BasicAuth(app)

@routes.route('/hkfc-d/motm/<randomUrlSuffix>')
 def hkfcD_motm_vote(randomUrlSuffix):
-    sql = "SELECT playerNumber, playerForenames, playerSurname, playerNickname FROM _hkfcD_matchSquad ORDER BY RAND()"
-    sql2 = "SELECT nextClub, nextTeam, nextDate, oppoLogo, hkfcLogo, currMotM, currDotD, nextFixture FROM hkfcDAdminSettings"
-    rows = sql_read(sql)
-    nextInfo = sql_read_static(sql2)
+    squadPlayer_lookup = "SELECT playerNumber, playerForenames, playerSurname, playerNickname FROM _hkfcD_matchSquad ORDER BY RAND()"
+    settings_lookup = "SELECT nextClub, nextTeam, nextDate, oppoLogo, hkfcLogo, currMotM, currDotD, nextFixture FROM hkfcDAdminSettings"
+    nextFixture_lookup = "SELECT hockeyResults2020.hockeyFixtures.date, hockeyResults.hkfcDAdminSettings.nextFixture FROM hockeyResults2020.hockeyFixtures INNER JOIN hockeyResults.hkfcDAdminSettings ON hockeyResults2020.hockeyFixtures.fixtureNumber = hockeyResults.hkfcDAdminSettings.nextFixture"
+    motmPicture_lookup = "SELECT playerPictureURL FROM _HKFC_players INNER JOIN hockeyResults.hkfcDAdminSettings ON _HKFC_players.playerNumber=hockeyResults.hkfcDAdminSettings.currMotM"
+    dotdPicture_lookup = "SELECT playerPictureURL FROM _HKFC_players INNER JOIN hockeyResults.hkfcDAdminSettings ON _HKFC_players.playerNumber=hockeyResults.hkfcDAdminSettings.currDotD"
+    comments_lookup = "SELECT comment FROM _motmComments INNER JOIN hockeyResults.hkfcDAdminSettings ON _motmComments.matchDate=hockeyResults.hkfcDAdminSettings.nextDate ORDER BY RAND() LIMIT 1"
+    urlSuffix_lookup = "SELECT motmUrlSuffix FROM hockeyResults.hkfcDAdminSettings WHERE userid='admin'"
+    
+    rows = sql_read(squadPlayer_lookup)
+    nextInfo = sql_read_static(settings_lookup)
    nextClub = nextInfo[0]['nextClub']
    nextTeam = nextInfo[0]['nextTeam']
    nextFixture = nextInfo[0]['nextFixture']
@ -31,27 +38,21 @@ def hkfcD_motm_vote(randomUrlSuffix):
    currMotM = nextInfo[0]['currMotM']
    currDotD = nextInfo[0]['currDotD']
    oppo = nextTeam
-    sql3 = "SELECT hockeyResults2020.hockeyFixtures.date, hockeyResults.hkfcDAdminSettings.nextFixture FROM hockeyResults2020.hockeyFixtures INNER JOIN hockeyResults.hkfcDAdminSettings ON hockeyResults2020.hockeyFixtures.fixtureNumber = hockeyResults.hkfcDAdminSettings.nextFixture"
-    nextMatchDate = sql_read(sql3)
+    nextMatchDate = sql_read(nextFixture_lookup)
    nextDate = nextMatchDate[0]['date']
    formatDate = datetime.strftime(nextDate, '%A, %d %B %Y')

-    sql3 = "SELECT playerPictureURL FROM _HKFC_players INNER JOIN hockeyResults.hkfcDAdminSettings ON _HKFC_players.playerNumber=hockeyResults.hkfcDAdminSettings.currMotM"
-    sql4 = "SELECT playerPictureURL FROM _HKFC_players INNER JOIN hockeyResults.hkfcDAdminSettings ON _HKFC_players.playerNumber=hockeyResults.hkfcDAdminSettings.currDotD"
-    motm = sql_read(sql3)
-    dotd = sql_read(sql4)
+    motm = sql_read(motmPicture_lookup)
+    dotd = sql_read(dotdPicture_lookup)
    motmURL = motm[0]['playerPictureURL']
    dotdURL = dotd[0]['playerPictureURL']

-    sql5 = "SELECT comment FROM _motmComments INNER JOIN hockeyResults.hkfcDAdminSettings ON _motmComments.matchDate=hockeyResults.hkfcDAdminSettings.nextDate ORDER BY RAND() LIMIT 1"
-    comment = sql_read(sql5)
+    comment = sql_read(comments_lookup)
    if comment == "":
        comment = "No comments added yet"
    form = motmForm()
-    sql6 = "SELECT motmUrlSuffix FROM hockeyResults.hkfcDAdminSettings WHERE userid='admin'"
-    urlSuff = sql_read_static(sql6)
+    urlSuff = sql_read_static(urlSuffix_lookup)
    randomSuff = urlSuff[0]['motmUrlSuffix']
-    print(randomSuff)
    if randomSuff == randomUrlSuffix:
        return render_template('_hkfcDMotmVote.html', data=rows, comment=comment, formatDate=formatDate, matchNumber=nextFixture, oppo=oppo, hkfcLogo=hkfcLogo, oppoLogo=oppoLogo, dotdURL=dotdURL, motmURL=motmURL, form=form)
    else:
@ -59,8 +60,8 @@ def hkfcD_motm_vote(randomUrlSuffix):

@routes.route('/hkfc-d/comments', methods=['GET', 'POST'])
 def hkfcd_match_comments():
-    sql = "SELECT nextClub, nextTeam, nextDate, oppoLogo, hkfcLogo FROM hkfcDAdminSettings"
-    row = sql_read_static(sql)
+    settings_lookup = "SELECT nextClub, nextTeam, nextDate, oppoLogo, hkfcLogo FROM hkfcDAdminSettings"
+    row = sql_read_static(settings_lookup)
 # nextTeam already seems to include all the team+club details
 #    _oppo = row[0]['nextClub'] + " " + row[0]['nextTeam']
    _oppo = row[0]['nextClub'] 
@ -68,29 +69,31 @@ def hkfcd_match_comments():
    _matchDate = row[0]['nextDate'].strftime('%Y_%m_%d')
    hkfcLogo = row[0]['hkfcLogo']
    oppoLogo = row[0]['oppoLogo']
+    comment_insert = "INSERT INTO _motmComments (matchDate, opposition, comment) VALUES ('" + commentDate + "', '" + _oppo + "', '" + _fixed_comment + "')"
+    comment_lookup = "SELECT comment FROM _motmComments WHERE matchDate='" + _matchDate + "' ORDER BY RAND()"
+
    if request.method == 'POST':
        _comment = request.form['matchComment']
        if _comment != 'Optional comments added here':
            _fixed_comment = _comment.replace("'", "\\'")
-            sql3 = "INSERT INTO _motmComments (matchDate, opposition, comment) VALUES ('" + commentDate + "', '" + _oppo + "', '" + _fixed_comment + "')"
-            sql_write(sql3)
-    sql = "SELECT comment FROM _motmComments WHERE matchDate='" + _matchDate + "' ORDER BY RAND()"
-    comments = sql_read(sql)
+            sql_write(comment_insert)
+
+    comments = sql_read(comment_lookup)
    return render_template('_hkfcDMatchComments.html', comments=comments, hkfcLogo=hkfcLogo, oppoLogo=oppoLogo)

+
@routes.route('/hkfc-d/statAdmin', methods=['GET', 'POST'])
-@basic_auth.required
 def hkfc_d_stats_admin():
    form = goalsAssistsForm()
-    sql = "SELECT date, homeTeam, awayTeam, venue, fixtureNumber FROM hockeyFixtures WHERE homeTeam='HKFC D' OR awayTeam='HKFC D'"
-    matches = sql_read(sql)
+    fixtures_lookup = "SELECT date, homeTeam, awayTeam, venue, fixtureNumber FROM hockeyFixtures WHERE homeTeam='HKFC D' OR awayTeam='HKFC D'"
+    squadPlayer_lookup = "SELECT playerNumber, playerNickname FROM _hkfcD_matchSquad"
+
+    matches = sql_read(fixtures_lookup)
    form.match.choices = [(match['fixtureNumber'], match['date']) for match in matches]
-    sql2 = "SELECT playerNumber, playerNickname FROM _hkfcD_matchSquad"
-    players = sql_read(sql2)
+    players = sql_read(squadPlayer_lookup)
    return render_template('_goalsAssistsAdmin.html', data=players, form=form) 

@routes.route('/hkfc-d/goalsAssistsSubmit', methods=['POST'])
-@basic_auth.required
 def goalsAssistsSubmit():
    try:
        data = request.form
@ -99,9 +102,10 @@ def goalsAssistsSubmit():
        assists = request.form.getlist('assists')
        goals = request.form.getlist('goals')
        match = request.form['match']
+        playerGoalsAssists_update = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, assistsTotal, goalsTotal, assists_" + match + ", goals_" + match + ") SELECT playerNumber, playerNickname, '" + assists[idx] + "', '" + goals[idx] + "', '" + assists[idx] + "', '" + goals[idx] + "' FROM _HKFC_players WHERE playerNumber='" + player + "' ON DUPLICATE KEY UPDATE assistsTotal = assistsTotal + " + assists[idx] + ", goalsTotal = goalsTotal + " + goals[idx] + ", assists_" + match + " = " + assists[idx] + ", goals_" + match + " = " + goals[idx] + ""
+
        for idx, player in enumerate(playerNumber):
-            sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, assistsTotal, goalsTotal, assists_" + match + ", goals_" + match + ") SELECT playerNumber, playerNickname, '" + assists[idx] + "', '" + goals[idx] + "', '" + assists[idx] + "', '" + goals[idx] + "' FROM _HKFC_players WHERE playerNumber='" + player + "' ON DUPLICATE KEY UPDATE assistsTotal = assistsTotal + " + assists[idx] + ", goalsTotal = goalsTotal + " + goals[idx] + ", assists_" + match + " = " + assists[idx] + ", goals_" + match + " = " + goals[idx] + ""
-            sql_write(sql)
+            sql_write(playerGoalsAssists_update)
    except Exception as e:
        print(e)
    finally:
@ -109,7 +113,6 @@ def goalsAssistsSubmit():


@routes.route('/hkfc-d/motmAdmin', methods=['GET', 'POST'])
-@basic_auth.required
 def hkfcDMotmAdmin():
    form = adminSettingsForm2()
    prevFixture = mySettings('prevFixture')
@ -136,19 +139,19 @@ def hkfcDMotmAdmin():
        if form.saveButton.data:
            flash('Settings saved!')
            urlSuffix = randomUrlSuffix(8)
-            print(urlSuffix)
            sql3 = "UPDATE hkfcDAdminSettings SET motmUrlSuffix='" + urlSuffix + "' WHERE userid='admin'"
            sql_write_static(sql3)
-            flash('MotM URL https://hockey.ervine.cloud/hkfc-d/motm/'+urlSuffix)
+            flash('MotM URL https://hockey.ervine.dev/hkfc-d/motm/'+urlSuffix)
        elif form.activateButton.data:
            sql4 = "ALTER TABLE _hkfc_d_motm ADD COLUMN motm_" + _nextFixture + " smallint DEFAULT 0, ADD COLUMN dotd_" + _nextFixture + " smallint DEFAULT 0, ADD COLUMN assists_" + _nextFixture + " smallint DEFAULT 0, ADD COLUMN goals_" + _nextFixture + " smallint DEFAULT 0 "
            sql_write(sql4)
-            sql5 = "SELECT motmUrlSuffix FROM hkfcDAdminSettings WHERE userid='admin'"
-            tempSuffix = sql_read_static(sql5)
+            sql5 = "ALTER TABLE motmSessions ADD COLUMN motm_" + _nextFixture + " smallint DEFAULT NULL, ADD COLUMN dotd_" + _nextFixture + " smallint DEFAULT NULL "
+            sql_write(sql5)
+            sql6 = "SELECT motmUrlSuffix FROM hkfcDAdminSettings WHERE userid='admin'"
+            tempSuffix = sql_read_static(sql6)
            currSuffix = tempSuffix[0]['motmUrlSuffix']
-            print(currSuffix)
            flash('Man of the Match vote is now activated')
-            flash('MotM URL https://hk-hockey.appspot.com/hkfc-d/motm/'+currSuffix)
+            flash('MotM URL https://hockey.ervine.dev/hkfc-d/motm/'+currSuffix)
        else:
            flash('Something went wrong - check with Smithers')

@ -234,8 +237,124 @@ def hkfcD_vote_thanks():
        _fixed_comments = _comments.replace("'", "\\'")
        _matchDate = request.form['matchNumber']
        _oppo = request.form['oppo']
-
+       
        if _motm and _dotd and request.method == 'POST':
+            prev_identity = request.cookies.get('sessionID')
+            user_agent = request.headers.get('User-Agent')
+            
+            if prev_identity:
+                warn("Previous identity found: "+prev_identity)
+                vote_query = "SELECT dotd_" + _matchDate + " FROM motmSessions WHERE sessionID='" + prev_identity + "'"
+                vote_check = sql_read(vote_query)
+                if not vote_check:
+                    warn('Cookie exists but no record in DB - check: '+prev_identity)
+                    return render_template('_hkfcDSmithersFail.html', sessionID=prev_identity)
+                else:
+                    vote_valid = vote_check[0]['dotd_' + _matchDate ]
+                    if vote_valid:
+                        warn("Naughty, naughty, you've already voted!")
+                        return render_template('_hkfcDVoteFraud.html', sessionID=prev_identity)
+                    else:
+                        sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1"
+                        sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1"
+                        sql4 = "UPDATE motmSessions SET motm_" + _matchDate + "=" + _motm + " WHERE sessionID='" + prev_identity + "'"
+                        sql5 = "UPDATE motmSessions SET dotd_" + _matchDate + "=" + _dotd + " WHERE sessionID='" + prev_identity + "'"
+                        sql_write(sql4)
+                        sql_write(sql5)
+                        if _comments == "":
+                            print("No comment")
+                        elif _comments == "Optional comments added here":
+                            print("No comment")
+                        else:
+                            ### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup)
+                            sql3 = "INSERT INTO _motmComments (_matchDate, opposition, comment) VALUES ('" + _matchDate + "', '" + _oppo + "', '" + _fixed_comments + "')"
+                            sql_write(sql3)
+                        sql_write(sql)
+                        sql_write(sql2)
+                        resp = make_response(render_template('_hkfcDVoteThanks.html'))
+                        expire_date = datetime.now()
+                        expire_date = expire_date + timedelta(days=90)
+
+                        resp.set_cookie('sessionID', prev_identity, expires=expire_date)
+                        return resp
+            else:
+                identity = randomUrlSuffix(8)
+                print("Identity: " + identity)
+                print("User Agent: " + user_agent)
+                warn("Identity and User-Agent set")
+                id_commit = "INSERT INTO motmSessions (sessionID, userAgent, motm_" + _matchDate + ", dotd_" + _matchDate + ") VALUES ('" + identity + "', '" + user_agent + "', '" + _motm + "', '" + _dotd + "' )"
+                sql_write(id_commit)
+                sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1"
+                sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1"
+                if _comments == "":
+                    print("No comment")
+                elif _comments == "Optional comments added here":
+                    print("No comment")
+                else:
+                    ### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup)
+                    sql3 = "INSERT INTO _motmComments (_matchDate, opposition, comment) VALUES ('" + _matchDate + "', '" + _oppo + "', '" + _fixed_comments + "')"
+                    #sql_write(sql3)
+                #sql_write(sql)
+                #sql_write(sql2)
+                resp = make_response(render_template('_hkfcDVoteThanks.html'))
+                expire_date = datetime.now()
+                expire_date = expire_date + timedelta(days=90)
+
+                resp.set_cookie('sessionID', identity, expires=expire_date)
+                return resp
+        else:
+            return 'Ouch ... something went wrong here'
+    except Exception as e:
+        print(e)
+    finally:
+        print('Votes cast - thanks')
+
+@routes.route('/hkfc-d/vote-chicken', methods=['GET', 'POST'])
+def hkfcD_vote_chicken():
+    try:
+        prev_identity = request.cookies.get('sessionID')
+        user_agent = request.headers.get('User-Agent')
+        nextFixture = "SELECT nextFixture FROM hkfcDAdminSettings"
+        _matchDate = sql_read_static(nextFixture)
+        if prev_identity:
+            vote_query = "SELECT dotd_" + _matchDate + " FROM motmSessions WHERE sessionID='" + prev_identity + "'"
+            vote_check = sql_read(vote_query)
+            if not vote_check:
+                warn('Cookie exists but no record in DB - check: '+prev_identity)
+                return render_template('_hkfcDSmithersFail.html', sessionID=prev_identity)
+            else:
+                vote_valid = vote_check[0]['dotd_' + _matchDate ]
+                if vote_valid:
+                    warn("Naughty, naughty, you've already voted!")
+                    return render_template('_hkfcDVoteFraud.html', sessionID=prev_identity)
+                else:
+                    sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1"
+                    sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1"
+                    sql4 = "UPDATE motmSessions SET motm_" + _matchDate + "=" + _motm + " WHERE sessionID='" + prev_identity + "'"
+                    sql5 = "UPDATE motmSessions SET dotd_" + _matchDate + "=" + _dotd + " WHERE sessionID='" + prev_identity + "'"
+                    sql_write(sql4)
+                    sql_write(sql5)
+                    if _comments == "":
+                        print("No comment")
+                    elif _comments == "Optional comments added here":
+                        print("No comment")
+                    else:
+                     ### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup)
+                        sql3 = "INSERT INTO _motmComments (_matchDate, opposition, comment) VALUES ('" + _matchDate + "', '" + _oppo + "', '" + _fixed_comments + "')"
+                        sql_write(sql3)
+                    sql_write(sql)
+                    sql_write(sql2)
+                    resp = make_response(render_template('_hkfcDVoteThanks.html'))
+                    expire_date = datetime.now()
+                    expire_date = expire_date + timedelta(days=90)
+    
+                    resp.set_cookie('sessionID', prev_identity, expires=expire_date)
+                    return resp
+        else:
+            identity = randomUrlSuffix(8)
+            id_commit = "INSERT INTO motmSessions (sessionID) VALUES ('" + identity + "')"
+            ua_commit = "INSERT INTO motmSessions (userAgent) VALUES ('" + user_agent + "')"
+            sql_write(id_commit)
            sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1"
            sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1"
            if _comments == "":
@ -243,23 +362,25 @@ def hkfcD_vote_thanks():
            elif _comments == "Optional comments added here":
                print("No comment")
            else:
-### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup)
+    ### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup)
                sql3 = "INSERT INTO _motmComments (_matchDate, opposition, comment) VALUES ('" + _matchDate + "', '" + _oppo + "', '" + _fixed_comments + "')"
                sql_write(sql3)
            sql_write(sql)
            sql_write(sql2)
-            return render_template('_hkfcDVoteThanks.html')
-        else:
-            return 'Ouch ... something went wrong here'
+            resp = make_response(render_template('_hkfcDVoteThanks.html'))
+            expire_date = datetime.now()
+            expire_date = expire_date + timedelta(days=90)
+            resp.set_cookie('sessionID', identity, expires=expire_date)
+            return resp
+        #else:
+            #return 'Ouch ... something went wrong here'
    except Exception as e:
        print(e)
    finally:
        print('Votes cast')
-
@routes.route('/hkfc-d/vote-results')
 def hkfcD_vote_results():
    _matchDate = str(mySettings('fixture'))
-    print(_matchDate)
    sql = "SELECT playerName, motm_" + _matchDate + ", dotd_" + _matchDate + " FROM _hkfc_d_motm WHERE (motm_" + _matchDate + " > '0') OR (dotd_" + _matchDate + " > '0')"
    print(sql)
    rows = sql_read(sql)
@ -276,20 +397,17 @@ def hkfcD_poty_results():


@routes.route('/hkfc-d/voting')
-@basic_auth.required
 def hkfcD_voting():
    matchDate = mySettings('fixture')
    return render_template('_hkfcDVoteChart.html', _matchDate=matchDate)


@routes.route('/hkfc-d/poty')
-@basic_auth.required
 def hkfcD_poty():
    return render_template('_hkfcDPotYChart.html')


@routes.route('/hkfc-d/matchSquad')
-@basic_auth.required
 def hkfcD_match_squad():
    sql1 = "SELECT team from _clubTeams WHERE club='HKFC' ORDER BY team"
    sql2 = "SELECT playerTeam, playerForenames, playerSurname, playerNickname, playerNumber FROM _HKFC_players"
@ -298,7 +416,6 @@ def hkfcD_match_squad():
    return render_template('_hkfcDMatchSquad.html', teams=teams, players=players)

@routes.route('/hkfc-d/matchSquadSubmit', methods=['POST'])
-@basic_auth.required
 def hkfcD_match_squad_submit():
    _playerNumbers = request.form.getlist('playerNumber')
    for _playerNumber in _playerNumbers:
@ -312,7 +429,6 @@ def hkfcD_match_squad_submit():
    return render_template('_hkfcDMatchSquadSelected.html', table=table)

@routes.route('/hkfc-d/matchSquadList')
-@basic_auth.required
 def hkfcD_match_squad_list():
    sql = "SELECT playerNumber, playerForenames, playerSurname, playerNickname FROM _hkfcD_matchSquad"
    players = sql_read(sql)
@ -323,7 +439,6 @@ def hkfcD_match_squad_list():


@routes.route('/convenor/delPlayerFromSquad', methods=['POST'])
-@basic_auth.required
 def delPlayerFromSquad():
    _playerNumber = request.args['playerNumber']
    sql = "DELETE FROM _hkfcD_matchSquad WHERE playerNumber=" + _playerNumber + ""
@ -332,10 +447,8 @@ def delPlayerFromSquad():


@routes.route('/hkfc-d/matchSquadReset')
-@basic_auth.required
 def hkfcD_matchSquadReset():
    _matchNumber = str(mySettings('fixture'))
-    print(_matchNumber)
    sql1 = "RENAME TABLE _hkfcD_matchSquad TO _hkfcD_matchSquad_" + _matchNumber + ""
    sql2 = "CREATE TABLE _hkfcD_matchSquad (playerNumber smallint UNIQUE, playerForenames varchar(50), playerSurname varchar(30), playerNickname varchar(30) NOT NULL, PRIMARY KEY (playerNumber))"
    sql3 = "UPDATE hkfcDAdminSettings SET prevFixture='" + _matchNumber + "'"
--- a/templates/_hkfcDMotmVote.html
+++ b/templates/_hkfcDMotmVote.html
@ -74,6 +74,7 @@
              </div>
            </div>
            <button type="submit" class="btn btn-success">Submit</button>
+	    <a class="btn btn-warning" href="/hkfc-d/motm-chicken">Chicken</a>
            <a class="btn btn-danger" href="/dashboard" role="button">Cancel</a>
          </form>
        </div>
--- a/templates/_hkfcDSmithersFail.html
+++ b/templates/_hkfcDSmithersFail.html
@ -0,0 +1,22 @@
+<html>
+  <head>
+    <title>HKFC Men's D Team - MotM and DotD vote</title>
+    <link rel="stylesheet" media="screen" href ="/static/css/bootstrap.min.css">
+    <link rel="stylesheet" href="/static/css/bootstrap-theme.min.css">
+    <meta name="viewport" content = "width=device-width, initial-scale=1.0">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
+    <script src="/static/js/bootstrap.min.js"></script>
+  </head>
+  <h2>Something has gone wrong ...</h2>
+  <body>
+    It looks like something has gone wrong ... 
+    <br>
+    Let Smithers know the following code:
+    {{ sessionID }}
+    <p>
+      <img src="https://storage.googleapis.com/hk-hockey-data/images/smithers-fail.gif"></img>
+    </p>
+    <a class="btn btn-primary" href="/dashboard" role="button">Home</a>
+    <a class="btn btn-info" href="/hkfc-d/comments" role="button">Comments</a>
+  </body>
+</html>
--- a/templates/_hkfcDVoteFraud.html
+++ b/templates/_hkfcDVoteFraud.html
@ -0,0 +1,20 @@
+<html>
+  <head>
+    <title>HKFC Men's D Team - MotM and DotD vote</title>
+    <link rel="stylesheet" media="screen" href ="/static/css/bootstrap.min.css">
+    <link rel="stylesheet" href="/static/css/bootstrap-theme.min.css">
+    <meta name="viewport" content = "width=device-width, initial-scale=1.0">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
+    <script src="/static/js/bootstrap.min.js"></script>
+  </head>
+  <h2>Have you already submitted a vote?</h2>
+  <body>
+    It looks like you have already voted ... are you trying to fiddle the results? If you think this is an error, let Smithers know the following code:
+    {{ sessionID }}
+    <p>
+      <img src="https://storage.googleapis.com/hk-hockey-data/images/monkey-vote-fraud.jpg"></img>
+    </p>
+    <a class="btn btn-primary" href="/dashboard" role="button">Home</a>
+    <a class="btn btn-info" href="/hkfc-d/comments" role="button">Comments</a>
+  </body>
+</html>
Author	SHA1	Message	Date
Jonathan Ervine	c8d5c7dee4	Tidying up SQL	2020-12-11 10:51:21 +08:00
Jonathan Ervine	7545f0cdce	SQL statement cleanup	2020-12-11 10:31:57 +08:00
Jonathan Ervine	4f9d54e855	Moving SQL statements	2020-12-11 10:14:23 +08:00
Jonathan Ervine	4d04ce697f	Moving and naming SQL statements	2020-12-11 10:08:14 +08:00
Jonathan Ervine	ec7ff3e3e1	define vars before SQL statement	2020-12-11 09:55:29 +08:00
Jonathan Ervine	0ad23e9be4	moving SQL statements to top of defs	2020-12-11 09:45:18 +08:00
Jonathan Ervine	0628289681	Remove commented out code	2020-11-30 16:48:33 +08:00
Jonathan Ervine	b7f11ea34b	Fixed tracking code	2020-11-30 16:13:19 +08:00
Jonathan Ervine	fad4932de5	Added debug ccode	2020-11-30 15:39:59 +08:00
Jonathan Ervine	5defae4f51	Added debug ccode	2020-11-30 15:15:08 +08:00
Jonathan Ervine	58cd67cc1a	Add debug warning	2020-11-30 14:57:08 +08:00
Jonathan Ervine	a2961e05c5	Added user agent	2020-11-30 14:29:21 +08:00
Jonathan Ervine	c7c7c9f215	Removed auth from convenor area	2020-11-27 14:21:25 +08:00
Jonathan Ervine	2b6cbbed85	Removed else	2020-11-26 17:19:52 +08:00
Jonathan Ervine	1c1b0e6f05	Fix indents	2020-11-26 17:14:14 +08:00
Jonathan Ervine	5f1e4eedc8	Fixed indentation	2020-11-26 16:46:12 +08:00
Jonathan Ervine	1ad9c9e496	Fixed typo	2020-11-26 15:55:03 +08:00
Jonathan Ervine	11cba3f138	Start adding random choices	2020-11-26 15:48:28 +08:00
Jonathan Ervine	b4a12a8a91	Write votes to DB again	2020-11-26 15:14:47 +08:00
Jonathan Ervine	0fba68287e	Added error checking	2020-11-26 12:54:48 +08:00
Jonathan Ervine	015f576429	Adding duplicate vote detection	2020-11-26 10:54:41 +08:00
Jonathan Ervine	d7ce602fb0	Fixed typos	2020-11-25 22:49:54 +08:00
Jonathan Ervine	57605fce0e	Add vote records to session DB	2020-11-25 22:43:19 +08:00
Jonathan Ervine	f9aa709a4b	If cookie value already exists, then don't let a vote happen	2020-11-25 22:07:24 +08:00
Jonathan Ervine	b790b733ea	Make cookie persist for 90 days	2020-11-25 21:58:07 +08:00
Jonathan Ervine	8a834b9424	Removed vote code	2020-11-25 21:29:47 +08:00
Jonathan Ervine	8c9b95a723	Adding debug	2020-11-25 21:21:55 +08:00
Jonathan Ervine	ac91871c3a	Fixed flash address	2020-11-22 07:41:48 +08:00
Jonathan Ervine	e5337a204b	Fixed cookie value	2020-11-20 21:45:04 +08:00
Jonathan Ervine	734ae1c7e6	Remove basic auth - handled by oauth2	2020-11-20 21:36:44 +08:00
Jonathan Ervine	ec6f4d0793	Added cookie	2020-11-20 20:52:10 +08:00
Jonathan Ervine	d6beb7a040	Adding cookie id - removing motm vote SQL'	2020-11-20 14:58:31 +08:00