diff --git a/app.py b/app.py index a056850..14d4be9 100644 --- a/app.py +++ b/app.py @@ -13,7 +13,6 @@ from functools import wraps from werkzeug.utils import secure_filename from werkzeug.security import generate_password_hash, check_password_hash - DATABASE = os.path.join(os.path.dirname(__file__), "avent.db") UPLOAD_FOLDER = os.path.join(os.path.dirname(__file__), "static", "uploads") os.makedirs(UPLOAD_FOLDER, exist_ok=True) @@ -22,7 +21,7 @@ ALLOWED_EXTENSIONS = {"png", "jpg", "jpeg", "gif"} app = Flask(__name__) app.secret_key = "change-me-super-secret-key-2025" app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER -app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024 # Max 5 MB +app.config["MAX_CONTENT_LENGTH"] = 5 * 1024 * 1024 # Max 5 MB upload def allowed_file(filename): return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS @@ -48,7 +47,6 @@ def init_db(): if cur.fetchone()['c'] == 0: hashed_admin = generate_password_hash("admin") db.execute("INSERT INTO user (username, password) VALUES (?, ?)", ("admin", hashed_admin)) - cur = db.execute("SELECT COUNT(*) AS c FROM project") if cur.fetchone()['c'] == 0: @@ -61,10 +59,14 @@ def init_db(): 24 ) ).lastrowid - people_list = ["User1"] + people_list = ["Valentin", "Nicolas", "Victor", "Julie", "Louis", "Alexandre", "David", "Raphaël"] for name in people_list: - db.execute("INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", (project_id, name)) + db.execute( + "INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", + (project_id, name) + ) recalc_max_draws_for_project(project_id) + db.commit() def get_user_by_username(username): @@ -78,7 +80,6 @@ def check_login(username, password): return user return None - def login_required(fn): @wraps(fn) def wrapped(*args, **kwargs): @@ -315,48 +316,6 @@ def admin_projects(): projects = get_project() return render_template("admin_projects.html", projects=projects) -@app.route("/admin/change-password", methods=["GET", "POST"]) -@login_required -def admin_change_password(): - """Page admin pour changer le mot de passe""" - db = get_db() - - if request.method == "POST": - current_password = request.form.get("current_password") - new_password = request.form.get("new_password") - confirm_password = request.form.get("confirm_password") - - # Récupérer l'utilisateur connecté - user_id = session.get("user_id") - cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,)) - user = cur.fetchone() - - if not user: - flash("Erreur utilisateur.") - return render_template("admin_change_password.html") - - # Vérifier mot de passe actuel - if not check_password_hash(user["password"], current_password): - flash("Mot de passe actuel incorrect.") - return render_template("admin_change_password.html") - - # Vérifications - if new_password != confirm_password: - flash("Les nouveaux mots de passe ne correspondent pas.") - return render_template("admin_change_password.html") - - if len(new_password) < 6: - flash("Le nouveau mot de passe doit faire au moins 6 caractères.") - return render_template("admin_change_password.html") - - # Hash et mise à jour - hashed_password = generate_password_hash(new_password) - db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id)) - db.commit() - flash("✅ Mot de passe changé avec succès !") - return redirect(url_for("admin_projects")) - - return render_template("admin_change_password.html") @app.route("/admin/project//people", methods=["GET", "POST"]) @login_required @@ -381,31 +340,21 @@ def admin_project_people(project_id): if 'csv_file' in request.files: csv_file = request.files['csv_file'] if csv_file.filename: - # Lecture UTF-8 avec gestion BOM content = csv_file.read().decode('utf-8-sig') reader = csv.DictReader(StringIO(content)) count = 0 for row in reader: - # CONSERVE les espaces INTERNES, supprime SEULEMENT avant/après - raw_name = row.get("name", "").strip() # UNIQUEMENT les bords - if raw_name: - # Pas de .title() pour conserver la casse exacte - name = raw_name # ESPACES INTERNES préservés ! - - # Vérifier doublons exacts (espaces inclus) - cur = db.execute( - "SELECT id FROM people WHERE name = ? AND project_id = ?", - (name, project_id) - ) + name = row.get("name", "").strip() + if name: + cur = db.execute("SELECT id FROM people WHERE name = ? AND project_id = ?", + (name, project_id)) if not cur.fetchone(): - db.execute( - "INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", - (project_id, name) - ) + db.execute("INSERT INTO people (project_id, name, draws, max_draws) VALUES (?, ?, 0, 0)", + (project_id, name)) count += 1 recalc_max_draws_for_project(project_id) db.commit() - flash(f"✅ {count} personnes importées (espaces + accents préservés !)") + flash(f"✅ {count} personnes importées (espaces + accents préservés)") elif action == "delete": person_id = int(request.form.get("person_id")) db.execute("DELETE FROM people WHERE id = ? AND project_id = ?", (person_id, project_id)) @@ -421,6 +370,44 @@ def admin_project_people(project_id): people = get_people_stats(project_id) return render_template("admin_project_people.html", project=project, people=people) +@app.route("/admin/change-password", methods=["GET", "POST"]) +@login_required +def admin_change_password(): + db = get_db() + + if request.method == "POST": + current_password = request.form.get("current_password") + new_password = request.form.get("new_password") + confirm_password = request.form.get("confirm_password") + + user_id = session.get("user_id") + cur = db.execute("SELECT password FROM user WHERE id = ?", (user_id,)) + user = cur.fetchone() + + if not user: + flash("Erreur utilisateur.") + return render_template("admin_change_password.html") + + if not check_password_hash(user["password"], current_password): + flash("Mot de passe actuel incorrect.") + return render_template("admin_change_password.html") + + if new_password != confirm_password: + flash("Les nouveaux mots de passe ne correspondent pas.") + return render_template("admin_change_password.html") + + if len(new_password) < 6: + flash("Le nouveau mot de passe doit faire au moins 6 caractères.") + return render_template("admin_change_password.html") + + hashed_password = generate_password_hash(new_password) + db.execute("UPDATE user SET password = ? WHERE id = ?", (hashed_password, user_id)) + db.commit() + flash("✅ Mot de passe changé avec succès !") + return redirect(url_for("admin_projects")) + + return render_template("admin_change_password.html") + @app.route("/login", methods=["GET", "POST"]) def login(): if request.method == "POST": @@ -448,4 +435,3 @@ if __name__ == "__main__": with app.app_context(): init_db() app.run(host="0.0.0.0", debug=True) -