from flask import Flask, render_template_string, request, url_for, redirect from werkzeug.security import generate_password_hash, check_password_hash from flask_sqlalchemy import SQLAlchemy import os from werkzeug.utils import secure_filename from urllib.parse import quote_plus app = Flask(__name__) db_password = quote_plus('**12345#tunasmuda') app.config['SQLALCHEMY_DATABASE_URI'] = f'mysql+pymysql://tunasmud_python:{db_password}@localhost:3306/tunasmud_python' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['UPLOAD_FOLDER'] = 'static/uploads' if not os.path.exists(app.config['UPLOAD_FOLDER']): os.makedirs(app.config['UPLOAD_FOLDER']) db = SQLAlchemy(app) # ================= DATABASE ================= class User(db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(100), unique=True, nullable=False) password = db.Column(db.String(200), nullable=False) email = db.Column(db.String(200)) phone = db.Column(db.String(20)) fullname = db.Column(db.String(200)) profile_pic = db.Column(db.String(200)) reset_token = db.Column(db.String(200)) with app.app_context(): try: db.create_all() print("✅ MySQL connected successfully") except Exception as e: print("❌ Connection error:", e) # ================= LOGIN PAGE ================= login_page = """ Login

Login

{% if error %}
{{ error }}
{% endif %}
Don't have an account? Register

Forgot Password?
""" register_page = """ Register

Register

{% if error %}
{{ error }}
{% endif %} {% if success %}
{{ success }}
{% endif %}
Back to Login
""" # ================= HOME PAGE ================= home_page = """ Home

{{ username }}

""" # ================= PROFILE PAGE ================= profile_page = """ Profile

{{ username }}

{{ email }}

""" # ================= FORGOT ================= forgot_page = """ Forgot Password

Forgot Password

{% if message %}
{{ message }}
{% endif %} {% if error %}
{{ error }}
{% endif %}
Back to Login
""" reset_page = """ Reset Password

Reset Password

{% if error %}
{{ error }}
{% endif %}
  • At least 1 uppercase
  • At least 1 lowercase
  • At least 1 number
  • At least 1 special character
""" # ================= ROUTES ================= @app.route("/", methods=["GET","POST"]) def login(): error = None if request.method == "POST": u = request.form["username"] p = request.form["password"] user = User.query.filter_by(username=u).first() if user and check_password_hash(user.password, p): return redirect(url_for('home', username=u)) else: error = "Wrong Username/Password" return render_template_string(login_page, error=error) @app.route("/register", methods=["GET","POST"]) def register(): error = None success = None # default values (IMPORTANT) fullname = "" username = "" email = "" password = "" confirm = "" if request.method == "POST": fullname = request.form["fullname"] username = request.form["username"] email = request.form["email"] password = request.form["password"] confirm = request.form["confirm_password"] # CHECK 1 if User.query.filter_by(username=username).first(): error = "Username exists" # CHECK 2 elif len(password) < 8: error = "Password must be at least 8 characters" # CHECK 3 elif password != confirm: error = "Password do not match" else: new_user = User( username=username, email=email, fullname=fullname, password=generate_password_hash(password) ) db.session.add(new_user) db.session.commit() return redirect(url_for('login')) return render_template_string( register_page, error=error, success=success, fullname=fullname, username=username, email=email, password=password, confirm_password=confirm ) @app.route("/home/") def home(username): user = User.query.filter_by(username=username).first() if not user: return redirect(url_for("login")) return render_template_string( home_page, username=user.username, fullname=user.fullname, user=user ) @app.route("/profile/", methods=["GET","POST"]) def profile(username): user = User.query.filter_by(username=username).first() if not user: return redirect(url_for("login")) if request.method == "POST": # ========= UPLOAD GAMBAR ========= file = request.files.get("profile_pic") if file and file.filename != "": filename = secure_filename(file.filename) filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename) file.save(filepath) if hasattr(user, 'profile_pic'): user.profile_pic = filename # ========= UPDATE PROFILE ========= new_username = request.form.get("username") new_email = request.form.get("email") new_phone = request.form.get("phone") new_fullname = request.form.get("fullname") if new_username: user.username = new_username if new_email: user.email = new_email if new_phone: user.phone = new_phone if new_fullname: user.fullname = new_fullname db.session.commit() return redirect(url_for("profile", username=user.username)) return render_template_string( profile_page, username=user.username, email=user.email, phone=user.phone, fullname=user.fullname, user=user ) import uuid @app.route("/forgot-password", methods=["GET","POST"]) def forgot_password(): message = None error = None if request.method == "POST": email = request.form["email"] user = User.query.filter_by(email=email).first() if user: token = str(uuid.uuid4()) # generate token user.reset_token = token db.session.commit() reset_link = url_for('reset_password', token=token, _external=True) print("RESET LINK:", reset_link) # simulate email message = "Kindly check your email for reset password" else: error = "Email not found" return render_template_string(forgot_page, message=message, error=error) @app.route("/reset-password/", methods=["GET","POST"]) def reset_password(token): user = User.query.filter_by(reset_token=token).first() if not user: return "Invalid or expired token" error = None if request.method == "POST": new_password = request.form["password"] confirm = request.form["confirm"] if new_password != confirm: error = "Password not match" elif len(new_password) < 8: error = "Password must be at least 8 characters" else: user.password = generate_password_hash(new_password) user.reset_token = None db.session.commit() return redirect(url_for("login")) return render_template_string(reset_page, error=error) @app.route("/remove-profile-pic", methods=["POST"]) def remove_profile_pic(): username = request.args.get("username") user = User.query.filter_by(username=username).first() if user: user.profile_pic = None db.session.commit() return "ok" if __name__ == "__main__": app.run()