Khmer Web: Creating PostgreSQL User Database

#models/userdb.py
import os
import psycopg2
 
def createTable(): 
  if 'DYNO' in os.environ:
    DATABASE_URL = os.environ['DATABASE_URL']
    conn = psycopg2.connect(DATABASE_URL, sslmode='require')
    cursor = conn.cursor()
  else: 
    conn = psycopg2.connect(
      database="postgres", 
      user="postgres", 
      password="sokhavuth", 
      host="localhost", 
      port="5432"
    )
 
    cursor = conn.cursor()
 
  SQL = '''CREATE TABLE IF NOT EXISTS USERS(
  ID SERIAL PRIMARY KEY,
  USERNAME TEXT,
  PASSWORD TEXT,
  RIGHTS TEXT,
  EMAIL TEXT
  )'''
 
  cursor.execute(SQL)
  cursor.execute("SELECT ID FROM USERS LIMIT 1")
  result = cursor.fetchone()
  conn.commit()
  conn.close()
  return result
 
def insert(*user):
  if 'DYNO' in os.environ:
    DATABASE_URL = os.environ['DATABASE_URL']
    conn = psycopg2.connect(DATABASE_URL, sslmode='require')
    cursor = conn.cursor()
  else: 
    conn = psycopg2.connect(
      database="postgres", 
      user="postgres", 
      password="sokhavuth", 
      host="localhost", 
      port="5432"
    )
 
    cursor = conn.cursor()
 
  cursor.execute("INSERT INTO USERS (USERNAME, PASSWORD, RIGHTS, EMAIL) VALUES %s ", (user,))
   
  conn.commit()
  conn.close()
 
def check(username, password):
  if 'DYNO' in os.environ:
    DATABASE_URL = os.environ['DATABASE_URL']
    conn = psycopg2.connect(DATABASE_URL, sslmode='require')
    cursor = conn.cursor()
  else: 
    conn = psycopg2.connect(
      database="postgres", 
      user="postgres", 
      password="sokhavuth", 
      host="localhost", 
      port="5432"
    )
 
    cursor = conn.cursor()
 
  cursor.execute("SELECT USERNAME, PASSWORD FROM USERS WHERE USERNAME = '"+ username + "' and PASSWORD = '" + password + "' LIMIT 1")
  result = cursor.fetchone()
  if result:
    return True
  else:
    return False

#controllers/login.py
import config
from pytz import timezone
from datetime import datetime 
from bottle import route, template, request, response, redirect
from models import userdb
 
def checkLogin(username, password):
  if (username == 'Guest') and (password == 'password'):
    return True
  elif userdb.check(username,password):
    return True
  else:
    return False
 
def getTimeZone():
  khtz = timezone('Asia/Phnom_Penh')
  date = datetime.now().astimezone(tz=khtz).strftime('%d-%m-%Y')
  time = datetime.now().astimezone(tz=khtz).strftime('%H:%M')
  return (date, time)
 
@route('/signup', method="POST")
def signup():
  username = request.forms.get('fusername')
  password = request.forms.get('fpassword')
  rights = request.forms.get('frights')
  email = request.forms.get('femail')
 
  userdb.insert(username, password, rights, email)
 
  redirect('/login')
 
@route('/login', method="POST")
def user():
  username = request.forms.get('fusername')
  password = request.forms.get('fpassword')
 
  if checkLogin(username, password):
    response.set_cookie("logged-in", username, secret=config.kargs['secretKey'])
 
  redirect('/login')
 
@route('/login')
def login():
  user = userdb.createTable()
  username = request.get_cookie("logged-in", secret=config.kargs['secretKey'])
  if not user:
    return template('dashboard/signup', data=config.kargs)
  elif username:
    config.kargs['blogTitle'] = "ទំព័រ​គ្រប់គ្រង"
    config.kargs['datetime'] = getTimeZone()
    return template('dashboard/home', data=config.kargs)
  else:
    return template('login', data=config.kargs)

<!--views/signup.tpl-->
<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
    <title>{{data['blogTitle']}}</title>
    <link href="/static/styles/login.css" rel="stylesheet"></link>
    <link href="/static/images/site_logo.png" rel="icon" ></link>
    <link href="/static/fonts/setup.css" rel="stylesheet"></link>
  </head>
  <body>
    <form id='login' action="/signup" method="POST">
      <a>ឈ្មោះ​អ្នក​​ប្រើប្រាស់ៈ</a> <input type="text" name='fusername' required />
      <a>ពាក្យ​សំងាត់ៈ</a><input type="password" name="fpassword" required />
      <a>តួនាទីៈ</a><input type="text" name="frights" required />
      <a>Email:</a><input type="text" name="femail" required />
      <a></a><input type='submit' />
    </form>
  </body>
</html>

GitHub: https://github.com/Sokhavuth/kwblog
Heroku: https://khmerweb-kwblog.herokuapp.com/