def comment(post_id):
db = get_db()
body = request.form["body"]
anon = request.form["anon"]
if anon == 'true':
anon = True
else:
anon = False
if not db.execute(
'INSERT INTO comments (author, body, anon, likes, post) VALUES (?, ?, ?, ?, ?)',
(session.get('user_id'), body, anon, json.dumps([]), post_id)):
return json.dumps([])
db.commit()
comment = dict(
zip(['id', 'author', 'post', 'anon', 'created', 'body', 'likes'],
db.execute(
'SELECT a.id, b.username, a.post, a.anon, a.created, a.body, a.likes FROM comments a, users b WHERE a.author = ? AND b.id = a.author AND a.post = ? ORDER BY created DESC',
(
session.get('user_id'),
post_id,
)).fetchone()))
comment['created'] = comment['created'].date().strftime('%Y-%m-%d')
return json.dumps(comment)
def register():
if request.method == 'POST':
email = request.form['email']
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username or not password or not email:
error = 'Please enter all fields.'
elif db.execute('SELECT id FROM users WHERE email = ?',
(email, )).fetchone() is not None:
error = 'Email {} is already registered.'.format(email)
elif db.execute('SELECT id FROM users WHERE username = ?',
(username, )).fetchone() is not None:
error = 'Username {} is already used.'
if error is None:
db.execute(
'INSERT INTO users (email, username, pw) VALUES (?, ?, ?)',
(email, username, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('/auth/register.html')
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM users WHERE id = ?',
(user_id, )).fetchone()
def myProfile():
db = get_db()
profile = db.execute(
'SELECT firstname, lastname, gender, bio, pronouns, age FROM profiles WHERE user = ?',
(session.get('user_id'), )).fetchone()
if not profile:
return redirect(url_for('profile.createProfile'))
profile = dict(
zip(['firstname', 'lastname', 'gender', 'bio', 'pronouns', 'age'],
profile),
birthday=db.execute('SELECT birthday FROM profiles WHERE user = ?',
(session.get('user_id'), )).fetchone()[0])
return render_template("profile/view.html",
profile=profile,
user=session.get('user_name'))
def deletePost(comment_id):
db = get_db()
comment = db.execute('SELECT author, post FROM comments WHERE id = ?',
(comment_id, )).fetchone()
if not session.get('user_id') == comment['author']:
flash("Unauthorized access")
return "403"
if not db.execute('DELETE FROM comments WHERE id = ?', (comment_id, )):
flash("Something went wrong! Please try again.")
return "500"
db.commit()
return "200"
def createProfile():
if request.method == 'POST':
db = get_db()
user = session.get('user_id')
firstname = request.form['firstname']
lastname = request.form['lastname']
bio = request.form['bio']
gender = request.form['gender']
pronouns = request.form['pronouns']
age = request.form['age']
birthday = request.form['birthday']
if not db.execute(
'INSERT INTO profiles (user, firstname, lastname, gender, bio, pronouns, age, birthday) VALUES(?, ?, ?, ?, ?, ?, ?, ?)',
(user, firstname, lastname, gender, bio, pronouns, age, birthday)):
return apology("Something went wrong! Please try again.", 500)
db.commit()
columns = [
'firstname', 'lastname', 'gender', 'bio', 'pronouns', 'age',
'birthday'
]
profile = dict(
zip(
columns,
db.execute(
'SELECT firstname, lastname, gender, bio, pronouns, age, birthday FROM profiles WHERE user = ?',
(user, )).fetchone()))
return redirect(url_for('profile.myProfile'))
profile = dict(
zip([
'firstname', 'lastname', 'gender', 'bio', 'pronouns', 'age',
'birthday'
],
db.execute(
'SELECT firstname, lastname, gender, bio, pronouns, age, birthday FROM profiles WHERE user = (SELECT id FROM users WHERE username = ?)',
(session.get('user_id'), )).fetchone()))
return render_template("profile/edit.html",
profile=None if not profile else profile,
create=(True if not profile else False))
def getAllPosts():
db = get_db()
posts = db.execute(
'SELECT a.id, b.username, a.created, a.title, a.body, a.edited, a.likes, a.anon FROM posts a, users b WHERE b.id = a.author ORDER BY created DESC LIMIT 200',
).fetchall()
if not posts:
posts = None
else:
arr = []
for row in posts:
arr.append(
dict(
zip([
'id', 'author', 'created', 'title', 'body', 'edited',
'likes', 'anon'
], row)))
arr[-1]['created'] = arr[-1]['created'].date()
posts = arr
return render_template("feed/view.html", posts=posts, title="discover")
def likePost(comment_id):
db = get_db()
likes = json.loads(request.form["likes"])
user = session.get('user_id')
if user in likes:
likes.remove(user)
else:
likes.append(user)
likes = json.dumps(likes)
if not db.execute('UPDATE comments SET likes = ? WHERE id = ?', (
likes,
comment_id,
)):
return request.form["likes"]
db.commit()
return likes
def userProfile(username):
db = get_db()
user = db.execute('SELECT id FROM users WHERE username = ?',
(username, )).fetchone()
if not user:
return apology("Page not found", 404)
profile = db.execute(
'SELECT firstname, lastname, gender, bio, pronouns, age FROM profiles WHERE user = ?',
(user[0], )).fetchone()
if not profile:
return apology("Page not found", 404)
profile = dict(
zip(['firstname', 'lastname', 'gender', 'bio', 'pronouns', 'age'],
profile),
birthday=db.execute('SELECT birthday FROM profiles WHERE user = ?',
(user[0], )).fetchone()[0])
return render_template("profile/view.html", profile=profile, user=username)
def editProfile():
db = get_db()
if request.method == 'POST':
user = session.get('user_id')
queries = json.loads(request.form["queries"])
try:
for q in queries:
value = requst.form[q]
if q == 'birthday':
value = request.form[q].date
db.execute('UPDATE profiles SET ' + q + ' = ? WHERE user = ?',
(
value,
user,
))
except:
return apology("Something went wrong! Please try again.", 500)
columns = [
'firstname', 'lastname', 'bio', 'gender', 'age', 'pronouns',
'birthday'
]
db.commit()
return redirect(url_for('profile.myProfile'))
profile = dict(
zip([
'firstname', 'lastname', 'gender', 'bio', 'pronouns', 'age',
'birthday'
],
db.execute(
'SELECT firstname, lastname, gender, bio, pronouns, age, birthday FROM profiles WHERE user = ?',
(session.get('user_id'), )).fetchone()))
return render_template("profile/edit.html", profile=profile, create=False)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM users WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'User does not exist.'
elif not check_password_hash(user['pw'], password):
error = 'Incorrect credentials'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('landing'))
flash(error)
return render_template('auth/login.html')