def topic_edit(topic_id):
topic = db.query(Topic).get(int(topic_id))
if request.method == "GET":
return render_template("topic/topic_edit.html", topic=topic)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
elif topic.author.id != user.id:
return "Nie jestes autorem posta!!!"
else:
topic.title = title
topic.text = text
db.add(topic)
db.commit()
return redirect(
url_for('topic.topic_details', topic=topic, topic_id=topic_id))
def singup():
if request.method == "GET":
return render_template("signup.html")
elif request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
repeat = request.form.get("repeat")
if password != repeat:
return "Hasła nie pasują do siebie!"
print(username)
print(password)
print(repeat)
user = User(username=username, password_hash=hashlib.sha256(password.encode()).hexdigest())
user.session_token = str(uuid.uuid4())
print(user.session_token)
print(hashlib.sha256(password.encode()).hexdigest())
db.add(user)
db.commit()
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token", user.session_token)
return response
def login():
if request.method == "GET":
return render_template("auth/login.html")
elif request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
user = db.query(User).filter_by(username=username).first()
if not user:
return "Bledne haslo lub nazwa uzytkownika"
else:
password_hash = hashlib.sha256(password.encode()).hexdigest()
if password_hash == user.password_hash:
user.session_token = str(uuid.uuid4())
db.add(user)
db.commit()
response = make_response(redirect(url_for('topic.index')))
response.set_cookie("session_token",
user.session_token,
httponly=True,
samesite='Strict')
return response
else:
return "Bledne haslo lub nazwa uzytkownika"
def signup():
if request.method == "GET":
return render_template("auth/signup.html")
elif request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
repeat = request.form.get("repeat")
email_address = request.form.get("email-address")
if password != repeat:
return "Hasła nie pasuja do siebie!"
# print(username)
# print(password)
# print(repeat)
user = User(username=username,
password_hash=hashlib.sha256(
password.encode()).hexdigest(),
session_token=str(uuid.uuid4()),
email_address=email_address)
# print(user.session_token)
# print(hashlib.sha256(password.encode()).hexdigest())
db.add(user)
db.commit()
response = make_response(redirect(url_for('topic.index')))
response.set_cookie("session_token",
user.session_token,
httponly=True,
samesite='Strict')
return response
def create(cls, text, author, topic):
comment = cls(text=text, author=author, topic=topic)
db.add(comment)
db.commit()
if topic.author.email_address:
send_email(
"Ktos skomentowal twoj post {}! Sprawdz to szybko".format(
topic.title), "Nowy komentarz", topic.author.email_address)
return comment
def create(cls, title, text, author):
topic = cls(title=title, text=text, author=author)
db.add(topic)
db.commit()
return topic