def edit_author(fullname): if not can_delete_author(fullname): return "<h1>It's forbidden, my dear</h1>", 403 error = None author = query_db("select * \ from authors \ where fullname = ?", [fullname], one=True) if request.method == 'GET': request.form.id = author['authorid'] request.form.name = author['fullname'] if request.method == 'POST': if request.form['name'] == "": error = 'Please enter a valid name' else: con = get_db() with con: con.execute( 'update authors set fullname = ? \ where authorid = ?', [request.form['name'], request.form['id']]) flash('You successfully modified the author') return redirect( url_for('author', fullname=request.form['name'])) return render_template( 'catalog/edit.html', editname="author", error=error, name=fullname, titleP="Edit the author", authors=query_db("select * from authors where not (fullname = ?)", [fullname]))
def add_comment(paperid): con = get_db() error = None with con: con.execute('insert into comments \ (comment,userid,paperid) \ values (?,?,?)', [ # here we do not escape, because we will # do it in jinja request.form['comment'], get_user_id(), paperid ]) con.execute('update papers set lastcommentat=datetime() \ where paperid = ?', [paperid]) if user_authenticated(): flash('You successfully commented the paper') else: flash('You anonymously commented the paper') last_c_id=query_db("SELECT last_insert_rowid() as lid", one=True)['lid'] # notify user about new comment comment_was_added(paperid, last_c_id) return redirect(url_for('onepaper',paperid=paperid, title = None, error=error) + "#comment-" + str(last_c_id))
def send_confirmation_mail_(username, usermail): with app.app_context(): key = ''.join( map(lambda x: random.choice(string.ascii_letters), range(100))) con = get_db() with con: con.execute( 'update users set key = ? \ where username = ?', [key, username]) # Create a text/plain message msg = MIMEText("Hello %s, \n\n\ If you want to complete the registeration on 'Papers' \n\ you should click on the following link: \n\ %s \n\n\ Good luck,\n\ Papers' team" % (username, url_for('register_confirmation', key=key, _external=True))) msg['Subject'] = 'Email confirmation' msg['From'] = 'Papers-gamma Team' + '<' + MAIL_USER + '>' msg['To'] = usermail # Send the message via our own SMTP server. s = smtplib.SMTP_SSL(MAIL_SERVER) s.login(MAIL_USER, MAIL_PASS) s.send_message(msg) s.quit()
def edit_tag(keyword): if not can_delete_tag(keyword): return "<h1>It's forbidden, my dear</h1>", 403 error = None tag = query_db("select * \ from keywords \ where keyword = ?", [keyword], one=True) if request.method == 'GET': request.form.id = tag['keywordid'] request.form.name = tag['keyword'] if request.method == 'POST': if request.form['name'] == "": error = 'Please fill the name' else: con = get_db() with con: con.execute( 'update keywords set keyword = ? \ where keywordid = ?', [request.form['name'], request.form['id']]) flash('You successfully modified the tag') return redirect( url_for('keyword', keyword=request.form['name'])) return render_template( 'catalog/edit.html', editname="tag", error=error, name=keyword, titleP="Edit the tag", keywords=query_db("select * from keywords where not (keyword = ?)", [keyword]))
def like_paper(paperid,title): if not user_authenticated(): return "<h1>Forbidden (anonymous cannot like)</h1>", 403 con = get_db() with con: con.execute('insert into likes (paperid,userid) values (?,?)', [paperid, get_user_id()]) return str(likes(paperid))
def dumpit(): db = get_db() r = Popen('sqlite3 db/papers.db < db/dump.sqlite-script | gzip', shell=True, stdout=PIPE, stdin=PIPE) return Response(r.stdout, mimetype='application/sql')
def unlike_paper(paperid,title): if not user_authenticated(): return "<h1>Forbidden (anonymous cannot unlike)</h1>", 403 con = get_db() with con: con.execute('delete from likes where \ paperid = ? and userid=?', [paperid, get_user_id()]) return str(likes(paperid))
def unmute_email_notifs(): if not user_authenticated(): return "<h1>Forbidden (maybe you forgot to login)</h1>", 403 con = get_db() with con: con.execute('update users set notifs_muted = 0 \ where userid = ?', [session['user']['userid']]) session['user']['notifs_muted'] = "0" flash('Email notifications are UN-muted') return redirect(url_for('usersite',username=session['user']['username'])) return redirect(url_for('usersite'))
def register(): error = None print(request.form) if request.method == 'POST': if request.form['email'] == "": error = 'Please use a valid email address' elif request.form['username'] == "": error = 'Do not forget about your name' elif request.form['password1'] != request.form['password2']: error = 'Password and retyped password do not match' elif request.form['password1'] == "": error = 'Password cannot be empty' elif "/" in request.form['username']: error = 'Username cannot contain symbol "/"' elif request.form['username'] in \ [r.rule.split('/', maxsplit=2)[1] for r in app.url_map.iter_rules()]: error = 'You cannot use username "' + \ request.form['username'] + \ '", please choose another.' elif is_spam(request): return "<h1>Posted data looks like a spam, contact us if not</h1>", 403 elif not CAPTCHA.verify (request.form['captcha-text'], request.form['captcha-hash']): error = 'Watch captcha!!!' else: con = get_db() try: with con: con.execute('insert into users \ (username, email, password, valid, about) \ values (?, ?, ?, ?, ?)', [request.form['username'], request.form['email'], hash (request. form['password1']. encode('utf-8')), 0, '...Some information about the user will someday appear here...' ]) send_confirmation_mail (request.form['username'], request.form['email']) flash('A confirmation link has been sent to you. \n\ Please, check your mailbox (%s). If it is not the case, please contact us.' % request.form['email']) return redirect(url_for('index')) except sqlite3.IntegrityError as err: error = handle_sqlite_exception(err) captcha = CAPTCHA.create() return render_template('users/register.html', error = error, captcha = captcha)
def register_confirmation(key): error = None u = query_db('select userid,username,email, \ createtime,valid,about \ from users \ where key = ?', [key], one=True) if u is not None: con = get_db() with con: con.execute('update users set valid = 1, key = null \ where key = ?', [key]) session.permanent = True session['user'] = u flash('Hello ' + u['username'] + \ '. You have successfully confirmed your email address') return redirect(url_for('usersite',username=session['user']['username']))
def editinfo(): if not user_authenticated(): return "<h1>Forbidden (maybe you forgot to login)</h1>", 403 error = None if request.method == 'POST': if request.form['email'] == "": error = 'Please use a valid email address' elif request.form['username'] == "": error = 'Do not forget about your name' elif "/" in request.form['username']: error = 'Username cannot contain symbol "/"' elif request.form['username'] in \ [r.rule.split('/', maxsplit=2)[1] for r in app.url_map.iter_rules()]: error = 'You cannot use username "' + \ request.form['username'] + \ '", please choose another.' else: con = get_db() if 'notifs_muted' in request.form: notifs_muted = request.form['notifs_muted'] else: notifs_muted = 0 try: with con: con.execute( 'update users set about = ?, \ email = ?, username = ?, \ notifs_muted = ? \ where userid = ?', [ request.form['about'], request.form['email'], request.form['username'], notifs_muted, session['user']['userid'] ]) session['user']['email'] = request.form['email'] session['user']['about'] = request.form['about'] session['user']['username'] = request.form['username'] session['user']['notifs_muted'] = notifs_muted # if all is good return redirect( url_for('usersite', username=session['user']['username'])) except sqlite3.IntegrityError as err: error = handle_sqlite_exception(err) # if any error return render_template('users/editinfo.html', error=error)
def edit_comment(commentid): if not can_edit_comment(commentid): return "<h1>It's forbidden, my dear</h1>", 403 error = None oldcomment = get_comment(commentid) if request.method == 'GET': return render_template('comment/editcomment.html', error=error, comment=oldcomment, ) if request.method == 'POST': con = get_db() # soft delete old comment delete_comment(oldcomment['commentid']) # create a new comment with same creation date # but add edited_by and edited_at info with con: con.execute('insert into comments \ (comment, userid, paperid, createtime, edited_at, edited_by) \ values (?, ?, ?, ?, datetime(), ?)', [ request.form['comment'], oldcomment['userid'], oldcomment['paperid'], oldcomment['createtime'], get_user_id(), ]) # TODO: should we notify someone about comment edition ? if user_authenticated(): flash('You successfully updated the comment') # TODO: allows anonymous to update comments last_c_id=query_db("SELECT last_insert_rowid() as lid", one=True)['lid'] return redirect(url_for('onepaper', paperid=oldcomment['paperid'], error=error) + "#comment-" + str(last_c_id))
def send_password_change_mail_(usermail): with app.app_context(): key = ''.join( map(lambda x: random.choice(string.ascii_letters), range(100))) con = get_db() with con: con.execute( 'update users set \ key = ?, \ chpasstime = ? \ where email = ?', [key, datetime.datetime.now(), usermail]) u = query_db('select userid,username,email,createtime,valid \ from users \ where email = ?', [usermail], one=True) # Create a text/plain message msg = MIMEText("Hello %s, \n\n\ to change your password on 'Papers' site \n\ click on the following link: \n\ %s \n\n\ This link will be valid for 2 days only \n\n\ Good luck,\n\ Papers' team" % (u['username'], url_for('set_new_password', key=key, _external=True))) msg['Subject'] = 'Change password' msg['From'] = 'Papers-gamma Team' + '<' + MAIL_USER + '>' msg['To'] = usermail # Send the message via our own SMTP server. s = smtplib.SMTP_SSL(MAIL_SERVER) s.login(MAIL_USER, MAIL_PASS) s.send_message(msg) s.quit()
def set_new_password(key): error = None u = query_db('select userid, username, email, \ createtime, valid, about \ from users \ where key = ? \ and chpasstime > datetime("now","-2 days")', [key], one=True) if u is not None: email = u['email'] if request.method == 'POST': if request.form['password1'] != request.form['password2']: error = 'Password and retyped password do not match' elif request.form['password1'] == "": error = 'Password cannot be empty' else: con = get_db() with con: con.execute('update users set \ password = ?, valid = 1, key = null \ where key = ?', [hash (request.form['password1']. encode('utf-8')), key ]) session.permanent = True session['user'] = u flash('Hello ' + u['username'] + \ '. You have successfully changed your password') return redirect(url_for('usersite',username=session['user']['username'])) else: email = 'brrrr. See red error above.' error = 'Not valid key' return render_template('users/restore2.html', key=key, email=email, error=error)
def edit_domain(domainname): if not can_delete_domain(domainname): return "<h1>It's forbidden, my dear</h1>", 403 error = None domain = query_db("select * \ from domains \ where domainname = ?", [domainname], one=True) if request.method == 'GET': request.form.id = domain['domainid'] request.form.name = domain['domainname'] if request.method == 'POST': if request.form['name'] == "": error = 'Please enter a valid name' else: con = get_db() with con: con.execute( 'update domains set domainname = ? \ where domainid = ? ', [request.form['name'], request.form['id']]) flash('You successfully modified the domain') return redirect( url_for('domain', domainname=request.form['name'])) return render_template( 'catalog/edit.html', entry=domain, editname="domain", error=error, name=domainname, titleP="Edit the domain", domains=query_db("select * from domains where not (domainname = ?)", [domainname]))
def add_paper(): error = None if request.method == 'POST': paper_file = request.files['pdf'] if not paper_file or not allowed_file(paper_file.filename): error = 'Please choose a pdf file' elif request.form['title'] == "": error = 'Please add a title' elif request.form['domains'] == "": error = 'Please specify at least one domain' elif request.form['authors'] == "": error = 'Please add some authors' elif request.form['keywords'] == "": error = 'Please add some keywords' else: con = get_db() with con: con.execute('insert into papers(title,userid) \ values (?,?)', [request.form['title'], get_user_id()]) paperid = con.execute("SELECT last_insert_rowid() as lid" ).fetchone()['lid'] authors_ids = map(get_insert_author, parse_list(request.form['authors'])) for authorid in authors_ids: con.execute('insert into papers_authors \ (paperid, authorid) \ values(?,?)',[paperid, authorid]) domains_ids = map(get_insert_domain, parse_list(request.form['domains'])) for domainid in domains_ids: con.execute('insert into papers_domains \ (paperid, domainid) \ values(?,?)',[paperid, domainid]) keywords_ids = map(get_insert_keyword, parse_list(request.form['keywords'])) for keywordid in keywords_ids: con.execute('insert into papers_keywords \ (paperid, keywordid) \ values(?,?)',[paperid, keywordid]) filename_pdf = str(paperid) + "-" + \ secure_filename(paper_file.filename) ppdf = os.path.join(app.config['UPLOAD_FOLDER'],filename_pdf) paper_file.save(ppdf) ## this is just a hack. ## In order to generate first page filename_png = str(paperid) + ".png" ppng = os.path.join(app.config['PREVIEW_FOLDER'],filename_png) os.system('papersite/gen.sh ' + ppdf + ' ' + ppng) # end of hack ## Sometimes authors provide a url to their paper ## in this case we don't store a full paper, we use the url instead if request.form['url'] != "": os.remove(ppdf) con.execute("update papers set getlink = ? \ where paperid=?", [request.form['url'], paperid]) else: con.execute("update papers set getlink = ? \ where paperid=?", ['/static/memory/pdfs/'+filename_pdf, paperid]) ## notify some users by email about this paper new_paper_was_added(paperid) flash('You successfully upload the paper') return redirect(url_for('onepaper', paperid=paperid, title=request.form['title'])) return render_template('paper/add.html', error=error, domains=query_db ("select * from domains"), keywords=query_db ("select * from keywords"), authors=query_db ("select * from authors"))
def edit_paper_meta_information(paperid): ### edit Title, authors, tags and domains lists if not can_meta_edit_paper(paperid): return "<h1>It's forbidden fro you, my sweetie.</h1>", 403 error = None paper = query_db("select * \ from papers \ where paperid = ?", [paperid], one=True) if request.method == 'GET': request.form.title = paper['title'] request.form.authors = ", ".join([x['fullname'] for x in get_authors(paperid)]) request.form.domains = ", ".join([x['domainname'] for x in get_domains(paperid)]) request.form.keywords= ", ".join([x['keyword'] for x in get_keywords(paperid)]) if request.method == 'POST': histore_paper_info(paper) if request.form['title'] == "": error = 'Please add a title' elif request.form['domains'] == "": error = 'Please specify at least one domain' elif request.form['authors'] == "": error = 'Please add some authors' elif request.form['keywords'] == "": error = 'Please add some keywords' else: con = get_db() with con: con.execute('update papers set title = ?, edited_by = ?, \ edited_at = datetime() \ where paperid = ?', [request.form['title'], get_user_id(), paperid]) authors_ids = map(get_insert_author, parse_list(request.form['authors'])) con.execute('delete from papers_authors where paperid = ?', [paperid]) for authorid in authors_ids: con.execute('insert into papers_authors \ (paperid, authorid) \ values(?,?)',[paperid, authorid]) domains_ids = map(get_insert_domain, parse_list(request.form['domains'])) con.execute('delete from papers_domains where paperid = ?', [paperid]) for domainid in domains_ids: con.execute('insert into papers_domains \ (paperid, domainid) \ values(?,?)',[paperid, domainid]) keywords_ids = map(get_insert_keyword, parse_list(request.form['keywords'])) con.execute('delete from papers_keywords where paperid = ?', [paperid]) for keywordid in keywords_ids: con.execute('insert into papers_keywords \ (paperid, keywordid) \ values(?,?)',[paperid, keywordid]) ## TODO: notify some users by email about changes flash('You successfully modified the paper') return redirect(url_for('onepaper', paperid=paperid, title=request.form['title'])) return render_template('paper/meta-edit.html', error=error, paperid=paperid, domains=query_db ("select * from domains"), keywords=query_db ("select * from keywords"), authors=query_db ("select * from authors"))
def edit_paper(paperid): if not can_edit_paper(paperid): return "<h1>It's forbidden, my dear</h1>", 403 error = None paper = query_db("select * \ from papers \ where paperid = ?", [paperid], one=True) if request.method == 'GET': request.form.title = paper['title'] request.form.authors = ", ".join([x['fullname'] for x in get_authors(paperid)]) request.form.domains = ", ".join([x['domainname'] for x in get_domains(paperid)]) request.form.keywords= ", ".join([x['keyword'] for x in get_keywords(paperid)]) if not is_internal_pdf (paper['getlink']): request.form.url = paper['getlink'] if request.method == 'POST': histore_paper_info(paper) paper_file = request.files['pdf'] if paper_file and not allowed_file(paper_file.filename): error = 'Please choose a pdf file' elif request.form['title'] == "": error = 'Please add a title' elif request.form['domains'] == "": error = 'Please specify at least one domain' elif request.form['authors'] == "": error = 'Please add some authors' elif request.form['keywords'] == "": error = 'Please add some keywords' else: con = get_db() with con: con.execute('update papers set title = ?, edited_by = ?, \ edited_at = datetime() \ where paperid = ?', [request.form['title'], get_user_id(), paperid]) authors_ids = map(get_insert_author, parse_list(request.form['authors'])) con.execute('delete from papers_authors where paperid = ?', [paperid]) for authorid in authors_ids: con.execute('insert into papers_authors \ (paperid, authorid) \ values(?,?)',[paperid, authorid]) domains_ids = map(get_insert_domain, parse_list(request.form['domains'])) con.execute('delete from papers_domains where paperid = ?', [paperid]) for domainid in domains_ids: con.execute('insert into papers_domains \ (paperid, domainid) \ values(?,?)',[paperid, domainid]) keywords_ids = map(get_insert_keyword, parse_list(request.form['keywords'])) con.execute('delete from papers_keywords where paperid = ?', [paperid]) for keywordid in keywords_ids: con.execute('insert into papers_keywords \ (paperid, keywordid) \ values(?,?)',[paperid, keywordid]) if paper_file: filename_pdf = str(paperid) + "-" + \ secure_filename(paper_file.filename) ppdf = os.path.join(app.config['UPLOAD_FOLDER'],filename_pdf) paper_file.save(ppdf) ## this is just a hack. ## In order to generate first page filename_png = str(paperid) + ".png" ppng = os.path.join(app.config['PREVIEW_FOLDER'],filename_png) os.system('papersite/gen.sh ' + ppdf + ' ' + ppng) # end of hack ## Sometimes authors provide a url to their paper ## in this case we don't store a full paper, we use the url instead if request.form['url'] != "": if paper_file: # a file was just uploaded, we already took the first page. It is a fair use. # We delete the file os.remove(ppdf) else: # The following magick will happens... # we test if a link is to un existing papers, link = paper['getlink'] if (is_internal_pdf(link)): filename_pdf = link.replace('/static/memory/pdfs/', '') ppdf = os.path.join(app.config['UPLOAD_FOLDER'],filename_pdf) os.remove(ppdf) # here we will delete file that was already uploaded some time ago # but now was remplaced by un URL. con.execute("update papers set getlink = ? \ where paperid=?", [request.form['url'], paperid]) elif paper_file: con.execute("update papers set getlink = ? \ where paperid=?", ['/static/memory/pdfs/'+filename_pdf, paperid]) ## TODO: notify some users by email about changes flash('You successfully modified the paper') return redirect(url_for('onepaper', paperid=paperid, title=request.form['title'])) return render_template('paper/edit.html', error=error, paperid=paperid, domains=query_db ("select * from domains"), keywords=query_db ("select * from keywords"), authors=query_db ("select * from authors"))