def edit_author(fullname):
if not can_delete_author(fullname):
return "<h1>It's forbidden, my dear</h1>", 403
error = None
author = query_db("select * \
from authors \
where fullname = ?", [fullname],
one=True)
if request.method == 'GET':
request.form.id = author['authorid']
request.form.name = author['fullname']
if request.method == 'POST':
if request.form['name'] == "":
error = 'Please enter a valid name'
else:
con = get_db()
with con:
con.execute(
'update authors set fullname = ? \
where authorid = ?',
[request.form['name'], request.form['id']])
flash('You successfully modified the author')
return redirect(
url_for('author', fullname=request.form['name']))
return render_template(
'catalog/edit.html',
editname="author",
error=error,
name=fullname,
titleP="Edit the author",
authors=query_db("select * from authors where not (fullname = ?)",
[fullname]))
def add_comment(paperid):
con = get_db()
error = None
with con:
con.execute('insert into comments \
(comment,userid,paperid) \
values (?,?,?)',
[
# here we do not escape, because we will
# do it in jinja
request.form['comment'],
get_user_id(),
paperid
])
con.execute('update papers set lastcommentat=datetime() \
where paperid = ?', [paperid])
if user_authenticated():
flash('You successfully commented the paper')
else:
flash('You anonymously commented the paper')
last_c_id=query_db("SELECT last_insert_rowid() as lid",
one=True)['lid']
# notify user about new comment
comment_was_added(paperid, last_c_id)
return redirect(url_for('onepaper',paperid=paperid, title = None, error=error)
+ "#comment-"
+ str(last_c_id))
def send_confirmation_mail_(username, usermail):
with app.app_context():
key = ''.join(
map(lambda x: random.choice(string.ascii_letters), range(100)))
con = get_db()
with con:
con.execute(
'update users set key = ? \
where username = ?', [key, username])
# Create a text/plain message
msg = MIMEText("Hello %s, \n\n\
If you want to complete the registeration on 'Papers' \n\
you should click on the following link: \n\
%s \n\n\
Good luck,\n\
Papers' team" % (username,
url_for('register_confirmation', key=key, _external=True)))
msg['Subject'] = 'Email confirmation'
msg['From'] = 'Papers-gamma Team' + '<' + MAIL_USER + '>'
msg['To'] = usermail
# Send the message via our own SMTP server.
s = smtplib.SMTP_SSL(MAIL_SERVER)
s.login(MAIL_USER, MAIL_PASS)
s.send_message(msg)
s.quit()
def edit_tag(keyword):
if not can_delete_tag(keyword):
return "<h1>It's forbidden, my dear</h1>", 403
error = None
tag = query_db("select * \
from keywords \
where keyword = ?", [keyword],
one=True)
if request.method == 'GET':
request.form.id = tag['keywordid']
request.form.name = tag['keyword']
if request.method == 'POST':
if request.form['name'] == "":
error = 'Please fill the name'
else:
con = get_db()
with con:
con.execute(
'update keywords set keyword = ? \
where keywordid = ?',
[request.form['name'], request.form['id']])
flash('You successfully modified the tag')
return redirect(
url_for('keyword', keyword=request.form['name']))
return render_template(
'catalog/edit.html',
editname="tag",
error=error,
name=keyword,
titleP="Edit the tag",
keywords=query_db("select * from keywords where not (keyword = ?)",
[keyword]))
def like_paper(paperid,title):
if not user_authenticated():
return "<h1>Forbidden (anonymous cannot like)</h1>", 403
con = get_db()
with con:
con.execute('insert into likes (paperid,userid) values (?,?)',
[paperid, get_user_id()])
return str(likes(paperid))
def dumpit():
db = get_db()
r = Popen('sqlite3 db/papers.db < db/dump.sqlite-script | gzip',
shell=True,
stdout=PIPE,
stdin=PIPE)
return Response(r.stdout, mimetype='application/sql')
def unlike_paper(paperid,title):
if not user_authenticated():
return "<h1>Forbidden (anonymous cannot unlike)</h1>", 403
con = get_db()
with con:
con.execute('delete from likes where \
paperid = ? and userid=?',
[paperid, get_user_id()])
return str(likes(paperid))
def unmute_email_notifs():
if not user_authenticated():
return "<h1>Forbidden (maybe you forgot to login)</h1>", 403
con = get_db()
with con:
con.execute('update users set notifs_muted = 0 \
where userid = ?',
[session['user']['userid']])
session['user']['notifs_muted'] = "0"
flash('Email notifications are UN-muted')
return redirect(url_for('usersite',username=session['user']['username']))
return redirect(url_for('usersite'))
def register():
error = None
print(request.form)
if request.method == 'POST':
if request.form['email'] == "":
error = 'Please use a valid email address'
elif request.form['username'] == "":
error = 'Do not forget about your name'
elif request.form['password1'] != request.form['password2']:
error = 'Password and retyped password do not match'
elif request.form['password1'] == "":
error = 'Password cannot be empty'
elif "/" in request.form['username']:
error = 'Username cannot contain symbol "/"'
elif request.form['username'] in \
[r.rule.split('/', maxsplit=2)[1] for r in app.url_map.iter_rules()]:
error = 'You cannot use username "' + \
request.form['username'] + \
'", please choose another.'
elif is_spam(request):
return "<h1>Posted data looks like a spam, contact us if not</h1>", 403
elif not CAPTCHA.verify (request.form['captcha-text'],
request.form['captcha-hash']):
error = 'Watch captcha!!!'
else:
con = get_db()
try:
with con:
con.execute('insert into users \
(username, email, password, valid, about) \
values (?, ?, ?, ?, ?)',
[request.form['username'],
request.form['email'],
hash (request.
form['password1'].
encode('utf-8')),
0,
'...Some information about the user will someday appear here...'
])
send_confirmation_mail (request.form['username'],
request.form['email'])
flash('A confirmation link has been sent to you. \n\
Please, check your mailbox (%s). If it is not the case, please contact us.' % request.form['email'])
return redirect(url_for('index'))
except sqlite3.IntegrityError as err:
error = handle_sqlite_exception(err)
captcha = CAPTCHA.create()
return render_template('users/register.html', error = error, captcha = captcha)
def register_confirmation(key):
error = None
u = query_db('select userid,username,email, \
createtime,valid,about \
from users \
where key = ?',
[key], one=True)
if u is not None:
con = get_db()
with con:
con.execute('update users set valid = 1, key = null \
where key = ?',
[key])
session.permanent = True
session['user'] = u
flash('Hello ' + u['username'] + \
'. You have successfully confirmed your email address')
return redirect(url_for('usersite',username=session['user']['username']))
def editinfo():
if not user_authenticated():
return "<h1>Forbidden (maybe you forgot to login)</h1>", 403
error = None
if request.method == 'POST':
if request.form['email'] == "":
error = 'Please use a valid email address'
elif request.form['username'] == "":
error = 'Do not forget about your name'
elif "/" in request.form['username']:
error = 'Username cannot contain symbol "/"'
elif request.form['username'] in \
[r.rule.split('/', maxsplit=2)[1] for r in app.url_map.iter_rules()]:
error = 'You cannot use username "' + \
request.form['username'] + \
'", please choose another.'
else:
con = get_db()
if 'notifs_muted' in request.form:
notifs_muted = request.form['notifs_muted']
else:
notifs_muted = 0
try:
with con:
con.execute(
'update users set about = ?, \
email = ?, username = ?, \
notifs_muted = ? \
where userid = ?', [
request.form['about'], request.form['email'],
request.form['username'], notifs_muted,
session['user']['userid']
])
session['user']['email'] = request.form['email']
session['user']['about'] = request.form['about']
session['user']['username'] = request.form['username']
session['user']['notifs_muted'] = notifs_muted
# if all is good
return redirect(
url_for('usersite', username=session['user']['username']))
except sqlite3.IntegrityError as err:
error = handle_sqlite_exception(err)
# if any error
return render_template('users/editinfo.html', error=error)
def edit_comment(commentid):
if not can_edit_comment(commentid):
return "<h1>It's forbidden, my dear</h1>", 403
error = None
oldcomment = get_comment(commentid)
if request.method == 'GET':
return render_template('comment/editcomment.html',
error=error,
comment=oldcomment,
)
if request.method == 'POST':
con = get_db()
# soft delete old comment
delete_comment(oldcomment['commentid'])
# create a new comment with same creation date
# but add edited_by and edited_at info
with con:
con.execute('insert into comments \
(comment, userid, paperid, createtime, edited_at, edited_by) \
values (?, ?, ?, ?, datetime(), ?)',
[
request.form['comment'],
oldcomment['userid'],
oldcomment['paperid'],
oldcomment['createtime'],
get_user_id(),
])
# TODO: should we notify someone about comment edition ?
if user_authenticated():
flash('You successfully updated the comment')
# TODO: allows anonymous to update comments
last_c_id=query_db("SELECT last_insert_rowid() as lid",
one=True)['lid']
return redirect(url_for('onepaper',
paperid=oldcomment['paperid'],
error=error)
+ "#comment-"
+ str(last_c_id))
def send_password_change_mail_(usermail):
with app.app_context():
key = ''.join(
map(lambda x: random.choice(string.ascii_letters), range(100)))
con = get_db()
with con:
con.execute(
'update users set \
key = ?, \
chpasstime = ? \
where email = ?',
[key, datetime.datetime.now(), usermail])
u = query_db('select userid,username,email,createtime,valid \
from users \
where email = ?', [usermail],
one=True)
# Create a text/plain message
msg = MIMEText("Hello %s, \n\n\
to change your password on 'Papers' site \n\
click on the following link: \n\
%s \n\n\
This link will be valid for 2 days only \n\n\
Good luck,\n\
Papers' team" % (u['username'],
url_for('set_new_password', key=key, _external=True)))
msg['Subject'] = 'Change password'
msg['From'] = 'Papers-gamma Team' + '<' + MAIL_USER + '>'
msg['To'] = usermail
# Send the message via our own SMTP server.
s = smtplib.SMTP_SSL(MAIL_SERVER)
s.login(MAIL_USER, MAIL_PASS)
s.send_message(msg)
s.quit()
def set_new_password(key):
error = None
u = query_db('select userid, username, email, \
createtime, valid, about \
from users \
where key = ? \
and chpasstime > datetime("now","-2 days")',
[key], one=True)
if u is not None:
email = u['email']
if request.method == 'POST':
if request.form['password1'] != request.form['password2']:
error = 'Password and retyped password do not match'
elif request.form['password1'] == "":
error = 'Password cannot be empty'
else:
con = get_db()
with con:
con.execute('update users set \
password = ?, valid = 1, key = null \
where key = ?',
[hash (request.form['password1'].
encode('utf-8')),
key
])
session.permanent = True
session['user'] = u
flash('Hello ' + u['username'] + \
'. You have successfully changed your password')
return redirect(url_for('usersite',username=session['user']['username']))
else:
email = 'brrrr. See red error above.'
error = 'Not valid key'
return render_template('users/restore2.html', key=key,
email=email,
error=error)
def edit_domain(domainname):
if not can_delete_domain(domainname):
return "<h1>It's forbidden, my dear</h1>", 403
error = None
domain = query_db("select * \
from domains \
where domainname = ?", [domainname],
one=True)
if request.method == 'GET':
request.form.id = domain['domainid']
request.form.name = domain['domainname']
if request.method == 'POST':
if request.form['name'] == "":
error = 'Please enter a valid name'
else:
con = get_db()
with con:
con.execute(
'update domains set domainname = ? \
where domainid = ? ',
[request.form['name'], request.form['id']])
flash('You successfully modified the domain')
return redirect(
url_for('domain', domainname=request.form['name']))
return render_template(
'catalog/edit.html',
entry=domain,
editname="domain",
error=error,
name=domainname,
titleP="Edit the domain",
domains=query_db("select * from domains where not (domainname = ?)",
[domainname]))
def add_paper():
error = None
if request.method == 'POST':
paper_file = request.files['pdf']
if not paper_file or not allowed_file(paper_file.filename):
error = 'Please choose a pdf file'
elif request.form['title'] == "":
error = 'Please add a title'
elif request.form['domains'] == "":
error = 'Please specify at least one domain'
elif request.form['authors'] == "":
error = 'Please add some authors'
elif request.form['keywords'] == "":
error = 'Please add some keywords'
else:
con = get_db()
with con:
con.execute('insert into papers(title,userid) \
values (?,?)',
[request.form['title'], get_user_id()])
paperid = con.execute("SELECT last_insert_rowid() as lid"
).fetchone()['lid']
authors_ids = map(get_insert_author,
parse_list(request.form['authors']))
for authorid in authors_ids:
con.execute('insert into papers_authors \
(paperid, authorid) \
values(?,?)',[paperid, authorid])
domains_ids = map(get_insert_domain,
parse_list(request.form['domains']))
for domainid in domains_ids:
con.execute('insert into papers_domains \
(paperid, domainid) \
values(?,?)',[paperid, domainid])
keywords_ids = map(get_insert_keyword,
parse_list(request.form['keywords']))
for keywordid in keywords_ids:
con.execute('insert into papers_keywords \
(paperid, keywordid) \
values(?,?)',[paperid, keywordid])
filename_pdf = str(paperid) + "-" + \
secure_filename(paper_file.filename)
ppdf = os.path.join(app.config['UPLOAD_FOLDER'],filename_pdf)
paper_file.save(ppdf)
## this is just a hack.
## In order to generate first page
filename_png = str(paperid) + ".png"
ppng = os.path.join(app.config['PREVIEW_FOLDER'],filename_png)
os.system('papersite/gen.sh ' + ppdf + ' ' + ppng)
# end of hack
## Sometimes authors provide a url to their paper
## in this case we don't store a full paper, we use the url instead
if request.form['url'] != "":
os.remove(ppdf)
con.execute("update papers set getlink = ? \
where paperid=?",
[request.form['url'], paperid])
else:
con.execute("update papers set getlink = ? \
where paperid=?",
['/static/memory/pdfs/'+filename_pdf, paperid])
## notify some users by email about this paper
new_paper_was_added(paperid)
flash('You successfully upload the paper')
return redirect(url_for('onepaper',
paperid=paperid,
title=request.form['title']))
return render_template('paper/add.html',
error=error,
domains=query_db ("select * from domains"),
keywords=query_db ("select * from keywords"),
authors=query_db ("select * from authors"))
def edit_paper_meta_information(paperid):
### edit Title, authors, tags and domains lists
if not can_meta_edit_paper(paperid):
return "<h1>It's forbidden fro you, my sweetie.</h1>", 403
error = None
paper = query_db("select * \
from papers \
where paperid = ?",
[paperid], one=True)
if request.method == 'GET':
request.form.title = paper['title']
request.form.authors = ", ".join([x['fullname'] for x in get_authors(paperid)])
request.form.domains = ", ".join([x['domainname'] for x in get_domains(paperid)])
request.form.keywords= ", ".join([x['keyword'] for x in get_keywords(paperid)])
if request.method == 'POST':
histore_paper_info(paper)
if request.form['title'] == "":
error = 'Please add a title'
elif request.form['domains'] == "":
error = 'Please specify at least one domain'
elif request.form['authors'] == "":
error = 'Please add some authors'
elif request.form['keywords'] == "":
error = 'Please add some keywords'
else:
con = get_db()
with con:
con.execute('update papers set title = ?, edited_by = ?, \
edited_at = datetime() \
where paperid = ?',
[request.form['title'], get_user_id(), paperid])
authors_ids = map(get_insert_author,
parse_list(request.form['authors']))
con.execute('delete from papers_authors where paperid = ?',
[paperid])
for authorid in authors_ids:
con.execute('insert into papers_authors \
(paperid, authorid) \
values(?,?)',[paperid, authorid])
domains_ids = map(get_insert_domain,
parse_list(request.form['domains']))
con.execute('delete from papers_domains where paperid = ?',
[paperid])
for domainid in domains_ids:
con.execute('insert into papers_domains \
(paperid, domainid) \
values(?,?)',[paperid, domainid])
keywords_ids = map(get_insert_keyword,
parse_list(request.form['keywords']))
con.execute('delete from papers_keywords where paperid = ?',
[paperid])
for keywordid in keywords_ids:
con.execute('insert into papers_keywords \
(paperid, keywordid) \
values(?,?)',[paperid, keywordid])
## TODO: notify some users by email about changes
flash('You successfully modified the paper')
return redirect(url_for('onepaper',
paperid=paperid,
title=request.form['title']))
return render_template('paper/meta-edit.html',
error=error,
paperid=paperid,
domains=query_db ("select * from domains"),
keywords=query_db ("select * from keywords"),
authors=query_db ("select * from authors"))
def edit_paper(paperid):
if not can_edit_paper(paperid):
return "<h1>It's forbidden, my dear</h1>", 403
error = None
paper = query_db("select * \
from papers \
where paperid = ?",
[paperid], one=True)
if request.method == 'GET':
request.form.title = paper['title']
request.form.authors = ", ".join([x['fullname'] for x in get_authors(paperid)])
request.form.domains = ", ".join([x['domainname'] for x in get_domains(paperid)])
request.form.keywords= ", ".join([x['keyword'] for x in get_keywords(paperid)])
if not is_internal_pdf (paper['getlink']):
request.form.url = paper['getlink']
if request.method == 'POST':
histore_paper_info(paper)
paper_file = request.files['pdf']
if paper_file and not allowed_file(paper_file.filename):
error = 'Please choose a pdf file'
elif request.form['title'] == "":
error = 'Please add a title'
elif request.form['domains'] == "":
error = 'Please specify at least one domain'
elif request.form['authors'] == "":
error = 'Please add some authors'
elif request.form['keywords'] == "":
error = 'Please add some keywords'
else:
con = get_db()
with con:
con.execute('update papers set title = ?, edited_by = ?, \
edited_at = datetime() \
where paperid = ?',
[request.form['title'], get_user_id(), paperid])
authors_ids = map(get_insert_author,
parse_list(request.form['authors']))
con.execute('delete from papers_authors where paperid = ?',
[paperid])
for authorid in authors_ids:
con.execute('insert into papers_authors \
(paperid, authorid) \
values(?,?)',[paperid, authorid])
domains_ids = map(get_insert_domain,
parse_list(request.form['domains']))
con.execute('delete from papers_domains where paperid = ?',
[paperid])
for domainid in domains_ids:
con.execute('insert into papers_domains \
(paperid, domainid) \
values(?,?)',[paperid, domainid])
keywords_ids = map(get_insert_keyword,
parse_list(request.form['keywords']))
con.execute('delete from papers_keywords where paperid = ?',
[paperid])
for keywordid in keywords_ids:
con.execute('insert into papers_keywords \
(paperid, keywordid) \
values(?,?)',[paperid, keywordid])
if paper_file:
filename_pdf = str(paperid) + "-" + \
secure_filename(paper_file.filename)
ppdf = os.path.join(app.config['UPLOAD_FOLDER'],filename_pdf)
paper_file.save(ppdf)
## this is just a hack.
## In order to generate first page
filename_png = str(paperid) + ".png"
ppng = os.path.join(app.config['PREVIEW_FOLDER'],filename_png)
os.system('papersite/gen.sh ' + ppdf + ' ' + ppng)
# end of hack
## Sometimes authors provide a url to their paper
## in this case we don't store a full paper, we use the url instead
if request.form['url'] != "":
if paper_file:
# a file was just uploaded, we already took the first page. It is a fair use.
# We delete the file
os.remove(ppdf)
else:
# The following magick will happens...
# we test if a link is to un existing papers,
link = paper['getlink']
if (is_internal_pdf(link)):
filename_pdf = link.replace('/static/memory/pdfs/', '')
ppdf = os.path.join(app.config['UPLOAD_FOLDER'],filename_pdf)
os.remove(ppdf)
# here we will delete file that was already uploaded some time ago
# but now was remplaced by un URL.
con.execute("update papers set getlink = ? \
where paperid=?",
[request.form['url'], paperid])
elif paper_file:
con.execute("update papers set getlink = ? \
where paperid=?",
['/static/memory/pdfs/'+filename_pdf, paperid])
## TODO: notify some users by email about changes
flash('You successfully modified the paper')
return redirect(url_for('onepaper',
paperid=paperid,
title=request.form['title']))
return render_template('paper/edit.html',
error=error,
paperid=paperid,
domains=query_db ("select * from domains"),
keywords=query_db ("select * from keywords"),
authors=query_db ("select * from authors"))
