def admin_user(user_id):
u = user.get_user(user_id)
if u is not None:
return flask.render_template('admin/user.html',
title=user_id + ' - Admin',
user=u)
flask.abort(404)
def get_users_found(self):
res = db.query_db('SELECT * FROM flagsfound WHERE flag_id = ?',
[self.flag])
users = []
for u in res:
users.append(user.get_user(u['user_id']))
return users
def admin_remove_flag_user(flag_hash):
if 'user' not in flask.request.form:
flask.abort(400)
f = flag.get_by_hash(flag_hash)
u = user.get_user(flask.request.form['user'])
if u is not None and f is not None:
flag.remove_flag(f.flag, u.username)
flask.flash('Removed flag from user successfully.', 'success')
return flask.redirect('/admin/flag/{}'.format(flag_hash))
def admin_users():
if flask.request.method == 'POST' and 'username' in flask.request.form and 'perm' in flask.request.form:
username = flask.request.form['username']
try:
perm = int(flask.request.form['perm'])
except ValueError:
flask.abort(400)
return # Keep parser happy (flask.abort handles abort for us)
if perm < 0 or perm > 10:
flask.abort(400)
if user.exists(username):
user.get_user(username).set_perm(perm)
logger.info('^%s^ set perm to %s for ^%s^.',
flask_login.current_user.username, perm, username)
flask.flash('User updated successfully.', 'success')
else:
flask.flash(
'Unable to update user privileges, that username does not exist.',
'danger')
return flask.render_template('admin/users.html',
title='Users - Admin',
users=user.get_all(sort_asc=True,
admin_first=True))
def profile_delete(username):
u = user.get_user(username)
if flask_login.current_user.get_id() == u.username:
form = forms.ConfirmPasswordForm()
if form.validate_on_submit():
if auth.check_login(u.username, form.password.data):
u.remove(
) # Must be called before logout to allow event to be logged correctly
flask_login.logout_user()
flask.flash('Account deleted.', 'success')
return flask.redirect('/')
else:
form.password.errors.append('Incorrect password.')
return flask.render_template('delete_account.html',
title='Delete Account',
user=u,
form=form)
else:
flask.abort(404)
def remove_user(user_id):
if 'remove' not in flask.request.form:
flask.abort(400)
if user_id == flask_login.current_user.get_id():
flask.flash(
"You can't delete your own user here, you need to go to your profile page.",
'danger')
else:
u = user.get_user(user_id)
if u:
u.remove()
flask.flash('User removed.', 'success')
logger.info('^%s^ deleted the user ^%s^.',
flask_login.current_user.get_id(), user_id)
else:
flask.abort(404)
return flask.redirect('/admin/users')
def profile_user(username):
if not user.exists(username):
flask.abort(404)
u = user.get_user(username)
if flask_login.current_user.get_id() == u.username:
dn_form = forms.ChangeDisplayNameForm(prefix='dn')
pwd_form = forms.ChangePasswordForm(prefix='pwd')
if dn_form.submit.data and dn_form.validate_on_submit():
u.update_display_name(dn_form.display_name.data)
flask.flash('Display name updated successfully.', 'success')
dn_form.display_name.data = '' # Clear input field
if pwd_form.submit.data and pwd_form.validate_on_submit():
if auth.check_login(username, pwd_form.old_password.data):
if pwd_form.new_password.data == pwd_form.new_password2.data:
u.update_password(pwd_form.new_password.data)
flask.flash('Password updated successfully.', 'success')
else:
pwd_form.new_password2.errors.append(
'Repeated password does not match.')
else:
pwd_form.old_password.errors.append(
'Old password is incorrect.')
return flask.render_template('profile_my.html',
title=u.display_name,
user=u,
events=event.by_user(username),
rank=rank.get_rank(u.get_global_score()),
dn_form=dn_form,
pwd_form=pwd_form)
return flask.render_template('profile.html',
title=u.display_name,
user=u,
events=event.by_user(username),
rank=rank.get_rank(u.get_global_score()))
def get_owner(self):
res = db.query_db('SELECT * FROM flags WHERE flag = ?', [self.flag],
one=True)
if res['user'] is None:
return None
return user.get_user(res['user'])