def resolve(userid, otherid, othername, myself=True): """ Attempts to determine the userid of a specified user; resolves using otherid, othername, and userid (if myself is True), in that order. If no userid can be resolved, returns 0 instead. """ result = None if otherid: result = d.execute("SELECT userid FROM login WHERE userid = %i", [d.get_int(otherid)], ["element"]) if result: return result elif othername: result = d.execute("SELECT userid FROM login WHERE login_name = '%s'", [d.get_sysname(othername)], ["element"]) if result: return result result = d.execute("SELECT userid FROM useralias WHERE alias_name = '%s'", [d.get_sysname(othername)], ["element"]) if result: return result elif userid and myself: return userid return 0
def select_view(userid, noteid): query = d.execute( "SELECT ps.userid, ps.username, pr.userid, pr.username, " "ms.title, ms.content, ms.unixtime, ms.settings FROM message ms INNER " "JOIN profile ps ON ms.userid = ps.userid INNER JOIN profile pr ON " "ms.otherid = pr.userid WHERE ms.noteid = %i", [noteid], options=["single"]) if not query: raise WeasylError("noteRecordMissing") elif userid == query[0] and "s" in query[7]: raise WeasylError("noteRecordMissing") elif userid == query[2] and "r" in query[7]: raise WeasylError("noteRecordMissing") elif userid not in [query[0], query[2]]: raise WeasylError("InsufficientPermissions") if query[2] == userid and "u" in query[7]: d.execute( "UPDATE message SET settings = REPLACE(settings, 'u', '') WHERE noteid = %i", [noteid]) d._page_header_info.invalidate(userid) return { "noteid": noteid, "senderid": query[0], "mine": userid == query[0], "sendername": query[1], "recipientid": query[2], "recipientname": query[3], "title": query[4], "content": query[5], "unixtime": query[6], }
def remove_price(userid, priceid): if not d.execute( "SELECT EXISTS (SELECT 0 FROM commishprice WHERE (priceid, userid) = (%i, %i))", [d.get_int(priceid), userid], ["bool"]): raise WeasylError("priceidInvalid") d.execute("DELETE FROM commishprice WHERE (priceid, userid) = (%i, %i)", [d.get_int(priceid), userid])
def _create_char(userid, x1, y1, x2, y2, charid, config=None, remove=True): x1, y1, x2, y2 = d.get_int(x1), d.get_int(y1), d.get_int(x2), d.get_int(y2) filename = d.url_make(charid, "char/.thumb", root=True) if not m.os.path.exists(filename): filename = d.url_make(charid, "char/cover", root=True) if not filename: return remove = False im = image.read(filename) size = im.size.width, im.size.height d.execute( """ UPDATE character SET settings = REGEXP_REPLACE(settings, '-.', '') || '-%s' WHERE charid = %i """, [image.image_setting(im), charid]) dest = '%s%i.thumb%s' % (d.get_hash_path( charid, "char"), charid, images.image_extension(im)) bounds = None if image.check_crop(size, x1, y1, x2, y2): bounds = geometry.Rectangle(x1, y1, x2, y2) thumb = images.make_thumbnail(im, bounds) thumb.write(dest, format=images.image_file_type(thumb)) if remove: m.os.remove(filename)
def offer(userid, submitid, otherid): query = d.engine.execute( "SELECT userid, rating, settings FROM submission WHERE submitid = %(id)s", id=submitid, ).first() if not query or "h" in query[2]: raise WeasylError("Unexpected") elif userid != query[0]: raise WeasylError("Unexpected") # Check collection acceptability if otherid: rating = d.get_rating(otherid) if rating < query[1]: raise WeasylError("collectionUnacceptable") if "f" in query[2]: raise WeasylError("collectionUnacceptable") if ignoreuser.check(otherid, userid): raise WeasylError("IgnoredYou") if ignoreuser.check(userid, otherid): raise WeasylError("YouIgnored") if blocktag.check(otherid, submitid=submitid): raise WeasylError("collectionUnacceptable") try: d.execute( "INSERT INTO collection (userid, submitid, unixtime) VALUES (%i, %i, %i)", [otherid, submitid, d.get_time()]) except PostgresError: raise WeasylError("collectionExists") welcome.collectoffer_insert(userid, otherid, submitid)
def verify(db, userid, token): # Select purchased terms terms = define.execute( db, "SELECT terms FROM premiumpurchase WHERE token = '%s'", [token], ["element"]) if not terms: raise error.WeasylError("tokenInvalid") # Select current terms current = define.execute( db, "SELECT terms FROM userpremium WHERE userid = %i", [userid], ["element"]) # Update premium status if current: define.execute( db, "UPDATE userpremium SET terms = terms + %i WHERE userid = %i", [terms, userid]) else: define.execute(db, "INSERT INTO userpremium VALUES (%i, %i, %i)", [userid, define.get_time(), terms]) define.execute( db, "UPDATE profile SET config = config || 'd' WHERE userid = %i AND config !~ 'd'", [userid]) define.execute(db, "DELETE FROM premiumpurchase WHERE token = '%s'", [token])
def settings(userid, setting=None): if setting: return d.execute("SELECT settings ~ '%s' FROM login WHERE userid = %i", [setting, userid], options="bool") else: return d.execute("SELECT settings FROM login WHERE userid = %i", [userid], options="element")
def _create_char(userid, x1, y1, x2, y2, charid, config=None, remove=True): x1, y1, x2, y2 = d.get_int(x1), d.get_int(y1), d.get_int(x2), d.get_int(y2) filename = d.url_make(charid, "char/.thumb", root=True) if not m.os.path.exists(filename): filename = d.url_make(charid, "char/cover", root=True) if not filename: return remove = False im = image.read(filename) size = im.size.width, im.size.height d.execute(""" UPDATE character SET settings = REGEXP_REPLACE(settings, '-.', '') || '-%s' WHERE charid = %i """, [image.image_setting(im), charid]) dest = os.path.join(d.get_character_directory(charid), '%i.thumb%s' % (charid, images.image_extension(im))) bounds = None if image.check_crop(size, x1, y1, x2, y2): bounds = geometry.Rectangle(x1, y1, x2, y2) thumb = images.make_thumbnail(im, bounds) thumb.write(dest, format=images.image_file_type(thumb)) if remove: os.remove(filename)
def edit(userid, journal, friends_only=False): if not journal.title: raise WeasylError("titleInvalid") elif not journal.content: raise WeasylError("contentInvalid") elif not journal.rating: raise WeasylError("ratingInvalid") profile.check_user_rating_allowed(userid, journal.rating) query = d.execute("SELECT userid, settings FROM journal WHERE journalid = %i", [journal.journalid], options="single") if not query or "h" in query[1]: raise WeasylError("Unexpected") elif userid != query[0] and userid not in staff.MODS: raise WeasylError("InsufficientPermissions") settings = [query[1].replace("f", "")] settings.append("f" if friends_only else "") settings = "".join(settings) if "f" in settings: welcome.journal_remove(journal.journalid) d.execute("UPDATE journal SET (title, content, rating, settings) = ('%s', '%s', %i, '%s') WHERE journalid = %i", [journal.title, journal.content, journal.rating.code, settings, journal.journalid]) if userid != query[0]: moderation.note_about( userid, query[0], 'The following journal was edited:', '- ' + text.markdown_link(journal.title, '/journal/%s?anyway=true' % (journal.journalid,)))
def remove_list(userid, noteids): if not noteids: return rem_sent = [] rem_received = [] query = d.execute( "SELECT userid, otherid, settings, noteid FROM message WHERE noteid IN %s", [d.sql_number_list(noteids)]) for i in query: if i[0] == userid and "s" not in i[2]: rem_sent.append(i[3]) if i[1] == userid and "r" not in i[2]: rem_received.append(i[3]) if rem_sent: d.execute( "UPDATE message SET settings = settings || 's' WHERE noteid IN %s", [d.sql_number_list(rem_sent)]) if rem_received: d.execute( "UPDATE message SET settings = REPLACE(settings, 'u', '') || 'r' WHERE noteid IN %s", [d.sql_number_list(rem_received)])
def remove_request(userid, otherid): d.execute( "DELETE FROM frienduser " "WHERE userid IN (%i, %i) " "AND otherid IN (%i, %i)", [userid, otherid, userid, otherid]) welcome.frienduserrequest_remove(userid, otherid)
def remove(userid, commentid=None): query = d.execute( "SELECT userid, target_user, settings FROM comments WHERE commentid = %i AND settings !~ 'h'", [commentid], ["single"]) if not query or ('s' in query[2] and userid not in staff.MODS): raise WeasylError("shoutRecordMissing") if userid != query[1] and userid not in staff.MODS: if userid != query[0]: raise WeasylError("InsufficientPermissions") # user is commenter replies = d.execute( "SELECT commentid FROM comments WHERE parentid = %d", [commentid]) if replies: # a commenter cannot remove their comment if it has replies raise WeasylError("InsufficientPermissions") # remove notifications welcome.comment_remove(commentid, 'shout') d._page_header_info.invalidate(userid) # hide comment d.execute( "UPDATE comments SET settings = settings || 'h', hidden_by = %i WHERE commentid = %i", [userid, commentid]) return query[1]
def create_price(userid, price, currency="", settings=""): if not price.title: raise WeasylError("titleInvalid") elif price.amount_min > _MAX_PRICE: raise WeasylError("minamountInvalid") elif price.amount_max > _MAX_PRICE: raise WeasylError("maxamountInvalid") elif price.amount_max and price.amount_max < price.amount_min: raise WeasylError("maxamountInvalid") elif not d.execute("SELECT EXISTS (SELECT 0 FROM commishclass WHERE (classid, userid) = (%i, %i))", [price.classid, userid], ["bool"]): raise WeasylError("classidInvalid") elif not price.classid: raise WeasylError("classidInvalid") # Settings are at most one currency class, and optionally an 'a' to indicate an add-on price. # TODO: replace these character codes with an enum. settings = "%s%s" % ("".join(i for i in currency if i in CURRENCY_CHARMAP)[:1], "a" if "a" in settings else "") # TODO: should have an auto-increment ID priceid = d.execute("SELECT MAX(priceid) + 1 FROM commishprice WHERE userid = %i", [userid], ["element"]) try: d.execute( "INSERT INTO commishprice VALUES (%i, %i, %i, '%s', %i, %i, '%s')", [priceid if priceid else 1, price.classid, userid, price.title, price.amount_min, price.amount_max, settings]) except PostgresError: return WeasylError("titleExists")
def select_view(userid, noteid): query = d.execute( "SELECT ps.userid, ps.username, pr.userid, pr.username, " "ms.title, ms.content, ms.unixtime, ms.settings FROM message ms INNER " "JOIN profile ps ON ms.userid = ps.userid INNER JOIN profile pr ON " "ms.otherid = pr.userid WHERE ms.noteid = %i", [noteid], options=["single"]) if not query: raise WeasylError("noteRecordMissing") elif userid == query[0] and "s" in query[7]: raise WeasylError("noteRecordMissing") elif userid == query[2] and "r" in query[7]: raise WeasylError("noteRecordMissing") elif userid not in [query[0], query[2]]: raise WeasylError("InsufficientPermissions") if query[2] == userid and "u" in query[7]: d.execute("UPDATE message SET settings = REPLACE(settings, 'u', '') WHERE noteid = %i", [noteid]) d._page_header_info.invalidate(userid) return { "noteid": noteid, "senderid": query[0], "mine": userid == query[0], "sendername": query[1], "recipientid": query[2], "recipientname": query[3], "title": query[4], "content": query[5], "unixtime": query[6], }
def create_price(userid, price, currency="", settings=""): if not price.title: raise error.WeasylError("titleInvalid") elif price.amount_min > _MAX_PRICE: raise error.WeasylError("minamountInvalid") elif price.amount_max > _MAX_PRICE: raise error.WeasylError("maxamountInvalid") elif price.amount_max and price.amount_max < price.amount_min: raise error.WeasylError("maxamountInvalid") elif not d.execute("SELECT EXISTS (SELECT 0 FROM commishclass WHERE (classid, userid) = (%i, %i))", [price.classid, userid], ["bool"]): raise error.WeasylError("classidInvalid") elif not price.classid: raise error.WeasylError("classidInvalid") # Settings are at most one currency class, and optionally an 'a' to indicate an add-on price. # TODO: replace these character codes with an enum. settings = "%s%s" % ("".join(i for i in currency if i in "epycmu")[:1], "a" if "a" in settings else "") # TODO: should have an auto-increment ID priceid = d.execute("SELECT MAX(priceid) + 1 FROM commishprice WHERE userid = %i", [userid], ["element"]) try: d.execute( "INSERT INTO commishprice VALUES (%i, %i, %i, '%s', %i, %i, '%s')", [priceid if priceid else 1, price.classid, userid, price.title, price.amount_min, price.amount_max, settings]) except error.PostgresError: return error.WeasylError("titleExists")
def edit_email_password(userid, username, password, newemail, newemailcheck, newpassword, newpasscheck): from weasyl import login # Check that credentials are correct logid, logerror = login.authenticate_bcrypt(username, password, session=False) if userid != logid or logerror is not None: raise WeasylError("loginInvalid") if newemail: if newemail != newemailcheck: raise WeasylError("emailMismatch") elif login.email_exists(newemail): raise WeasylError("emailExists") if newpassword: if newpassword != newpasscheck: raise WeasylError("passwordMismatch") elif not login.password_secure(newpassword): raise WeasylError("passwordInsecure") if newemail: d.execute("UPDATE login SET email = '%s' WHERE userid = %i", [newemail, userid]) if newpassword: d.execute("UPDATE authbcrypt SET hashsum = '%s' WHERE userid = %i", [login.passhash(newpassword), userid])
def select_latest(userid, rating, otherid=None, config=None): if config is None: config = d.get_config(userid) statement = ["SELECT jo.journalid, jo.title, jo.content, jo.unixtime FROM journal jo WHERE"] if userid: if d.is_sfw_mode(): statement.append(" (jo.rating <= %i)" % (rating,)) else: statement.append(" (jo.userid = %i OR jo.rating <= %i)" % (userid, rating)) if not otherid: statement.append(m.MACRO_IGNOREUSER % (userid, "jo")) statement.append(m.MACRO_BLOCKTAG_JOURNAL % (userid, userid)) else: statement.append(" jo.rating <= %i" % (rating,)) if otherid: statement.append( " AND jo.userid = %i AND jo.settings !~ '[%sh]'" % (otherid, "" if frienduser.check(userid, otherid) else "f")) statement.append("ORDER BY jo.journalid DESC LIMIT 1") query = d.execute("".join(statement), options="single") if query: return { "journalid": query[0], "title": query[1], "content": query[2], "unixtime": query[3], "comments": d.execute("SELECT COUNT(*) FROM journalcomment WHERE targetid = %i AND settings !~ 'h'", [query[0]], ["element"]), }
def resolve(userid, otherid, othername, myself=True): """ Attempts to determine the userid of a specified user; resolves using otherid, othername, and userid (if myself is True), in that order. If no userid can be resolved, returns 0 instead. """ result = None if otherid: result = d.execute("SELECT userid FROM login WHERE userid = %i", [d.get_int(otherid)], ["element"]) if result: return result elif othername: result = d.execute("SELECT userid FROM login WHERE login_name = '%s'", [d.get_sysname(othername)], ["element"]) if result: return result result = d.execute( "SELECT userid FROM useralias WHERE alias_name = '%s'", [d.get_sysname(othername)], ["element"]) if result: return result elif userid and myself: return userid return 0
def check(userid, folderid=None, title=None, parentid=None, root=True): """ Returns True if folderid or title refers to a non-hidden folder owned by the user, else False. Additionally, if parentid is non-None, it must refer to the parent folder. """ if not folderid and not title: return root if folderid: if parentid is None: return d.execute( "SELECT EXISTS (SELECT 0 FROM folder WHERE (folderid, userid) = (%i, %i) AND settings !~ 'h')", [folderid, userid], options="bool") else: return d.execute( "SELECT EXISTS (SELECT 0 FROM folder WHERE (folderid, userid, parentid) = (%i, %i, %i) AND settings !~ 'h')", [folderid, userid, parentid], options="bool") elif title: if parentid is None: return d.execute( "SELECT EXISTS (SELECT 0 FROM folder WHERE (userid, title) = (%i, '%s') AND settings !~ 'h')", [userid, title], options="bool") else: return d.execute( "SELECT EXISTS (SELECT 0 FROM folder WHERE (userid, parentid, title) = (%i, %i, '%s') AND settings !~ 'h')", [userid, parentid, title], options="bool")
def remove(userid, commentid=None): query = d.execute( "SELECT userid, target_user, settings FROM comments WHERE commentid = %i AND settings !~ 'h'", [commentid], ["single"]) if not query or ('s' in query[2] and userid not in staff.MODS): raise WeasylError("shoutRecordMissing") if userid != query[1] and userid not in staff.MODS: if userid != query[0]: raise WeasylError("InsufficientPermissions") # user is commenter replies = d.execute( "SELECT commentid FROM comments WHERE parentid = %d", [commentid]) if replies: # a commenter cannot remove their comment if it has replies raise WeasylError("InsufficientPermissions") # remove notifications welcome.comment_remove(commentid, 'shout') d._page_header_info.invalidate(userid) # hide comment d.execute("UPDATE comments SET settings = settings || 'h', hidden_by = %i WHERE commentid = %i", [userid, commentid]) return query[1]
def suggest(userid, target): if not target: return [] if userid: block = d.execute("SELECT tagid FROM blocktag WHERE userid = %i", [userid], options="within") query = list() target = d.get_search_tag(target) statement = ["SELECT title FROM searchtag WHERE title LIKE '%s%%'"] if userid and block: statement.append(" AND tagid NOT IN %s" % (d.sql_number_list(block),)) for i in d.execute("".join(statement + [" ORDER BY title LIMIT 10"]), [target], options="within"): query.append(i) statement = ["SELECT title FROM searchtag WHERE title LIKE '%%%s%%' AND title NOT LIKE '%s%%'"] if userid and block: statement.append(" AND tagid NOT IN %s" % (d.sql_number_list(block),)) for i in d.execute("".join(statement + [" ORDER BY title LIMIT 5"]), [target, target], options="within"): query.append(i) return query
def select_list(userid): query = d.execute("SELECT classid, title, amount_min, amount_max, settings, priceid FROM commishprice" " WHERE userid = %i ORDER BY classid, title", [userid]) content = d.execute("SELECT content FROM commishdesc WHERE userid = %i", [userid], ["element"]) return { "class": [{ "classid": i[0], "title": i[1], } for i in d.execute("SELECT classid, title FROM commishclass WHERE userid = %i ORDER BY title", [userid])], "price": [{ "classid": i[0], "title": i[1], "amount_min": i[2], "amount_max": i[3], "settings": i[4], "priceid": i[5], } for i in query if "a" not in i[4]] + [{ "classid": i[0], "title": i[1], "amount_min": i[2], "amount_max": i[3], "settings": i[4], "priceid": i[5], } for i in query if "a" in i[4]], "content": content if content else "", }
def signin(userid): # Update the last login record for the user d.execute("UPDATE login SET last_login = %i WHERE userid = %i", [d.get_time(), userid]) # set the userid on the session sess = d.get_weasyl_session() sess.userid = userid sess.save = True
def accept(userid, otherid): if check(userid, otherid): raise WeasylError("Unexpected") d.execute("UPDATE frienduser SET settings = REPLACE(settings, 'p', '')" " WHERE (userid, otherid) = (%i, %i)", [otherid, userid]) welcome.frienduseraccept_insert(userid, otherid) welcome.frienduserrequest_remove(userid, otherid)
def set(userid, username): if login.username_exists(username): raise WeasylError("usernameExists") elif not d.get_premium(userid): raise WeasylError("InsufficientPermissions") d.execute("DELETE FROM useralias WHERE userid = %i AND settings ~ 'p'", [userid]) d.execute("INSERT INTO useralias VALUES (%i, '%s', 'p')", [userid, username])
def remove(userid, tagid=None, title=None): if tagid: d.execute("DELETE FROM blocktag WHERE (userid, tagid) = (%i, %i)", [userid, tagid]) elif title: d.execute("DELETE FROM blocktag WHERE (userid, tagid) = (%i, (SELECT tagid FROM searchtag WHERE title = '%s'))", [userid, d.get_search_tag(title)]) select_ids.invalidate(userid)
def select(userid, premium=True): if premium: return d.execute( "SELECT alias_name FROM useralias WHERE userid = %i AND settings ~ 'p'", [userid], ["element"]) else: return d.execute("SELECT alias_name FROM useralias WHERE userid = %i", [userid], ["element"])
def signin(userid): # Update the last login record for the user d.execute("UPDATE login SET last_login = %i WHERE userid = %i", [d.get_time(), userid]) # set the userid on the session sess = d.web.ctx.weasyl_session sess.userid = userid sess.save = True
def insert(userid, shout, staffnotes=False): # Check invalid content if not shout.content: raise WeasylError("commentInvalid") elif not shout.userid: raise WeasylError("Unexpected") # Determine indent and parentuserid if shout.parentid: query = d.execute("SELECT userid, indent FROM comments WHERE commentid = %i", [shout.parentid], options="single") if not query: raise WeasylError("shoutRecordMissing") indent, parentuserid = query[1] + 1, query[0] else: indent, parentuserid = 0, None # Check permissions if userid not in staff.MODS: if ignoreuser.check(shout.userid, userid): raise WeasylError("pageOwnerIgnoredYou") elif ignoreuser.check(userid, shout.userid): raise WeasylError("youIgnoredPageOwner") elif ignoreuser.check(parentuserid, userid): raise WeasylError("replyRecipientIgnoredYou") elif ignoreuser.check(userid, parentuserid): raise WeasylError("youIgnoredReplyRecipient") settings = d.execute("SELECT lo.settings, pr.config FROM login lo" " INNER JOIN profile pr ON lo.userid = pr.userid" " WHERE lo.userid = %i", [shout.userid], options="single") if "b" in settings[0] or "w" in settings[1] or "x" in settings[1] and not frienduser.check(userid, shout.userid): raise WeasylError("insufficientActionPermissions") # Create comment settings = 's' if staffnotes else '' co = d.meta.tables['comments'] db = d.connect() commentid = db.scalar( co.insert() .values(userid=userid, target_user=shout.userid, parentid=shout.parentid or None, content=shout.content, unixtime=arrow.utcnow(), indent=indent, settings=settings) .returning(co.c.commentid)) # Create notification if shout.parentid and userid != parentuserid: if not staffnotes or parentuserid in staff.MODS: welcome.shoutreply_insert(userid, commentid, parentuserid, shout.parentid, staffnotes) elif not staffnotes and shout.userid and userid != shout.userid: welcome.shout_insert(userid, commentid, otherid=shout.userid) d.metric('increment', 'shouts') return commentid
def edit_profile_settings(userid, set_trade=EXCHANGE_SETTING_NOT_ACCEPTING, set_request=EXCHANGE_SETTING_NOT_ACCEPTING, set_commission=EXCHANGE_SETTING_NOT_ACCEPTING): settings = "".join([set_commission.code, set_trade.code, set_request.code]) d.execute("UPDATE profile " "SET settings = '%s' " "WHERE userid = %i", [settings, userid]) d._get_config.invalidate(userid)
def force_resetbirthday(userid, birthday): if not birthday: raise WeasylError("birthdayInvalid") elif birthday > d.get_time(): raise WeasylError("birthdayInvalid") d.execute("UPDATE userinfo SET birthday = %i WHERE userid = %i", [birthday, userid]) d.execute("UPDATE login SET settings = REPLACE(settings, 'i', '') WHERE userid = %i", [userid]) d.get_login_settings.invalidate(userid)
def edit_streaming_settings(my_userid, userid, profile, set_stream=None, stream_length=0): if set_stream == 'start': if stream_length < 1 or stream_length > 360: raise WeasylError("streamDurationOutOfRange") if not profile.stream_url: raise WeasylError("streamLocationNotSet") # unless we're specifically still streaming, clear the user_streams record if set_stream != 'still': d.execute("DELETE FROM user_streams WHERE userid = %i", [userid]) settings_flag = '' stream_status = None # if we're starting to stream, update user_streams to reflect that if set_stream == 'start': now = d.get_time() stream_end = now + stream_length * 60 # stream_length is minutes; we need seconds d.execute("INSERT INTO user_streams VALUES (%i, %i, %i)", [userid, now, stream_end]) stream_status = 'n' # if we're going to stream later, update profile.settings to reflect that elif set_stream == 'later': settings_flag = stream_status = 'l' # if stream_status is None, any rows in `welcome` will get cleared. but, if # the user is still streaming, that shouldn't happen. otherwise, `welcome` # will get updated with the current stream state. if set_stream != 'still': welcome.stream_insert(userid, stream_status) pr = d.meta.tables['profile'] d.engine.execute(pr.update().where(pr.c.userid == userid).values({ 'stream_text': profile.stream_text, 'stream_url': profile.stream_url, 'settings': sa.func.regexp_replace(pr.c.settings, "[nli]", "").concat(settings_flag), })) if my_userid != userid: from weasyl import moderation note_body = ('- Stream url: %s\n' '- Stream description: %s\n' '- Stream status: %s' % (profile.stream_url, profile.stream_text, STREAMING_ACTION_MAP[set_stream])) moderation.note_about(my_userid, userid, 'Streaming settings updated:', note_body)
def edit_class(userid, commishclass): if not commishclass.title: raise WeasylError("titleInvalid") try: d.execute("UPDATE commishclass SET title = '%s' WHERE (classid, userid) = (%i, %i)", [commishclass.title, commishclass.classid, userid]) except PostgresError: raise WeasylError("titleExists")
def edit_class(userid, commishclass): if not commishclass.title: raise error.WeasylError("titleInvalid") try: d.execute("UPDATE commishclass SET title = '%s' WHERE (classid, userid) = (%i, %i)", [commishclass.title, commishclass.classid, userid]) except error.PostgresError: raise error.WeasylError("titleExists")
def remove(userid, tagid=None, title=None): if tagid: d.execute("DELETE FROM blocktag WHERE (userid, tagid) = (%i, %i)", [userid, tagid]) elif title: d.execute( "DELETE FROM blocktag WHERE (userid, tagid) = (%i, (SELECT tagid FROM searchtag WHERE title = '%s'))", [userid, d.get_search_tag(title)]) select_ids.invalidate(userid)
def create_commission_class(userid, title): if not title: raise error.WeasylError("titleInvalid") classid = d.execute("SELECT MAX(classid) + 1 FROM commishclass WHERE userid = %i", [userid], ["element"]) try: d.execute("INSERT INTO commishclass VALUES (%i, %i, '%s')", [classid if classid else 1, userid, title]) except error.PostgresError: raise error.WeasylError("commishclassExists")
def force(userid, form): import login if form.password != form.passcheck: raise WeasylError("passwordMismatch") elif not login.password_secure(form.password): raise WeasylError("passwordInsecure") d.execute("UPDATE login SET settings = REPLACE(settings, 'p', '') WHERE userid = %i", [userid]) d.execute("UPDATE authbcrypt SET hashsum = '%s' WHERE userid = %i", [login.passhash(form.password), userid]) d.get_login_settings.invalidate(form.userid)
def append(db, email, terms): token = security.generate_key(40) email = emailer.normalize_address(email) if not email: raise error.WeasylError("emailInvalid") define.execute(db, "INSERT INTO premiumpurchase VALUES ('%s', '%s', %i)", [token, email, terms]) emailer.append([email], None, "Weasyl Premium Verification", define.render("email/verify_premium.html", [token, terms]))
def edit_profile_settings(userid, set_trade=EXCHANGE_SETTING_NOT_ACCEPTING, set_request=EXCHANGE_SETTING_NOT_ACCEPTING, set_commission=EXCHANGE_SETTING_NOT_ACCEPTING): settings = "".join([set_commission.code, set_trade.code, set_request.code]) d.execute( "UPDATE profile " "SET settings = '%s' " "WHERE userid = %i", [settings, userid]) d._get_config.invalidate(userid)
def force(userid, form): from weasyl import login if form.password != form.passcheck: raise WeasylError("passwordMismatch") elif not login.password_secure(form.password): raise WeasylError("passwordInsecure") d.execute("UPDATE login SET settings = REPLACE(settings, 'p', '') WHERE userid = %i", [userid]) d.execute("UPDATE authbcrypt SET hashsum = '%s' WHERE userid = %i", [login.passhash(form.password), userid]) d.get_login_settings.invalidate(userid)
def signin(userid): # Update the last login record for the user d.execute("UPDATE login SET last_login = %i WHERE userid = %i", [d.get_time(), userid]) # Log the successful login and increment the login count d.append_to_log('login.success', userid=userid, ip=d.get_address()) d.metric('increment', 'logins') # set the userid on the session sess = d.get_weasyl_session() sess.userid = userid sess.save = True
def remove(userid, submitid=None, charid=None, journalid=None): d.execute( "DELETE FROM favorite WHERE (userid, targetid, type) = (%i, %i, '%s')", [ userid, d.get_targetid(submitid, charid, journalid), "s" if submitid else "f" if charid else "j" ]) welcome.favorite_remove(userid, submitid=submitid, charid=charid, journalid=journalid)
def prepare(token): # Remove records from the forgotpassword table which have been active for # more than one hour, regardless of whether or not the user has clicked the # associated link provided to them in the password reset request email, or # which have been visited but have not been removed by the password reset # script within five minutes of being visited d.execute("DELETE FROM forgotpassword WHERE set_time < %i OR link_time > 0 AND link_time < %i", [d.get_time() - 3600, d.get_time() - 300]) # Set the unixtime record for which the link associated with `token` was # visited by the user d.execute("UPDATE forgotpassword SET link_time = %i WHERE token = '%s'", [d.get_time(), token])
def check(userid, otherid, pending=False, myself=True): if not userid or not otherid: return False elif userid == otherid: return myself if pending: return d.execute( "SELECT EXISTS (SELECT 0 FROM frienduser WHERE (userid, otherid) = (%i, %i) OR (userid, otherid) = (%i, %i))", [userid, otherid, otherid, userid], options="bool") else: return d.execute( "SELECT EXISTS (SELECT 0 FROM frienduser WHERE ((userid, otherid) = (%i, %i) OR (userid, otherid) = (%i, %i))" " AND settings !~ 'p')", [userid, otherid, otherid, userid], options="bool")
def create_commission_class(userid, title): """ Creates a new commission class and returns its id. """ if not title: raise WeasylError("titleInvalid") classid = d.execute("SELECT MAX(classid) + 1 FROM commishclass WHERE userid = %i", [userid], ["element"]) if not classid: classid = 1 try: d.execute("INSERT INTO commishclass VALUES (%i, %i, '%s')", [classid, userid, title]) return classid except PostgresError: raise WeasylError("commishclassExists")
def select_followed(userid, otherid, limit=None, backid=None, nextid=None, following=False): """ Returns the users who are following the specified user; note that ``following`` need never be passed explicitly. """ if following: statement = ["SELECT wu.otherid, pr.username, pr.config FROM watchuser wu" " INNER JOIN profile pr ON wu.otherid = pr.userid" " WHERE wu.userid = %i" % (otherid,)] else: statement = ["SELECT wu.userid, pr.username, pr.config FROM watchuser wu" " INNER JOIN profile pr ON wu.userid = pr.userid" " WHERE wu.otherid = %i" % (otherid,)] if userid: statement.append(m.MACRO_IGNOREUSER % (userid, "pr")) if backid: statement.append(" AND pr.username < (SELECT username FROM profile WHERE userid = %i)" % (backid,)) elif nextid: statement.append(" AND pr.username > (SELECT username FROM profile WHERE userid = %i)" % (nextid,)) statement.append(" ORDER BY pr.username%s LIMIT %i" % (" DESC" if backid else "", limit)) query = [{ "userid": i[0], "username": i[1], } for i in d.execute("".join(statement))] media.populate_with_user_media(query) return query[::-1] if backid else query
def select_list(userid, rating, limit, otherid=None, backid=None, nextid=None, config=None): if config is None: config = d.get_config(userid) statement = ["SELECT jo.journalid, jo.title, jo.unixtime FROM journal jo WHERE"] if userid: # filter own content in SFW mode if d.is_sfw_mode(): statement.append(" (jo.rating <= %i)" % (rating,)) else: statement.append(" (jo.userid = %i OR jo.rating <= %i)" % (userid, rating)) if not otherid: statement.append(m.MACRO_IGNOREUSER % (userid, "jo")) statement.append(m.MACRO_BLOCKTAG_JOURNAL % (userid, userid)) else: statement.append(" jo.rating <= %i" % (rating,)) if otherid: statement.append( " AND jo.userid = %i AND jo.settings !~ '[%sh]'" % (otherid, "" if frienduser.check(userid, otherid) else "f")) else: statement.append(" AND jo.settings !~ 'h'") statement.append("ORDER BY jo.journalid DESC LIMIT %i" % limit) query = [{ "journalid": i[0], "title": i[1], "unixtime": i[2], } for i in d.execute("".join(statement))] return query[::-1] if backid else query