def shouts_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
page.append(define.render('user/shouts.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid),
# Feature
"shouts",
]))
return Response(define.common_page_end(request.userid, page))
def request(form):
token = security.generate_key(100)
email = emailer.normalize_address(form.email)
# Determine the user associated with `username`; if the user is not found,
# raise an exception
user_id = d.engine.scalar("""
SELECT userid FROM login WHERE email = %(email)s
""",
email=email)
# If `user_id` exists, then the supplied email was valid; if not valid, do nothing, raising
# no errors for plausible deniability of email existence
if user_id:
# Insert a record into the forgotpassword table for the user,
# or update an existing one
now = d.get_time()
address = d.get_address()
d.engine.execute("""
INSERT INTO forgotpassword (userid, token, set_time, address)
VALUES (%(id)s, %(token)s, %(time)s, %(address)s)
ON CONFLICT (userid) DO UPDATE SET
token = %(token)s,
set_time = %(time)s,
address = %(address)s
""",
id=user_id,
token=token,
time=now,
address=address)
# Generate and send an email to the user containing a password reset link
emailer.append([email], None, "Weasyl Password Recovery",
d.render("email/reset_password.html", [token]))
def index_(request):
page = define.common_page_start(request.userid,
title="Home",
canonical_url="/")
page.append(
define.render("etc/index.html", index.template_fields(request.userid)))
return Response(define.common_page_end(request.userid, page))
def GET(self, charid=""):
form = web.input(charid="", ignore="", anyway="")
rating = define.get_rating(self.user_id)
charid = define.get_int(charid) if charid else define.get_int(form.charid)
try:
item = character.select_view(
self.user_id, charid, rating,
ignore=define.text_bool(form.ignore, True), anyway=form.anyway
)
except WeasylError as we:
if we.value in ("UserIgnored", "TagBlocked"):
we.errorpage_kwargs['links'] = [
("View Character", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
canonical_url = "/character/%d/%s" % (charid, slug_for(item["title"]))
page = define.common_page_start(self.user_id, canonical_url=canonical_url, title=item["title"])
page.append(define.render('detail/character.html', [
# Profile
profile.select_myself(self.user_id),
# Character detail
item,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 2000 <= i[0] < 3000],
]))
return define.common_page_end(self.user_id, page)
def GET(self, name=None):
form = web.input(userid="")
otherid = profile.resolve(self.user_id, define.get_int(form.userid), name)
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's staff notes" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, title=page_title)
userinfo = profile.select_userinfo(otherid, config=userprofile['config'])
reportstats = profile.select_report_stats(otherid)
userinfo['reportstats'] = reportstats
userinfo['reporttotal'] = sum(reportstats.values())
page.append(define.render(template.user_shouts, [
# Profile information
userprofile,
# User information
userinfo,
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Comments
shout.select(self.user_id, ownerid=otherid, staffnotes=True),
# Feature
"staffnotes",
]))
return define.common_page_end(self.user_id, page, now=time.time())
def GET(self, name=""):
form = web.input(userid="", name="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
config = define.get_config(self.user_id)
rating = define.get_rating(self.user_id)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's journals" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, title=page_title)
page.append(define.render(template.user_journals, [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Journals list
# TODO(weykent): use select_user_list
journal.select_list(self.user_id, rating, 250, otherid=otherid, config=config),
# Latest journal
journal.select_latest(self.user_id, rating, otherid=otherid),
]))
return define.common_page_end(self.user_id, page)
def index_(request):
page = define.common_page_start(request.userid,
options=["homepage"],
title="Home")
page.append(
define.render("etc/index.html", index.template_fields(request.userid)))
return Response(define.common_page_end(request.userid, page))
def character_(request):
form = request.web_input(charid="", ignore="", anyway="")
rating = define.get_rating(request.userid)
charid = define.get_int(request.matchdict.get('charid', form.charid))
try:
item = character.select_view(
request.userid, charid, rating,
ignore=form.ignore != 'false', anyway=form.anyway
)
except WeasylError as we:
if we.value in ("UserIgnored", "TagBlocked"):
we.errorpage_kwargs['links'] = [
("View Character", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
canonical_url = "/character/%d/%s" % (charid, slug_for(item["title"]))
page = define.common_page_start(request.userid, canonical_url=canonical_url, title=item["title"])
page.append(define.render('detail/character.html', [
# Profile
profile.select_myself(request.userid),
# Character detail
item,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 2000 <= i[0] < 3000],
]))
return Response(define.common_page_end(request.userid, page))
def GET(self, journalid=""):
form = web.input(journalid="", ignore="", anyway="")
rating = define.get_rating(self.user_id)
journalid = define.get_int(journalid) if journalid else define.get_int(form.journalid)
try:
item = journal.select_view(
self.user_id, rating, journalid,
ignore=define.text_bool(form.ignore, True), anyway=form.anyway
)
except WeasylError as we:
if we.value in ("UserIgnored", "TagBlocked"):
we.errorpage_kwargs['links'] = [
("View Journal", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
canonical_url = "/journal/%d/%s" % (journalid, slug_for(item["title"]))
page = define.common_page_start(self.user_id, options=["pager"], canonical_url=canonical_url, title=item["title"])
page.append(define.render(template.detail_journal, [
# Myself
profile.select_myself(self.user_id),
# Journal detail
item,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 3000 <= i[0] < 4000],
]))
return define.common_page_end(self.user_id, page)
def request(form):
token = security.generate_key(100)
email = emailer.normalize_address(form.email)
# Determine the user associated with `username`; if the user is not found,
# raise an exception
user_id = d.engine.scalar("""
SELECT userid FROM login WHERE email = %(email)s
""", email=email)
# If `user_id` exists, then the supplied email was valid; if not valid, do nothing, raising
# no errors for plausible deniability of email existence
if user_id:
# Insert a record into the forgotpassword table for the user,
# or update an existing one
now = d.get_time()
address = d.get_address()
d.engine.execute("""
INSERT INTO forgotpassword (userid, token, set_time, address)
VALUES (%(id)s, %(token)s, %(time)s, %(address)s)
ON CONFLICT (userid) DO UPDATE SET
token = %(token)s,
set_time = %(time)s,
address = %(address)s
""", id=user_id, token=token, time=now, address=address)
# Generate and send an email to the user containing a password reset link
emailer.append([email], None, "Weasyl Password Recovery", d.render("email/reset_password.html", [token]))
def staffnotes_(request):
form = request.web_input(userid="")
otherid = profile.resolve(request.userid, define.get_int(form.userid), request.matchdict.get('name', None))
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's staff notes" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
userinfo = profile.select_userinfo(otherid, config=userprofile['config'])
reportstats = profile.select_report_stats(otherid)
userinfo['reportstats'] = reportstats
userinfo['reporttotal'] = sum(reportstats.values())
page.append(define.render('user/shouts.html', [
# Profile information
userprofile,
# User information
userinfo,
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid, staffnotes=True),
# Feature
"staffnotes",
]))
return Response(define.common_page_end(request.userid, page))
def render_form(request,
scopes,
credentials,
mobile,
error=None,
username='',
password='',
remember_me=False,
not_me=False):
db = d.connect()
client = db.query(orm.OAuthConsumer).get(credentials['client_id'])
if request.userid:
user = db.query(orm.Login).get(request.userid)
user_media = media.get_user_media(request.userid)
else:
user = user_media = None
credentials['scopes'] = scopes
return d.render('oauth2/authorize.html', [
scopes,
credentials,
client,
user,
user_media,
mobile,
error,
username,
password,
remember_me,
not_me,
])
def journal_(request):
form = request.web_input(journalid="", ignore="", anyway="")
rating = define.get_rating(request.userid)
journalid = define.get_int(request.matchdict.get('journalid', form.journalid))
try:
item = journal.select_view(
request.userid, rating, journalid,
ignore=define.text_bool(form.ignore, True), anyway=form.anyway
)
except WeasylError as we:
if we.value in ("UserIgnored", "TagBlocked"):
we.errorpage_kwargs['links'] = [
("View Journal", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
canonical_url = "/journal/%d/%s" % (journalid, slug_for(item["title"]))
page = define.common_page_start(request.userid, canonical_url=canonical_url, title=item["title"])
page.append(define.render('detail/journal.html', [
# Myself
profile.select_myself(request.userid),
# Journal detail
item,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 3000 <= i[0] < 4000],
]))
return Response(define.common_page_end(request.userid, page))
def vouch_(request):
if not define.is_vouched_for(request.userid):
raise WeasylError("vouchRequired")
targetid = int(request.POST['targetid'])
updated = define.engine.execute(
"UPDATE login SET voucher = %(voucher)s WHERE userid = %(target)s AND voucher IS NULL RETURNING email",
voucher=request.userid,
target=targetid,
).first()
target_username = define.get_display_name(targetid)
if updated is not None:
define._get_all_config.invalidate(targetid)
emailer.send(updated.email, "Weasyl Account Verified",
define.render("email/verified.html", [target_username]))
if target_username is None:
assert updated is None
raise WeasylError("Unexpected")
raise HTTPSeeOther(location=request.route_path(
'profile_tilde', name=define.get_sysname(target_username)))
def journals_(request):
name = request.matchdict.get('name', request.params.get('name', ''))
userid = define.get_int(request.params.get('userid'))
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, userid, name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
raise WeasylError('noGuests')
userprofile = profile.select_profile(otherid, viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's journals" % (userprofile['full_name'] if has_fullname
else userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
page.append(
define.render(
'user/journals.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Journals list
journal.select_list(request.userid, rating, otherid=otherid),
]))
return Response(define.common_page_end(request.userid, page))
def GET(self, name=""):
now = time.time()
form = web.input(userid="", name="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, title=page_title)
page.append(define.render(template.user_shouts, [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Comments
shout.select(self.user_id, ownerid=otherid),
# Feature
"shouts",
]))
return define.common_page_end(self.user_id, page, now=now)
def request(form):
token = security.generate_key(100)
email = emailer.normalize_address(form.email)
username = d.get_sysname(form.username)
# Determine the user associated with `username`; if the user is not found,
# raise an exception
user = d.engine.execute(
"SELECT userid, email FROM login WHERE login_name = %(username)s",
username=username).first()
if not user:
raise WeasylError("loginRecordMissing")
# Check the user's email address against the provided e-mail address,
# raising an exception if there is a mismatch
if email != emailer.normalize_address(user.email):
raise WeasylError("emailInvalid")
# Insert a record into the forgotpassword table for the user,
# or update an existing one
now = d.get_time()
address = d.get_address()
d.engine.execute("""
INSERT INTO forgotpassword (userid, token, set_time, address)
VALUES (%(id)s, %(token)s, %(time)s, %(address)s)
ON CONFLICT (userid) DO UPDATE SET
token = %(token)s,
set_time = %(time)s,
address = %(address)s
""", id=user.userid, token=token, time=now, address=address)
# Generate and send an email to the user containing a password reset link
emailer.append([email], None, "Weasyl Password Recovery", d.render("email/reset_password.html", [token]))
def staffnotes_(request):
form = request.web_input(userid="")
otherid = profile.resolve(request.userid, define.get_int(form.userid), request.matchdict.get('name', None))
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's staff notes" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
userinfo = profile.select_userinfo(otherid, config=userprofile['config'])
reportstats = profile.select_report_stats(otherid)
userinfo['reportstats'] = reportstats
userinfo['reporttotal'] = sum(reportstats.values())
page.append(define.render('user/shouts.html', [
# Profile information
userprofile,
# User information
userinfo,
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid, staffnotes=True),
# Feature
"staffnotes",
]))
return Response(define.common_page_end(request.userid, page))
def shouts_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
page.append(define.render('user/shouts.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid),
# Feature
"shouts",
]))
return Response(define.common_page_end(request.userid, page))
def journals_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's journals" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
page.append(define.render('user/journals.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Journals list
# TODO(weykent): use select_user_list
journal.select_list(request.userid, rating, 250, otherid=otherid, config=config),
# Latest journal
journal.select_latest(request.userid, rating, otherid=otherid),
]))
return Response(define.common_page_end(request.userid, page))
def create(form):
# Normalize form data
username = d.plaintext(form.username[:_USERNAME])
sysname = d.get_sysname(username)
email = emailer.normalize_address(form.email)
emailcheck = emailer.normalize_address(form.emailcheck)
password = form.password
passcheck = form.passcheck
if form.day and form.month and form.year:
try:
birthday = arrow.Arrow(int(form.year), int(form.month), int(form.day))
except ValueError:
raise WeasylError("birthdayInvalid")
else:
birthday = None
# Check mismatched form data
if password != passcheck:
raise WeasylError("passwordMismatch")
if email != emailcheck:
raise WeasylError("emailMismatch")
# Check invalid form data
if birthday is None or d.age_in_years(birthday) < 13:
raise WeasylError("birthdayInvalid")
if not password_secure(password):
raise WeasylError("passwordInsecure")
if not email:
raise WeasylError("emailInvalid")
if not sysname or ";" in username:
raise WeasylError("usernameInvalid")
if sysname in ["admin", "administrator", "mod", "moderator", "weasyl",
"weasyladmin", "weasylmod", "staff", "security"]:
raise WeasylError("usernameInvalid")
if email_exists(email):
raise WeasylError("emailExists")
if username_exists(sysname):
raise WeasylError("usernameExists")
# Create pending account
token = security.generate_key(40)
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": username,
"login_name": sysname,
"hashpass": passhash(password),
"email": email,
"birthday": birthday,
"unixtime": arrow.now(),
})
# Queue verification email
emailer.append([email], None, "Weasyl Account Creation", d.render(
"email/verify_account.html", [token, sysname]))
d.metric('increment', 'createdusers')
def collections_(request):
form = request.web_input(userid="",
name="",
backid=None,
nextid=None,
folderid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(
define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid,
images=True,
viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's collections" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
url_format = "/collections?userid={userid}&%s".format(
userid=userprofile['userid'])
result = pagination.PaginatedResult(collection.select_list,
collection.select_count,
'submitid',
url_format,
request.userid,
rating,
66,
otherid=otherid,
backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid),
config=config)
page.append(
define.render(
'user/collections.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Collections
result,
]))
return Response(define.common_page_end(request.userid, page))
def submissions_(request):
name = request.matchdict.get('name', request.params.get('name', ''))
userid = define.get_int(request.params.get('userid'))
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, userid, name)
folderid = define.get_int(request.params.get('folderid')) or None
backid = request.params.get('backid')
nextid = request.params.get('nextid')
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
raise WeasylError('noGuests')
userprofile = profile.select_profile(otherid, viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's submissions" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
url_format = "/submissions/{username}?%s{folderquery}".format(
username=define.get_sysname(userprofile['username']),
folderquery="&folderid=%d" % folderid if folderid else "")
result = pagination.PaginatedResult(submission.select_list,
submission.select_count,
'submitid',
url_format,
request.userid,
rating,
limit=60,
otherid=otherid,
folderid=folderid,
backid=define.get_int(backid),
nextid=define.get_int(nextid),
profile_page_filter=not folderid)
page.append(
define.render(
'user/submissions.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Recent submissions
result,
# Folders
folder.select_list(otherid),
# Current folder
folderid,
]))
return Response(define.common_page_end(request.userid, page))
def GET(self):
now = time.time()
page = define.common_page_start(self.user_id,
options=["homepage"],
title="Home")
page.append(
define.render(template.etc_index,
index.template_fields(self.user_id)))
return define.common_page_end(self.user_id, page, now=now)
def submission_(request):
username = request.matchdict.get('name')
submitid = request.matchdict.get('submitid')
form = request.web_input(submitid="", ignore="", anyway="")
rating = define.get_rating(request.userid)
submitid = define.get_int(submitid) if submitid else define.get_int(form.submitid)
extras = {
"pdf": True,
}
if define.user_is_twitterbot():
extras['twitter_card'] = submission.twitter_card(submitid)
try:
item = submission.select_view(
request.userid, submitid, rating,
ignore=define.text_bool(form.ignore, True), anyway=form.anyway
)
except WeasylError as we:
we.errorpage_kwargs = extras
if 'twitter_card' in extras:
extras['options'] = ['nocache']
if we.value in ("UserIgnored", "TagBlocked"):
extras['links'] = [
("View Submission", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
login = define.get_sysname(item['username'])
canonical_path = request.route_path('submission_detail_profile', name=login, submitid=submitid, slug=slug_for(item['title']))
if request.GET.get('anyway'):
canonical_path += '?anyway=true'
if login != username:
raise httpexceptions.HTTPMovedPermanently(location=canonical_path)
extras["canonical_url"] = canonical_path
extras["title"] = item["title"]
page = define.common_page_start(request.userid, **extras)
page.append(define.render('detail/submission.html', [
# Myself
profile.select_myself(request.userid),
# Submission detail
item,
# Subtypes
macro.MACRO_SUBCAT_LIST,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 2000 <= i[0] < 3000],
]))
return Response(define.common_page_end(request.userid, page))
def submission_tag_history_(request):
submitid = int(request.matchdict['submitid'])
page_title = "Tag updates"
page = define.common_page_start(request.userid, title=page_title)
page.append(define.render('detail/tag_history.html', [
submission.select_view_api(request.userid, submitid),
searchtag.tag_history(submitid),
]))
return Response(define.common_page_end(request.userid, page))
def GET(self, submitid):
submitid = int(submitid)
page_title = "Tag updates"
page = define.common_page_start(self.user_id, title=page_title)
page.append(define.render('detail/tag_history.html', [
submission.select_view_api(self.user_id, submitid),
searchtag.tag_history(submitid),
]))
return define.common_page_end(self.user_id, page)
def GET(self, name=""):
form = web.input(userid="", name="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
config = define.get_config(self.user_id)
rating = define.get_rating(self.user_id)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid,
images=True,
viewer=self.user_id)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's characters" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(self.user_id, title=page_title)
url_format = "/characters?userid={userid}&%s".format(
userid=userprofile['userid'])
result = pagination.PaginatedResult(character.select_list,
character.select_count,
'charid',
url_format,
self.user_id,
rating,
60,
otherid=otherid,
backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid),
config=config)
page.append(
define.render(
template.user_characters,
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid,
config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Characters list
result,
]))
return define.common_page_end(self.user_id, page)
def GET(self, submitid):
submitid = int(submitid)
page_title = "Tag updates"
page = define.common_page_start(self.user_id, title=page_title)
page.append(
define.render('detail/tag_history.html', [
submission.select_view_api(self.user_id, submitid),
searchtag.tag_history(submitid),
]))
return define.common_page_end(self.user_id, page)
def GET(self, a="", b=None):
if b is None:
username, submitid = None, a
else:
username, submitid = a, b
now = time.time()
form = web.input(submitid="", ignore="", anyway="")
rating = define.get_rating(self.user_id)
submitid = define.get_int(submitid) if submitid else define.get_int(form.submitid)
extras = {
"pdf": True,
}
if define.user_is_twitterbot():
extras['twitter_card'] = submission.twitter_card(submitid)
try:
item = submission.select_view(
self.user_id, submitid, rating,
ignore=define.text_bool(form.ignore, True), anyway=form.anyway
)
except WeasylError as we:
we.errorpage_kwargs = extras
if 'twitter_card' in extras:
extras['options'] = ['nocache']
if we.value in ("UserIgnored", "TagBlocked"):
extras['links'] = [
("View Submission", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
login = define.get_sysname(item['username'])
if username is not None and login != username:
raise web.seeother('/~%s/post/%s/%s' % (login, submitid, slug_for(item["title"])))
extras["canonical_url"] = "/submission/%d/%s" % (submitid, slug_for(item["title"]))
extras["title"] = item["title"]
page = define.common_page_start(self.user_id, options=["mediaplayer"], **extras)
page.append(define.render('detail/submission.html', [
# Myself
profile.select_myself(self.user_id),
# Submission detail
item,
# Subtypes
macro.MACRO_SUBCAT_LIST,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 2000 <= i[0] < 3000],
]))
return define.common_page_end(self.user_id, page, now=now)
def append(db, email, terms):
token = security.generate_key(40)
email = emailer.normalize_address(email)
if not email:
raise error.WeasylError("emailInvalid")
define.execute(db, "INSERT INTO premiumpurchase VALUES ('%s', '%s', %i)", [token, email, terms])
emailer.append([email], None, "Weasyl Premium Verification",
define.render("email/verify_premium.html", [token, terms]))
def shouts_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
raise WeasylError('noGuests')
userprofile = profile.select_profile(otherid, viewer=request.userid)
if otherid != request.userid and not define.is_vouched_for(otherid):
can_vouch = request.userid != 0 and define.is_vouched_for(
request.userid)
return Response(
define.webpage(
request.userid,
"error/unverified.html",
[request, otherid, userprofile['username'], can_vouch],
),
status=403,
)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname
else userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
page.append(
define.render(
'user/shouts.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid),
# Feature
"shouts",
]))
return Response(define.common_page_end(request.userid, page))
def collections_(request):
name = request.matchdict.get('name', request.params.get('name', ''))
userid = define.get_int(request.params.get('userid'))
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, userid, name)
backid = request.params.get('backid')
nextid = request.params.get('nextid')
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
raise WeasylError('noGuests')
userprofile = profile.select_profile(otherid, viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's collections" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
url_format = "/collections?userid={userid}&%s".format(
userid=userprofile['userid'])
result = pagination.PaginatedResult(collection.select_list,
collection.select_count,
'submitid',
url_format,
request.userid,
rating,
limit=66,
otherid=otherid,
backid=define.get_int(backid),
nextid=define.get_int(nextid))
page.append(
define.render(
'user/collections.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Collections
result,
]))
return Response(define.common_page_end(request.userid, page))
def render_form(self, scopes, credentials, mobile, error=None,
username='', password='', remember_me=False, not_me=False):
db = d.connect()
client = db.query(orm.OAuthConsumer).get(credentials['client_id'])
if self.user_id:
user = db.query(orm.Login).get(self.user_id)
user_media = media.get_user_media(self.user_id)
else:
user = user_media = None
credentials['scopes'] = scopes
return d.render('oauth2/authorize.html', [
scopes, credentials, client, user, user_media, mobile, error,
username, password, remember_me, not_me,
])
def request(form):
token = security.generate_key(100)
email = emailer.normalize_address(form.email)
username = d.get_sysname(form.username)
# Determine the user associated with `username`; if the user is not found,
# raise an exception
user = d.engine.execute(
"SELECT userid, email FROM login WHERE login_name = %(username)s",
username=username).first()
if not user:
raise WeasylError("loginRecordMissing")
# Check the user's email address against the provided e-mail address,
# raising an exception if there is a mismatch
if email != emailer.normalize_address(user.email):
raise WeasylError("emailInvalid")
# Insert a record into the forgotpassword table for the user,
# or update an existing one
now = d.get_time()
address = d.get_address()
try:
d.engine.execute(
"INSERT INTO forgotpassword (userid, token, set_time, address)"
" VALUES (%(id)s, %(token)s, %(time)s, %(address)s)",
id=user.userid, token=token, time=now, address=address)
except IntegrityError:
# An IntegrityError will probably indicate that a password reset request
# already exists and that the existing row should be updated. If the update
# doesn't find anything, though, the original error should be re-raised.
result = d.engine.execute("""
UPDATE forgotpassword SET
token = %(token)s,
set_time = %(time)s,
address = %(address)s
WHERE userid = %(id)s
""", id=user.userid, token=token, time=now, address=address)
if result.rowcount != 1:
raise
# Generate and send an email to the user containing a password reset link
emailer.append([email], None, "Weasyl Password Recovery", d.render("email/reset_password.html", [token]))
def request(form):
token = security.generate_key(100)
email = emailer.normalize_address(form.email)
username = d.get_sysname(form.username)
# Determine the user associated with `username`; if the user is not found,
# raise an exception
user = d.engine.execute(
"SELECT userid, email FROM login WHERE login_name = %(username)s",
username=username).first()
if not user:
raise WeasylError("loginRecordMissing")
# Check the user's email address against the provided e-mail address,
# raising an exception if there is a mismatch
if email != emailer.normalize_address(user.email):
raise WeasylError("emailInvalid")
# Insert a record into the forgotpassword table for the user,
# or update an existing one
now = d.get_time()
address = d.get_address()
try:
d.engine.execute(
"INSERT INTO forgotpassword (userid, token, set_time, address)"
" VALUES (%(id)s, %(token)s, %(time)s, %(address)s)",
id=user.userid, token=token, time=now, address=address)
except IntegrityError:
# An IntegrityError will probably indicate that a password reset request
# already exists and that the existing row should be updated. If the update
# doesn't find anything, though, the original error should be re-raised.
result = d.engine.execute("""
UPDATE forgotpassword SET
token = %(token)s,
set_time = %(time)s,
address = %(address)s
WHERE userid = %(id)s
""", id=user.userid, token=token, time=now, address=address)
if result.rowcount != 1:
raise
# Generate and send an email to the user containing a password reset link
emailer.append([email], None, "Weasyl Password Recovery", d.render("email/reset_password.html", [token]))
def submissions_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None, folderid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
folderid = define.get_int(form.folderid) or None
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's submissions" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
url_format = "/submissions/{username}?%s{folderquery}".format(
username=define.get_sysname(userprofile['username']),
folderquery="&folderid=%d" % folderid if folderid else "")
result = pagination.PaginatedResult(
submission.select_list, submission.select_count, 'submitid', url_format, request.userid, rating,
60, otherid=otherid, folderid=folderid, backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid), config=config, profile_page_filter=not folderid)
page.append(define.render('user/submissions.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Recent submissions
result,
# Folders
folder.select_list(otherid, "sidebar/all"),
# Current folder
folderid,
]))
return Response(define.common_page_end(request.userid, page))
def GET(self, journalid=""):
form = web.input(journalid="", ignore="", anyway="")
rating = define.get_rating(self.user_id)
journalid = define.get_int(journalid) if journalid else define.get_int(
form.journalid)
try:
item = journal.select_view(self.user_id,
rating,
journalid,
ignore=define.text_bool(
form.ignore, True),
anyway=form.anyway)
except WeasylError as we:
if we.value in ("UserIgnored", "TagBlocked"):
we.errorpage_kwargs['links'] = [
("View Journal", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
canonical_url = "/journal/%d/%s" % (journalid, slug_for(item["title"]))
page = define.common_page_start(self.user_id,
options=["pager"],
canonical_url=canonical_url,
title=item["title"])
page.append(
define.render(
template.detail_journal,
[
# Myself
profile.select_myself(self.user_id),
# Journal detail
item,
# Violations
[
i for i in macro.MACRO_REPORT_VIOLATION
if 3000 <= i[0] < 4000
],
]))
return define.common_page_end(self.user_id, page)
def GET(self, name=""):
form = web.input(userid="", name="", backid=None, nextid=None, folderid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
config = define.get_config(self.user_id)
rating = define.get_rating(self.user_id)
otherid = profile.resolve(self.user_id, form.userid, form.name)
folderid = define.get_int(form.folderid) or None
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's submissions" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, title=page_title)
url_format = "/submissions/{username}?%s{folderquery}".format(
username=define.get_sysname(userprofile['username']),
folderquery="&folderid=%d" % folderid if folderid else "")
result = pagination.PaginatedResult(
submission.select_list, submission.select_count, 'submitid', url_format, self.user_id, rating,
60, otherid=otherid, folderid=folderid, backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid), config=config, profile_page_filter=not folderid)
page.append(define.render(template.user_submissions, [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Recent submissions
result,
# Folders
folder.select_list(otherid, "sidebar/all"),
# Current folder
folderid,
]))
return define.common_page_end(self.user_id, page)
def request(email):
token = security.generate_key(25,
key_characters=string.digits +
string.ascii_lowercase)
token_sha256 = _hash_token(token)
email = emailer.normalize_address(email)
if email is None:
raise WeasylError("emailInvalid")
d.engine.execute(
"INSERT INTO forgotpassword (email, token_sha256)"
" VALUES (%(email)s, %(token_sha256)s)",
email=email,
token_sha256=bytearray(token_sha256))
# Generate and send an email to the user containing a password reset link
emailer.send(email, "Weasyl Account Recovery",
d.render("email/reset_password.html", [token]))
def GET(self, name=None):
form = web.input(userid="")
otherid = profile.resolve(self.user_id, define.get_int(form.userid),
name)
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid,
images=True,
viewer=self.user_id)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's staff notes" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(self.user_id, title=page_title)
userinfo = profile.select_userinfo(otherid,
config=userprofile['config'])
reportstats = profile.select_report_stats(otherid)
userinfo['reportstats'] = reportstats
userinfo['reporttotal'] = sum(reportstats.values())
page.append(
define.render(
template.user_shouts,
[
# Profile information
userprofile,
# User information
userinfo,
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Comments
shout.select(
self.user_id, ownerid=otherid, staffnotes=True),
# Feature
"staffnotes",
]))
return define.common_page_end(self.user_id, page, now=time.time())
def GET(self, name=""):
now = time.time()
form = web.input(userid="", name="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid,
images=True,
viewer=self.user_id)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname
else userprofile['username'], )
page = define.common_page_start(self.user_id, title=page_title)
page.append(
define.render(
template.user_shouts,
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid,
config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Comments
shout.select(self.user_id, ownerid=otherid),
# Feature
"shouts",
]))
return define.common_page_end(self.user_id, page, now=now)
def request(form):
token = security.generate_key(100)
email = emailer.normalize_address(form.email)
username = d.get_sysname(form.username)
# Determine the user associated with `username`; if the user is not found,
# raise an exception
user = d.engine.execute(
"SELECT userid, email FROM login WHERE login_name = %(username)s",
username=username).first()
if not user:
raise WeasylError("loginRecordMissing")
# Check the user's email address against the provided e-mail address,
# raising an exception if there is a mismatch
if email != emailer.normalize_address(user.email):
raise WeasylError("emailInvalid")
# Insert a record into the forgotpassword table for the user,
# or update an existing one
now = d.get_time()
address = d.get_address()
d.engine.execute("""
INSERT INTO forgotpassword (userid, token, set_time, address)
VALUES (%(id)s, %(token)s, %(time)s, %(address)s)
ON CONFLICT (userid) DO UPDATE SET
token = %(token)s,
set_time = %(time)s,
address = %(address)s
""",
id=user.userid,
token=token,
time=now,
address=address)
# Generate and send an email to the user containing a password reset link
emailer.append([email], None, "Weasyl Password Recovery",
d.render("email/reset_password.html", [token]))
def GET(self, name=""):
form = web.input(userid="", name="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
config = define.get_config(self.user_id)
rating = define.get_rating(self.user_id)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's characters" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, title=page_title)
url_format = "/characters?userid={userid}&%s".format(userid=userprofile['userid'])
result = pagination.PaginatedResult(
character.select_list, character.select_count,
'charid', url_format, self.user_id, rating, 60,
otherid=otherid, backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid), config=config)
page.append(define.render(template.user_characters, [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Characters list
result,
]))
return define.common_page_end(self.user_id, page)
def collections_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None,
folderid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's collections" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
url_format = "/collections?userid={userid}&%s".format(userid=userprofile['userid'])
result = pagination.PaginatedResult(
collection.select_list, collection.select_count, 'submitid', url_format, request.userid, rating, 66,
otherid=otherid, backid=define.get_int(form.backid), nextid=define.get_int(form.nextid), config=config)
page.append(define.render('user/collections.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Collections
result,
]))
return Response(define.common_page_end(request.userid, page))
def create(form):
# Normalize form data
username = clean_display_name(form.username)
sysname = d.get_sysname(username)
email = emailer.normalize_address(form.email)
emailcheck = emailer.normalize_address(form.emailcheck)
password = form.password
passcheck = form.passcheck
if form.day and form.month and form.year:
try:
birthday = arrow.Arrow(int(form.year), int(form.month), int(form.day))
except ValueError:
raise WeasylError("birthdayInvalid")
else:
birthday = None
# Check mismatched form data
if password != passcheck:
raise WeasylError("passwordMismatch")
if email != emailcheck:
raise WeasylError("emailMismatch")
# Check invalid form data
if birthday is None or d.age_in_years(birthday) < 13:
raise WeasylError("birthdayInvalid")
if not password_secure(password):
raise WeasylError("passwordInsecure")
if not email:
raise WeasylError("emailInvalid")
if is_email_blacklisted(email):
raise WeasylError("emailBlacklisted")
if username_exists(sysname):
raise WeasylError("usernameExists")
# Account verification token
token = security.generate_key(40)
# Only attempt to create the account if the email is unused (as defined by the function)
if not email_exists(email):
# Create pending account
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": username,
"login_name": sysname,
"hashpass": passhash(password),
"email": email,
"birthday": birthday,
})
# Send verification email
emailer.send(email, "Weasyl Account Creation", d.render(
"email/verify_account.html", [token, sysname]))
d.metric('increment', 'createdusers')
else:
# Store a dummy record to support plausible deniability of email addresses
# So "reserve" the username, but mark the record invalid, and use the token to satisfy the uniqueness
# constraint for the email field (e.g., if there is already a valid, pending row in the table).
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": username,
"login_name": sysname,
"hashpass": passhash(password),
"email": token,
"birthday": arrow.now(),
"invalid": True,
# So we have a way for admins to determine which email address collided in the View Pending Accounts Page
"invalid_email_addr": email,
})
# The email address in question is already in use in either `login` or `logincreate`;
# let the already registered user know this via email (perhaps they forgot their username/password)
query_username_login = d.engine.scalar("SELECT login_name FROM login WHERE email = %(email)s", email=email)
query_username_logincreate = d.engine.scalar("SELECT login_name FROM logincreate WHERE email = %(email)s", email=email)
emailer.send(email, "Weasyl Account Creation - Account Already Exists", d.render(
"email/email_in_use_account_creation.html", [query_username_login or query_username_logincreate]))
def search_(request):
rating = define.get_rating(request.userid)
form = request.web_input(q="", find="", within="", rated=[], cat="", subcat="", backid="", nextid="")
page = define.common_page_start(request.userid, title="Browse and search")
if form.q:
find = form.find
if find not in ("submit", "char", "journal", "user"):
find = "submit"
q = form.q.strip()
search_query = search.Query.parse(q, find)
meta = {
"q": q,
"find": search_query.find,
"within": form.within,
"rated": set('gap') & set(form.rated),
"cat": int(form.cat) if form.cat else None,
"subcat": int(form.subcat) if form.subcat else None,
"backid": int(form.backid) if form.backid else None,
"nextid": int(form.nextid) if form.nextid else None,
}
if search_query.find == "user":
query = search.select_users(q)
next_count = back_count = 0
else:
search_query.ratings.update(ratings.CHARACTER_MAP[rating_code].code for rating_code in meta["rated"])
query, next_count, back_count = search.select(
userid=request.userid,
rating=rating,
limit=63,
search=search_query,
within=meta["within"],
cat=meta["cat"],
subcat=meta["subcat"],
backid=meta["backid"],
nextid=meta["nextid"])
page.append(define.render("etc/search.html", [
# Search method
{"method": "search"},
# Search metadata
meta,
# Search results
query,
next_count,
back_count,
# Submission subcategories
macro.MACRO_SUBCAT_LIST,
search.COUNT_LIMIT,
]))
elif form.find:
query = search.browse(request.userid, rating, 66, form)
meta = {
"find": form.find,
"cat": int(form.cat) if form.cat else None,
}
page.append(define.render("etc/search.html", [
# Search method
{"method": "browse"},
# Search metadata
meta,
# Search results
query,
0,
0,
]))
else:
page.append(define.render("etc/search.html", [
# Search method
{"method": "summary"},
# Search metadata
None,
# Search results
{
"submit": search.browse(request.userid, rating, 22, form, find="submit"),
"char": search.browse(request.userid, rating, 22, form, find="char"),
"journal": search.browse(request.userid, rating, 22, form, find="journal"),
},
]))
return Response(define.common_page_end(request.userid, page, options={'search'}))
def index_(request):
page = define.common_page_start(request.userid, options=["homepage"], title="Home")
page.append(define.render("etc/index.html", index.template_fields(request.userid)))
return Response(define.common_page_end(request.userid, page))
def GET(self, name=""):
now = time.time()
form = web.input(userid="", name="")
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
config = define.get_config(self.user_id)
rating = define.get_rating(self.user_id)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
extras = {
"canonical_url": "/~" + define.get_sysname(form.name)
}
if define.user_is_twitterbot():
extras['twitter_card'] = profile.twitter_card(otherid)
extras['options'] = ['nocache']
if not self.user_id and "h" in userprofile['config']:
return define.errorpage(
self.user_id,
"You cannot view this page because the owner does not allow guests to view their profile.",
**extras)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
extras['title'] = u"%s's profile" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, **extras)
define.common_view_content(self.user_id, otherid, "profile")
if 'O' in userprofile['config']:
submissions = collection.select_list(
self.user_id, rating, 11, otherid=otherid, options=["cover"], config=config)
more_submissions = 'collections'
featured = None
elif 'A' in userprofile['config']:
submissions = character.select_list(
self.user_id, rating, 11, otherid=otherid, options=["cover"], config=config)
more_submissions = 'characters'
featured = None
else:
submissions = submission.select_list(
self.user_id, rating, 11, otherid=otherid, options=["cover"], config=config,
profile_page_filter=True)
more_submissions = 'submissions'
featured = submission.select_featured(self.user_id, otherid, rating)
if userprofile['show_favorites_bar']:
favorites = favorite.select_submit(self.user_id, rating, 11, otherid=otherid, config=config)
else:
favorites = None
page.append(define.render(template.user_profile, [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
macro.SOCIAL_SITES,
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Recent submissions
submissions, more_submissions,
favorites,
featured,
# Folders preview
folder.select_preview(self.user_id, otherid, rating, 3),
# Latest journal
journal.select_latest(self.user_id, rating, otherid=otherid, config=config),
# Recent shouts
shout.select(self.user_id, ownerid=otherid, limit=8),
# Statistics information
profile.select_statistics(otherid),
# Commission information
commishinfo.select_list(otherid),
# Friends
frienduser.select(self.user_id, otherid, 5, choose=None),
# Following
followuser.select_following(self.user_id, otherid, choose=5),
# Followed
followuser.select_followed(self.user_id, otherid, choose=5),
]))
return define.common_page_end(self.user_id, page, now=now)
def favorites_(request):
name = request.matchdict.get('name', request.params.get('name', ''))
userid = define.get_int(request.params.get('userid'))
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, userid, name)
backid = request.params.get('backid')
nextid = request.params.get('nextid')
feature = request.params.get('feature', False)
# TODO(hyena): Why aren't more of these WeasylErrors?
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
raise WeasylError('noGuests')
elif request.userid != otherid and 'v' in define.get_config(otherid):
raise WeasylError('hiddenFavorites')
userprofile = profile.select_profile(otherid, viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's favorites" % (userprofile['full_name'] if has_fullname
else userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
if feature:
nextid = define.get_int(nextid)
backid = define.get_int(backid)
url_format = ("/favorites?userid={userid}&feature={feature}&%s".format(
userid=otherid, feature=feature))
id_field = feature + "id"
count_function = None
if feature == "submit":
select_function = favorite.select_submit
count_function = favorite.select_submit_count
elif feature == "char":
select_function = favorite.select_char
elif feature == "journal":
select_function = favorite.select_journal
else:
raise httpexceptions.HTTPNotFound()
faves = pagination.PaginatedResult(select_function,
count_function,
id_field,
url_format,
request.userid,
rating,
limit=60,
otherid=otherid,
backid=backid,
nextid=nextid)
else:
faves = {
"submit":
favorite.select_submit(request.userid, rating, 22,
otherid=otherid),
"char":
favorite.select_char(request.userid, rating, 22, otherid=otherid),
"journal":
favorite.select_journal(request.userid,
rating,
22,
otherid=otherid),
}
page.append(
define.render(
'user/favorites.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Feature
feature,
# Favorites
faves,
]))
return Response(define.common_page_end(request.userid, page))
def favorites_(request):
def _FEATURE(target):
if target == "submit":
return 10
elif target == "char":
return 20
elif target == "journal":
return 30
else:
return 0
form = request.web_input(userid="", name="", feature="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
# TODO(hyena): Why aren't more of these WeasylErrors?
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
elif request.userid != otherid and 'v' in define.get_config(otherid):
return Response(define.errorpage(
request.userid,
"You cannot view this page because the owner does not allow anyone to see their favorites."))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's favorites" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
if form.feature:
nextid = define.get_int(form.nextid)
backid = define.get_int(form.backid)
url_format = (
"/favorites?userid={userid}&feature={feature}&%s".format(userid=userprofile['userid'], feature=form.feature))
id_field = form.feature + "id"
count_function = None
if form.feature == "submit":
select_function = favorite.select_submit
count_function = favorite.select_submit_count
elif form.feature == "char":
select_function = favorite.select_char
elif form.feature == "journal":
select_function = favorite.select_journal
else:
raise httpexceptions.HTTPNotFound()
faves = pagination.PaginatedResult(
select_function, count_function,
id_field, url_format, request.userid, rating, 60,
otherid=otherid, backid=backid, nextid=nextid, config=config)
else:
faves = {
"submit": favorite.select_submit(request.userid, rating, 22, otherid=otherid, config=config),
"char": favorite.select_char(request.userid, rating, 22, otherid=otherid, config=config),
"journal": favorite.select_journal(request.userid, rating, 22, otherid=otherid, config=config),
}
page.append(define.render('user/favorites.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Feature
form.feature,
# Favorites
faves,
]))
return Response(define.common_page_end(request.userid, page))
def profile_(request):
form = request.web_input(userid="", name="")
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
extras = {
"canonical_url": "/~" + define.get_sysname(form.name)
}
if not request.userid:
# Only generate the Twitter/OGP meta headers if not authenticated (the UA viewing is likely automated).
twit_card = profile.twitter_card(otherid)
if define.user_is_twitterbot():
extras['twitter_card'] = twit_card
# The "og:" prefix is specified in page_start.html, and og:image is required by the OGP spec, so something must be in there.
extras['ogp'] = {
'title': twit_card['title'],
'site_name': "Weasyl",
'type': "website",
'url': twit_card['url'],
'description': twit_card['description'],
'image': twit_card['image:src'] if 'image:src' in twit_card else define.cdnify_url('/static/images/logo-mark-light.svg'),
}
if not request.userid and "h" in userprofile['config']:
return Response(define.errorpage(
request.userid,
"You cannot view this page because the owner does not allow guests to view their profile.",
**extras))
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
extras['title'] = u"%s's profile" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, **extras)
define.common_view_content(request.userid, otherid, "profile")
if 'O' in userprofile['config']:
submissions = collection.select_list(
request.userid, rating, 11, otherid=otherid, options=["cover"], config=config)
more_submissions = 'collections'
featured = None
elif 'A' in userprofile['config']:
submissions = character.select_list(
request.userid, rating, 11, otherid=otherid, options=["cover"], config=config)
more_submissions = 'characters'
featured = None
else:
submissions = submission.select_list(
request.userid, rating, 11, otherid=otherid, options=["cover"], config=config,
profile_page_filter=True)
more_submissions = 'submissions'
featured = submission.select_featured(request.userid, otherid, rating)
if userprofile['show_favorites_bar']:
favorites = favorite.select_submit(request.userid, rating, 11, otherid=otherid, config=config)
else:
favorites = None
statistics, show_statistics = profile.select_statistics(otherid)
page.append(define.render('user/profile.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
macro.SOCIAL_SITES,
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Recent submissions
submissions, more_submissions,
favorites,
featured,
# Folders preview
folder.select_preview(request.userid, otherid, rating, 3),
# Latest journal
journal.select_latest(request.userid, rating, otherid=otherid, config=config),
# Recent shouts
shout.select(request.userid, ownerid=otherid, limit=8),
# Statistics information
statistics,
show_statistics,
# Commission information
commishinfo.select_list(otherid),
# Friends
lambda: frienduser.has_friends(otherid),
]))
return Response(define.common_page_end(request.userid, page))
def GET(self, name=""):
def _FEATURE(target):
if target == "submit":
return 10
elif target == "char":
return 20
elif target == "journal":
return 30
else:
return 0
form = web.input(userid="", name="", feature="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
config = define.get_config(self.user_id)
rating = define.get_rating(self.user_id)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
elif self.user_id != otherid and 'v' in define.get_config(otherid):
return define.errorpage(
self.user_id,
"You cannot view this page because the owner does not allow anyone to see their favorites.")
userprofile = profile.select_profile(otherid, images=True, viewer=self.user_id)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's favorites" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(self.user_id, title=page_title)
if form.feature:
nextid = define.get_int(form.nextid)
backid = define.get_int(form.backid)
url_format = (
"/favorites?userid={userid}&feature={feature}&%s".format(userid=userprofile['userid'], feature=form.feature))
id_field = form.feature + "id"
count_function = None
if form.feature == "submit":
select_function = favorite.select_submit
count_function = favorite.select_submit_count
elif form.feature == "char":
select_function = favorite.select_char
elif form.feature == "journal":
select_function = favorite.select_journal
faves = pagination.PaginatedResult(
select_function, count_function,
id_field, url_format, self.user_id, rating, 60,
otherid=otherid, backid=backid, nextid=nextid, config=config)
else:
faves = {
"submit": favorite.select_submit(self.user_id, rating, 22, otherid=otherid, config=config),
"char": favorite.select_char(self.user_id, rating, 22, otherid=otherid, config=config),
"journal": favorite.select_journal(self.user_id, rating, 22, otherid=otherid, config=config),
}
page.append(define.render(template.user_favorites, [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Feature
form.feature,
# Favorites
faves,
]))
return define.common_page_end(self.user_id, page)
def GET(self):
now = time.time()
page = define.common_page_start(self.user_id, options=["homepage"], title="Home")
page.append(define.render("etc/index.html", index.template_fields(self.user_id)))
return define.common_page_end(self.user_id, page, now=now)
def create(form):
# Normalize form data
username = d.plaintext(form.username[:_USERNAME])
sysname = d.get_sysname(username)
email = emailer.normalize_address(form.email)
emailcheck = emailer.normalize_address(form.emailcheck)
password = form.password
passcheck = form.passcheck
if form.day and form.month and form.year:
try:
birthday = arrow.Arrow(int(form.year), int(form.month), int(form.day))
except ValueError:
raise WeasylError("birthdayInvalid")
else:
birthday = None
# Check mismatched form data
if password != passcheck:
raise WeasylError("passwordMismatch")
if email != emailcheck:
raise WeasylError("emailMismatch")
# Check invalid form data
if birthday is None or d.age_in_years(birthday) < 13:
raise WeasylError("birthdayInvalid")
if not password_secure(password):
raise WeasylError("passwordInsecure")
if not email:
raise WeasylError("emailInvalid")
if is_email_blacklisted(email):
raise WeasylError("emailBlacklisted")
if not sysname or ";" in username:
raise WeasylError("usernameInvalid")
if sysname in ["admin", "administrator", "mod", "moderator", "weasyl",
"weasyladmin", "weasylmod", "staff", "security"]:
raise WeasylError("usernameInvalid")
if username_exists(sysname):
raise WeasylError("usernameExists")
# Account verification token
token = security.generate_key(40)
# Only attempt to create the account if the email is unused (as defined by the function)
if not email_exists(email):
# Create pending account
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": username,
"login_name": sysname,
"hashpass": passhash(password),
"email": email,
"birthday": birthday,
"unixtime": arrow.now(),
})
# Queue verification email
emailer.append([email], None, "Weasyl Account Creation", d.render(
"email/verify_account.html", [token, sysname]))
d.metric('increment', 'createdusers')
else:
# Store a dummy record to support plausible deniability of email addresses
# So "reserve" the username, but mark the record invalid, and use the token to satisfy the uniqueness
# constraint for the email field (e.g., if there is already a valid, pending row in the table).
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": username,
"login_name": sysname,
"hashpass": passhash(password),
"email": token,
"birthday": arrow.now(),
"unixtime": arrow.now(),
"invalid": True,
})
# The email address in question is already in use in either `login` or `logincreate`;
# let the already registered user know this via email (perhaps they forgot their username/password)
query_username_login = d.engine.scalar("SELECT login_name FROM login WHERE email = %(email)s", email=email)
query_username_logincreate = d.engine.scalar("SELECT login_name FROM logincreate WHERE email = %(email)s", email=email)
emailer.append([email], None, "Weasyl Account Creation - Account Already Exists", d.render(
"email/email_in_use_account_creation.html", [query_username_login or query_username_logincreate]))
def submission_(request):
username = request.matchdict.get('name')
submitid = request.matchdict.get('submitid')
form = request.web_input(submitid="", ignore="", anyway="")
rating = define.get_rating(request.userid)
submitid = define.get_int(submitid) if submitid else define.get_int(form.submitid)
extras = {}
if not request.userid:
# Only generate the Twitter/OGP meta headers if not authenticated (the UA viewing is likely automated).
twit_card = submission.twitter_card(submitid)
if define.user_is_twitterbot():
extras['twitter_card'] = twit_card
# The "og:" prefix is specified in page_start.html, and og:image is required by the OGP spec, so something must be in there.
extras['ogp'] = {
'title': twit_card['title'],
'site_name': "Weasyl",
'type': "website",
'url': twit_card['url'],
'description': twit_card['description'],
# >> BUG AVOIDANCE: https://trello.com/c/mBx51jfZ/1285-any-image-link-with-in-it-wont-preview-up-it-wont-show-up-in-embeds-too
# Image URLs with '~' in it will not be displayed by Discord, so replace ~ with the URL encoded char code %7E
'image': twit_card['image:src'].replace('~', '%7E') if 'image:src' in twit_card else define.cdnify_url(
'/static/images/logo-mark-light.svg'),
}
try:
item = submission.select_view(
request.userid, submitid, rating,
ignore=define.text_bool(form.ignore, True), anyway=form.anyway
)
except WeasylError as we:
we.errorpage_kwargs = extras
if we.value in ("UserIgnored", "TagBlocked"):
extras['links'] = [
("View Submission", "?ignore=false"),
("Return to the Home Page", "/index"),
]
raise
login = define.get_sysname(item['username'])
canonical_path = request.route_path('submission_detail_profile', name=login, submitid=submitid, slug=slug_for(item['title']))
if request.GET.get('anyway'):
canonical_path += '?anyway=true'
if login != username:
raise httpexceptions.HTTPMovedPermanently(location=canonical_path)
extras["canonical_url"] = canonical_path
extras["title"] = item["title"]
submission_files = item["sub_media"].get("submission")
submission_file = submission_files[0] if submission_files else None
extras["pdf"] = bool(submission_file) and submission_file["file_type"] == "pdf"
page = define.common_page_start(request.userid, **extras)
page.append(define.render('detail/submission.html', [
# Myself
profile.select_myself(request.userid),
# Submission detail
item,
# Subtypes
macro.MACRO_SUBCAT_LIST,
# Violations
[i for i in macro.MACRO_REPORT_VIOLATION if 2000 <= i[0] < 3000],
]))
return Response(define.common_page_end(request.userid, page))