def edit_user(name):
if request.method == 'POST' and user.is_admin():
password = request.form.get('password', None)
error = 'Passwords not the same.'
if password == request.form.get('password2', None):
result = database.update_user(name,
password,
request.form['email'],
request.form['privilege'],
request.form['active'])
if result[0]:
flash('User updated.')
return redirect(url_for('display_admin_users'))
else:
error=result[1]
return render_admin_page('edit_user.html', error=error)
elif user.is_admin():
result = database.get_user(name)
if result[0]:
theUser = dict(name=name, email=result[1][1],
privilege=result[1][2], active=result[1][3])
return render_admin_page('edit_user.html', user=theUser)
else:
return render_admin_page('edit_user.html', error=result[1])
else:
return redirect(url_for('display_news'))
def logout():
user.log_out()
@after_this_request
def delete_cookies(response):
response.set_cookie('persist_name', '', expires=0)
response.set_cookie('persist_token', '', expires=0)
response.set_cookie('persist_id', '', expires=0)
flash('You have been logged out')
return redirect(url_for('display_news'))
def bulk_edit_users():
if request.method == 'POST' and user.is_admin():
if request.form.get('action', '') == 'delete':
for name in request.form.getlist('names'):
database.delete_user(name)
elif request.form.get('action', '') == 'activate':
for name in request.form.getlist('names'):
database.activate_user(name)
return redirect(url_for('display_admin_users'))
def edit_page(slug):
if request.method == 'POST' and user.is_admin():
result = database.update_page(slug,
request.form['title'],
request.form['content'])
if result[0]:
flash('Page created.')
return redirect(url_for('display_admin_pages'))
else:
return render_admin_page('edit_page.html', error=result[1])
elif user.is_admin():
result = database.get_page(slug)
if result[0]:
page = dict(title=result[1][0], slug=slug,
content=result[1][1])
return render_admin_page('edit_page.html', page=page)
else:
return render_admin_page('edit_page.html', error=result[1])
else:
return redirect(url_for('display_news'))
def add_reply(parent_id):
error = None
if user.is_logged_in():
if request.method == 'POST':
result = database.insert_post(request.form['title'],
request.form['content'],
request.form['author'],
0,
parent_id,
0)
if result[0]:
flash('Post created.')
redir = request.args.get('redirect', parent_id)
return redirect(url_for('display_post',
post_id=redir))
else:
error = result[1]
return render_user_page('edit_post.html',
error=error, parent=parent_id)
else:
return redirect(url_for('display_news'))
def add_page():
error = None
if request.method == 'POST' and user.is_admin():
result = database.insert_page(request.form['slug'],
request.form['title'],
request.form['content'])
if result[0]:
flash('Page created.')
return redirect(url_for('display_admin_pages'))
else:
error = result[1]
return render_admin_page('edit_page.html', error=error)
def display_admin_pages(page):
if user.is_admin():
lim = (-config.PAGE + page * config.PAGE, page * config.PAGE)
result = database.get_pages(limit=lim)
pages = [dict(title=row[0], slug=row[1])
for row in result]
return render_admin_page('admin_pages.html',
a_pages=pages,
pg=page,
num_pages=database.get_num_pages())
else:
return redirect(url_for('display_news'))
def display_admin_news(page):
if user.is_admin():
lim = (-config.PAGE + page * config.PAGE, page * config.PAGE)
result = database.get_articles(limit=lim)
articles = [dict(title=row[0], slug=row[1],
posted=format_dt(row[3]))
for row in result]
return render_admin_page('admin_news.html',
articles=articles,
pg=page,
num_articles=database.get_num_articles())
else:
return redirect(url_for('display_news'))
def add_post():
error = None
if user.is_logged_in():
if request.method == 'POST':
if user.is_admin():
pinned = request.form.get('pinned', 0)
else:
pinned = 0
result = database.insert_post(request.form['title'],
request.form['content'],
request.form['author'],
0,
None,
pinned)
if result[0]:
flash('Post created.')
return redirect(url_for('display_threads'))
else:
error = result[1]
return render_user_page('edit_post.html', error=error)
else:
return redirect(url_for('display_news'))
def display_admin_users(page):
if user.is_admin():
lim = (-config.PAGE + page * config.PAGE, page * config.PAGE)
result = database.get_users(limit=lim)
users = [dict(name=row[0], email=row[1],
privilege=row[2], active=row[3])
for row in result]
return render_admin_page('admin_users.html',
users=users,
pg=page,
num_users=database.get_num_users())
else:
return redirect(url_for('display_news'))
def display_threads(page):
if user.is_logged_in():
lim = (-config.PAGE + page * config.PAGE, page * config.PAGE)
result = database.get_posts(limit=lim, parent=None)
posts = [dict(id=row[0], title=row[1], content=row[2],
author=row[3], posted=format_dt(row[4]),
pinned=row[5])
for row in result]
return render_user_page('forum.html',
posts=posts,
pg=page,
num_threads=database.get_num_posts())
else:
return redirect(url_for('display_news'))
def edit_post(post_id):
if user.is_logged_in():
result = database.get_post(post_id)
if not result[0]:
return render_user_page('edit_post.html', error=result[1])
post = dict(id=result[1][0], title=result[1][1],
content=result[1][2], author=result[1][3],
posted=format_dt(result[1][4]), locked=result[1][6],
pinned=result[1][7])
if post['locked'] and not user.is_admin():
return redirect(url_for('display_news'))
if (user.get_name() == post['author'] or user.is_admin()):
if request.method == 'POST':
if user.is_admin():
locked = request.form.get('locked', 0)
pinned = request.form.get('pinned', 0)
else:
locked = 0
pinned = 0
result = database.update_post(post_id,
request.form['title'],
request.form['content'],
locked,
pinned)
if result[0]:
flash('Post Updated.')
redir = request.args.get('redirect', post_id)
return redirect(url_for('display_post',
post_id=redir))
else:
return render_user_page('edit_post.html',
error=result[1])
else:
return render_user_page('edit_post.html', post=post)
else:
return redirect(url_for('display_news'))
def login():
error = None
if request.method == 'POST':
result = database.validate_user(request.form['username'],
request.form['password'])
print(result)
if result[0]:
user.log_in(request.form['username'],
result[1][0], result[1][1], result[1][2])
if request.form.get('remember', False):
after_this_request(user.persist_login)
flash('You have been logged in')
return redirect(url_for('display_news'))
else:
error = result[1]
return render_user_page('login.html', error=error)
def admin_home():
if user.is_admin():
return render_admin_page('admin.html')
else:
return redirect(url_for('display_news'))
def bulk_edit_pages():
if request.method == 'POST' and user.is_admin():
if request.form.get('action', '') == 'delete':
for slug in request.form.getlist('slugs'):
database.delete_page(slug)
return redirect(url_for('display_admin_pages'))
def bulk_edit_articles():
if request.method == 'POST' and user.is_admin():
for slug in request.form.getlist('slugs'):
database.delete_article(slug)
return redirect(url_for('display_admin_news'))