def login(): if current_user.is_authenticated: flash('You are already logged in.', 'info') return redirect(url_for('admin')) form = LoginForm() if form.validate_on_submit(): try: user = User.load(form.username.data) if not user.authenticate(form.password.data): raise ValueError('Invalid password.') login_user(user) flash('Successfully logged in.', 'success') log(user.get_id(), request.remote_addr, 'login', '') next_addr = request.args.get('next') if not is_safe_url(next_addr, {request.host, }): return redirect(url_for('admin')) return redirect(next_addr or url_for('admin')) except (NameError, ValueError): flash('Invalid username or password.', 'danger') return redirect(url_for('login')) return render_template('login.html', title='Sign in', form=form)
def files(file_id): conn = sqlite3.connect(app.config['DB_FILE']) cursor = conn.cursor() cursor.execute('SELECT filename FROM files WHERE id=?', (file_id,)) filename = cursor.fetchone() conn.close() if filename is not None: username = current_user.get_id() if current_user.is_authenticated else 'not_authenticated' log(username, request.remote_addr, 'download', f'file_id: {file_id}, ' + f'filename: {filename[0]}') return send_from_directory(app.config['FILES_DIRECTORY'], filename[0], as_attachment=True) return 'Invalid file id.', 404
def upload(): if request.method == 'POST': file_id = None if 'file' not in request.files: flash('Invalid upload: no file uploaded.', 'danger') return redirect(url_for('upload')) f = request.files['file'] if f.filename == '': flash('Invalid upload: empty filename.', 'danger') return redirect(url_for('upload')) if f and allowed_file(f.filename): filename = secure_filename(f.filename) if os.path.isfile(os.path.join(app.config['FILES_DIRECTORY'], filename)): flash('Invalid upload: file already exists.', 'danger') return redirect(url_for('upload')) f.save(os.path.join(app.config['FILES_DIRECTORY'], filename)) file_id = id_from_filename(filename) time_uploaded = datetime.now().strftime('%Y-%m-%d %H:%M:%S') size = os.stat(os.path.join(app.config['FILES_DIRECTORY'], filename)).st_size conn = sqlite3.connect(app.config['DB_FILE']) cursor = conn.cursor() cursor.execute('INSERT INTO files VALUES (?, ?, ?, ?)', (file_id, filename, time_uploaded, size)) conn.commit() conn.close() flash('Successfully uploaded file.', 'success') log(current_user.get_id(), request.remote_addr, 'upload', f'file_id: {file_id}, ' + f'filename: {filename}') else: flash('Invalid upload: file extension not allowed.', 'danger') if file_id is not None: # escape file_id return render_template('upload.html', title='Upload file', file_id=quote(file_id, safe='')) else: return render_template('upload.html', title='Upload file') else: return render_template('upload.html', title='Upload file')
def delete(file_id): conn = sqlite3.connect(app.config['DB_FILE']) cursor = conn.cursor() cursor.execute('SELECT filename FROM files WHERE id=?', (file_id,)) res = cursor.fetchone() if res is not None: cursor.execute('DELETE FROM files WHERE id=?', (file_id,)) conn.commit() os.remove(os.path.join(app.config['FILES_DIRECTORY'], res[0])) flash('Successfully deleted file.', 'success') log(current_user.get_id(), request.remote_addr, 'delete', f'file_id: {file_id}, ' + f'filename: {res[0]}') else: flash('Invalid id.', 'danger') conn.close() return redirect(url_for('list_files'))
if cursor.fetchone() is None: print( 'ERROR: No file with this file ID exists in the database. Aborted.' ) conn.close() exit(1) choice = input( f'Do you really want to delete file {sys.argv[1]} with file ID "{file_id}"? (Y/n) ' ) choice = False if choice == 'n' else True if not choice: print('Aborted.') conn.close() exit(1) cursor.execute('DELETE FROM files WHERE id=?', (file_id, )) conn.commit() conn.close() os.remove(os.path.join(app.config['FILES_DIRECTORY'], sys.argv[1])) log('terminal', 'terminal', 'delete', f'file_id: {file_id}, filename: {sys.argv[1]}') print( f'Deleted file {sys.argv[1]} with file ID {file_id} from the database.' )
def logout(): log(current_user.get_id(), request.remote_addr, 'logout', '') logout_user() flash('Successfully logged out.', 'success') return redirect(url_for('admin'))
cursor.execute('SELECT filename FROM files WHERE id=?', (file_id,)) if cursor.fetchone() is not None: print('ERROR: A file with this file ID already exists in the database. Aborted.') conn.close() exit(1) choice = input(f'Do you want to add file {sys.argv[1]} with file ID "{file_id}"? (Y/n) ') choice = False if choice == 'n' else True if not choice: print('Aborted.') conn.close() exit(1) if not os.path.isfile(os.path.join(app.config['FILES_DIRECTORY'], sys.argv[1])): print(f'ERROR: No file named {sys.argv[1]} exists in {app.config["FILES_DIRECTORY"]}/.') print('Aborted.') conn.close() exit(1) time_uploaded = datetime.now().strftime('%Y-%m-%d %H:%M:%S') size = os.stat(os.path.join(app.config['FILES_DIRECTORY'], sys.argv[1])).st_size cursor.execute('INSERT INTO files VALUES(?, ?, ?, ?)', (file_id, sys.argv[1], time_uploaded, size)) conn.commit() conn.close() log('terminal', 'terminal', 'upload', f'file_id: {file_id}, filename: {sys.argv[1]}') print(f'Added file {sys.argv[1]} to database. File ID: {file_id}')