def get(self, user_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Retrieved user_id to integer
user_id = int(user_id)
# Retrieve user data
user = database.UserManager.select_by_id(user_id)
# Check if user can see the profile photo
if user.photo is not None:
profilePhoto = database.PhotosManager.get_photo_by_id(int(user.photo))
if current_session.get_id() is None:
profilePhotoAllowed = False
else:
requestUser = database.UserManager.select_by_id(current_session.get_id())
if security.PhotoSecurity.user_is_allowed_to_watch_photo(profilePhoto, requestUser):
profilePhotoAllowed = True
else:
profilePhotoAllowed = False
else:
profilePhotoAllowed = False
# Prompt page
template = JINJA_ENVIRONMENT.get_template('static/templates/profile.html')
self.response.write(template.render(user=user, profilePhotoAllowed=profilePhotoAllowed))
def get(self, token_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Load jinja template
template = JINJA_ENVIRONMENT.get_template('static/templates/activation.html')
# Check if token is expired
token = database.TokenManager.select_token_by_id(int(token_id))
if token and (datetime.datetime.now() - datetime.timedelta(days=1) < token.date) and (not token.used):
# Activate user
user = token.user.get()
# Check if user is already activated
if user.role_level > 0:
errorMessage = _("AccountAlreadyActivated")
else:
errorMessage = None
database.UserManager.modify_user(user.key, role_level=1)
# Set token as used
database.TokenManager.set_used_token(token.key)
else:
errorMessage = _("ExpiredTokenOrNotExist")
# Prompt activation result
self.response.write(template.render(error=errorMessage))
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
template = JINJA_ENVIRONMENT.get_template('static/templates/welcome.html')
self.response.write(template.render())
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is already logged in
if current_session.get_id() is not None:
self.redirect("/")
return None
template = JINJA_ENVIRONMENT.get_template('static/templates/register.html')
self.response.write(template.render())
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Retrieve key
f = open("key/googlemaps.key")
key = f.read()
# Render template
template = JINJA_ENVIRONMENT.get_template('static/templates/map.html')
self.response.write(template.render(googleApiKey=key))
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user has session started
if current_session.get_id() is None:
self.redirect("/")
# Logout user
current_session.logout(self)
# Prompt logout page
JINJA_ENVIRONMENT.globals['session'] = current_session
template = JINJA_ENVIRONMENT.get_template('static/templates/logout.html')
self.response.write(template.render())
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is admin
if (current_session.get_role_level() < 3):
self.redirect("/")
return None
# Retrieve users
users = database.UserManager.select()
# Render template
template = JINJA_ENVIRONMENT.get_template('static/templates/users.html')
self.response.write(template.render(users=users))
def get(self, token_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
token = database.TokenManager.select_token_by_id(int(token_id))
if token and (datetime.datetime.now() - datetime.timedelta(days=1) < token.date) and (not token.used):
# Present web page
template = JINJA_ENVIRONMENT.get_template('static/templates/changeProfile.html')
user = token.user.get()
self.response.write(template.render(user=user, token_id=token_id))
else:
self.redirect("/")
def post(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is already logged in
if current_session.get_id() is not None:
self.redirect("/")
# Language task
Language.language(self)
# Load form
template = JINJA_ENVIRONMENT.get_template('static/templates/login.html')
# Check user and password
submitted_username = cgi.escape(self.request.get("username"))
submitted_password = hashlib.sha1(cgi.escape(self.request.get("password"))).hexdigest()
user = database.UserManager.select_by_username(submitted_username)
# Check user exists
if user is not None:
# Check if user account is blocked or not
if user.attempts < 3:
# Check if user and password matches
if submitted_username == user.name and submitted_password == user.password:
# Session initialization
current_session.set(self, user.key.id())
# Login attempts to zero
database.UserManager.modify_user(user.key, attempts=0)
# Redirection to initial page
self.redirect("/")
else:
# Add an attempt to user login
database.UserManager.modify_user(user.key, attempts=user.attempts+1)
self.response.write(template.render(error=_("InvalidUsernameOrPassword")))
else:
self.response.write(template.render(error=_("AccountBlocked")))
else:
self.response.write(template.render(error=_("InvalidUsernameOrPassword")))
def post(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is already logged in
if current_session.get_id() is not None:
self.redirect("/")
return None
# Retrieve request data
username = cgi.escape(self.request.get('username'))
password1 = cgi.escape(self.request.get('password1'))
password2 = cgi.escape(self.request.get('password2'))
email = cgi.escape(self.request.get('email'))
# Load success and fail templates
register_template = JINJA_ENVIRONMENT.get_template('static/templates/register.html')
registered_template = JINJA_ENVIRONMENT.get_template('static/templates/registered.html')
# Check email is well formed
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
self.response.write(register_template.render(error=_("BadEmail.")))
return None
# Check passwords min size is 6
if len(password1) < 6:
self.response.write(register_template.render(error=_("PasswordMinLengthNotReached.")))
return None
# Check passwords match
if password1 != password2:
self.response.write(register_template.render(error=_("PasswordMissmatch")))
return None
# Username not empty
if len(username) < 1:
self.response.write(register_template.render(error=_("EmptyUsername.")))
return None
# Check user exists
user = database.UserManager.select_by_username(username)
if user is not None:
self.response.write(register_template.render(error=_("UsernameExists")))
return None
# Check email exists
user = database.UserManager.select_by_email(email)
if user is not None:
self.response.write(register_template.render(error=_("EmailExists")))
return None
# Save new user in DB
user_key = database.UserManager.create(username, password1, email)
if user_key:
# Create activation token
token_key = database.TokenManager.create_token(user_key)
# Send activation email
email_handler.Email.send_activation(username, str(token_key.id()), email)
# Autologin new user
current_session.set(self, user_key.id())
JINJA_ENVIRONMENT.globals['session'] = current_session
self.response.write(registered_template.render(username=username))
else:
self.response.write(register_template.render(error=_("DatabaseError")))
return None
def get(self, photo_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Load jinja template
template = JINJA_ENVIRONMENT.get_template('static/templates/photo.html')
# Check permission
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if current_session.get_id() is None:
request_user = None
else:
request_user = database.UserManager.select_by_id(current_session.get_id())
if not security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, request_user):
self.redirect("/")
# Get photo info to display
user = photo.owner.get()
privacy = photo.privacy
date = photo.date
# Check if user can edit photo attributes
edition_permission = (current_session.get_role_level() is 3) or (photo.owner == current_session.get_user_key())
# Get user allowed to watch photo
if privacy == 1:
allowed_users = database.PhotoUserPermissionManager.get_allowed_users_by_photo(photo)
else:
allowed_users = None
# Count photo visited by user
if current_session.get_id() is None:
database.PhotoViewManager.newView(photo, None)
else:
database.PhotoViewManager.newView(photo, current_session.user)
# Photo visualization count
photo_views = database.PhotoViewManager.select_users_by_photo(photo)
views_counter = {}
for photo_view in photo_views:
if photo_view.user is None:
if "Anonymous" in views_counter:
views_counter["Anonymous"]['count'] += 1
else:
views_counter["Anonymous"] = {'count':1,
'name':"Anonymous",
'id': None}
else:
photo_view_user = photo_view.user
if photo_view_user.get().name in views_counter:
views_counter[photo_view_user.get().name]['count'] += 1
else:
views_counter[photo_view_user.get().name] = {'count':1,
'name':photo_view_user.get().name,
'id': photo_view_user.id()}
# Response page
self.response.write(template.render(
photo_id=photo_id,
owner=user,
name=photo.name,
edition_permission= edition_permission,
date= date,
privacy=privacy,
views=views_counter,
every_user_list=database.UserManager.select(),
allowed_users=allowed_users
))
def post(self, token_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Load templates
change_template = JINJA_ENVIRONMENT.get_template('static/templates/changeProfile.html')
token = database.TokenManager.select_token_by_id(int(token_id))
if not(token and (datetime.datetime.now() - datetime.timedelta(days=1) < token.date) and (not token.used)):
self.redirect("/")
user = token.user.get()
# Check username
username = cgi.escape(self.request.get('username'))
# If username is modified
if username != user.name:
# Username not empty
if len(username) < 1:
self.response.write(change_template.render(user=user, error=_("EmptyUsername.")))
return None
# Check username not taken
dbusername = database.UserManager.select_by_username(username)
if dbusername is not None:
self.response.write(change_template.render(user=user, error=_("UsernameExists")))
return None
# Check email
email = cgi.escape(self.request.get('email'))
# If email is modified
if email != user.email:
# Check email is well formed
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
self.response.write(change_template.render(user=user, error=_("BadEmail.")))
return None
# Check email not taken
dbuseremail = database.UserManager.select_by_email(email)
if dbuseremail is not None:
self.response.write(change_template.render(user=user, error=_("EmailExists")))
return None
# Check passwords
request_password1 = self.request.get('password1', None)
request_password2 = self.request.get('password2', None)
password1 = cgi.escape(request_password1)
password2 = cgi.escape(request_password2)
# Save user and email if passwords are not changed
if len(password1) < 1 or len(password2) < 1:
database.UserManager.modify_user(user.key, username=username, email=email)
else:
# Check passwords before modify user data
if len(password1) < 6:
self.response.write(change_template.render(user=user, error=_("PasswordMinLengthNotReached.")))
return None
# Check passwords match
if password1 != password2:
self.response.write(change_template.render(user=user, error=_("PasswordMissmatch")))
return None
database.UserManager.modify_user(user.key, username=username, password=password1, email=email)
# If data is changed, set token as used
database.TokenManager.set_used_token(token.key)
# Response changed values
self.redirect("/profile/"+str(user.key.id()))
