def viewAlbum():
cur = db_con()
albumid = request.args.get("id")
username = ""
accessLevel = 2
if 'username' in session:
if not session_exists_check():
prev = "/n5hyqyyzaor/pa2/album?id="+str(albumid)
return render_template("login.html",back_url = prev)
accessLevel = album_authen(session['username'],albumid)
username = session['username']
if (accessLevel == 0):
return redirect(url_for('main.index'))
cur.execute("SELECT access FROM Album WHERE albumid = '"+albumid+"'")
access = cur.fetchone()[0]
if access == 'private':
if not session_exists_check():
prev = "/album?id="+str(albumid)
return render_template("login.html",back_url = prev)
else :
username = session["username"]
options = {"edit": False, "canEdit":False}
if accessLevel == 3:
options["canEdit"] = True
albumid = request.args.get("id")
cur.execute("SELECT * FROM User")
usrs = cur.fetchall()
albumid = request.args.get("id")
# check for invalid album id
cur.execute("SELECT count(1) FROM Album WHERE albumid = '" + albumid +"'")
result = cur.fetchone()
if albumid == "" or result[0] == 0:
return make_response(render_template('404.html'),404)
cur.execute("SELECT * from Contain where albumid='" + albumid + "' ORDER BY sequencenum")
rows = cur.fetchall()
cur.execute("SELECT title FROM Album WHERE albumid='" + albumid + "'")
title = cur.fetchone()[0]
cur.execute("SELECT * from Photo INNER JOIN Contain on Photo.picid=Contain.picid where albumid= '" + albumid + "' ORDER BY sequencenum")
thumb = cur.fetchall()
cur.execute("SELECT username FROM Album WHERE albumid='" + albumid + "'")
own = cur.fetchone()[0]
resp = make_response(render_template("edit_album.html", albumOwner= own, zipped = zip(rows, thumb), users = usrs, user = username, pics=rows, id = albumid, albumTitle = title, **options))
if accessLevel != 2 :
resp.set_cookie('lastactivity',str(time.time()) )
return resp
def myAlbums():
cur = db_con()
if 'username' in session:
if (not session_exists_check() ):
prev = "/n5hyqyyzaor/pa2/albums"
return render_template("login.html",back_url = prev)
else:
public_albums = display_public()
return render_template("public_albums_of_all_users.html",album_list = public_albums)
if(session_exists_check()):
if (time.time() - float(request.cookies['lastactivity']) < duration):
options = {
"edit": False
}
username = session['username']
cur.execute("SELECT count(1) FROM User WHERE username = '******'")
result = cur.fetchone()
cur.execute("SELECT * from Album where username='******'")
rows = cur.fetchall()
resp = make_response(render_template("albums.html", user = username, album_list = rows, **options))
resp.set_cookie('lastactivity',str(time.time()))
return resp
else:
return "a"
else:
prev = "/n5hyqyyzaor/pa2/albums"#?url="+url_for('main.edit_acc')
return render_template("login.html",back_url = prev)
def myAlbumsEdit():
cur = db_con()
options = {
"edit": True
}
if not session_exists_check():
prev = "/n5hyqyyzaor/pa2/albums/edit"
return render_template("login.html",back_url = prev)
username = session['username']
if request.method == 'POST':
op = request.form['op']
if(op == "add"):
title = request.form['title']
#username = request.form['username']
i = datetime.now()
strDate = i.strftime('%y-%m-%d')
cur.execute("INSERT INTO Album(title, created, lastupdated, username, access) VALUES('" + title + "', '" + strDate + "', '" + strDate + "','" + username + "', 'private')")
elif(op == "delete"):
albumid = request.form['albumid']
cur.execute("SELECT * FROM Contain WHERE albumid='" + albumid + "'")
pics = cur.fetchall()
for pic in pics:
# Remove from Contain
cur.execute("DELETE FROM Contain WHERE picid='" + pic[1] + "'")
# Remove phy files
cur.execute("SELECT * FROM Photo WHERE picid='" + pic[1] + "'")
row = cur.fetchone()
os.remove(app.config['UPLOAD_FOLDER']+ row[1])
# Remove from Photo
cur.execute("DELETE FROM Photo WHERE picid='" + pic[1] + "'")
# Remove Access
cur.execute("DELETE FROM AlbumAccess WHERE albumid='" + albumid + "'")
# Remove Album
cur.execute("DELETE FROM Album WHERE albumid='" + albumid + "'")
cur.execute("SELECT * from Album where username='******'")
rows = cur.fetchall()
cur.execute("SELECT * from Album where username='******'")
rows = cur.fetchall()
# return render_template("albums.html", user = username, album_list = rows, **options)
resp = make_response(render_template("albums.html", user = username, album_list = rows, **options))
resp.set_cookie('lastactivity',str(time.time()))
return resp
def updateTime(albumid):
cur = db_con()
i = datetime.now()
strDate = i.strftime('%y-%m-%d')
cur.execute("UPDATE Album SET lastupdated='" + strDate + "' WHERE albumid='" + albumid + "'")
