def all_gossips(): try: page = int(request.args.get('page')) if page < 1: raise TypeError except (TypeError, ValueError): page = 1 search = request.args.get('search') offset = 10 * (page - 1) search_flag = 0 if search != None: gossips, success = database.search_gossips(offset, 10, search) search_flag = 1 else: gossips, success = database.get_latest_gossips(offset, 10) if not success: error("all_gossips", gossips, session.get('username')) flash('Oops, something wrong happened!', "danger") return render_template('error.html') r = make_response( render_template('gossips.html', posts=gossips, search_text=search, search=search_flag)) return r
def newuser(): if request.method == 'POST': username = request.form.get('username') psw1 = request.form.get('password1') psw2 = request.form.get('password2') if username == '' or psw1 == '' or psw2 == '': flash('All fields are required', 'danger') return redirect('/register') # username = username.encode('utf-8') psw1 = psw1.encode('utf-8') psw2 = psw2.encode('utf-8') if psw1 == psw2: psw = Password(psw1) hashed_psw = psw.get_hashed_password() message, success = database.insert_user(username, hashed_psw) if success == 1: flash('New user added!', 'primary') return redirect('/login') else: error('newuser', message, session.get('username')) flash('Internal error!', 'danger') return redirect('/register') flash('Passwords must be the same!', 'danger') return redirect('/register') else: return render_template('register.html')
def gossip(id): if request.method == 'POST': comment = request.form.get('comment') user = session.get('username') date = datetime.datetime.now() if comment == '': flash('All fields are required', 'danger') return redirect('/gossip/{}'.format(id)) message, success = database.post_comment(user, comment, id, date) if not success: error('gossip', message, session.get('username')) flash('Couldn\'t add comment, please try again', 'danger') return redirect('/gossip/{}'.format(id)) flash('New comment added', 'primary') return redirect('/gossip/{}'.format(id)) else: gossip, success = database.get_gossip(id) if not success: error('gossip', gossip, session.get('username')) flash('Couldn\'t get gossip, please try again', 'danger') return redirect('/gossip') comments, success = database.get_comments(id) if comments == None: comments = [] return render_template('gossip.html', post=gossip, comments=comments, id=id)
def csrf_protect(): ''' CSRF PROTECION ''' if request.method == 'POST': token_csrf = session.get('_csrf_token') form_token = request.form.get('_csrf_token') if not token_csrf or str(token_csrf) != str(form_token): error('csrf_protect', 'wrong value for csrf_token', session.get('username')) return 'ERROR: Wrong value for csrf_token'
def csrf_protect(): ''' CSRF PROTECION ''' if request.method == "POST": token_csrf = session.get('_csrf_token') form_token = request.form.get('_csrf_token') if not token_csrf or str(token_csrf) != str(form_token): error("csrf_protect", "wrong value for csrf_token", session.get("username")) return "ERROR: Wrong value for csrf_token"
def login(): if request.method == 'POST': username = request.form.get('username') psw = Password(request.form.get('password').encode('utf-8')) user_password, success = database.get_user_password(username) if not success or user_password == None or not psw.validate_password( user_password[0]): error('gossip', 'User not found or wrong password', session.get('username')) flash('User not found or wrong password', 'danger') return render_template('login.html') session['username'] = username return redirect('/gossip') else: return render_template('login.html')
def all_gossips(): search = request.args.get('search') search_flag = 0 if search != None: gossips, success = database.search_gossips(search) search_flag = 1 else: gossips, success = database.get_latest_gossips() if not success: error('all_gossips', gossips, session.get('username')) return 'Internal error!' r = make_response( render_template('gossips.html', posts=gossips, search_text=search, search=search_flag)) return r
def newgossip(): if request.method == 'POST': text = request.form.get('text', "").encode('utf-8') subtitle = request.form.get('subtitle', "").encode('utf-8') title = request.form.get('title', "").encode('utf-8') author = session.get('username', "") date = datetime.datetime.now() if author == '' or text == '' or subtitle == '' or title == '': error("gossip", "invalid parameters", session.get('username')) flash('Todos os campos devem ser preenchidos', "danger") return render_template('newgossip.html', title=title, subtitle=subtitle, text=text) database.post_gossip(author, text, title, subtitle, date) flash('New gossip added', "primary") return redirect('/gossip') else: return render_template('newgossip.html')
def newuser(): if request.method == 'POST': username = request.form.get('username') psw1 = request.form.get('password1') psw2 = request.form.get('password2') if psw1 == psw2: psw = Password(str(psw1)) hashed_psw = psw.get_hashed_password() message, success = database.insert_user(str(username), hashed_psw) if success == 1: flash("New user added!", "primary") return redirect('/login') else: error("newuser", message, session.get('username')) return render_template('error.html') flash("Passwords must be the same!", "danger") return redirect('/register') else: return render_template('register.html')
def gossip(id): if request.method == 'POST': comment = request.form.get('comment').encode('utf-8') user = session.get('username') date = datetime.datetime.now() message, success = database.post_comment(user, comment, id, date) if not success: error("gossip", message, session.get('username')) flash('Oops, something wrong happened', "danger") return render_template('error.html') flash('New comment added', "primary") return redirect('/gossip/{}'.format(id)) else: gossip, success = database.get_gossip(id) if not success: error("gossip", gossip, session.get('username')) flash('Oops, something wrong happened!', "danger") return render_template('error.html') comments, success = database.get_comments(id) if not success: error("gossip", comments, session.get('username')) flash('Oops, something wrong happened!', "danger") return render_template('error.html') if comments == None: comments = [] return render_template('gossip.html', post=gossip, comments=comments, id=id)
def newgossip(): if request.method == 'POST': text = request.form.get('text') subtitle = request.form.get('subtitle') title = request.form.get('title') author = session.get('username') date = datetime.datetime.now() if author == None or text == None or subtitle == None or title == None: error('gossip', 'Invalid parameters', session.get('username')) flash('All fields are required', 'danger') return render_template('newgossip.html', title=title, subtitle=subtitle, text=text) message, success = database.post_gossip(author, text, title, subtitle, date) if success == 0: flash('Coulnd\'t add gossip, please try again', 'danger') else: flash('New gossip added', 'primary') return redirect('/newgossip') else: return render_template('newgossip.html')