def editArea(id):
if "user_id" in session:
if not users.getAdmin(session["user_id"]):
abort(403)
else:
return render_template("error.html", message="You need to log in first")
area_info = areas.areaInfo(id)
if request.method == "GET":
return render_template("editarea.html", info=area_info)
if request.method == "POST":
if not users.getAdmin(session["user_id"]):
abort(403)
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
topic = request.form["topic"]
rules = request.form["rules"]
listed = request.form["listed"]
areas.editArea(topic,rules,listed,id)
if listed == "False":
return redirect("/")
return redirect(session.get("url","/"))
def editThread(id):
if "user_id" not in session:
return render_template("error.html", message="You need to log in to edit a thread.")
if request.method == "GET":
thread_info, content = threads.getThreadContent(id)
if threads.checkThreadOwner(id, int(session["user_id"])) or session.get("admin",False):
return render_template("editthread.html",info=thread_info)
else:
return render_template("error.html", message="You can't edit someone else's thread!")
if request.method == "POST":
if "user_id" not in session:
abort(403)
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
message = request.form["message"]
topic = request.form["topic"]
if len(message) > 1000:
return render_template("error.html", message="Message too long! (over 1000 characters)")
if len(topic) > 100 or len(topic) == 0:
return render_template("error.html", message="Invalid topic! (empty or over 100 characters)")
if threads.editThread(id, int(session["user_id"]), message, topic):
return redirect(session.get("url","/"))
else:
abort(403)
def changepicture():
file = request.files["file"]
id = request.form["id"]
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
if file:
img_id = imagehandler.saveImage(file.read(),file)
if type(img_id) != int:
return render_template("error.html", message=img_id)
users.setProfilePicture(id,img_id)
return redirect(session.get("url","/"))
def newArea():
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
if "user_id" in session:
if users.getAdmin(session["user_id"]):
topic = request.form["topic"]
rules = request.form["rules"]
listed = request.form["listed"]
areas.addArea(topic,rules,listed)
return redirect("/")
else:
abort(403)
def editMessage(id):
if "user_id" not in session:
return render_template("error.html", message="You need to log in to edit a message.")
if request.method == "GET":
message_info = threads.getMessageContent(id)
if (threads.checkMessageOwner(id, int(session["user_id"])) or users.getAdmin(session["user_id"])):
return render_template("editmessage.html", info=message_info)
else:
return render_template("error.html", message="You can't edit someone else's message!")
if request.method == "POST":
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
message = request.form["message"]
if len(message) > 1000:
return render_template("error.html", message="Message too long! (Over 1000 characters)")
if threads.editMessage(id, int(session["user_id"]), message):
return redirect(session.get("url","/"))
else:
abort(403)
def newThread():
if not users.checkLoggedInStatus():
abort(403)
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
topic = request.form["topic"]
message = request.form["message"]
user_id = session["user_id"]
area_id = request.form["area_id"]
file = request.files["file"]
if len(topic) > 100 or len(message) > 1000 or len(topic) == 0:
return render_template("error.html",message="Invalid topic or message!")
if file:
img_id = imagehandler.saveImage(file.read(),file)
if type(img_id) != int:
return render_template("error.html", message=img_id)
thread_id = areas.createThread(topic, message, area_id, user_id, img_id)
else:
thread_id = areas.createThread(topic, message, area_id, user_id)
return redirect("/area/{0}/{1}".format(area_id, thread_id))