def editArea(id):
if "user_id" in session:
if not users.getAdmin(session["user_id"]):
abort(403)
else:
return render_template("error.html", message="You need to log in first")
area_info = areas.areaInfo(id)
if request.method == "GET":
return render_template("editarea.html", info=area_info)
if request.method == "POST":
if not users.getAdmin(session["user_id"]):
abort(403)
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
topic = request.form["topic"]
rules = request.form["rules"]
listed = request.form["listed"]
areas.editArea(topic,rules,listed,id)
if listed == "False":
return redirect("/")
return redirect(session.get("url","/"))
def deleteMessage(message_id,user_id):
if not (checkMessageOwner(message_id,user_id) or users.getAdmin(user_id)):
return False
sql = "UPDATE messages SET listed=False WHERE id=:message_id"
result = db.session.execute(sql, {"message_id":message_id})
db.session.commit()
return True
def editMessage(message_id,user_id,message):
if not (checkMessageOwner(message_id,user_id) or users.getAdmin(user_id)):
return False
sql = "UPDATE messages SET message=:message WHERE id=:message_id"
result = db.session.execute(sql, {"message_id":message_id,"message":message})
db.session.commit()
return True
def editThread(thread_id,user_id,message, topic):
if not (checkThreadOwner(thread_id,user_id) or users.getAdmin(user_id)):
return False
sql = "UPDATE threads SET message=:message WHERE id=:thread_id"
result = db.session.execute(sql, {"message":message,"thread_id":thread_id})
sql = "UPDATE threads SET topic=:topic WHERE id=:thread_id"
result = db.session.execute(sql, {"topic":topic,"thread_id":thread_id})
db.session.commit()
return True
def index():
area_list,last_message,total_messages,total_threads = areas.fetchAreaValues()
active_threads = areas.getActiveThreads(0)
if "user_id" in session:
if users.getAdmin(session["user_id"]):
return render_template("indexAdmin.html",areas=area_list,last_message=last_message,
threads=active_threads,total_messages=total_messages,total_threads=total_threads)
session["url"] = url_for("index")
return render_template("index.html",areas=area_list,last_message=last_message,threads=active_threads,total_messages=total_messages,
total_threads=total_threads)
def newArea():
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
if "user_id" in session:
if users.getAdmin(session["user_id"]):
topic = request.form["topic"]
rules = request.form["rules"]
listed = request.form["listed"]
areas.addArea(topic,rules,listed)
return redirect("/")
else:
abort(403)
def deleteThread(thread_id,user_id):
if not (checkThreadOwner(thread_id,user_id) or users.getAdmin(user_id)):
return False
sql = "UPDATE messages SET listed=False WHERE thread_id=:thread_id RETURNING image_id"
result = db.session.execute(sql,{"thread_id":thread_id})
if result:
imagehandler.removeThreadImages(result.fetchall())
sql = "UPDATE threads SET listed=False WHERE id=:thread_id RETURNING image_id"
result = db.session.execute(sql,{"thread_id":thread_id})
db.session.commit()
if result:
imagehandler.removeImage(result.fetchone()[0])
return True
def editMessage(id):
if "user_id" not in session:
return render_template("error.html", message="You need to log in to edit a message.")
if request.method == "GET":
message_info = threads.getMessageContent(id)
if (threads.checkMessageOwner(id, int(session["user_id"])) or users.getAdmin(session["user_id"])):
return render_template("editmessage.html", info=message_info)
else:
return render_template("error.html", message="You can't edit someone else's message!")
if request.method == "POST":
if not users.checkCsrfToken(request.form["csrf_token"]):
abort(403)
message = request.form["message"]
if len(message) > 1000:
return render_template("error.html", message="Message too long! (Over 1000 characters)")
if threads.editMessage(id, int(session["user_id"]), message):
return redirect(session.get("url","/"))
else:
abort(403)