def reset_password():
if request.method == 'GET':
email = request.args.get("email")
code = request.args.get("code")
if email:
eh = EmailHandler(email)
code = eh.send_reset_link()
udao = UserDAO()
udao.update_password_reset_link(email, code)
elif code:
return render_template("resetpassword.html",
signedIn = request.cookies.get("signedIn"),
code = code)
return render_template("resetpassword.html",
signedIn = request.cookies.get("signedIn"),
code = None)
elif request.method == 'POST':
password = request.form['pass']
code = request.args.get("code")
udao = UserDAO()
ldao = LogDAO()
success = udao.reset_password(code, password)
if success:
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_PASSWORD_RESET, 1)
return redirect("/?alert=Successfully changed password!|Password has been changed for the specified account, sign in with your new details|alert-suc")
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_PASSWORD_RESET, 1)
return redirect("/?alert=Password change unsuccessful!|Some of the details you input must have been inccorect.|alert-fail")
def signup():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
dao = UserDAO()
user = dao.signup_user(username, password)
ldao = LogDAO()
if not user:
ldao.add_log(request, None, ldao.REQUEST_SIGNUP, 0)
resp = make_response(redirect("/signup?alert=Username is Already Taken|Try another username and sign up again.|alert-fail"))
return resp
else:
ldao.add_log(request, user.username, ldao.REQUEST_SIGNUP, 1)
resp = make_response(redirect("/?alert=Sign Up Success|Start creating and browsing awesome recipes.|alert-suc"))
resp.set_cookie("signedIn", "true")
resp.set_cookie("user", user.username)
resp.set_cookie("session_key", user.sessionKey)
return resp
else:
alertParam = request.args.get("alert")
alert = None
if alertParam:
alertData = urllib.parse.unquote(alertParam)
alertData = alertData.split("|")
alert = Alert(alertData[0], alertData[1], alertData[2])
resp = make_response(render_template("signup.html", signedIn = request.cookies.get("signedIn"),
user = request.cookies.get("user"),
alert = alert))
return resp
def add_comment_rating(self, user, comment_id, rating):
connection = sqlite3.connect('recipe.db')
connection.row_factory = sqlite3.Row
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
new_rating = 1 if rating > 0 else -1
if self.check_comment_rating_exists(cursor, comment_id, user_id):
current_rating = int(self.get_current_comment_rating(cursor, comment_id, user_id))
if current_rating == new_rating:
new_rating = 0
cursor.execute("UPDATE tbl_comment_rating \
SET OPINION = ? \
WHERE COMMENT_ID = ? AND USER_ID = ?", (new_rating, comment_id, user_id))
else:
cursor.execute("INSERT INTO tbl_comment_rating (COMMENT_ID, USER_ID, OPINION) \
VALUES (?, ?, ?)", (comment_id, user_id, new_rating))
connection.commit()
connection.close()
return new_rating
def account(user):
if request.method == 'GET':
udao = UserDAO()
if not udao.check_user_exists(user):
return render_template("errors/user_not_found.html")
rdao = RecipeDAO()
recipes = rdao.get_recipes_for_user(user)
valid_session_key = udao.check_user_session_key(user, request.cookies.get("session_key"))
allowEdit = False
user_bgr = udao.get_user_background(user)
sdao = SubscribeDAO()
subscribed = sdao.is_subscribed(request.cookies.get("user"), user)
if valid_session_key:
allowEdit = True
return render_template("account.html", signedIn = request.cookies.get("signedIn"),
user = request.cookies.get("user"),
recipes = recipes,
allowEdit = allowEdit,
userBackground = user_bgr,
subscribed = subscribed)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
dao = UserDAO()
user = dao.login_user(username, password)
ldao = LogDAO()
if user == None:
ldao.add_log(request, None, ldao.REQUEST_SIGNIN, 0)
return redirect("/login?alert=Sign In Failed!|Make sure the details you entered are correct and try again.|alert-fail")
else:
ldao.add_log(request, user.username, ldao.REQUEST_SIGNIN, 1)
resp = make_response(redirect("/?alert=Sign In Success|Start creating and browsing awesome recipes.|alert-suc"))
resp.set_cookie("signedIn", "true")
resp.set_cookie("user", user.username)
resp.set_cookie("session_key", user.sessionKey)
return resp
elif request.method == 'GET':
alertParam = request.args.get("alert")
alert = None
if alertParam:
alertData = urllib.parse.unquote(alertParam)
alertData = alertData.split("|")
alert = Alert(alertData[0], alertData[1], alertData[2])
return render_template("login.html", signedIn = request.cookies.get("signedIn"),
user = request.cookies.get("user"),
alert = alert)
def logFilter():
if request.method == 'GET':
udao = UserDAO()
admin = udao.check_admin(request.cookies.get("user"), request.cookies.get("session_key"))
if admin:
ret_data = ""
ldao = LogDAO()
_type = request.args.get("type")
status = request.args.get("status")
url = request.args.get("url")
ip = request.args.get("ip")
user_agent = request.args.get("user-agent")
logs = ldao.get_logs(_type, status, url, ip, user_agent)
for log in logs:
ret_data += f"""
<tr>
<td>{log.id}</td>
<td>{log.user_id}</td>
<td>{log.type}</td>
<td>{log.ip}</td>
<td>{log.port}</td>
<td>{log.url}</td>
<td>{log.date}</td>
<td>{log.status}</td>
<td>{log.user_agent}</td>
<td>{log.host}</td>
</tr>
"""
return ret_data
return "N"
def start():
try:
userDAO = UserDAO()
permission = userDAO.findPermission('zhangsan','123456')
user = UserFactory.getUser(permission)
user.sameOperation()
user.diffOperation
except:
pass
def add_recipe(self, user, recipeName, recipeDesc, recipeIngr):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
id = udao.get_user_id_from_name(cursor, user)
cursor.execute("INSERT INTO tbl_recipe (RECIPE_OWNER, RECIPE_NAME, RECIPE_DESCRIPTION, RECIPE_INGREDIENTS) \
VALUES (?, ?, ?, ?)", (id, recipeName, recipeDesc, recipeIngr))
connection.commit()
connection.close()
def unsubscribe(user):
if request.method == 'GET':
udao = UserDAO()
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
sdao = SubscribeDAO()
sdao.unsubscribe(request.cookies.get("user"), user)
return redirect(f"/account/{user}")
def get_users_favourites_recipe_ids(self, user):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
id = udao.get_user_id_from_name(cursor, user)
cursor.execute("SELECT RECIPE_ID \
FROM tbl_favourite \
WHERE USER_ID = ?", (id,))
rows = cursor.fetchall()
return rows
def favourite_delete(user, recipeName, recipeID):
if request.method == 'DELETE':
udao = UserDAO()
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
fdao = FavouriteDAO()
result = "Y" if fdao.delete_favourite(request.cookies.get("user"), recipeID) else "N"
return result
return "N"
def is_subscribed(self, user, sub):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
sub_id = udao.get_user_id_from_name(cursor, sub)
subsribed = self.check_already_subscribed(cursor, user_id, sub_id)
connection.close()
return subsribed
def get_subscribed_pages_for_user(self, user):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
cursor.execute("SELECT SUBBED_USER_ID FROM tbl_subscribe \
WHERE USER_ID = ?", (user_id,))
rows = cursor.fetchall()
connection.close()
return rows
def unsubscribe(self, user, sub):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
sub_id = udao.get_user_id_from_name(cursor, sub)
cursor.execute("DELETE FROM tbl_subscribe \
WHERE USER_ID = ? AND SUBBED_USER_ID = ?", (user_id, sub_id))
connection.commit()
connection.close()
def addRating(user, recipeName):
if request.method == 'GET':
udao = UserDAO();
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
comment_id = request.args.get("cid")
rating = request.args.get("r")
if comment_id and rating:
cdao = CommentDAO()
result = cdao.add_comment_rating(request.cookies.get("user"), comment_id, int(rating))
return str(result)
return "N"
def subscribe(self, user, sub):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
sub_id = udao.get_user_id_from_name(cursor, sub)
if user_id and sub_id and not self.check_already_subscribed(cursor, user_id, sub_id):
cursor.execute("INSERT INTO tbl_subscribe (USER_ID, SUBBED_USER_ID, SUBSCRIBE_DATE) \
VALUES (?, ?, ?)", (user_id, sub_id, datetime.datetime.now()))
connection.commit()
connection.close()
def favourite_add(user, recipeName):
if request.method == 'PUT':
udao = UserDAO()
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
recipe_id = request.args.get("recipe")
print(recipe_id)
fdao = FavouriteDAO()
result = "Y" if fdao.add_favourite(request.cookies.get("user"), recipe_id) else "N"
return result
return "N"
def account_settings(user):
if request.method == 'GET':
udao = UserDAO()
valid_key = udao.check_user_session_key(user, request.cookies.get("session_key"))
if valid_key:
alertParam = request.args.get("alert")
alert = None
if alertParam:
alertData = urllib.parse.unquote(alertParam)
alertData = alertData.split("|")
alert = Alert(alertData[0], alertData[1], alertData[2])
u = udao.get_user(user)
if u.email_auth == 1 and u.can_edit_settings == 0 and not alertParam:
eh = EmailHandler(u.email)
code = eh.send_settings_code()
if code:
udao.set_user_settings_code(u.id, code)
return render_template("settings.html",
signedIn = request.cookies.get("signedIn"),
user = request.cookies.get("user"),
alert = alert,
userobj = u)
else:
return "Not Your Page to Edit"
elif request.method == 'POST':
inputted_code = request.form['email_auth']
udao = UserDAO()
actual_code = udao.get_user_settings_code(user)
if inputted_code == actual_code:
udao.allow_edit_settings(user)
return redirect(f"/account/{user}/settings")
return redirect(f"/account/{user}/settings?alert=Incorrect Code!|Try inputting the code again.|alert-fail")
def logs():
if request.method == 'GET':
udao = UserDAO()
admin = udao.check_admin(request.cookies.get("user"), request.cookies.get("session_key"))
if admin:
ldao = LogDAO()
logs = ldao.get_logs(None, None, None, None, None)
return render_template("logs.html",
logs = logs,
signedIn = request.cookies.get("signedIn"),
user = request.cookies.get("user"))
return "ACCESS DENIED"
def recipe_delete(user, recipeName):
if request.method == "DELETE":
ldao = LogDAO()
udao = UserDAO()
valid_key = udao.check_user_session_key(user, request.cookies.get("session_key"))
if valid_key:
dao = RecipeDAO()
dao.delete_recipe(user, recipeName.replace("-", " "))
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_DEL_RECIPE, 1)
return "Y"
else:
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_DEL_RECIPE, 0)
return "N"
def add_log(self, request, user, _type, status):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
print(type(request.user_agent))
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user) if user else None
cursor.execute("INSERT INTO tbl_log (USER_ID, REQ_TYPE, REQ_IP, REQ_PORT, REQ_URL, REQ_DATE, REQ_STATUS, USER_AGENT, HOST) \
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
(user_id, _type, request.remote_addr, int(request.environ['REMOTE_PORT']),
request.url, str(datetime.datetime.now()).split(".")[0], status, str(request.user_agent), request.host))
connection.commit()
connection.close()
def remove_comment(self, user, recipe_user, recipe):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
rdao = RecipeDAO()
recipe_id = rdao.get_recipe_id_from_user_and_name(cursor, recipe_user, recipe.replace("-", " "))
cursor.execute("DELETE FROM tbl_comment \
WHERE USER_ID = ? AND RECIPE_ID = ?", (user_id, recipe_id))
connection.commit()
connection.close()
return True
def removeComment(user, recipeName):
if request.method == 'GET':
ldao = LogDAO()
udao = UserDAO()
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
cdao = CommentDAO()
result = cdao.remove_comment(request.cookies.get("user"), user, recipeName)
if result:
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_DEL_COMMENT, 1)
return "Y"
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_DEL_COMMENT, 0)
return "N"
def add_favourite(self, user, recipe_id):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
if user_id and recipe_id:
cursor.execute("INSERT INTO tbl_favourite (USER_ID, RECIPE_ID) \
VALUES (?, ?)", (user_id, recipe_id))
connection.commit()
connection.close()
return True
connection.close()
return False
def delete_user(user):
if request.method == 'GET':
ldao = LogDAO()
udao = UserDAO()
valid_key = udao.check_user_session_key(user, request.cookies.get("session_key"))
if valid_key:
udao.delete_user(user)
resp = make_response(redirect("/"))
resp.delete_cookie("signedIn")
resp.delete_cookie("user")
resp.delete_cookie("session_key")
return resp
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_DEL_ACCOUNT, 0)
return redirect(f"/account/{user}/settings?alert=Account Delete Failed|Unable to delete your account.|alert-fail")
def recipe_add(user, recipeName):
if request.method == 'PUT':
ldao = LogDAO()
udao = UserDAO()
valid_key = udao.check_user_session_key(user, request.cookies.get("session_key"))
if valid_key:
desc = request.args.get("desc")
ingredients = request.args.get("ingredients")
dao = RecipeDAO()
dao.add_recipe(user, recipeName, desc, ingredients)
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_ADD_RECIPE, 1)
return "Y"
else:
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_ADD_RECIPE, 0)
return "N"
def add_comment(self, user, recipe_user, recipe, comment):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
rdao = RecipeDAO()
recipe_id = rdao.get_recipe_id_from_user_and_name(cursor, recipe_user, recipe.replace("-", " "))
if self.user_already_left_comment(cursor, user_id, recipe_id):
return
cursor.execute("INSERT INTO tbl_comment (USER_ID, RECIPE_ID, COMMENT_DETAILS, COMMENT_DATE) \
VALUES (?, ?, ?, ?)", (user_id, recipe_id, comment, datetime.datetime.now()))
connection.commit()
connection.close()
def addComment(user, recipeName):
if request.method == 'GET':
ldao = LogDAO()
udao = UserDAO()
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
comment = request.args.get("comment")
if (comment):
cdao = CommentDAO()
cdao.add_comment(request.cookies.get("user"), user, recipeName, comment)
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_ADD_COMMENT, 1)
return "Y"
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_ADD_COMMENT, 1)
return "N"
def edit_comment(self, user, recipe_user, recipe, comment):
connection = sqlite3.connect('recipe.db')
cursor = connection.cursor()
udao = UserDAO()
user_id = udao.get_user_id_from_name(cursor, user)
rdao = RecipeDAO()
recipe_id = rdao.get_recipe_id_from_user_and_name(cursor, recipe_user, recipe.replace("-", " "))
print(user_id, recipe_id, comment)
cursor.execute("UPDATE tbl_comment \
SET COMMENT_DETAILS = ?, COMMENT_EDITED = 1 \
WHERE USER_ID = ? AND RECIPE_ID = ?", (comment, user_id, recipe_id))
connection.commit()
connection.close()
return True
def editComment(user, recipeName):
if request.method == 'GET':
ldao = LogDAO()
udao = UserDAO()
valid_key = udao.check_user_session_key(request.cookies.get("user"), request.cookies.get("session_key"))
if valid_key:
comment = request.args.get("comment")
if comment:
cdao = CommentDAO()
result = cdao.edit_comment(request.cookies.get("user"), user, recipeName, comment)
if result:
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_EDIT_COMMENT, 1)
return "Y"
ldao.add_log(request, request.cookies.get("user"), ldao.REQUEST_EDIT_COMMENT, 0)
return "N"