def delete_post(postid): c, conn = connect() logEvent( "post delete", "%s(%d),%s(%d)" % (session['username'], int( session['userid']), get_post_by_id(postid)['title'], int(postid))) c.execute("DELETE FROM posts WHERE userid=%s AND postid=%s", (int(session['userid']), int(postid))) conn.commit() close(c, conn) return postid
def publish_post(postid): c, conn = connect() c.execute("UPDATE posts SET published=1 WHERE postid=%s and userid=%s", (int(postid), int(session['userid']))) conn.commit() close(c, conn) logEvent( "post publish", "%s(%d),%s(%d)" % (session['username'], int( session['userid']), get_post_by_id(postid)['title'], int(postid))) return postid
def update_post(postid, **d): c, conn = connect() x = { 'title': '', 'content': '', 'description': '', 'categories': [], 'tags': '' } x.update(d) a = 0 qstr = "" data = [] for i in x: if not (x[i] == "" or x[i] is None or x[i] == []): a = 1 if i in ('title', 'description', 'content', 'tags', 'published'): qstr += (i + "=%s,") data.append(thwart(x[i])) if a == 0: return -1 data.append(int(session['userid'])) data.append(int(postid)) c.execute( "UPDATE posts SET " + qstr + " modified_date=CURRENT_TIMESTAMP WHERE userid= %s AND postid=%s", data) c.execute("SELECT category FROM post_category WHERE postid=%s", (int(postid), )) cats = c.fetchall() cats = set([i['category'] for i in cats]) if 'categories' in x: cats2 = set(x['categories']) rm = cats - cats2 for i in rm: c.execute( "DELETE FROM post_category WHERE postid=%s and category=%s", (int(postid), i)) ad = cats2 - cats for i in ad: c.execute("INSERT INTO post_category values(%s, %s)", (int(postid), i)) conn.commit() close(c, conn) logEvent( "post update", "%s(%d),%s(%d)" % (session['username'], int( session['userid']), get_post_by_id(postid)['title'], int(postid))) return postid
def register_user(username, email, password): c, conn = connect() tusername, temail = thwart(username), thwart(email) n = c.execute("SELECT * FROM users WHERE username=%s OR email=%s", (tusername, temail)) if n > 0: return 0 password = sha256_crypt.encrypt(password) c.execute( "INSERT INTO users (username,email,passwordhash) values (%s,%s,%s)", (tusername, temail, thwart(password))) conn.commit() c.execute("SELECT userid FROM users WHERE username=%s", (tusername, )) userid = c.fetchone()['userid'] set_login_session(userid, username, email) close(c, conn) logEvent("user register", "%s(%d)" % (session['username'], int(session['userid']))) return userid
def login(username, password, remember=False): c, conn = connect() res = c.execute("SELECT * FROM users WHERE (username=%s OR email=%s)", (thwart(username), thwart(username))) ret = 0 if res > 0: print('a') row = c.fetchone() if sha256_crypt.verify(password, row['passwordhash']): # login successful, set session vars. set_login_session(row['userid'], row['username'], row['email']) c.execute("UPDATE users SET last_login=CURRENT_TIMESTAMP") conn.commit() ret = 1 close(c, conn) logEvent("user login", "%s(%d)" % (session['username'], int(session['userid']))) return ret
def create_post(**d): a = 0 x = { 'title': '', 'content': '', 'description': '', 'categories': ['.'], 'tags': '' } x.update(d) for i in x: if not (x[i] == "" or x[i] is None or x[i] == ['.'] or x[i] == []): a = 1 break if a == 0: return -1 c, conn = connect() c.execute( "INSERT INTO posts (userid,title,content,description,tags) values (%s,%s,%s,%s,%s)", (int(session['userid']), thwart(x['title']), thwart( x['content']), thwart(x['description']), thwart(x['tags']))) c.execute("SELECT LAST_INSERT_ID() as id") postid = c.fetchone()['id'] if 'categories' in x: for cat in x['categories']: c.execute("INSERT INTO post_category values(%s,%s)", (int(postid), thwart(cat))) conn.commit() close(c, conn) logEvent( "post create", "%s(%d),%s(%d)" % (session['username'], int( session['userid']), get_post_by_id(postid)['title'], int(postid))) return postid