def newimg(): """ :URL: /newimg :Method: POST Upload a new image. """ pd = PageData() if request.method == 'POST': if 'img' in request.files: if request.form['title'] == '': title = request.files['img'].filename else: title = request.form['title'] if 'username' in session: userid = pd.authuser.uid else: userid = None img = new_img(request.files['img'], title, request.form['parent'], userid, request.remote_addr) if img: flash('Uploaded {}'.format(request.files['img'].filename)) return redirect_back('/image/' + str(img)) else: flash('An error occurred while processing {}'.format( request.files['img'].filename)) return redirect_back(url_for('index'))
def admin_set_accesslevel(user, level): """ :URL: /admin/users/<user>/accesslevel/<level> Change a user's access level. The user requesting the access level change must be more privileged than the level they are setting. Redirects back if there was an error, otherwise redirects to the user's profile. """ pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int( level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect('/user/' + moduser.username)
def admin_set_accesslevel(user, level): pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int( level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect('/user/' + moduser.username)
def pm(username): pd = PageData() try: pd.recipient = SiteUser.create(username) except (NoItem, NoUser): return page_not_found(404) if 'username' in session: if request.method == 'POST': message = request.form['body'] subject = request.form['subject'] if 'parent' in request.form: parent = deobfuscate(request.form['parent']) else: parent = None if message and subject: messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject, message, messagestatus['unread_pm'], parent) if messageid: flash('Message sent!') if parent: return redirect_back('/user/' + username + '/pm') else: return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate((messageid))) else: # TODO re-fill form flash('No message or subject') return redirect_back('/user/' + username + '/pm') return render_template('sendpm.html', pd=pd)
def link_facebook_account(username): pd = PageData(); logger.info('Started Facebook auth for {} ({}), referrer was {}'.format(username, request.remote_addr, request.referrer)) if 'username' in session: try: user = SiteUser.create(session['username']) user.authenticate(request.form['password']) except (NoUser, AuthFail): flash('Authentication failed, please check your password and try again.') logger.info('Facebook auth link failed for username {} ip {}'.format(user.username, request.remote_addr)) return redirect_back(url_for('index')) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, session['username']) profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() flash('Your account is now linked to Facebook.') logger.info('Facebook auth linked for username {} ID {} ip {}'.format(user.username, session['facebook_id'], request.remote_addr)) return redirect(url_for('index')) return redirect_back(url_for('index'))
def admin_set_accesslevel(user, level): """ :URL: /admin/users/<user>/accesslevel/<level> Change a user's access level. The user requesting the access level change must be more privileged than the level they are setting. Redirects back if there was an error, otherwise redirects to the user's profile. """ pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect_back('index')
def link_facebook_account(username): pd = PageData() logger.info('Started Facebook auth for {} ({}), referrer was {}'.format( username, request.remote_addr, request.referrer)) if 'username' in session: try: user = SiteUser.create(session['username']) user.authenticate(request.form['password']) except (NoUser, AuthFail): flash( 'Authentication failed, please check your password and try again.' ) logger.info( 'Facebook auth link failed for username {} ip {}'.format( user.username, request.remote_addr)) return redirect_back(url_for('index')) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, session['username']) profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() flash('Your account is now linked to Facebook.') logger.info('Facebook auth linked for username {} ID {} ip {}'.format( user.username, session['facebook_id'], request.remote_addr)) return redirect(url_for('index')) return redirect_back(url_for('index'))
def newimg(): """ :URL: /newimg :Method: POST Upload a new image. """ pd = PageData() if request.method == 'POST': if 'img' in request.files: if request.form['title'] == '': title = request.files['img'].filename else: title = request.form['title'] if 'username' in session: userid = pd.authuser.uid else: userid = None img = new_img(request.files['img'], title, request.form['parent'], userid, request.remote_addr) if img: flash('Uploaded {}'.format(request.files['img'].filename)) return redirect_back('/image/' + str(img)) else: flash('An error occurred while processing {}'.format(request.files['img'].filename)) return redirect_back(url_for('index'))
def reparent(img_id): """ :URL: /reparent :Method: POST Reparent an image. """ pd = PageData() if request.method == 'POST': newid = request.form['parent'] try: img = core.SiteImage.create(img_id) item = core.SiteItem.create(newid) except (core.NoItem, core.NoImage): return page_not_found() if img: img.reparent(newid) return redirect_back('/image/' + str(img)) else: flash('Unable to reparent {}'.format(img_id)) return redirect_back(url_for('index'))
def login(): if request.method == 'POST': try: user = SiteUser.create(request.form['username']) except NoUser as e: flash('Login unsuccessful.') return redirect_back(url_for('index')) try: user.authenticate(request.form['password']) except (NoUser, AuthFail) as e: if user.accesslevel is 0: flash('Your account has been banned') session.pop('username', None) else: flash('Login unsuccessful.') return redirect_back(url_for('index')) user.seen() session['username'] = user.username session.permanent = True flash('You were successfully logged in') if not request.args.get('index'): return redirect_back(url_for('index')) else: return redirect(url_for('index')) return redirect(url_for('error'))
def edititem(item_id=None): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'desc' in request.form: if request.form['name'] == '': flash('No name for this item?') return redirect_back("/item/new") try: item = SiteItem.create(request.form['uid']) item_id = uid_by_item(request.form['name']) if not item_id or item_id == int(request.form['uid']): uid = request.form['uid'] ip = request.remote_addr if item.name != request.form['name']: item.name = request.form['name'] item.update() old = core.digest(item.body()) new = core.digest(request.form['desc']) # silently discard null edits if old != new: new_edit(uid, request.form['desc'], userid, ip) logger.info('item {} edited by user {} ({})'.format(uid, userid, ip)) else: logger.info('null edit discarded for item {} by user {} ({})'.format(uid, userid, ip)) return redirect('/item/' + str(uid)) else: flash(item.name + " already exists!") item_id = request.form['uid'] except NoItem: if uid_by_item(request.form['name']): flash(request.form['name'] + " already exists!") return redirect_back("/item/new") uid = new_item(request.form['name'], request.form['desc'], userid, request.remote_addr) return redirect('/item/' + str(uid)) if item_id: try: pd.item = SiteItem.create(item_id) except NoItem: return page_not_found() pd.title="Editing: %s" % pd.item.name else: pd.title="Editing: New Item" return render_template('edititem.html', pd=pd)
def editstring(): if request.method == 'POST': if 'text' in request.form: if request.form['text'] == '': return redirect_back('index') ss = SiteString('welcomebanner') ss.string = request.form['text'] ss.update() return redirect_back('index')
def edititem(item_id=None): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'desc' in request.form: if request.form['name'] == '': flash('No name for this item?') return redirect_back("/item/new") try: item = SiteItem.create(request.form['uid']) item_id = uid_by_item(request.form['name']) if not item_id or item_id == int(request.form['uid']): item.name = request.form['name'] item.update() # todo: check for null edits new_edit(request.form['uid'], request.form['desc'], userid, request.remote_addr) uid = request.form['uid'] flash('Edited item!') return redirect('/item/' + str(uid)) else: flash(item.name + " already exists!") item_id = request.form['uid'] except NoItem: if uid_by_item(request.form['name']): flash(request.form['name'] + " already exists!") return redirect_back("/item/new") uid = new_item(request.form['name'], request.form['desc'], userid, request.remote_addr) return redirect('/item/' + str(uid)) if item_id: try: pd.item = SiteItem.create(item_id) except NoItem: return page_not_found() pd.title = "Editing: %s" % pd.item.name else: pd.title = "Editing: New Item" return render_template('edititem.html', pd=pd)
def pm_action(username, messageid, action): """ :URL: /user/<username>/pm/<messageid>/<action> :Methods: GET, POST :Actions: * read * unread * delete * undelete Setting the accept:application/json header will return JSON instead of a redirect. """ pd = PageData() dmid = deobfuscate(messageid) if not 'username' in session or pd.authuser.username != username or dmid is None: return render_template('pm_error.html', pd=pd) pm = TradeMessage.create(dmid) if action == 'read': pm.read(pd.authuser.username) elif action == 'unread': pm.unread(pd.authuser.username) elif action == 'delete': pm.delete(pd.authuser.username) elif action == 'undelete': pm.undelete(pd.authuser.username) if request_wants_json(): return '{}' else: return redirect_back('/')
def new_facebook_user(): pd = PageData() logger.info('Started Facebook new user for {}, referrer was {}'.format( request.remote_addr, request.referrer)) if not check_new_user(request, nopass=True): pd.username = request.form['username'] pd.email = request.form['email'] return redirect_back(url_for('index')) password = ''.join(random.choice(string.printable) for _ in range(100)) if not new_user(request.form['username'], password, request.form['email'], request.remote_addr): return render_template('error.html', pd=pd) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, request.form['username']) try: user = SiteUser.create(request.form['username']) session['username'] = user.username profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() except (NoUser, AuthFail): return render_template('error.html', pd=pd) logger.info('New Facebook user {} ID {} ip {}'.format( user.username, session['facebook_id'], request.remote_addr)) flash('Welcome ' + request.form['username']) return redirect(url_for('index'))
def pm_action(username, messageid, action): """ :URL: /user/<username>/pm/<messageid>/<action> :Methods: GET :Actions: * read * unread * delete * undelete Setting the accept:application/json header will return JSON instead of a redirect. """ pd = PageData() dmid = deobfuscate(messageid) if not 'username' in session or pd.authuser.username != username or dmid is None: return render_template('pm_error.html', pd=pd) pm = TradeMessage.create(dmid) if action == 'read': pm.read(pd.authuser.username) elif action == 'unread': pm.unread(pd.authuser.username) elif action == 'delete': pm.delete(pd.authuser.username) elif action == 'undelete': pm.undelete(pd.authuser.username) if request_wants_json(): return '{}' else: return redirect_back('/')
def new_facebook_user(): pd = PageData(); logger.info('Started Facebook new user for {}, referrer was {}'.format(request.remote_addr, request.referrer)) if not check_new_user(request, nopass=True): pd.username = request.form['username'] pd.email = request.form['email'] return redirect_back(url_for('index')) password = ''.join(random.choice(string.printable) for _ in range(100)) if not new_user(request.form['username'], password, request.form['email'], request.remote_addr): return render_template('error.html', pd=pd) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, request.form['username']) try: user = SiteUser.create(request.form['username']) session['username'] = user.username profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() except (NoUser, AuthFail): return render_template('error.html', pd=pd) logger.info('New Facebook user {} ID {} ip {}'.format(user.username, session['facebook_id'], request.remote_addr)) flash('Welcome ' + request.form['username']) return redirect(url_for('index'))
def upload_error(): """ :URL: /upload_error On the main site any over-size uploads will be redirected here. Flash a message to the user and attempt to redirect_back() """ flash('Your upload is too large, please resize it and try again.') return redirect_back('error')
def itemaction(item_id, action): """ :URL: /item/<item_id>/<action> :Methods: GET, POST Update or query the logged in user's record for an item. If a POST request is received then the current record is returned instead of a redirect back to the previous page. Setting the accept:application/json header will always return JSON regardless of request type. :Allowed actions: * 'status' - Return the item's current status * 'have' - Mark an item as part of the user's collection * 'donthave' - Remove the item from the user's collection * 'show' - If the item is in the user's collection mark it as visible to others * 'hide' - If the item is in the user's collection hide it from others * 'willtrade' - Mark the item as available for trade * 'wonttrade' - Don't show this item as available for trade * 'want' - Add this item to the user's want list * 'dontwant ' - Remove this item from the user's want list :Sample record: .. code-block:: javascript {"hidden": 1, "want": 0, "have": 1, "willtrade": 0} """ try: user = SiteUser.create(session['username']) except (NoUser, KeyError): user = None def get_record(): return json.dumps(user.query_collection(item_id).values()) if action == 'status': if not user: return '{}' else: return get_record() if user: try: ownwant(item_id, user.uid, actions[action]) except (NoItem, KeyError, ValueError): return page_not_found() if request.method == 'POST' or request_wants_json(): return get_record() else: if request_wants_json(): return '{}', 400 flash('You must be logged in to have a collection') return redirect_back('/item/' + item_id)
def itemaction(item_id, action): """ :URL: /item/<item_id>/<action> :Methods: GET, POST Update or query the logged in user's record for an item. If a POST request is received then the current record is returned instead of a redirect back to the previous page. Setting the accept:application/json header will always return JSON regardless of request type. :Allowed actions: * 'status' - Return the item's current status * 'have' - Mark an item as part of the user's collection * 'donthave' - Remove the item from the user's collection * 'show' - If the item is in the user's collection mark it as visible to others * 'hide' - If the item is in the user's collection hide it from others * 'willtrade' - Mark the item as available for trade * 'wonttrade' - Don't show this item as available for trade * 'want' - Add this item to the user's want list * 'dontwant ' - Remove this item from the user's want list :Sample record: .. code-block:: javascript {"hidden": 1, "want": 0, "have": 1, "willtrade": 0} """ try: user = SiteUser.create(session['username']) except (NoUser, KeyError): user = None def get_record(): return json.dumps(user.query_collection(item_id).values()) if action == 'status': if not user: return '{}' else: return get_record() if user: try: ownwant(item_id, user.uid, actions[action]) except (NoItem, KeyError): return page_not_found() if request.method == 'POST' or request_wants_json(): return get_record() else: if request_wants_json(): return '{}', 400 flash('You must be logged in to have a collection') return redirect_back('/item/' + item_id)
def accepttradeitem(username, messageid, action, item=None): return page_not_found() pd = PageData() if not pd.authuser.username == username: return page_not_found() if 'username' in session: if item: try: ti = TradeItem(item) except NoItem: return page_not_found() if action == "accept": ti.accept() elif action == "reject": ti.reject() else: return page_not_found() else: try: t = TradeMessage.create(deobfuscate(messageid)) except NoItem: return page_not_found() if action == "settle": t.settle() elif action == "cancel": t.cancel() elif action == "reject": t.reject() elif action == "reopen": # FIXME pass elif action == "add": flash('Coming soon...') return redirect_back('/') else: return page_not_found() return redirect_back('index')
def pm(username): pd = PageData() try: pmuser = SiteUser.create(username) except (NoItem, NoUser): return page_not_found() if 'username' in session: if session['username'] == username: pd.profileuser = pmuser return render_template('profile/messages.html', pd=pd) else: pd.recipient = pmuser if request.method == 'POST': message = request.form['body'] subject = request.form['subject'] if 'parent' in request.form: parent = deobfuscate(request.form['parent']) else: parent = None if message and subject: messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject, message, None, parent) if messageid: flash('Message sent!') if parent: return redirect_back('/user/' + username + '/pm') else: return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate((messageid))) else: # TODO re-fill form flash('No message or subject') return redirect_back('/user/' + username + '/pm') return render_template('sendpm.html', pd=pd)
def editstring(): """ :URL: /admin/strings/edit :Method: POST Update a SiteString object. .. todo:: Only supports the welcome banner right now... not very useful. """ if request.method == 'POST': if 'text' in request.form: if request.form['text'] == '': return redirect_back('index') ss = SiteString('welcomebanner') ss.string = request.form['text'] ss.update() return redirect_back('index')
def logout(): for key in session.keys(): if 'facebook' not in key: session.pop(key, None) flash('You were successfully logged out') if not request.args.get('index'): return redirect_back(url_for('index')) else: return redirect(url_for('index'))
def newtag(): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'tag' in request.form: if request.form['tag'] == '': return redirect_back('index') try: Tags().retrieve(request.form['tag'].strip()) flash('Tag already exists!') except IndexError: Tags().insert_children([request.form['tag']], pd.decode(request.form['parent'])) return redirect_back('index')
def admin_reset_pw(user): pd = PageData() try: user = SiteUser.create(user) user.forgot_pw_reset(ip='0.0.0.0', admin=True) except NoUser: return page_not_found(404) flash('A new password has been e-mailed to ' + user.username + '.') return redirect_back('/admin')
def flag_image(img_id): pd = PageData() try: flagimg = SiteImage.create(img_id) flagimg.flag() except NoImage: return page_not_found(404) flash("The image has been flagged and will be reviewed by a moderator.") return redirect_back('index')
def mod_tag_delete(tag): pd = PageData() tree = Tags() decode_tag = pd.decode(tag) parent = tree.parent_of(decode_tag) if tree.delete(decode_tag): return redirect('/tag/' + pd.encode(parent)) else: flash('Unable to delete tag: ' + decode_tag) return redirect_back('/tag/' + tag)
def admin_set_accesslevel(user, level): pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect('/user/' + moduser.username)
def tagreparent(): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'reparent' in request.form: try: Tags().reparent(pd.decode(request.form['name']), pd.decode(request.form['reparent'])) except IndexError: flash('Error reparenting tag!') return redirect_back('index')
def searchitem(): pd = PageData() if request.method == 'POST': if 'query' in request.form: pd.query = request.form['query'] else: pd.query = request.args.get('query') if pd.query == '': return redirect_back('/') if pd.query is not None: pd.results = core.item_search(pd.query) if len(pd.results) == 0: pd.results = [None] return render_template('search.html', pd=pd)
def tagitem(): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'tag' in request.form: if request.form['tag'] == '': return redirect_back('index') try: item = SiteItem.create(request.form['uid']) item.add_tag(request.form['tag'][:64]) return redirect('/item/' + str(item.uid)) except NoItem: return page_not_found()
def admin_reset_pw(user): """ :URL: /admin/users/<user>/resetpw Reset the password for a user. Must be an admin. """ pd = PageData() try: user = SiteUser.create(user) user.forgot_pw_reset(ip='0.0.0.0', admin=True) except NoUser: return page_not_found() flash('A new password has been e-mailed to ' + user.username + '.') return redirect_back('/admin')
def flag_image(img_id): """ :URL: /image/<img_id>/flag Flag an image for review by a moderator. .. todo:: Add support for a note and record who flagged it. """ pd = PageData() try: flagimg = SiteImage.create(img_id) flagimg.flag() except NoImage: return page_not_found() flash("The image has been flagged and will be reviewed by a moderator.") return redirect_back('index')
def dontwant(item_id): update = dict(want=0) ownwant(item_id, update) return redirect_back('/item/' + item_id)
def inner(*args, **kwargs): #1 if not check_level(1): flash('Please log in, accounts are free!') return redirect_back(url_for('accessdenied')) else: return func(*args, **kwargs) #
def donthave(item_id): update = dict(willtrade=0, own=0) ownwant(item_id, update) return redirect_back('/item/' + item_id)
def fblogin(): """ :URL: /fbauth :Methods: GET Facebook auth callback URI """ logger.info('Started Facebook auth for {}, referrer was {}'.format( request.remote_addr, request.referrer)) try: facebook = OAuth2Session(FB_CLIENT_ID, redirect_uri=redirect_uri(), state=session['facebook_state']) facebook = facebook_compliance_fix(facebook) except KeyError: flash( 'Unable to log in via Facebook, do you have cookies enabled for this site?' ) logger.info('Failed to find Facebook state information for {}'.format( request.remote_addr)) return redirect_back(url_for('index')) try: token = facebook.fetch_token(token_url, client_secret=FB_SECRET_ID, authorization_response=request.url) response = facebook.get( 'https://graph.facebook.com/v2.5/me?fields=id,name,email').content except (MismatchingStateError, MissingTokenError) as e: flash( 'Facebook was not able to provide us with the information we need to authenticate your account.' ) logger.info('Facebook auth exception for {}: {}'.format( request.remote_addr, e)) return redirect_back(url_for('index')) decoded = json.loads(response) user_key = 'oauth-facebook-{}'.format(decoded['id']) try: username = SiteKey(user_key) user = SiteUser(username.value) if user.accesslevel is 0: flash('Your account has been banned') logger.info( 'Successful Facebook auth for {} but user is banned'.format( user.username)) session.pop('username', None) session.pop('facebook_id', None) username.delete() return redirect_back(url_for('index')) user.seen() session['username'] = user.username session['facebook_token'] = token session['facebook_id'] = decoded['id'] session['facebook_name'] = decoded['name'] session['facebook_email'] = decoded['email'] session.permanent = True # This profile update block won't be needed out of testing profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() # end block flash('You were successfully logged in') logger.info('Successful Facebook auth for {} (ID {})'.format( user.username, decoded['id'])) return redirect_back(url_for('index')) except NoKey: session['facebook_token'] = token session['facebook_id'] = decoded['id'] session['facebook_name'] = decoded['name'] session['facebook_email'] = decoded['email'] pd = PageData() pd.title = "Log in with Facebook" logger.info( 'Successful Facebook auth for ID {} but this person has no linked account' .format(decoded['id'])) return render_template('new_facebook_user.html', pd=pd) flash('Facebook authentication failed :(') logger.info('Facebook auth error for {}'.format(request.remote_addr)) return redirect_back(url_for('index'))
def edit_image(img_id): """ :URL: /image/<img_id>/edit Very basic image editor. Applies a list of operations to an image and either presents a preview back to the user or saves it to the database as a new image. """ pd = PageData() min_size = 200 try: img = SiteImageEditor(img_id) except NoImage: return page_not_found() preview = request.args.get('preview') save = request.args.get('save') pd.img = img pd.ops = '' pd.num_ops = 0 for op in range(1,20): command = request.args.get('op{}'.format(op)) if command: if command == 'rotate': degrees = request.args.get('op{}_degrees'.format(op)) try: degrees = int(degrees) except: return page_not_found() img.rotate(degrees) pd.ops = "{}&op{}=rotate&op{}_degrees={}".format(pd.ops, op, op, degrees) pd.num_ops = op elif command == 'crop': x1 = request.args.get('op{}_x1'.format(op)) y1 = request.args.get('op{}_y1'.format(op)) x2 = request.args.get('op{}_x2'.format(op)) y2 = request.args.get('op{}_y2'.format(op)) try: x1 = int(x1) y1 = int(y1) x2 = int(x2) y2 = int(y2) except: return page_not_found() new_width = x2 - x1 new_height = y2 - y1 if new_width < min_size: flash("The selection is too narrow, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size)) return redirect_back(url_for('index')) if new_height < min_size: flash("The selection is too short, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size)) return redirect_back(url_for('index')) img.crop(x1, y1, x2, y2) pd.ops = "{base}&op{op}=crop&op{op}_x1={x1}&op{op}_y1={y1}&op{op}_x2={x2}&op{op}_y2={y2}".format(base=pd.ops, op=op, x1=x1, y1=y1, x2=x2, y2=y2) pd.num_ops = op else: return page_not_found() if preview == 'true': return send_file(img.preview(), mimetype='image/jpeg') if save: if 'username' in session: userid = pd.authuser.uid else: userid = None new_img = img.save(userid, request.remote_addr) return redirect('/image/' + str(new_img)) return render_template('imageedit.html', pd=pd)
def logout(): # remove the username from the session if it's there session.pop('username', None) flash('You were successfully logged out') return redirect_back('index')
def willtrade(item_id): update = dict(own=1, hidden=0, willtrade=1) ownwant(item_id, update) return redirect_back('/item/' + item_id)
def upload_error(): flash('Your upload is too large, please resize it and try again.') return redirect_back('error')
def fblogin(): """ :URL: /fbauth :Methods: GET Facebook auth callback URI """ logger.info('Started Facebook auth for {}, referrer was {}'.format(request.remote_addr, request.referrer)) try: facebook = OAuth2Session(FB_CLIENT_ID, redirect_uri=redirect_uri(), state=session['facebook_state']) facebook = facebook_compliance_fix(facebook) except KeyError: flash('Unable to log in via Facebook, do you have cookies enabled for this site?') logger.info('Failed to find Facebook state information for {}'.format(request.remote_addr)) return redirect_back(url_for('index')) try: token = facebook.fetch_token(token_url, client_secret=FB_SECRET_ID, authorization_response=request.url) response = facebook.get('https://graph.facebook.com/v2.5/me?fields=id,name,email').content except (MismatchingStateError, MissingTokenError) as e: flash('Facebook was not able to provide us with the information we need to authenticate your account.') logger.info('Facebook auth exception for {}: {}'.format(request.remote_addr, e)) return redirect_back(url_for('index')) decoded = json.loads(response) user_key = 'oauth-facebook-{}'.format(decoded['id']) try: username = SiteKey(user_key) user = SiteUser(username.value) if user.accesslevel is 0: flash('Your account has been banned') logger.info('Successful Facebook auth for {} but user is banned'.format(user.username)) session.pop('username', None) session.pop('facebook_id', None) username.delete() return redirect_back(url_for('index')) user.seen() session['username'] = user.username session['facebook_token'] = token session['facebook_id'] = decoded['id'] session['facebook_name'] = decoded['name'] session['facebook_email'] = decoded['email'] session.permanent = True # This profile update block won't be needed out of testing profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() # end block flash('You were successfully logged in') logger.info('Successful Facebook auth for {} (ID {})'.format(user.username, decoded['id'])) return redirect_back(url_for('index')) except NoKey: session['facebook_token'] = token session['facebook_id'] = decoded['id'] session['facebook_name'] = decoded['name'] session['facebook_email'] = decoded['email'] pd = PageData(); pd.title = "Log in with Facebook" logger.info('Successful Facebook auth for ID {} but this person has no linked account'.format(decoded['id'])) return render_template('new_facebook_user.html', pd=pd) flash('Facebook authentication failed :(') logger.info('Facebook auth error for {}'.format(request.remote_addr)) return redirect_back(url_for('index'))
def trade(username, itemid=None, messageid=None): pd = PageData() status = messagestatus['unread_trade'] try: pd.tradeuser = SiteUser.create(username) except NoUser: return page_not_found(404) if 'username' in session: if request.method == 'POST': authuseritems = request.form.getlist('authuseritem') tradeuseritems = request.form.getlist('tradeuseritem') message = request.form['body'] subject = request.form['subject'] if 'parent' in request.form: parent = request.form['parent'] else: if messageid: parent = core.deobfuscate(messageid) messageid = parent status = messagestatus['unread_pm'] flashmsg = 'Message sent!' else: parent = None messageid = None flashmsg = 'Submitted trade request!' if message and subject: pmid = send_pm(pd.authuser.uid, pd.tradeuser.uid, subject, message, status, parent) if not messageid: messageid = pmid elif tradeuseritems or authuseritems: flashmsg = 'Trade updated' for item in authuseritems: add_tradeitem(item, messageid, pd.authuser.uid, tradeitemstatus['accepted']) for item in tradeuseritems: add_tradeitem(item, messageid, pd.tradeuser.uid, tradeitemstatus['unmarked']) flash(flashmsg) return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate(messageid)) if message == '': flash('Please add a message') return redirect_back('/') pd.title = "Trading with {}".format(username) try: pd.authuser.ownwant = pd.authuser.query_collection(itemid) except AttributeError: pass try: pd.tradeuser.ownwant = pd.tradeuser.query_collection(itemid) pd.item = SiteItem(itemid) except NoItem: if messageid: try: pd.trademessage = TradeMessage.create(deobfuscate(messageid)) except NoItem: return page_not_found(404) else: return page_not_found(404) return render_template('trade.html', pd=pd)