def dashboard():
if user_logged_in():
return render_template('dashboard.html',
links=get_current_user_links(session['user']),
user=get_current_user(),
url_not_valid=request.args.get('url_not_valid'))
return redirect(url_for('login'))
def register():
if user_logged_in():
return redirect(url_for('index'))
if request.method == 'POST':
name, email, password = request.form['name'], request.form[
'email'], request.form['password']
if db_user.find({'email': email}).count() > 0:
flash('User with these credentials already exists!', 'user_auth')
return redirect(url_for('login'))
if check_password(password) is None:
flash(
'Password should have Minimum eight characters, at least one uppercase letter, one lowercase letter, one number and one special character',
'user_auth')
return redirect(url_for('login'))
user = insert_by_key_value('user',
name=name,
password=password,
email=email,
is_verified=0)
send_account_verification_email(email, str(user.inserted_id))
flash(
'A verification email has been sent to your registered email account',
'email')
return redirect(url_for('login'))
return redirect('/login')
def item_new():
if 'username' not in login_session:
return redirect('/login')
try:
if request.method == 'POST' and request.form['title'] != "":
image = request.files['image']
image_filename = None
if allowed_file(image.filename):
image.save(
os.path.join(app.config['UPLOAD_FOLDER'], image.filename))
image_filename = image.filename
category = session.query(Category).filter_by(
name=request.form['category']).one()
if image_filename is None:
item = Item(title=request.form['title'],
description=request.form['description'],
category=category)
else:
item = Item(title=request.form['title'],
description=request.form['description'],
category=category,
picture=image_filename)
session.add(item)
session.commit()
return redirect(url_for('index'))
else:
categories = session.query(Category).all()
return render_template('item_add.html',
categories=categories,
login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def item_edit(item_id):
if 'username' not in login_session:
return redirect('/login')
try:
item = session.query(Item).filter_by(id=item_id).one()
if request.method == 'POST':
item.title = request.form['title']
item.description = request.form['description']
item_category = session.query(Category).filter_by(
name=request.form['category']).one()
item.category = item_category
image = request.files['image']
if allowed_file(image.filename):
os.remove(
os.path.join(app.config['UPLOAD_FOLDER'], item.picture))
image.save(
os.path.join(app.config['UPLOAD_FOLDER'], image.filename))
item.picture = image.filename
session.commit()
return redirect(url_for('index'))
else:
categories = session.query(Category).all()
return render_template('item_edit.html',
item=item,
categories=categories,
login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def category_items(category):
try:
category_item = session.query(Category).filter_by(name=category).one()
items = session.query(Item).filter_by(category=category_item)
return render_template('category_items.html', categories=get_all_categories(), items=items, curr_cat=category,
login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def delete_short_url(id):
if user_logged_in():
if request.method=='GET':
db_links.delete_one({'_id':ObjectId(id)})
update_cache_on_insert_or_delete_or_use(session['user'])
return redirect('/')
return redirect('/dashboard')
def category_items(category):
try:
category_item = session.query(Category).filter_by(name=category).one()
items = session.query(Item).filter_by(category=category_item)
return render_template('category_items.html',
categories=get_all_categories(),
items=items,
curr_cat=category,
login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def item_description(category, item):
try:
category_item = session.query(Category).filter_by(name=category).one()
item_content = session.query(Item).filter_by(category=category_item,
title=item).one()
return render_template('item_description.html',
item=item,
description=item_content.description,
item_id=item_content.id,
picture=item_content.picture,
login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def shorten_url():
#Access only if authenticated
if user_logged_in():
if request.method=='POST':
url = request.form['url']
if validate_url(url) is None:
return redirect(url_for('dashboard',url_not_valid=True))
requests.post('http://www.nanourl.xyz/api/link',json={'url':url},headers={'Authorization':get_user_api_token()})
update_cache_on_insert_or_delete_or_use(session['user'])
return redirect('/')
#On getting a GET request
return redirect('/')
return redirect('/login')
def login():
if user_logged_in():
return redirect('/')
if request.method == 'POST':
user = find_by_key_value('user',
email=request.form['email'],
password=request.form['password'])
if user is None:
flash('User with these credentials does not exists!', 'user_auth')
return redirect(url_for('login'))
if user['is_verified'] == 0:
flash('Your account hasnt been verified!', 'user_auth')
return redirect(url_for('login'))
else:
session['user'] = str(user['_id'])
return redirect('/')
return render_template('login.html')
def item_delete(item_id):
if 'username' not in login_session:
return redirect('/login')
try:
item = session.query(Item).filter_by(id=item_id).one()
if request.method == 'POST':
# test for csrf validity
token = login_session.pop('csrf_token', None)
if not token or token != request.form.get('csrf_token'):
abort(403)
else:
session.delete(item)
session.commit()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], item.picture))
return redirect(url_for('index'))
else:
return render_template('item_delete.html', item=item, login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def item_delete(item_id):
if 'username' not in login_session:
return redirect('/login')
item = session.query(Item).filter_by(id=item_id).one()
if request.method == 'POST':
# test for csrf validity
token = login_session.pop('csrf_token', None)
if not token or token != request.form.get('csrf_token'):
abort(403)
else:
session.delete(item)
session.commit()
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], item.picture))
return redirect(url_for('index', item_id=item_id))
else:
return render_template('item_delete.html',
item=item,
login_state=user_logged_in())
if Item.user_id != login_session['user_id']:
return "<script>function myFunction() {alert('You are not authorized to \
def item_delete(item_id):
if 'username' not in login_session:
return redirect('/login')
try:
item = session.query(Item).filter_by(id=item_id).one()
if request.method == 'POST':
# test for csrf validity
token = login_session.pop('csrf_token', None)
if not token or token != request.form.get('csrf_token'):
abort(403)
else:
session.delete(item)
session.commit()
os.remove(
os.path.join(app.config['UPLOAD_FOLDER'], item.picture))
return redirect(url_for('index'))
else:
return render_template('item_delete.html',
item=item,
login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def item_edit(item_id):
if 'username' not in login_session:
return redirect('/login')
try:
item = session.query(Item).filter_by(id=item_id).one()
if request.method == 'POST':
item.title = request.form['title']
item.description = request.form['description']
item_category = session.query(Category).filter_by(name=request.form['category']).one()
item.category = item_category
image = request.files['image']
if allowed_file(image.filename):
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], item.picture))
image.save(os.path.join(app.config['UPLOAD_FOLDER'], image.filename))
item.picture = image.filename
session.commit()
return redirect(url_for('index'))
else:
categories = session.query(Category).all()
return render_template('item_edit.html', item=item, categories=categories, login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def index():
items = session.query(Item).order_by(desc(Item.created_date))
return render_template('index.html', categories=get_all_categories(), items=items, login_state=user_logged_in())
def item_description(category, item):
try:
category_item = session.query(Category).filter_by(name=category).one()
item_content = session.query(Item).filter_by(category=category_item, title=item).one()
return render_template('item_description.html', item=item, description=item_content.description,
item_id=item_content.id, picture=item_content.picture, login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def item_new():
if 'username' not in login_session:
return redirect('/login')
try:
if request.method == 'POST' and request.form['title'] != "":
image = request.files['image']
image_filename = None
if allowed_file(image.filename):
image.save(os.path.join(app.config['UPLOAD_FOLDER'], image.filename))
image_filename = image.filename
category = session.query(Category).filter_by(name=request.form['category']).one()
if image_filename is None:
item = Item(title=request.form['title'], description=request.form['description'], category=category)
else:
item = Item(title=request.form['title'], description=request.form['description'], category=category,
picture=image_filename)
session.add(item)
session.commit()
return redirect(url_for('index'))
else:
categories = session.query(Category).all()
return render_template('item_add.html', categories=categories, login_state=user_logged_in())
except NoResultFound:
return redirect(url_for('index'))
def index():
if not user_logged_in():
return redirect(url_for('login'))
else:
return redirect(url_for('dashboard'))
def index():
items = session.query(Item).order_by(desc(Item.created_date))
return render_template('index.html',
categories=get_all_categories(),
items=items,
login_state=user_logged_in())
