def link_facebook_account(username):
pd = PageData()
logger.info('Started Facebook auth for {} ({}), referrer was {}'.format(
username, request.remote_addr, request.referrer))
if 'username' in session:
try:
user = SiteUser.create(session['username'])
user.authenticate(request.form['password'])
except (NoUser, AuthFail):
flash(
'Authentication failed, please check your password and try again.'
)
logger.info(
'Facebook auth link failed for username {} ip {}'.format(
user.username, request.remote_addr))
return redirect_back(url_for('index'))
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, session['username'])
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
flash('Your account is now linked to Facebook.')
logger.info('Facebook auth linked for username {} ID {} ip {}'.format(
user.username, session['facebook_id'], request.remote_addr))
return redirect(url_for('index'))
return redirect_back(url_for('index'))
def pm_action(username, messageid, action):
"""
:URL: /user/<username>/pm/<messageid>/<action>
:Methods: GET, POST
:Actions:
* read
* unread
* delete
* undelete
Setting the accept:application/json header will return JSON instead of a redirect.
"""
pd = PageData()
dmid = deobfuscate(messageid)
if not 'username' in session or pd.authuser.username != username or dmid is None:
return render_template('pm_error.html', pd=pd)
pm = TradeMessage.create(dmid)
if action == 'read':
pm.read(pd.authuser.username)
elif action == 'unread':
pm.unread(pd.authuser.username)
elif action == 'delete':
pm.delete(pd.authuser.username)
elif action == 'undelete':
pm.undelete(pd.authuser.username)
if request_wants_json():
return '{}'
else:
return redirect_back('/')
def new_facebook_user():
pd = PageData()
logger.info('Started Facebook new user for {}, referrer was {}'.format(
request.remote_addr, request.referrer))
if not check_new_user(request, nopass=True):
pd.username = request.form['username']
pd.email = request.form['email']
return redirect_back(url_for('index'))
password = ''.join(random.choice(string.printable) for _ in range(100))
if not new_user(request.form['username'], password, request.form['email'],
request.remote_addr):
return render_template('error.html', pd=pd)
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, request.form['username'])
try:
user = SiteUser.create(request.form['username'])
session['username'] = user.username
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
except (NoUser, AuthFail):
return render_template('error.html', pd=pd)
logger.info('New Facebook user {} ID {} ip {}'.format(
user.username, session['facebook_id'], request.remote_addr))
flash('Welcome ' + request.form['username'])
return redirect(url_for('index'))
def show_item(item_id, edit=None):
pd = PageData()
if item_id is 'new':
return redirect("/item/" + item_id + "/edit")
try:
showitem = SiteItem(item_id)
if edit:
showitem.old = True
showitem.description = edit
showitem.description_html = markdown.markdown(
escape_html(str(showitem.body(edit))), md_extensions)
except NoItem:
return page_not_found(404)
if 'username' in session:
try:
user = SiteUser.create(session['username'])
pd.iteminfo = user.query_collection(showitem.uid)
except (NoUser, NoItem):
pass
pd.title = showitem.name
pd.item = showitem
return render_template('item.html', pd=pd)
def admin_set_accesslevel(user, level):
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(
level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' +
pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def newimg():
"""
:URL: /newimg
:Method: POST
Upload a new image.
"""
pd = PageData()
if request.method == 'POST':
if 'img' in request.files:
if request.form['title'] == '':
title = request.files['img'].filename
else:
title = request.form['title']
if 'username' in session:
userid = pd.authuser.uid
else:
userid = None
img = new_img(request.files['img'], title, request.form['parent'],
userid, request.remote_addr)
if img:
flash('Uploaded {}'.format(request.files['img'].filename))
return redirect_back('/image/' + str(img))
else:
flash('An error occurred while processing {}'.format(
request.files['img'].filename))
return redirect_back(url_for('index'))
def emailupdate():
pd = PageData()
if 'username' in session:
if request.method == 'POST':
try:
user = SiteUser.create(session['username'])
except NoUser:
return render_template('error.html', pd=pd)
try:
user.authenticate(request.form['password'])
except AuthFail:
flash("Please check your current password and try again")
return redirect('/user/' + user.username)
email = request.form['email']
if not re.match("[^@]+@[^@]+\.[^@]+", request.form['email']):
flash("Invalid email address")
return redirect('/user/' + user.username)
user.newemail(email)
flash("Your email address has been changed.")
return redirect('/user/' + user.username)
return redirect(url_for('index'))
def mod_img(image, scale=2):
pd = PageData()
pd.scale = float(scale)
try:
modimg = SiteImage.create(image)
except NoImage:
return page_not_found()
pd.image = modimg
try:
sql = 'select uid name from items where uid = %(uid)s;'
pd.parent = doquery(sql, {"uid": modimg.parent})[0][0]
sql = 'select * from imgmods where imgid = %(uid)s;'
result = doquery(sql, {"uid": modimg.uid})
if result[0][3] is None:
user = '******'
else:
user = user_by_uid(result[0][3])
pd.moduser = user
except IndexError:
return page_not_found()
pd.ascii = SiteImage.create(modimg.uid).ascii(scale=pd.scale)
return render_template('mod_img.html', pd=pd)
def updateprefs(username):
pd = PageData()
if 'username' in session:
ret = False
if request.method == 'POST':
try:
user = SiteUser.create(session['username'])
profile = user.profile()
except NoUser:
return render_template('error.html', pd=pd)
if request.form['timezone'] in pytz.common_timezones:
logger.info('timezone updated for for {}'.format(username))
profile.profile['timezone'] = request.form['timezone']
profile.profile['summary'] = request.form['summary']
profile.profile['gameday'] = request.form['gameday']
profile.profile['whitewhale'] = request.form['whitewhale']
profile.update()
flash("Your profile has been updated.")
logger.info('profile updated for for {}'.format(username))
return redirect('/user/' + user.username)
return redirect(url_for('index'))
def admin_set_accesslevel(user, level):
"""
:URL: /admin/users/<user>/accesslevel/<level>
Change a user's access level. The user requesting the access level change must be more privileged
than the level they are setting.
Redirects back if there was an error, otherwise redirects to the user's profile.
"""
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(
level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' +
pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def untag_item(item_id, tag_ob):
try:
item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd = PageData()
item.remove_tag(pd.decode(tag_ob))
return redirect('/item/' + str(item.uid))
def show_image(img_id):
pd = PageData()
try:
pd.img = SiteImage.create(img_id)
pd.title = pd.img.tag
except NoImage:
return page_not_found(404)
return render_template('image.html', pd=pd)
def show_user_profile(username):
pd = PageData()
pd.title = "Profile for " + username
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/main.html', pd=pd)
def mod_ban_user(user):
pd = PageData()
pd.title = "Banning user " + user
pd.accessreq = 10
pd.conftext = "Banning user " + user
pd.conftarget = "/admin/users/" + user + "/accesslevel/0"
pd.conflinktext = "Yup, I'm sure."
return render_template('confirm.html', pd=pd)
def stats():
pd = PageData()
pd.title = "Scarf Stats"
pd.topcollectors = get_whores_table()
pd.topcontributors = get_contribs_table()
pd.topneedy = get_needy_table()
pd.topwilltrade = get_willtrade_table()
return render_template('stats.html', pd=pd)
def show_user_profile(username):
pd = PageData()
pd.title = "Profile for " + username
pd.timezones = get_timezones()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found(404)
return render_template('profile.html', pd=pd)
def dashboard():
ds = act.getDebts(session['id'])[:5]
if ds is not None:
ds = ds[:5]
ts = act.getTransactions(session['id'])
if ts is not None:
ts = ts[:5]
return render_template('dashboard.html',
page=PageData('dashboard', 'Dashboard'),
transactions=ts,
debts=ds)
def mod_tag_delete(tag):
pd = PageData()
tree = Tags()
decode_tag = pd.decode(tag)
parent = tree.parent_of(decode_tag)
if tree.delete(decode_tag):
return redirect('/tag/' + pd.encode(parent))
else:
flash('Unable to delete tag: ' + decode_tag)
return redirect_back('/tag/' + tag)
def mod_img_approve(imageid):
pd = PageData()
try:
modimg = SiteImage.create(imageid)
except NoImage:
flash('Error during moderation')
return redirect(url_for('moderate'))
modimg.approve()
return redirect(url_for('moderate'))
def show_item_history(item_id):
pd = PageData()
try:
showitem = SiteItem.create(item_id)
except NoItem:
return redirect("/item/" + item_id + "/edit")
pd.title = showitem.name
pd.item = showitem
return render_template('itemhistory.html', pd=pd)
def flag_image(img_id):
pd = PageData()
try:
flagimg = SiteImage.create(img_id)
flagimg.flag()
except NoImage:
return page_not_found(404)
flash("The image has been flagged and will be reviewed by a moderator.")
return redirect_back('index')
def admin_reset_pw(user):
pd = PageData()
try:
user = SiteUser.create(user)
user.forgot_pw_reset(ip='0.0.0.0', admin=True)
except NoUser:
return page_not_found(404)
flash('A new password has been e-mailed to ' + user.username + '.')
return redirect_back('/admin')
def edititem(item_id=None):
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'desc' in request.form:
if request.form['name'] == '':
flash('No name for this item?')
return redirect_back("/item/new")
try:
item = SiteItem.create(request.form['uid'])
item_id = uid_by_item(request.form['name'])
if not item_id or item_id == int(request.form['uid']):
item.name = request.form['name']
item.update()
# todo: check for null edits
new_edit(request.form['uid'], request.form['desc'], userid,
request.remote_addr)
uid = request.form['uid']
flash('Edited item!')
return redirect('/item/' + str(uid))
else:
flash(item.name + " already exists!")
item_id = request.form['uid']
except NoItem:
if uid_by_item(request.form['name']):
flash(request.form['name'] + " already exists!")
return redirect_back("/item/new")
uid = new_item(request.form['name'], request.form['desc'],
userid, request.remote_addr)
return redirect('/item/' + str(uid))
if item_id:
try:
pd.item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd.title = "Editing: %s" % pd.item.name
else:
pd.title = "Editing: New Item"
return render_template('edititem.html', pd=pd)
def show_user_profile_prefs(username):
pd = PageData()
pd.title = "Preferences for " + username
pd.timezones = get_timezones()
if not hasattr(pd, 'authuser') or pd.authuser.username != username:
return page_not_found()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/preferences.html', pd=pd)
def check_level(level):
pd = PageData()
if 'username' not in session:
logger.info('check_level failed: no session')
return False
if pd.authuser.accesslevel < level:
logger.info('check_level failed for {}: {} < {}'.format(
session['username'], pd.authuser.accesslevel, level))
return False
else:
logger.info('check_level succeeded for {} ({}): {}'.format(
session['username'], pd.authuser.accesslevel, level))
return True
def show_user_profile_collections(username):
pd = PageData()
pd.title = "Collections for " + username
pd.timezones = get_timezones()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
if pd.profileuser.accesslevel == 0:
return page_not_found()
return render_template('profile/collections.html', pd=pd)
def reallydelete_image(img_id):
pd = PageData()
try:
delimg = SiteImage.create(img_id)
delimg.delete()
except NoImage:
return page_not_found(404)
pd.title = delimg.tag + " has been deleted"
pd.accessreq = 10
pd.conftext = delimg.tag + " has been deleted. I hope you meant to do that."
pd.conftarget = ""
pd.conflinktext = ""
return render_template('confirm.html', pd=pd)
def show_image(img_id):
"""
:URL: /image/<img_id>
Render a template for viewing an image.
"""
pd = PageData()
try:
pd.img = SiteImage.create(img_id)
pd.title = pd.img.tag
except NoImage:
return page_not_found()
return render_template('image.html', pd=pd)
def delete_item(item_id):
try:
delitem = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd = PageData()
pd.title = delitem.name
pd.accessreq = 255
pd.conftext = "Deleting item " + delitem.name + ". This will also delete all trades but not the associated PMs. If this item has open trades you are going to confuse people. Are you really sure you want to do this?"
pd.conftarget = "/item/" + str(delitem.uid) + "/reallydelete"
pd.conflinktext = "Yup, I'm sure"
return render_template('confirm.html', pd=pd)
def revert_item_edit(item_id, edit):
pd = PageData()
try:
item = SiteItem.create(item_id)
item.old = True
item.edit = edit
except NoItem:
return page_not_found()
pd.title = "Reverting: " + item.name
pd.item_name = item.name
pd.item = item
return render_template('edititem.html', pd=pd)