Example #1
0
def discusView(topic_id="NULL"):
    if request.method == 'POST':
        return newreply.post(topic_id)
    return view.render(topic_id, None)
Example #2
0
def post(type, id):
    if not session['loggedUser']:
        return abort(401)
    query = None
    redirectTo = None
    result = None
    form = None

    cursor = g.db.cursor()
    if type == "topic":
        form = EditTopicForm(request.form)
        if not form.validate():
            cursor.close()
            g.db.commit()
            return view.render(id, None, editTopicForm=form)
        query = 'SELECT poster_id FROM Topic WHERE id = %s'
        cursor.execute(query, [id])
        result = cursor.fetchone()[0]
        redirectTo = "/topics/view/" + str(id) + "/"
    elif type == "reply":

        query = 'SELECT poster_id, topic_id FROM Reply WHERE id = %s'
        cursor.execute(query, [id])
        get = cursor.fetchone()
        if len(request.form['content']) < 1 or len(request.form['content']) > 5000:
            cursor.close()
            g.db.commit()
            return redirect('/topics/view/' + str(get[1]))
        result = get[0]
        redirectTo = "/topics/view/" + str(get[1]) + "/"
    elif type == "password":
        id = session['loggedUser'][0]
        form = EditPasswordForm(request.form)
        if not form.validate():
            return renderPassword(form)
        query = 'SELECT password FROM RegUser WHERE id = %s'
        cursor.execute(query, [id])
        get = cursor.fetchone()
        if not str(get[0]) == bcrypt.hashpw(str(form['oldpassword'].data), str(get[0])):
            cursor.close()
            g.db.commit()
            return renderPassword(form, error=u'Väärä salasana')
        result = id
        redirectTo = "/topics/"

    if not result == session['loggedUser'][0]:
        return abort(401)

    if type == "topic":
        query = 'UPDATE Topic SET title = %s, content = %s WHERE id =%s'
        cursor.execute(query, [form['title'].data, form['content'].data, id])
    elif type == "reply":
        query = 'UPDATE Reply SET content = %s WHERE id =%s'
        cursor.execute(query, [request.form['content'], id])
    elif type == "password":
        password = bcrypt.hashpw(str(form['newpassword'].data), bcrypt.gensalt())
        query = 'UPDATE RegUser SET password = %s WHERE id =%s'
        cursor.execute(query, [password, id])


    cursor.close()
    g.db.commit()
    return redirect(redirectTo)