def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if form.is_valid():
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#A1 - Injection (SQLi)
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)"
% (name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id + '/',
{'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render_to_response('taskManager/upload.html', {'form': form},
RequestContext(request))
def profile_by_id(request, user_id):
user = User.objects.get(pk=user_id)
if request.method == 'POST':
form = ProfileForm(request.POST, request.FILES)
if form.is_valid():
print("made it!")
if request.POST.get('username') != user.username:
user.username = request.POST.get('username')
if request.POST.get('first_name') != user.first_name:
user.first_name = request.POST.get('first_name')
if request.POST.get('last_name') != user.last_name:
user.last_name = request.POST.get('last_name')
if request.POST.get('email') != user.email:
user.email = request.POST.get('email')
if request.POST.get('password'):
user.set_password(request.POST.get('password'))
if request.FILES:
user.userprofile.image = store_uploaded_file(
user.username + "." +
request.FILES['picture'].name.split(".")[-1],
request.FILES['picture'])
user.userprofile.save()
user.save()
messages.info(request, "User Updated")
return render(request, 'taskManager/profile.html', {'user': user})
def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if form.is_valid():
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#A1 - Injection (SQLi)
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)" %
(name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id +
'/', {'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render_to_response(
'taskManager/upload.html', {'form': form}, RequestContext(request))
def profile_by_id(request, user_id):
user = User.objects.get(pk=user_id)
if request.method == 'POST':
form = ProfileForm(request.POST, request.FILES)
if len(request.POST.get('dob')) > 8:
raise Exception("Birthday does not match format")
if form.is_valid():
if request.POST.get('first_name') != user.first_name:
user.first_name = request.POST.get('first_name')
if request.POST.get('last_name') != user.last_name:
user.last_name = request.POST.get('last_name')
if request.POST.get('email') != user.email:
user.email = request.POST.get('email')
if request.POST.get('dob') != user.userprofile.dob:
user.userprofile.dob = request.POST.get('dob')
user.userprofile.save()
if request.POST.get('password'):
user.set_password(request.POST.get('password'))
if request.FILES:
user.userprofile.image = store_uploaded_file(
user.get_full_name() + "." +
request.FILES['picture'].name.split(".")[-1],
request.FILES['picture'])
user.userprofile.save()
user.save()
messages.info(request, "User Updated")
return render(request, 'taskManager/profile.html', {'user': user})
def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if (form.is_valid()) and (proj.users_assigned.filter(
id=request.user.id).exists()):
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#Insert file details into the database
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ( %s, %s, %s)",
(name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id + '/project_details/',
{'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render(request, 'taskManager/upload.html', {'form': form})
def profile_by_id(request, user_id):
user = User.objects.get(pk=user_id)
if request.method == 'POST':
form = ProfileForm(request.POST, request.FILES)
if form.is_valid():
print("made it!")
if request.POST.get('username') != user.username:
user.username = request.POST.get('username')
if request.POST.get('first_name') != user.first_name:
user.first_name = request.POST.get('first_name')
if request.POST.get('last_name') != user.last_name:
user.last_name = request.POST.get('last_name')
if request.POST.get('email') != user.email:
user.email = request.POST.get('email')
if request.POST.get('password'):
user.set_password(request.POST.get('password'))
if request.FILES:
user.userprofile.image = store_uploaded_file(user.username
+ "." + request.FILES['picture'].name.split(".")[-1], request.FILES['picture'])
user.userprofile.save()
user.save()
messages.info(request, "User Updated")
return render(request, 'taskManager/profile.html', {'user': user})
def upload(request, project_id):
logger.info('User %s upload %s' % (request.user.username,project_id))
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
## kind of janky, you have to subimt a file and file by url, I wasn't sure how to get the form to validate
if (form.is_valid()) and (proj.users_assigned.filter(id=request.user.id).exists()):
if request.POST.get('url', False) != None:
name = request.POST.get('name', False)
url = request.POST.get('url', False)
response = requests.get(url, timeout=15) #making request for image
_file = response.content # taking response content and storing it in _file var
content_type = response.headers["Content-Type"]
if "image" in content_type:
upload_path = store_url_data(url, _file)
else:
messages.warning(request, "Error in URL Upload")
# I don't know how to return the data _file.decode("utf-8")
return render(request, 'taskManager/upload.html', {'data': (_file.decode("utf-8"),"Good effort but we can't give you everything!")["security-credentials" in url] , 'name': name, 'url': url })
else:
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#Insert file details into the database
curs = connection.cursor()
curs.execute(
"insert into taskManager_file (name,path,project_id) values (%s, %s, %s)",
(name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id +
'/project_details/', {'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render(
request, 'taskManager/upload.html', {'form': form})
