def sql_add_review(): connection = sql_load() title = request.form['inputTitle'] date = time.strftime('%Y-%m-%d %H:%M:%S') rating = request.form['inputRating'] email = request.form['inputAuthorEmail'] text = request.form['inputText'] captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): author = sql_get_user_by_email(connection, email) cur = connection.cursor() cur.execute( "INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) " "VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text)) connection.commit() flask.session.modified = True flash("Post created!", 'success') return redirect(url_for("index")) else: flash('Sorry, bots are not allowed!', 'error') return redirect(url_for("index"))
def sql_user_password(): if not session['logged_in']: flash('You are not logged in!', 'error') return redirect(url_for("index")) connection = sql_load() cur = connection.cursor() current_password = request.form['CurrentPassword'] new_password = request.form['NewPassword'] email = session['sessionEmail'] encrypt = pwd_context.encrypt(new_password) captcha_response = request.form['g-recaptcha-response'] if not CheckPasswordRules(new_password): flash("Your password did not meet the validation rules!", 'error') return redirect(url_for("account")) if is_human(captcha_response): cur.execute("SELECT * FROM users WHERE email = ?", (email, )) data = cur.fetchone()[4] flask.session.modified = True if check_encrypted_password(current_password, data): cur.execute("UPDATE users SET password = ? WHERE email = ?", (encrypt, email)) connection.commit() flash("Password updated!", 'success') return redirect(url_for("account")) flash("Failed!", 'error') return redirect(url_for("account")) else: flash('Sorry, bots are not allowed!', 'error') return redirect(url_for("account"))
def sql_add_admin(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() email = request.form['inputEmailAdmin'] cur = connection.cursor() if sql_check_email(connection, email) == False: flash("Invalid email!", 'error') return redirect(url_for("index")) id = sql_get_user_by_email(connection, email) cur.execute("INSERT INTO admins (adminid) VALUES(?)", id) connection.commit() flask.session.modified = True flash("User " + email + " is now an admin!", 'success') return redirect(url_for("admin")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("admin"))
def sql_update_bio(): if not session['logged_in']: flash('You are not logged in!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() cur = connection.cursor() email = request.form['Email'] bio = request.form['Bio'] user_id = sql_get_user_by_email(connection, email) cur.execute("UPDATE users SET bio = ? WHERE userid = ?", (bio, user_id)) connection.commit() flask.session.modified = True flash("Bio updated!", 'success') return redirect(url_for("index")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("account"))
def sql_delete_user_by_id(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() id = request.form['inputIDDelete'] if session['sessionEmail'] == sql_get_email_by_id(connection, id): flash( 'You can not delete an account you are currently logged in with!', 'error') return redirect(url_for("index")) cur = connection.cursor() cur.execute("DELETE FROM users WHERE userid = ?", (id, )) connection.commit() flask.session.modified = True flash("Deleted user id " + id + "!", 'success') return redirect(url_for("admin")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("admin"))
def sql_trump_review(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) quotes = requests.get( 'https://api.whatdoestrumpthink.com/api/v1/quotes/random') quotes.json() trump = quotes.json()['message'] connection = sql_load() title = 'Donald Trump' date = time.strftime('%Y-%m-%d %H:%M:%S') rating = random.randint(1, 5) text = trump author = sql_get_user_by_email(connection, session['sessionEmail']) cur = connection.cursor() cur.execute( "INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) " "VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text)) connection.commit() flask.session.modified = True flash("Added Trump review!", 'success') return redirect(url_for("admin"))
def sql_delete_review(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() reviewid = request.form['reviewID'] cur = connection.cursor() cur.execute("DELETE FROM reviews WHERE reviewid = ?", (reviewid, )) connection.commit() flask.session.modified = True flash("Deleted review with ID of " + reviewid + "!", 'success') return redirect(url_for("index")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("index"))
def sql_add_user(): connection = sql_load() first = request.form['inputName'] last = request.form['inputSurname'] email = request.form['inputEmail'] password_original = request.form['inputPassword'] password = pwd_context.encrypt(password_original) captcha_response = request.form['g-recaptcha-response'] if not CheckPasswordRules(password): flash("Your password did not meet the validation rules!", 'error') return render_template("register.html") cur = connection.cursor() cur.execute("SELECT * FROM users WHERE email = ?", (email, )) if is_human(captcha_response): if cur.fetchone() == None: cur.execute( "INSERT INTO users (firstname, lastname, email, password) VALUES(?, ?, ?, ?)", (first, last, email, password)) connection.commit() session['logged_in'] = True session.permanent = True session['sessionEmail'] = email flash("Registration successful!", 'success') return redirect(url_for("index")) else: flash("Email address already in use!", 'error') return render_template("register.html") else: flash("Sorry, bots are not allowed!", 'error') return render_template("register.html")
def sql_get_review_author(reviewid): connection = sql_load() cur = connection.cursor() cur.execute("SELECT reviewauthor FROM reviews WHERE reviewid = " + str(reviewid)) result = cur.fetchall() return result[0][0]
def sql_get_public_user_data(userid): connection = sql_load() cur = connection.cursor() cur.execute("SELECT firstname, lastname, bio FROM users WHERE userid = " + str(userid)) result = cur.fetchall() return result
def sql_search_threads(term, reviews): connection = sql_load() rows = list(reviews) # holds all reviews list_of_lists = [list(elem) for elem in rows] relevant = [] for row2 in list_of_lists: # print(str(row2)) get_name = row2[4] get_rating = row2[3] author_name = sql_get_user_by_id(connection, get_name) if term in row2[5].lower( ): # if search is found in row[5] that holds review text author_id = row2[4] # print("test: " + str(test)) author_name = sql_get_user_by_id(connection, author_id) row2[4] = author_name relevant.append(row2) # add to empty list newly modified row elif term in row2[1].lower(): author_id = row2[4] author_name = sql_get_user_by_id(connection, author_id) row2[4] = author_name relevant.append(row2) # add to empty list newly modified row elif term in str(author_name).lower(): author_id = row2[4] author_name = sql_get_user_by_id(connection, author_id) row2[4] = author_name relevant.append(row2) # add to empty list newly modified row elif term in str(get_rating): author_id = row2[4] author_name = sql_get_user_by_id(connection, author_id) row2[4] = author_name relevant.append(row2) # add to empty list newly modified row return relevant
def sql_is_admin(email): connection = sql_load() cur = connection.cursor() id = sql_get_user_by_email(connection, email) cur.execute("SELECT adminid FROM admins WHERE adminid = ?", (id)) result = cur.fetchall() if not result: return False else: return True
def sql_get_comments(reviewid): connection = sql_load() cur = connection.cursor() cur.execute("SELECT commentuserid, commentdate, comment FROM comments WHERE commentreviewid = " + str(reviewid)) rows = list(cur) list_of_lists = [list(elem) for elem in rows] for row in list_of_lists: author_id = row[0] author_name = sql_get_user_by_id(connection, author_id) row[0] = author_name return list_of_lists
def search(): connection = sql_load() cur = connection.cursor() term = request.form['inputSearch'].lower( ) # holds what is entered in the search bar cur.execute("SELECT * FROM reviews") results = sql_search_threads( term, cur.fetchall()) # fetchall holds all reviews, term is what is sent in # the search bar flask.session.modified = True if not results or results == None: flash("No results", 'error') return redirect(url_for("index")) else: return render_template("search.html", reviews=results)
def sql_add_comment(): connection = sql_load() reviewid = request.form['commentReviewID'] email = request.form['commentEmail'] date = time.strftime('%Y-%m-%d %H:%M:%S') comment = request.form['comment'] userid = sql_get_user_by_email(connection, email) cur = connection.cursor() cur.execute( "INSERT INTO comments (commentreviewid, commentuserid, commentdate, comment) " "VALUES(?, ?, ?, ?)", (reviewid, userid, date, comment)) connection.commit() flash("Comment added!", 'success') return redirect(url_for("index"))
def sql_get_admins(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) connection = sql_load() cur = connection.cursor() cur.execute("SELECT adminid FROM admins") rows = cur.fetchall() flask.session.modified = True for row in rows: email = sql_get_email_by_id(connection, row[0]) flash('ID: ' + str(row[0]) + ' | Email: ' + ' ' + email, 'success') return redirect(url_for("admin"))
def login(): connection = sql_load() cur = connection.cursor() if request.method == "POST": email = request.form['inputEmail'] captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): if sql_check_email(connection, email) == False: try: check_encrypted_password( request.form['inputPassword'], "blah" ) #encrypt password so there's no time difference if username is wrong except: flash("Invalid credentials!", 'error') return redirect(url_for("index")) cur.execute("SELECT * FROM users WHERE email = ?", (email, )) data = cur.fetchone()[4] if check_encrypted_password(request.form['inputPassword'], data): session['logged_in'] = True session.permanent = True session['sessionEmail'] = request.form['inputEmail'] if sql_is_admin(session['sessionEmail']): session['admin'] = True flash("You are now logged in!", 'success') return redirect(url_for("index")) else: session['login_failures'] = session['login_failures'] + 1 login_failures = session['login_failures'] time.sleep(0.001 * 2**login_failures) flash("Invalid credentials!", 'error') else: flash('Sorry, bots are not allowed!', 'error') return render_template("login.html") return render_template("login.html")
def sql_delete_user(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) connection = sql_load() email = request.form['inputEmailDelete'] captcha_response = request.form['g-recaptcha-response'] if session['sessionEmail'] == email: flash( 'You can not delete an account you are currently logged in with!', 'error') return redirect(url_for("index")) if is_human(captcha_response): cur = connection.cursor() if sql_check_email(connection, email) == False: flash("Invalid email!", 'error') return redirect(url_for("index")) cur.execute("DELETE FROM users WHERE email = ?", (email, )) connection.commit() flask.session.modified = True flash("Deleted user " + email + "!", 'success') return redirect(url_for("admin")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("admin"))
def index(): connection = sql_load() load_reviews = sql_threads(connection) flask.session.modified = True return render_template("index.html", reviews=load_reviews)
def admin(): flask.session.modified = True sql_load() return render_template("admin.html")