Exemple #1
0
def delete_pending(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) != 2:
        return {"success": False, "msg": "Usage: delete_pending [puserId]\nDelete a pending user"}

    puserId = command[1]

    if puserId.isdigit():
        cur.execute(f"SELECT * FROM UserPending WHERE puserId = {puserId}")
        if len(cur.fetchall()) == 0:
            cur.execute(f"SELECT puserId FROM UserPending WHERE username = '******'")
            t = cur.fetchall()
            if len(t) == 0:
                return {"success": False, "msg": "User not found!"}
            else:
                puserId = t[0][0]
        else:
            puserId = int(puserId)
    else:
        cur.execute(f"SELECT puserId FROM UserPending WHERE username = '******'")
        t = cur.fetchall()
        if len(t) == 0:
            return {"success": False, "msg": "User not found!"}
        else:
            puserId = t[0][0]
        
    cur.execute(f"DELETE FROM UserPending WHERE puserId = {puserId}")
    cur.execute(f"DELETE FROM UserPendingToken WHERE puserId = {puserId}")
    conn.commit()

    return {"success": True, "msg": "User deleted!"}            
Exemple #2
0
async def apiClearDeleted(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys(
    ) or "userId" in form.keys() and (not form["userId"].isdigit()
                                      or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)

    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)

    cur.execute(
        f"SELECT questionId, question, answer, status FROM QuestionList WHERE userId = {userId} AND status = 3"
    )
    d = cur.fetchall()
    ts = int(time.time())
    cur.execute(
        f"DELETE FROM QuestionList WHERE userId = {userId} AND status = 3")
    for dd in d:
        cur.execute(
            f"DELETE FROM BookData WHERE userId = {userId} AND questionId = {dd[0]}"
        )
    conn.commit()

    return {"success": True}
def logout(userId, token):
    try:
        if not validateToken(userId, token):
            return True

        conn = newconn()
        cur = conn.cursor()

        ip = ""
        loginTime = 0
        expireTime = 0
        cur.execute(
            f"SELECT loginTime, expireTime, ip FROM ActiveUserLogin WHERE userId = {userId} AND token = '{token}'"
        )
        t = cur.fetchall()
        if len(t) > 0:
            loginTime = t[0][0]
            expireTime = t[0][1]
            ip = t[0][2]

        cur.execute(
            f"INSERT INTO UserSessionHistory VALUES ({userId}, {loginTime}, {expireTime}, 1, '{ip}')"
        )
        cur.execute(
            f"DELETE FROM ActiveUserLogin WHERE userId = {userId} AND token = '{token}'"
        )
        conn.commit()

        return True

    except:
        import traceback
        traceback.print_exc()
        global errcnt
        errcnt += 1
def updatePasswordTrialCount(userId, to, ts, ip):
    try:
        conn = newconn()
        cur = conn.cursor()
        cur.execute(f"SELECT count FROM PasswordTrial WHERE userId = {userId}")
        t = cur.fetchall()
        if len(t) == 0:
            if to == 0:

                return
            cur.execute(
                f"INSERT INTO PasswordTrial VALUES ({userId}, {to}, {ts}, '{ip}')"
            )
            conn.commit()
        else:
            if to == 0:
                cur.execute(
                    f"DELETE FROM PasswordTrial WHERE userId = {userId}")
                conn.commit()
            else:
                cur.execute(
                    f"UPDATE PasswordTrial SET count = {to} WHERE userId = {userId}"
                )
                cur.execute(
                    f"UPDATE PasswordTrial SET lastts = {ts} WHERE userId = {userId}"
                )
                conn.commit()

    except:
        global errcnt
        errcnt += 1
Exemple #5
0
def ban(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) < 3:
        return {"success": False, "msg": "Usage: ban [userId] [reason]\nBan account"}
    
    uid = 0
    if not command[1].isdigit():
        uid = usernameToUid(encode(command[1]))
    else:
        uid = int(command[1])
    if uid <= 0:
        return {"success": False, "msg": "Invalid user id!"}
    
    if uid == userId:
        return {"success": False, "msg": "You cannot ban yourself!"}

    cur.execute(f"SELECT userId FROM UserInfo WHERE userId = {uid}")
    if len(cur.fetchall()) == 0:
        cur.execute(f"SELECT userId FROM UserInfo WHERE userId = {-uid}")
        if len(cur.fetchall()) == 0:
            return {"success": False, "msg": "Account doesn't exist!"}
        else:
            return {"success": False, "msg": "Account already banned!"}

    reason = encode(" ".join(command[2:]))
    cur.execute(f"UPDATE UserInfo SET userId = {-uid} WHERE userId = {uid}")
    cur.execute(f"INSERT INTO BanReason VALUES ({uid}, '{reason}')")
    conn.commit()

    return {"success": True, "msg": f"Banned user {uid}"}
Exemple #6
0
async def apiSearchDiscovery(request: Request,
                             background_tasks: BackgroundTasks):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    ret = []

    global lst, lstupd
    if time.time() - lstupd > 30:
        if lstupd == 0:
            UpdateData()
        else:
            background_tasks.add_task(UpdateData)

    limit = form["search"][:32]
    limit = ''.join(e for e in limit if e.isalnum())
    limit = limit.replace(" ", "")

    if limit == "":
        for d in lst.keys():
            for dd in lst[d]:
                ret.append(dd)
        return {"result": ret}

    res = process.extract(limit, lst.keys(), limit=None)
    for d in res:
        if d[1] >= 10 and d[0] in lst.keys():
            for dd in lst[d[0]]:
                ret.append(dd)

    return {"result": ret}
def OPLimit(ip, endpoint, maxop = 5, timeout = 300):
    conn = newconn()
    cur = conn.cursor()

    ip = str(ip)

    ip = encode(ip)
    cur.execute(f"SELECT count, last FROM OPLimit WHERE ip = '{ip}' AND endpoint = '{endpoint}'")
    t = cur.fetchall()
    if len(t) == 0:
        cur.execute(f"INSERT INTO OPLimit VALUES ('{ip}', '{endpoint}', 1, {int(time.time())})")
        conn.commit()
        return False

    count = t[0][0]
    last = t[0][1]
    if last < time.time() - timeout:
        cur.execute(f"DELETE FROM OPLimit WHERE ip = '{ip}' AND endpoint = '{endpoint}'")
        cur.execute(f"INSERT INTO OPLimit VALUES ('{ip}', '{endpoint}', 1, {int(time.time())})")
        conn.commit()
        return False
    
    if count == maxop:
        return True
    
    cur.execute(f"UPDATE OPLimit SET count = count + 1 WHERE ip = '{ip}' AND endpoint = '{endpoint}'")
    cur.execute(f"UPDATE OPLimit SET last = '{int(time.time())}' WHERE ip = '{ip}' AND endpoint = '{endpoint}'")
    conn.commit()

    return False
Exemple #8
0
def get_user_count(userId, command):
    conn = newconn()
    cur = conn.cursor()
    cur.execute(f"SELECT COUNT(*) FROM UserInfo")
    tot = 0
    d = cur.fetchall()
    if len(d) != 0:
        tot = d[0][0]
        
    cur.execute(f"SELECT COUNT(*) FROM UserInfo WHERE userId > 0")
    cnt = 0
    d = cur.fetchall()
    if len(d) != 0:
        cnt = d[0][0]
    
    cur.execute(f"SELECT COUNT(*) FROM UserInfo WHERE username = '******'@deleted')}' AND userId > 0")
    deled = 0
    d = cur.fetchall()
    if len(d) != 0:
        deled = d[0][0]

    cur.execute(f"SELECT COUNT(*) FROM UserInfo WHERE userId < 0")
    banned = 0
    d = cur.fetchall()
    if len(d) != 0:
        banned = d[0][0]
    
    marked_deletion = sessions.CountDeletionMark()
    cnt -= marked_deletion
    
    return {"success": True, "msg": f"Total user: {tot}\nActive user: {cnt - deled}\nBanned / Banned & Deleted user: {banned}\nDisabled (Pending deletion) user: {marked_deletion}\nDeleted user: {deled}"}
Exemple #9
0
async def apiUserEvents(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys() or "userId" in form.keys() and (not form["userId"].isdigit() or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)
        
    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)
    
    page = int(form["page"])
    
    cur.execute(f"SELECT timestamp, msg FROM UserEvent WHERE userId = {userId} ORDER BY timestamp DESC")
    d = cur.fetchall()
    ret = []
    for dd in d:
        ret.append({"timestamp": dd[0], "msg": decode(dd[1])})
    
    if len(ret) <= (page - 1) * 20:
        return {"success": True, "notifications": [], "nextpage": -1}
    elif len(ret) <= page * 20:
        return {"success": True, "notifications": ret[(page - 1) * 20 :], "nextpage": -1}
    else:
        return {"success": True, "notifications": ret[(page - 1) * 20 : page * 20], "nextpage": page + 1}
Exemple #10
0
async def apiGroupMember(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys() or "userId" in form.keys() and (not form["userId"].isdigit() or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)

    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)

    groupId = int(form["groupId"])
    cur.execute(f"SELECT userId, isEditor FROM GroupMember WHERE groupId = {groupId}")
    d = cur.fetchall()
    if not (userId,0,) in d and not (userId,1,) in d:
        return {"success": False, "msg": f"You must be a member of the group before viewing its info."}

    info = None
    cur.execute(f"SELECT name, description, anonymous FROM GroupInfo WHERE groupId = {groupId}")
    t = cur.fetchall()
    if len(t) > 0:
        info = t[0]
    else:
        return {"success": False, "msg": "Group not found!"}

    return {"success": True, "name": decode(info[0]), "description": decode(info[1])}
Exemple #11
0
async def apiUserSessions(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys() or "userId" in form.keys() and (not form["userId"].isdigit() or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)
        
    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)
    
    ss = []
    cur.execute(f"SELECT loginTime, expireTime, ua, ip, token FROM ActiveUserLogin WHERE userId = {userId}")
    d = cur.fetchall()
    for dd in d:
        if dd[1] <= int(time.time()):
            cur.execute(f"DELETE FROM ActiveUserLogin WHERE token = '{dd[4]}' AND userId = {userId}")
        else:
            tk = dd[4]
            tk = tk[tk.find("-")+1:tk.find("-",tk.find("-")+1)]
            ss.append({"loginTime": dd[0], "expireTime": dd[1], "userAgent": decode(dd[2]), "ip": dd[3], "token": tk})
    
    return ss[::-1]
def checkAdmin(userId):
    conn = newconn()
    cur = conn.cursor()
    cur.execute(f"SELECT userId FROM AdminList WHERE userId = {userId}")
    if len(cur.fetchall()) == 0:
        return False
    return True
Exemple #13
0
def remove_name_tag(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) != 2:
        return {"success": False, "msg": "Usage: remove_name_tag [userId]"}

    uid = 0
    if not command[1].isdigit():
        uid = usernameToUid(encode(command[1]))
    else:
        uid = int(command[1])
    if uid == 0:
        return {"success": False, "msg": "Invalid user id!"}

    if checkBanned(uid):
        return {"success": False, "msg": "User has been banned!"}

    cur.execute(f"SELECT * FROM UserNameTag WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) == 0:
        return {"success": False, "msg": "User does not have a name tag!"}
    else:
        cur.execute(f"DELETE FROM UserNameTag WHERE userId = {uid}")
    conn.commit()

    return {"success": True, "msg": f"Removed nametag from user {uid}"}
Exemple #14
0
def add_admin(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) != 2:
        return {
            "success": False,
            "msg":
            "Usage: add_admin [userId]\nAdd [userId] to administrator list."
        }

    uid = 0
    if not command[1].isdigit():
        uid = usernameToUid(encode(command[1]))
    else:
        uid = int(command[1])
    if uid == 0:
        return {"success": False, "msg": "Invalid user id!"}

    if checkBanned(uid):
        return {"success": False, "msg": "User has been banned!"}

    cur.execute(f"SELECT userId FROM AdminList WHERE userId = {uid}")
    if len(cur.fetchall()) == 0:
        cur.execute(f"INSERT INTO AdminList VALUES ({uid})")
        conn.commit()
        return {
            "success": True,
            "msg": f"Added user {command[1]} to administrator list!"
        }

    else:
        return {
            "success": True,
            "msg": f"User {command[1]} is already an administrator!"
        }
Exemple #15
0
async def apiExportData(request: Request, background_tasks: BackgroundTasks):
    clearOutdated()
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys(
    ) or "userId" in form.keys() and (not form["userId"].isdigit()
                                      or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)

    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)

    global threads
    if threads >= 8:
        return {
            "success":
            False,
            "msg":
            "The server is handling too many download requests at this time! Try again later..."
        }

    exportType = form["exportType"]
    bookId = int(form["bookId"])
    tk = str(uuid.uuid4())
    global dataDownloadToken
    dataDownloadToken[tk] = (userId, exportType, bookId, int(time.time()), tk)
    background_tasks.add_task(prepareData, tk)

    return {"success": True, "token": tk}
Exemple #16
0
def unban(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) != 2:
        return {"success": False, "msg": "Usage: unban [userId]\nUnban account"}
    
    uid = 0
    if not command[1].isdigit():
        uid = abs(usernameToUid(encode(command[1])))
    else:
        uid = int(command[1])
    if uid == 0:
        return {"success": False, "msg": "Invalid user id!"}

    cur.execute(f"SELECT userId FROM UserInfo WHERE userId = {-uid}")
    if len(cur.fetchall()) == 0:
        return {"success": False, "msg": "Account isn't banned!"}
        
    else:
        cur.execute(f"SELECT userId FROM UserInfo WHERE userId = {-uid}")
        if len(cur.fetchall()) == 0:
            return {"success": False, "msg": "Account doesn't exist!"}
        else:
            cur.execute(f"UPDATE UserInfo SET userId = {uid} WHERE userId = {-uid}")
            cur.execute(f"DELETE FROM BanReason WHERE userId = {uid}")
            conn.commit()
            return {"success": True, "msg": f"Unbanned user {uid}"}
async def apiUserPendingGetInfo(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    puserId = int(form["puserId"])
    ptoken = form["ptoken"]

    if not ptoken.replace("-", "").isalnum():
        return {"success": False, "msg": "Invalid token!"}

    cur.execute(
        f"SELECT puserId FROM UserPendingToken WHERE puserId = {puserId} AND token = '{ptoken}'"
    )
    t = cur.fetchall()
    if len(t) == 0:
        return {"success": False, "msg": "Session expired!"}

    cur.execute(
        f"SELECT username, email FROM UserPending WHERE puserId = {puserId}")
    t = cur.fetchall()
    if len(t) == 0:
        return {"success": False, "msg": "Invalid token!"}
    username = decode(t[0][0])
    email = decode(t[0][1])

    return {"success": True, "username": username, "email": email}
Exemple #18
0
def mute(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) != 3:
        return {"success": False, "msg": "Usage: mute [userId] [duration]\nMute [userId] for [duration] days\nTo mute forever, set [duration] to -1"}

    uid = 0
    if not command[1].isdigit():
        uid = usernameToUid(encode(command[1]))
    else:
        uid = int(command[1])
    if uid == 0:
        return {"success": False, "msg": "Invalid user id!"}
    
    if checkBanned(uid):
        return {"success": False, "msg": "User has been banned!"}

    value = int(command[2])

    if uid == userId:
        return {"success": False, "msg": "You cannot mute yourself!"}

    if value != -1:
        value = int(time.time()) + 86400 * value

    cur.execute(f"SELECT * FROM Privilege WHERE userId = {uid} AND item = 'mute'")
    if len(cur.fetchall()) == 0:
        cur.execute(f"INSERT INTO Privilege VALUES ({uid}, 'mute', '{value}')")
    else:
        cur.execute(f"UPDATE Privilege SET value = '{value}' WHERE userId = {uid} AND item = 'mute'")
    conn.commit()

    return {"success": True, "msg": "User muted"}
Exemple #19
0
async def apiGetUserChart(uid: int, request: Request):
    ip = request.client.host
    conn = newconn()
    cur = conn.cursor()
    
    cur.execute(f"SELECT * FROM UserInfo WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) == 0:
        return {"success": False, "msg": "User not found!"}
    
    d1 = []
    batch = 3
    for i in range(30):
        cur.execute(f"SELECT COUNT(*) FROM ChallengeRecord WHERE userId = {uid} AND memorized = 1 AND timestamp >= {int(time.time()/86400+1)*86400 - 86400*batch*(i+1)} AND timestamp <= {int(time.time()/86400+1)*86400 - 86400*batch*i}")
        t = cur.fetchall()
        memorized = 0
        if len(t) > 0:
            memorized = t[0][0]

        cur.execute(f"SELECT COUNT(*) FROM ChallengeRecord WHERE userId = {uid} AND memorized = 0 AND timestamp >= {int(time.time()/86400+1)*86400 - 86400*batch*(i+1)} AND timestamp <= {int(time.time()/86400+1)*86400 - 86400*batch*i}")
        t = cur.fetchall()
        forgotten = 0
        if len(t) > 0:
            forgotten = t[0][0]
        
        d1.append({"index": 30 - i, "memorized": memorized, "forgotten": forgotten})
    
    d2 = []
    total_memorized = 0
    batch = 3
    for i in range(30):
        cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid} AND memorizedTimestamp != 0 AND memorizedTimestamp <= {int(time.time()/86400+1)*86400 - 86400*batch*i}")
        t = cur.fetchall()
        total = 0
        if len(t) > 0:
            total = t[0][0]
        total_memorized = max(total_memorized, total)
        d2.append({"index": 30 - i, "total": total})
    
    cnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) > 0:
        cnt = t[0][0]

    tagcnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid} AND status = 2")
    t = cur.fetchall()
    if len(t) > 0:
        tagcnt = t[0][0]

    delcnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid} AND status = 3")
    t = cur.fetchall()
    if len(t) > 0:
        delcnt = t[0][0]

    return {"success": True, "challenge_history": d1, "total_memorized_history": d2, "tag_cnt": tagcnt, "del_cnt": delcnt, "total_memorized": total_memorized, "total": cnt}
Exemple #20
0
def get_user_info(userId, command):
    conn = newconn()
    cur = conn.cursor()
    if len(command) != 2:
        return {"success": False, "msg": f"Usage: get_user_info [userId]\nGet detailed user info of [userId]"}
    
    uid = 0
    if not command[1].isdigit():
        uid = usernameToUid(encode(command[1]))
    else:
        uid = int(command[1])
    if uid == 0:
        return {"success": False, "msg": "Invalid user id!"}
    
    cur.execute(f"SELECT username, email, inviteCode, inviter FROM UserInfo WHERE userId = {uid}")
    d = cur.fetchall()
    banned = False
    if len(d) == 0:
        cur.execute(f"SELECT username, email, inviteCode, inviter FROM UserInfo WHERE userId = {-uid}") # check banned
        d = cur.fetchall()

        if len(d) == 0:
            return {"success": False, "msg": f"User not found!"}
        
        banned = True
    
    d = d[0]
    d = list(d)
    d[0] = decode(d[0])

    inviter = "Unknown"
    cur.execute(f"SELECT username FROM UserInfo WHERE userId = {d[3]}")
    t = cur.fetchall()
    if len(t) > 0:
        inviter = decode(t[0][0])
    if inviter == "default":
        inviter = "/"

    cnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {abs(uid)}")
    t = cur.fetchall()
    if len(t) > 0:
        cnt = t[0][0]

    regts = 0
    cur.execute(f"SELECT timestamp FROM UserEvent WHERE userId = {abs(uid)} AND event = 'register'")
    t = cur.fetchall()
    if len(t) > 0:
        regts = t[0][0]

    msg = ""
    if banned:
        msg += "Account has been banned\n"
    
    if sessions.CheckDeletionMark(uid):
        msg += "Account deactivated! and marked for deletion\n"

    return {"success": True, "msg": f"{d[0]} (UID: {uid})\nEmail: {decode(d[1])}\nInvitation Code: {d[2]}\nInviter: {inviter} (UID: {d[3]})\nQuestion Count: {cnt}\nAccount age: {CalculateAge(regts)} day(s)\n{msg}"}
Exemple #21
0
async def apiDeleteBook(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys() or "userId" in form.keys() and (not form["userId"].isdigit() or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)

    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)
    
    bookId = int(form["bookId"])
    cur.execute(f"SELECT name FROM Book WHERE userId = {userId} AND bookId = {bookId}")
    t = cur.fetchall()
    if len(t) == 0:
        return {"success": False, "msg": "Book does not exist!"}
    name = t[0][0]

    cur.execute(f"SELECT * FROM Discovery WHERE publisherId = {userId} AND bookId = {bookId} AND type = 1")
    if len(cur.fetchall()) != 0:
        return {"success": False, "msg": "Book published to Discovery! Unpublish it first before deleting the book."}
            
    groupId = -1
    cur.execute(f"SELECT groupId FROM GroupMember WHERE userId = {userId} AND bookId = {bookId}")
    d = cur.fetchall()
    if len(d) != 0:
        groupId = d[0][0]
    
    if groupId != -1:
        cur.execute(f"SELECT owner, name FROM GroupInfo WHERE groupId = {groupId}")
        d = cur.fetchall()
        if len(d) == 0:
            return {"success": False, "msg": "Group does not exist!"}
        owner = d[0][0]
        if userId == owner:
            return {"success": False, "msg": "You are the owner of the group. You have to transfer group ownership or dismiss the group before deleting the book."}
        name = d[0][1]
        
        cur.execute(f"DELETE FROM GroupSync WHERE groupId = {groupId} AND userId = {userId}")
        cur.execute(f"DELETE FROM GroupMember WHERE groupId = {groupId} AND userId = {userId}")
        cur.execute(f"INSERT INTO UserEvent VALUES ({userId}, 'quit_group', {int(time.time())}, '{encode(f'Quit group {decode(name)}')}')")
    
    removeAll = form["removeAll"]
    if removeAll:
        qs = getBookData(userId, bookId)
        for q in qs:
            cur.execute(f"DELETE FROM BookData WHERE userId = {userId} AND questionId = {q}")
            cur.execute(f"DELETE FROM QuestionList WHERE questionId = {q} AND userId = {userId}")

    cur.execute(f"DELETE FROM Book WHERE userId = {userId} AND bookId = {bookId}")
    cur.execute(f"INSERT INTO UserEvent VALUES ({userId}, 'delete_book', {int(time.time())}, '{encode(f'Deleted book {decode(name)}')}')")
    cur.execute(f"DELETE FROM BookData WHERE userId = {userId} AND bookId = {bookId}")
    conn.commit()

    return {"success": True}
def getBookId(userId, questionId):
    conn = newconn()
    cur = conn.cursor()
    cur.execute(f"SELECT bookId FROM BookData WHERE userId = {userId} AND questionId = {questionId}")
    t = cur.fetchall()
    ret = []
    for tt in t:
        ret.append(tt[0])
    return ret
def getQuestionCount(userId):
    conn = newconn()
    cur = conn.cursor()
    q = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {userId}")
    d = cur.fetchall()
    if len(d) > 0:
        q = d[0][0]
    conn.close()    
    return q
def usernameToUid(username):
    conn = newconn()
    cur = conn.cursor()
    cur.execute(f"SELECT userId FROM UserInfo WHERE username = '******'")
    t = cur.fetchall()
    conn.close()    
    if len(t) > 0:
        return t[0][0]
    else:
        return 0
Exemple #25
0
async def apiDiscoveryUpdate(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys(
    ) or "userId" in form.keys() and (not form["userId"].isdigit()
                                      or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)

    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)

    discoveryId = int(form["discoveryId"])
    title = encode(form["title"])
    description = encode(form["description"])

    if form["title"] == "" or form["description"] == "":
        return {
            "success": False,
            "msg": "Title and description must be filled!"
        }

    # allow admin to update
    cur.execute(f"SELECT userId FROM AdminList WHERE userId = {userId}")
    if len(cur.fetchall()) == 0:
        cur.execute(
            f"SELECT publisherId FROM Discovery WHERE discoveryId = {discoveryId}"
        )
        publisherId = 0
        t = cur.fetchall()
        if len(t) > 0:
            publisherId = t[0][0]
        if publisherId != userId:
            return {
                "success": False,
                "msg": "You are not the publisher of this post!"
            }

    if len(title) >= 256:
        return {"success": False, "msg": "Title too long!"}
    if len(description) >= 2048:
        return {"success": False, "msg": "Description too long!"}

    cur.execute(
        f"UPDATE Discovery SET title = '{title}' WHERE discoveryId = {discoveryId}"
    )
    cur.execute(
        f"UPDATE Discovery SET description = '{description}' WHERE discoveryId = {discoveryId}"
    )
    conn.commit()

    return {"success": True, "msg": "Discovery post updated!"}
Exemple #26
0
async def apiGroupPreview(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    
    groupCode = form["groupCode"]

    if groupCode.startswith("@"):
        groupCode = groupCode[1:]
    
    if not groupCode.isalnum():
        return {"success": False, "msg": "Invalid group code!"}

    cur.execute(f"SELECT groupId, owner, name, description FROM GroupInfo WHERE groupCode = '{groupCode}'")
    d = cur.fetchall()
    if len(d) == 0:
        return {"success": False, "msg": "Invalid group code!"}
    d = d[0]
    groupId = d[0]
    owner = d[1]
    name = decode(d[2])
    description = decode(d[3])

    memberCount = 0
    cur.execute(f"SELECT COUNT(*) FROM GroupMember WHERE groupId = {groupId}")
    t = cur.fetchall()
    if len(t) > 0:
        memberCount = t[0][0]
    
    ownerUsername = ""
    cur.execute(f"SELECT username FROM UserInfo WHERE userId = {owner}")
    t = cur.fetchall()
    if len(t) > 0:
        ownerUsername = decode(t[0][0])
    
    if ownerUsername != "@deleted" and owner != 0:
        cur.execute(f"SELECT tag, tagtype FROM UserNameTag WHERE userId = {abs(owner)}")
        t = cur.fetchall()
        if len(t) > 0:
            ownerUsername = f"<a href='/user/{owner}'><span class='username' style='color:{t[0][1]}'>{ownerUsername}</span></a> <span class='nametag' style='background-color:{t[0][1]}'>{decode(t[0][0])}</span>"
        else:
            ownerUsername = f"<a href='/user/{owner}'><span class='username'>{ownerUsername}</span></a>"
    
    cur.execute(f"SELECT question, answer FROM GroupQuestion WHERE groupId = {groupId}")
    d = cur.fetchall()
    da = {}
    for dd in d:
        da[decode(dd[0])] = {"question": decode(dd[0]), "answer": decode(dd[1])}
    ret = []
    for q in sorted(da.keys()):
        ret.append(da[q])
    ret = ret[:10]
    
    return {"success": True, "name": name, "description": description, "ownerUsername": ownerUsername, "memberCount": memberCount, "preview": ret}
Exemple #27
0
async def apiQuitGroup(request: Request):
    ip = request.client.host
    form = await request.form()
    conn = newconn()
    cur = conn.cursor()
    if not "userId" in form.keys() or not "token" in form.keys(
    ) or "userId" in form.keys() and (not form["userId"].isdigit()
                                      or int(form["userId"]) < 0):
        raise HTTPException(status_code=401)

    userId = int(form["userId"])
    token = form["token"]
    if not validateToken(userId, token):
        raise HTTPException(status_code=401)

    groupId = int(form["groupId"])

    cur.execute(
        f"SELECT * FROM GroupMember WHERE userId = {userId} AND groupId = {groupId}"
    )
    if len(cur.fetchall()) == 0:
        return {"success": False, "msg": "You are not in the group!"}

    cur.execute(f"SELECT owner, name FROM GroupInfo WHERE groupId = {groupId}")
    d = cur.fetchall()
    if len(d) == 0:
        return {"success": False, "msg": "Group does not exist!"}
    owner = d[0][0]
    if userId == owner:
        return {
            "success":
            False,
            "msg":
            "You are the owner of the group. You have to transfer group ownership before quiting the group."
        }
    name = d[0][1]

    cur.execute(
        f"DELETE FROM GroupSync WHERE groupId = {groupId} AND userId = {userId}"
    )
    cur.execute(
        f"DELETE FROM GroupMember WHERE groupId = {groupId} AND userId = {userId}"
    )
    cur.execute(
        f"INSERT INTO UserEvent VALUES ({userId}, 'quit_group', {int(time.time())}, '{encode(f'Quit group {decode(name)}')}')"
    )

    conn.commit()

    return {
        "success":
        True,
        "msg":
        "You have quit the group successfully! The book has became a local one."
    }
Exemple #28
0
async def apiGetUserPublicInfo(uid: int, request: Request):
    ip = request.client.host
    conn = newconn()
    cur = conn.cursor()
    
    cur.execute(f"SELECT username, bio FROM UserInfo WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) == 0 or uid < 0:
        return {"success": False, "msg": "User not found!"}
    username = decode(t[0][0])
    bio = decode(t[0][1])
    
    cnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) > 0:
        cnt = t[0][0]

    tagcnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid} AND status = 2")
    t = cur.fetchall()
    if len(t) > 0:
        tagcnt = t[0][0]

    delcnt = 0
    cur.execute(f"SELECT COUNT(*) FROM QuestionList WHERE userId = {uid} AND status = 3")
    t = cur.fetchall()
    if len(t) > 0:
        delcnt = t[0][0]

    chcnt = 0
    cur.execute(f"SELECT COUNT(*) FROM ChallengeRecord WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) > 0:
        chcnt = t[0][0]

    regts = 0
    cur.execute(f"SELECT timestamp FROM UserEvent WHERE userId = {uid} AND event = 'register'")
    t = cur.fetchall()
    if len(t) > 0:
        regts = t[0][0]

    isAdmin = False
    cur.execute(f"SELECT * FROM AdminList WHERE userId = {uid}")
    if len(cur.fetchall()) != 0:
        isAdmin = True

    cur.execute(f"SELECT tag, tagtype FROM UserNameTag WHERE userId = {uid}")
    t = cur.fetchall()
    if len(t) > 0:
        username = f"<a href='/user/{uid}'><span class='username' style='color:{t[0][1]}'>{username}</span></a> <span class='nametag' style='background-color:{t[0][1]}'>{decode(t[0][0])}</span>"
    else:
        username = f"<a href='/user/{uid}'><span class='username'>{username}</span></a>"

    return {"success": True, "username": username, "bio": bio, "cnt": cnt, "tagcnt": tagcnt, "delcnt": delcnt, "chcnt": chcnt, "age": CalculateAge(regts), "isAdmin": isAdmin}   
Exemple #29
0
def GetTop():
    conn = newconn()
    cur = conn.cursor()
    global top, toplst
    cur.execute(
        f"SELECT discoveryId FROM Discovery ORDER BY likes DESC LIMIT 3")
    t = cur.fetchall()
    top = []
    for tt in t:
        top.append(tt[0])
    toplst = int(time.time())
def updateQuestionStatus(userId, questionId, status):
    conn = newconn()
    cur = conn.cursor()
    cur.execute(f"SELECT COUNT(*) FROM StatusUpdate WHERE questionId = {questionId} AND userId = {userId}")
    d = cur.fetchall()
    questionUpdateId = 0
    if len(d) != 0:
        questionUpdateId = d[0][0]
    cur.execute(f"INSERT INTO StatusUpdate VALUES ({userId},{questionId},{questionUpdateId},{status},{int(time.time())})")
    conn.commit()
    conn.close()