def viewAlbum(): cur = db_con() albumid = request.args.get("id") username = "" accessLevel = 2 if 'username' in session: if not session_exists_check(): prev = "/n5hyqyyzaor/pa2/album?id="+str(albumid) return render_template("login.html",back_url = prev) accessLevel = album_authen(session['username'],albumid) username = session['username'] if (accessLevel == 0): return redirect(url_for('main.index')) cur.execute("SELECT access FROM Album WHERE albumid = '"+albumid+"'") access = cur.fetchone()[0] if access == 'private': if not session_exists_check(): prev = "/album?id="+str(albumid) return render_template("login.html",back_url = prev) else : username = session["username"] options = {"edit": False, "canEdit":False} if accessLevel == 3: options["canEdit"] = True albumid = request.args.get("id") cur.execute("SELECT * FROM User") usrs = cur.fetchall() albumid = request.args.get("id") # check for invalid album id cur.execute("SELECT count(1) FROM Album WHERE albumid = '" + albumid +"'") result = cur.fetchone() if albumid == "" or result[0] == 0: return make_response(render_template('404.html'),404) cur.execute("SELECT * from Contain where albumid='" + albumid + "' ORDER BY sequencenum") rows = cur.fetchall() cur.execute("SELECT title FROM Album WHERE albumid='" + albumid + "'") title = cur.fetchone()[0] cur.execute("SELECT * from Photo INNER JOIN Contain on Photo.picid=Contain.picid where albumid= '" + albumid + "' ORDER BY sequencenum") thumb = cur.fetchall() cur.execute("SELECT username FROM Album WHERE albumid='" + albumid + "'") own = cur.fetchone()[0] resp = make_response(render_template("edit_album.html", albumOwner= own, zipped = zip(rows, thumb), users = usrs, user = username, pics=rows, id = albumid, albumTitle = title, **options)) if accessLevel != 2 : resp.set_cookie('lastactivity',str(time.time()) ) return resp
def myAlbums(): cur = db_con() if 'username' in session: if (not session_exists_check() ): prev = "/n5hyqyyzaor/pa2/albums" return render_template("login.html",back_url = prev) else: public_albums = display_public() return render_template("public_albums_of_all_users.html",album_list = public_albums) if(session_exists_check()): if (time.time() - float(request.cookies['lastactivity']) < duration): options = { "edit": False } username = session['username'] cur.execute("SELECT count(1) FROM User WHERE username = '******'") result = cur.fetchone() cur.execute("SELECT * from Album where username='******'") rows = cur.fetchall() resp = make_response(render_template("albums.html", user = username, album_list = rows, **options)) resp.set_cookie('lastactivity',str(time.time())) return resp else: return "a" else: prev = "/n5hyqyyzaor/pa2/albums"#?url="+url_for('main.edit_acc') return render_template("login.html",back_url = prev)
def myAlbumsEdit(): cur = db_con() options = { "edit": True } if not session_exists_check(): prev = "/n5hyqyyzaor/pa2/albums/edit" return render_template("login.html",back_url = prev) username = session['username'] if request.method == 'POST': op = request.form['op'] if(op == "add"): title = request.form['title'] #username = request.form['username'] i = datetime.now() strDate = i.strftime('%y-%m-%d') cur.execute("INSERT INTO Album(title, created, lastupdated, username, access) VALUES('" + title + "', '" + strDate + "', '" + strDate + "','" + username + "', 'private')") elif(op == "delete"): albumid = request.form['albumid'] cur.execute("SELECT * FROM Contain WHERE albumid='" + albumid + "'") pics = cur.fetchall() for pic in pics: # Remove from Contain cur.execute("DELETE FROM Contain WHERE picid='" + pic[1] + "'") # Remove phy files cur.execute("SELECT * FROM Photo WHERE picid='" + pic[1] + "'") row = cur.fetchone() os.remove(app.config['UPLOAD_FOLDER']+ row[1]) # Remove from Photo cur.execute("DELETE FROM Photo WHERE picid='" + pic[1] + "'") # Remove Access cur.execute("DELETE FROM AlbumAccess WHERE albumid='" + albumid + "'") # Remove Album cur.execute("DELETE FROM Album WHERE albumid='" + albumid + "'") cur.execute("SELECT * from Album where username='******'") rows = cur.fetchall() cur.execute("SELECT * from Album where username='******'") rows = cur.fetchall() # return render_template("albums.html", user = username, album_list = rows, **options) resp = make_response(render_template("albums.html", user = username, album_list = rows, **options)) resp.set_cookie('lastactivity',str(time.time())) return resp
def updateTime(albumid): cur = db_con() i = datetime.now() strDate = i.strftime('%y-%m-%d') cur.execute("UPDATE Album SET lastupdated='" + strDate + "' WHERE albumid='" + albumid + "'")