def load_posts_to_be_reviewed(): if g.user: if g.user['admin'] == 1: posts = get_db().execute( 'SELECT * FROM post WHERE reviewed = 1' ).fetchall() g.postcount = len(posts)
def register(): # when user submitted form if request.method == 'POST': username = request.form['username'] password = request.form['password'] confirm = request.form['confirm'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' elif not password == confirm: error = 'Passwords must match.' elif db.execute('SELECT id FROM user WHERE name = ?', (username, )).fetchone() is not None: error = 'User {} is already registered.'.format(username) if error is None: # insert new user in database db.execute('INSERT INTO user (name, password) VALUES (?, ?)', (username, generate_password_hash(password))) print("User inserted") db.commit() # redirect to login view return redirect(url_for('auth.login')) flash(error) # render register template return render_template('auth/register.html')
def search(): if request.method == 'POST': db = get_db() query = request.form['query'] error = None results = None if not query: error = "Type your search query above." if error is None: results = db.execute( 'SELECT * FROM post, user WHERE content LIKE ? AND user.id = post.uid AND post.reviewed == 0', ('%' + query + '%', )).fetchall() if results is None: error = 'We couldnt find anything matching your query' if error is None: return render_template('search/results.html', results=results, page=0) flash(error) return render_template('search/results.html')
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE name = ?', (username, )).fetchone() if user is None: error = "Incorrect username." elif not check_password_hash(user['password'], password): error = "Incorrect password." if error is None: session.clear() if user['admin'] == 1: session['admin'] = True else: session['admin'] = False session['user_id'] = user['id'] from . import user return redirect(url_for('user.show_profile', id=session['user_id'])) flash(error) return render_template('auth/login.html')
def get_user(id): user = get_db().execute('SELECT * FROM user WHERE id = ?', (id, )).fetchone() if user is None: abort(404, 'User with id {} doesn\'t exist.'.format(id)) return user
def follows(fid, uid): db = get_db() if db.execute('SELECT * FROM follows WHERE fid = ? AND uid = ?', (fid, uid)).fetchone() is not None: return True else: return False
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def release_post(pid): db = get_db() db.execute( 'UPDATE post SET reviewed = 0 WHERE pid = ?', (pid,) ) db.commit() message = "Released post!" flash(message) return redirect(url_for('admin.admin_panel'))
def delete_post(pid): db = get_db() db.execute( 'DELETE FROM post WHERE pid = ?', (pid,) ) db.commit() message="Deleted post!" flash(message) return redirect(url_for('admin.admin_panel'))
def edit_user(id): user = get_user(id) if request.method == 'POST': username = request.form['username'] desc = request.form['desc'] role = request.form['role'] adminPwd = request.form['adminPwd'] db = get_db() error = None file = None imgAdded = False # check if the post request has the file part if 'file' in request.files: f = request.files['file'] filename = secure_filename(f.filename) filetype = filename.rsplit('.', 1)[1].lower() f.save(os.path.join(current_app.config['UPLOAD_FOLDER'], str(g.user["id"])+"."+filetype)) imgAdded = True if not check_password_hash(g.user['password'], adminPwd): error = 'Incorrect admin password. Correct password required to edit user.' if error is None: if username is not "": db.execute( 'UPDATE user SET name = ? WHERE id = ?', (username, id,) ) if desc is not "": db.execute( 'UPDATE user SET descrip = ? WHERE id = ?', (desc, id,) ) if imgAdded: db.execute( 'UPDATE user SET avatar = 1 WHERE id = ?', (id,) ) if role == 'restricted': db.execute( 'UPDATE user SET restricted = 1 WHERE id = ?', (id,) ) if role == 'admin': db.execute( 'UPDATE user SET admin = 1 WHERE id = ?', (id,) ) db.commit() return redirect(url_for('user.show_profile', id = user['id'])) flash(error) return render_template('admin/edituser.html', user = user)
def delete(id): db = get_db() db.execute( 'DELETE FROM user WHERE id = ?', (id,) ) db.commit() message = "Deleted user!" flash(message) return redirect(url_for('admin.user_view'))
def show_profile(id): db = get_db() user = get_user(id) following = follows(g.user['id'], user['id']) posts = db.execute( 'SELECT * FROM post, user WHERE uid = ? AND user.id = ? AND reviewed = 0 ORDER BY created DESC', (id, id)).fetchall() return render_template('user/profile.html', user=user, follows=following, posts=posts)
def admin_panel(page=0): db = get_db() postcount = g.postcount pagecount = int(postcount / 5 + 1) posts = db.execute( 'SELECT * FROM post JOIN user WHERE post.uid = user.id AND post.reviewed = 1 ORDER BY created DESC LIMIT 5 OFFSET ?', (str(page*5),) ).fetchall() return render_template('admin/panel.html', posts = posts, pagecount=pagecount, page=page)
def user_view(sort='id.asc'): db = get_db() sortBy = sort.split('.')[0] sortOrder = sort.split('.')[1] if sortBy not in ['id', 'name', 'follower', 'registered']: sortBy = 'id' if sortOrder not in ['asc', 'desc']: sortOrder = 'asc' query = 'SELECT * FROM user AS u LEFT OUTER JOIN (SELECT uid, count(uid) AS follower FROM follows GROUP BY uid) AS f ON u.id = f.uid ORDER BY {} {}'.format(sortBy, sortOrder) users = db.execute( query ).fetchall() return render_template('admin/userview.html', users = users, sort='{}.{}'.format(sortBy, sortOrder))
def unfollow(id): user = get_user(id) #if no user is logged in, redirect to login if not g.user: return redirect(url_for('auth.login')) #else add follower to user db = get_db() db.execute('DELETE FROM follows WHERE fid = ? AND uid = ?', (g.user['id'], user['id'])) db.commit() return redirect(url_for('user.show_profile', id=user['id']))
def delete(id): db = get_db() error = None post = db.execute('SELECT * FROM post where pid = ?', (id, )).fetchone() if post is not None: if post['uid'] == g.user['id']: db.execute('DELETE FROM post WHERE pid = ?', (id, )) db.commit() return redirect(url_for('blog.feedpage', page=0)) else: error = "Cannot delete others posts." else: error = "Post does not exist." flash(error) return redirect(url_for('blog.feedpage', page=0))
def unrestrict(id): db = get_db() user = get_user(id) error = None if user['restricted'] != 1: error = "User already unrestricted." if error is None: db.execute( 'UPDATE user SET restricted = 0 WHERE id = ?', (id,) ) db.commit() return redirect(url_for('admin.user_view')) flash(error) return redirect(url_for('admin.user_view'))
def strip(id): db=get_db() user = get_user(id) error = None if user['admin'] != 1: error = 'User has no admin rights.' if error is None: db.execute( 'UPDATE user SET admin = 0 WHERE id = ?', (id,) ) db.commit() return redirect(url_for('admin.user_view')) flash(error) return redirect(url_for('admin.user_view'))
def create(): db = get_db() if request.method == 'POST': content = request.form['content'] error = None if not content: error = "Content is required." if error is None: db.execute( 'INSERT INTO post(uid, content, reviewed) VALUES (?, ?, ?)', (g.user['id'], content, g.user['restricted'])) db.commit() return redirect(url_for('user.show_profile', id=g.user['id'])) flash(error) return render_template('blog/create.html')
def promote(id): db=get_db() user = get_user(id) error = None if user['restricted'] == 1: error = 'Cannot promote restricted user.' elif user['admin'] == 1: error = 'User is already an admin.' if error is None: db.execute( 'UPDATE user SET admin = 1 WHERE id = ?', (id,) ) db.commit() return redirect(url_for('admin.user_view')) flash(error) return redirect(url_for('admin.user_view'))
def feedpage(page): db = get_db() error = None allPosts = db.execute( 'SELECT * FROM post NATURAL JOIN (SELECT uid FROM follows WHERE fid = ?) JOIN user WHERE user.id = post.uid AND reviewed = 0', (g.user['id'], )).fetchall() pagecount = int(len(allPosts) / 5) + 1 order = request.args.get("order") if order == "asc": posts = db.execute( 'SELECT * FROM post NATURAL JOIN (SELECT uid FROM follows WHERE fid = ?) JOIN user WHERE user.id = post.uid AND reviewed = 0 ORDER BY created ASC LIMIT 5 OFFSET ?', (g.user['id'], str(page * 5))).fetchall() else: posts = db.execute( 'SELECT * FROM post NATURAL JOIN (SELECT uid FROM follows WHERE fid = ?) JOIN user WHERE user.id = post.uid AND reviewed = 0 ORDER BY created DESC LIMIT 5 OFFSET ?', (g.user['id'], str(page * 5))).fetchall() if posts is None: error = "No posts available." if error is None: if order == "asc": return render_template('blog/index.html', posts=posts, page=page, pagecount=pagecount, order="asc") else: return render_template('blog/index.html', posts=posts, page=page, pagecount=pagecount, order="desc") flash(error) return render_template('blog/index.html')
def searchrefined(): if request.method == 'POST': db = get_db() username = request.form['username'] contentcontains = request.form['contentcontains'] error = None if user is None and contentcontains is None: error = "You must enter some values for refined search." if error is None: if contentcontains is None and username is not None: results = db.execute( 'SELECT * FROM post, user WHERE name LIKE ? AND user.id = post.uid', ('%' + username + '%', )).fetchall() elif contentcontains is not None and username is None: results = db.execute( 'SELECT * FROM post, user WHERE content LIKE ? AND user.id = post.uid', ('%' + contentcontains + '%', )).fetchall() else: results = db.execute( 'SELECT * FROM post, user WHERE name LIKE ? AND content LIKE ? AND user.id = post.uid', ( '%' + username + '%', '%' + contentcontains + '%', )).fetchall() if results is None: error = 'We couldnt find anything matching your query' if error is None: return render_template('search/results.html', results=results, page=0) flash(error) return render_template('search/results.html')
def follow(id): user = get_user(id) error = None #if no user is logged in, redirect to login if not g.user: return redirect(url_for('auth.login')) #else add follower to user db = get_db() if db.execute('SELECT * FROM follows where fid = ? AND uid = ?', (g.user['id'], user['id'])).fetchone() is not None: error = 'You are already following {}'.format(user['name']) if error is None: db.execute('INSERT INTO follows (fid, uid) VALUES (?, ?)', (g.user['id'], user['id'])) db.commit() return redirect(url_for('user.show_profile', id=user['id'])) flash(error) return redirect(url_for('user.show_profile', id=user['id']))
def edit_user(id): user = get_user(id) if request.method != 'POST': session['descrip'] = user['descrip'] session['name'] = user['name'] session['admin'] = user['admin'] session['restricted'] = user['restricted'] print('descrip saved in session') if request.method == 'POST': errorTransaction = None changedAttributes = [] if session['descrip'] != user['descrip']: changedAttributes.append('description') if session['name'] != user['name']: changedAttributes.append('username') if session['admin'] != user['admin']: changedAttributes.append('admin rights') if session['restricted'] != user['restricted']: changedAttributes.append('restricted user') if changedAttributes != []: errorTransaction = "{} {}".format( "The following attributes were changed by an admin:", ', '.join('%s' % attribute for attribute in tuple(changedAttributes))) flash(errorTransaction) username = request.form['username'] desc = request.form['desc'] newPwd = request.form['newPwd'] confirm = request.form['confirm'] db = get_db() error = None file = None imgAdded = False # check if the post request has the file part if 'file' in request.files: f = request.files['file'] filename = secure_filename(f.filename) filetype = filename.rsplit('.', 1)[1].lower() f.save( os.path.join(current_app.config['UPLOAD_FOLDER'], str(g.user["id"]) + "." + filetype)) imgAdded = True if not confirm: error = 'Password is required to confirm.' elif not check_password_hash(user['password'], confirm): error = 'Incorrect password.' if error is None: if username is not "": db.execute('UPDATE user SET name = ? WHERE id = ?', ( username, id, )) if desc is not "": db.execute('UPDATE user SET descrip = ? WHERE id = ?', ( desc, id, )) if newPwd is not "": db.execute('UPDATE user SET password = ? WHERE id = ?', ( generate_password_hash(newPwd), id, )) if imgAdded: db.execute('UPDATE user SET avatar = ? WHERE id = ?', ( 1, id, )) db.commit() return redirect(url_for('user.show_profile', id=user['id'])) flash(error) if g.user['id'] == id: return render_template('user/edit.html', user=user) else: return redirect(url_for('blog.feedpage'))