def delete_post(postid):
c, conn = connect()
logEvent(
"post delete",
"%s(%d),%s(%d)" % (session['username'], int(
session['userid']), get_post_by_id(postid)['title'], int(postid)))
c.execute("DELETE FROM posts WHERE userid=%s AND postid=%s",
(int(session['userid']), int(postid)))
conn.commit()
close(c, conn)
return postid
def publish_post(postid):
c, conn = connect()
c.execute("UPDATE posts SET published=1 WHERE postid=%s and userid=%s",
(int(postid), int(session['userid'])))
conn.commit()
close(c, conn)
logEvent(
"post publish",
"%s(%d),%s(%d)" % (session['username'], int(
session['userid']), get_post_by_id(postid)['title'], int(postid)))
return postid
def update_post(postid, **d):
c, conn = connect()
x = {
'title': '',
'content': '',
'description': '',
'categories': [],
'tags': ''
}
x.update(d)
a = 0
qstr = ""
data = []
for i in x:
if not (x[i] == "" or x[i] is None or x[i] == []):
a = 1
if i in ('title', 'description', 'content', 'tags', 'published'):
qstr += (i + "=%s,")
data.append(thwart(x[i]))
if a == 0:
return -1
data.append(int(session['userid']))
data.append(int(postid))
c.execute(
"UPDATE posts SET " + qstr +
" modified_date=CURRENT_TIMESTAMP WHERE userid= %s AND postid=%s",
data)
c.execute("SELECT category FROM post_category WHERE postid=%s",
(int(postid), ))
cats = c.fetchall()
cats = set([i['category'] for i in cats])
if 'categories' in x:
cats2 = set(x['categories'])
rm = cats - cats2
for i in rm:
c.execute(
"DELETE FROM post_category WHERE postid=%s and category=%s",
(int(postid), i))
ad = cats2 - cats
for i in ad:
c.execute("INSERT INTO post_category values(%s, %s)",
(int(postid), i))
conn.commit()
close(c, conn)
logEvent(
"post update",
"%s(%d),%s(%d)" % (session['username'], int(
session['userid']), get_post_by_id(postid)['title'], int(postid)))
return postid
def register_user(username, email, password):
c, conn = connect()
tusername, temail = thwart(username), thwart(email)
n = c.execute("SELECT * FROM users WHERE username=%s OR email=%s",
(tusername, temail))
if n > 0:
return 0
password = sha256_crypt.encrypt(password)
c.execute(
"INSERT INTO users (username,email,passwordhash) values (%s,%s,%s)",
(tusername, temail, thwart(password)))
conn.commit()
c.execute("SELECT userid FROM users WHERE username=%s", (tusername, ))
userid = c.fetchone()['userid']
set_login_session(userid, username, email)
close(c, conn)
logEvent("user register",
"%s(%d)" % (session['username'], int(session['userid'])))
return userid
def login(username, password, remember=False):
c, conn = connect()
res = c.execute("SELECT * FROM users WHERE (username=%s OR email=%s)",
(thwart(username), thwart(username)))
ret = 0
if res > 0:
print('a')
row = c.fetchone()
if sha256_crypt.verify(password, row['passwordhash']):
# login successful, set session vars.
set_login_session(row['userid'], row['username'], row['email'])
c.execute("UPDATE users SET last_login=CURRENT_TIMESTAMP")
conn.commit()
ret = 1
close(c, conn)
logEvent("user login",
"%s(%d)" % (session['username'], int(session['userid'])))
return ret
def create_post(**d):
a = 0
x = {
'title': '',
'content': '',
'description': '',
'categories': ['.'],
'tags': ''
}
x.update(d)
for i in x:
if not (x[i] == "" or x[i] is None or x[i] == ['.'] or x[i] == []):
a = 1
break
if a == 0:
return -1
c, conn = connect()
c.execute(
"INSERT INTO posts (userid,title,content,description,tags) values (%s,%s,%s,%s,%s)",
(int(session['userid']), thwart(x['title']), thwart(
x['content']), thwart(x['description']), thwart(x['tags'])))
c.execute("SELECT LAST_INSERT_ID() as id")
postid = c.fetchone()['id']
if 'categories' in x:
for cat in x['categories']:
c.execute("INSERT INTO post_category values(%s,%s)",
(int(postid), thwart(cat)))
conn.commit()
close(c, conn)
logEvent(
"post create",
"%s(%d),%s(%d)" % (session['username'], int(
session['userid']), get_post_by_id(postid)['title'], int(postid)))
return postid