def post(self, *args, **kwargs): value = self.get_argument('val', None) action = self.get_argument('action', None) csrf_token = self.get_argument('csrf_token', None) # Sanitize Input if value is not None: restricted_words = ['<script>', '<p>', '</p>'] for x in restricted_words: value = value.replace(x, '') if value == '': value = None if value is not None and action is not None and csrf_token is not None: db = Database() user, mod = db.get_username(csrf_token) if user is not None and not db.is_banned(user): # Add message if action == 'add': line_id, date = db.save_message(user, value) response = {'user': user, 'action': action, 'val': value, 'line': line_id, 'online': len(SOCKETS)} data = json.dumps(response) for socket in SOCKETS: socket.write_message(data) self.write('Added') # Add private message if action == 'pvt_msg': username = self.get_argument('username', None) line_id, date = db.save_pvt_message(user, username, value) response = {'user': user, 'action': action, 'val': value, 'username': username, 'line': line_id, 'online': len(SOCKETS)} data = json.dumps(response) for socket in SOCKETS: socket.write_message(data) self.write('Added') #Remove message if action == 'remove': response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)} data = json.dumps(response) if int(mod) == 1: db.remove_message(value) for socket in SOCKETS: socket.write_message(data) self.write('Remove command issued') else: self.write('Permission denied') # Remove all messages if action == 'remove_all': response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)} data = json.dumps(response) if int(mod) == 1: db.remove_all_messages(value) for socket in SOCKETS: socket.write_message(data) self.write('Removed all messages') else: self.write('Permission denied') # Ban user if action == 'ban': response = {'user': user, 'action': action, 'val': value, 'online': len(SOCKETS)} data = json.dumps(response) if int(mod) == 1: db.ban_user(value) for socket in SOCKETS: socket.write_message(data) self.write('Removed all messages') else: self.write('Permission denied') else: self.write('Invalid Value') else: self.write('No user found')