def edit(username):
"""
编辑 users
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
if request.method == 'GET':
form = PeopleEditForm(next=request.args.get('next', None), id=id, obj=user)
else:
form = PeopleEditForm(next=request.args.get('next', None), id=id)
if form.validate_on_submit():
# 获取指定的表单数据
form.populate_obj(user)
# 保存数据
UserService.update(user)
flash(_("Modify success"), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
next_url = url_for('people.show', username=username)
return redirect(next_url)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
statistic = EntryService.get_statistic_by_author_id(user.id)
return render_template("people/edit.html", form=form, people=user, statistic=statistic, form_id=user.id)
def batch_fake_account():
"""
批量注册假账号
邮箱
@return:
"""
if request.method == 'GET':
form = BatchFakeAcountForm(next=request.args.get('next', None))
else:
form = BatchFakeAcountForm(next=request.args.get('next', None))
if form.validate_on_submit():
# 获取指定的表单数据
email_list = request.form.get('email_list', None)
_list = email_list.replace(' ','').split('\r\n')
for email in _list:
try:
username = email.split('@')[0]
user = UserService.get_by_username(username)
if user:
username = username + '_' + timestamp()
user = UserService.get_by_nickname(username)
if user:
username = username + '_' + timestamp()
user = UserService.get_by_email(email)
if user:
continue
user = User()
user.email = email
user.username = username
user.nickname = user.username
user.role = UserRole.moderator
user.password = '******' % len(user.username)
user.joined_ip = get_remote_ip()
user.homepage = ''
# 保存数据
id = UserService.signup(user)
except Exception, e:
raise e
return render_template("account/batch_fake_account_finsh.html", form=form)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
def change_passwd(username):
"""
改变密码
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
if request.method == 'GET':
form = ChangePasswordForm(next=request.args.get('next', None),
id=user.id,
obj=user)
else:
form = ChangePasswordForm(next=request.args.get('next', None),
id=user.id)
if form.validate_on_submit():
# 获取指定的表单数据
form.populate_obj(user)
# 保存数据
result = UserService.update_pwd_by_id(user.id, user.password)
if result:
flash(_("Modify success"), "success")
else:
flash(_("This old password is error"), "failed")
return render_template("people/change_passwd.html",
people=user,
statistic=statistic,
form=form,
form_id=user.id)
return render_template("people/change_passwd_success.html",
people=user,
statistic=statistic,
form=form,
form_id=user.id)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
return render_template("people/change_passwd.html",
people=user,
statistic=statistic,
form=form,
form_id=user.id)
def message(username):
"""
显示个人消息
"""
query, sort, order, page = query_condition()
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
record_total, page_total, messages_list = MessageService(
).getlist_by_receiver_id(user.id, page, sort, order)
current_entry_type = 'message'
return render_template("people/%s.html" % current_entry_type,
current_entry_type=current_entry_type,
messages_list=messages_list,
record_total=record_total,
page_total=page_total,
current_page=page,
page_url='/%s/%s/%s/index' %
(URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def comment(username):
query, sort, order, page = query_condition()
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
record_total, page_total, comments_list = CommentService.getlist_by_author_id(
user.id, page, sort, order)
# for comment in comments_list:
# entry = EntryService.get_by_id(comment.entry_id)
# comment.entry_title = entry.title
# # http://127.0.0.1:5000/article/5.html#comment-90
# comment.entry_url = url_for('portal.entry', slug=entry.slug)+ "#comment-%d" % comment.id
current_entry_type = 'comment'
return render_template("people/%s.html" % current_entry_type,
current_entry_type=current_entry_type,
comments_list=comments_list,
record_total=record_total,
page_total=page_total,
current_page=page,
page_url='/%s/%s/%s/index' %
(URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def render_entry(username, page, entry_type=None):
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
data = get_people_entries(user.id, page, entry_type)
if entry_type is not None:
current_entry_type = entry_type_str[entry_type]
else:
current_entry_type = 'latest'
return render_template("people/%s.html" % 'latest',
current_entry_type=current_entry_type,
entries_list=data['entries_list'],
record_total=data['record_total'],
page_total=data['page_total'],
current_page=page,
page_url = '/%s/%s/%s/index' % (URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def favorites_comment(username):
query, sort, order, page = query_condition()
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
_total, _pages, _list = CommentService.getlist_by_author_id(user.id, page)
current_entry_type = 'comment'
return render_template("favorites/%s.html" % current_entry_type,
current_entry_type=current_entry_type,
comments_list=_list,
record_total=_total,
page_total=_pages,
current_page=page,
page_url='/%s/%s/%s/index' %
(URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def render_entry(username, page, entry_type=None):
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
data = get_people_entries(user.id, page, entry_type)
if entry_type is not None:
current_entry_type = entry_type_str[entry_type]
else:
current_entry_type = 'latest'
return render_template("people/%s.html" % 'latest',
current_entry_type=current_entry_type,
entries_list=data['entries_list'],
record_total=data['record_total'],
page_total=data['page_total'],
current_page=page,
page_url='/%s/%s/%s/index' %
(URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def comment(username):
query, sort, order, page = query_condition()
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
record_total, page_total, comments_list = CommentService.getlist_by_author_id(user.id, page, sort, order)
# for comment in comments_list:
# entry = EntryService.get_by_id(comment.entry_id)
# comment.entry_title = entry.title
# # http://127.0.0.1:5000/article/5.html#comment-90
# comment.entry_url = url_for('portal.entry', slug=entry.slug)+ "#comment-%d" % comment.id
current_entry_type = 'comment'
return render_template("people/%s.html" % current_entry_type,
current_entry_type=current_entry_type,
comments_list=comments_list,
record_total=record_total,
page_total=page_total,
current_page=page,
page_url = '/%s/%s/%s/index' % (URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def message(username):
"""
显示个人消息
"""
query, sort, order, page = query_condition()
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
record_total, page_total, messages_list = MessageService().getlist_by_receiver_id(user.id, page, sort, order)
current_entry_type = 'message'
return render_template("people/%s.html" % current_entry_type,
current_entry_type=current_entry_type,
messages_list=messages_list,
record_total=record_total,
page_total=page_total,
current_page=page,
page_url = '/%s/%s/%s/index' % (URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def rest_passwd():
"""
通过email取回密码
"""
if request.method == 'GET':
form = RecoverPasswordForm(next=request.args.get('next', None))
else:
form = RecoverPasswordForm(next=request.args.get('next', None))
if form.validate_on_submit():
# 获取指定的表单数据
email = request.form.get('email', None)
username, new_pwd = UserService.rest_pwd_by_email(email)
if username and new_pwd:
send_new_pwd(username, email, new_pwd)
return render_template("account/rest_passwd_success.html", email=email, username=username, form=form)
else:
print "error: %s %s" % (username, new_pwd)
flash(_("Cause an error"), "failed")
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
return render_template("account/rest_passwd.html", form=form)
def actived(username, email, activation_key):
print username, email, activation_key
# todo 防止重复激活
user = UserService.get_by_username(username)
if not user:
abort(404)
if user.user_status != UserStatus.inactive:
abort(404)
if user.email == email and user.activation_key == activation_key:
UserService.active(user.id)
# 跳转到登录页面
flash(_("Welcome, %(name)s", name=username), "success")
next_url = url_for('account.login')
return redirect(next_url)
def edit(username):
"""
编辑 users
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
if request.method == 'GET':
form = PeopleEditForm(next=request.args.get('next', None),
id=id,
obj=user)
else:
form = PeopleEditForm(next=request.args.get('next', None), id=id)
if form.validate_on_submit():
# 获取指定的表单数据
form.populate_obj(user)
# 保存数据
UserService.update(user)
flash(_("Modify success"), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
next_url = url_for('people.show', username=username)
return redirect(next_url)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
statistic = EntryService.get_statistic_by_author_id(user.id)
return render_template("people/edit.html",
form=form,
people=user,
statistic=statistic,
form_id=user.id)
def validate_username(self, field):
# todo
# 用户名不允许重复
if UserService.count_by_username(field.data) > 0:
raise ValidationError, gettext("This username is taken")
# 不能有敏感词、保留词
if not WordReservedService.word_allowed(field.data):
raise ValidationError, gettext("This username is taken")
if not WordForbiddenService.word_allowed(field.data):
raise ValidationError, gettext("This username is taken")
def show(username):
"""
显示 users
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
return render_template("people/show.html", people=user, statistic=statistic, user=user)
def validate_username(self, field):
# todo
# 用户名不允许重复
if UserService.count_by_username(field.data) > 0:
raise ValidationError, gettext("This username is taken")
# 不能有敏感词、保留词
if not WordReservedService.word_allowed(field.data):
raise ValidationError, gettext("This username is taken")
if not WordForbiddenService.word_allowed(field.data):
raise ValidationError, gettext("This username is taken")
def active_again(username):
# todo 防止重复激活
user = UserService.get_by_username(username)
# 发送激活邮件
send_activation_key(username, user['email'], user['activation_key'])
# 跳转到激活页面
flash(_(u"已经再次发送激活邮件"), "success")
next_url = url_for('account.active_prompt', username=username, email=user.email)
return redirect(next_url)
def login():
"""
用户登录
"""
# print request.user_agent
form = LoginForm(login=request.args.get('login', None),
next=request.args.get('next', None))
if 'need_verify' not in session:
session['need_verify'] = 0
if form.validate_on_submit():
account_name = form.login.data.strip()
password = form.password.data.strip()
id, username, nickname, email, authenticated, user_status = UserService.authenticate(account_name,
password)
if authenticated:
if user_status == UserStatus.normal:
session.permanent = form.remember.data
identity_changed.send(current_app._get_current_object(), identity=Identity(id))
flash(_("Welcome back, %(name)s", name=nickname), "success")
# 判断有些错误,暂时先转用户页
# next_url = form.next.data
# if not next_url or next_url == request.path \
# or next_url == url_for('account.active_prompt', username=username, email=email)\
# or next_url == url_for('account.banned_prompt', username=username):
next_url = url_for('people.index', username=username)
session['need_verify'] = 0
return redirect(next_url)
elif user_status == UserStatus.inactive:
# 跳转到激活提示页面
config_value = int(SystemConfigService.get_by_key('register_validation'))
next_url = url_for('account.active_prompt', username=username, email=email, active_type=config_value)
return redirect(next_url)
elif user_status == UserStatus.banned:
# 跳转到禁止页面
next_url = url_for('account.banned_prompt', username=username)
return redirect(next_url)
else:
session['need_verify'] = 1
flash(_("Sorry, invalid login"), "error")
return render_template("account/login.html", form=form)
def signup():
form = SignupForm(next=request.args.get('next', None))
if form.validate_on_submit():
# 获取指定的表单数据
user = User()
form.populate_obj(user)
user.joined_ip = get_remote_ip()
user.homepage = ''#url_for('people.index', username=user.username)
# 保存数据
id = UserService.signup(user)
if not id:
flash(_("Internal error"), "failed")
return render_template("account/signup.html", form=form)
# identity_changed.send(current_app._get_current_object(),
# identity=Identity(id))
#
# flash(_("Welcome, %(name)s", name=user['nickname']), "success")
#
# next_url = form.next.data
#
# if not next_url or next_url == request.path:
# next_url = url_for('people.index', username=user['username'])
config_value = int(SystemConfigService.get_by_key('register_validation'))
if user.user_status == UserStatus.inactive:
if config_value==1:
# 发送激活邮件
send_activation_key(user.username, user.email, user.activation_key)
else:
# 转人工审核提示页面
pass
# 跳转到激活页面
next_url = url_for('account.active_prompt', username=user.username, email=user.email, active_type=config_value)
else:
identity_changed.send(current_app._get_current_object(), identity=Identity(id))
next_url = url_for('people.index', username=user.username)
return redirect(next_url)
# form.code.errors.append(_("Code is not allowed"))
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
return render_template("account/signup.html", form=form)
def change_passwd(username):
"""
改变密码
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
if request.method == 'GET':
form = ChangePasswordForm(next=request.args.get('next', None), id=user.id, obj=user)
else:
form = ChangePasswordForm(next=request.args.get('next', None), id=user.id)
if form.validate_on_submit():
# 获取指定的表单数据
form.populate_obj(user)
# 保存数据
result = UserService.update_pwd_by_id(user.id, user.password)
if result:
flash(_("Modify success"), "success")
else:
flash(_("This old password is error"), "failed")
return render_template("people/change_passwd.html", people=user, statistic=statistic, form=form,
form_id=user.id)
return render_template("people/change_passwd_success.html", people=user, statistic=statistic, form=form,
form_id=user.id)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
return render_template("people/change_passwd.html", people=user, statistic=statistic, form=form,
form_id=user.id)
def show(username):
"""
显示 users
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
return render_template("people/show.html",
people=user,
statistic=statistic,
user=user)
def send(username):
"""
新建 messages
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
form = MessageSendForm(next=request.args.get('next', None))
if form.validate_on_submit():
# 获取指定的表单数据
messages = Message()
form.populate_obj(messages)
message.sender_id = g.user.id
message.receiver_id = user.id
# 保存数据
id = MessageService.add(messages)
if not id:
flash(_("Internal error"), "failed")
return render_template("messages/send.html",
form=form,
receiver=username)
flash(_("Create success"), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
return render_template("messages/send_success.html",
form=form,
receiver=username)
return redirect(next_url)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
# todo log
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
return render_template("messages/send.html", form=form, receiver=username)
def send(username):
"""
新建 messages
"""
user = UserService.get_by_username(username)
if not user:
abort(404)
form = MessageSendForm(next=request.args.get('next', None))
if form.validate_on_submit():
# 获取指定的表单数据
messages = Message()
form.populate_obj(messages)
message.sender_id = g.user.id
message.receiver_id = user.id
# 保存数据
id = MessageService.add(messages)
if not id:
flash(_("Internal error"), "failed")
return render_template("messages/send.html", form=form, receiver=username)
flash(_("Create success"), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
return render_template("messages/send_success.html", form=form, receiver=username)
return redirect(next_url)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
# todo log
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
return render_template("messages/send.html", form=form, receiver=username)
def change_account(id):
user = UserService.get_by_id(id)
if not user:
abort(404)
identity_changed.send(current_app._get_current_object(), identity=Identity(id))
flash(_("Welcome back, %(name)s", name=user.nickname), "success")
# 判断有些错误,暂时先转用户页
next_url = request.args.get('next', '').strip()
if not next_url:
# or next_url == request.path \
# or next_url == url_for('account.active_prompt', username=username, email=email)\
# or next_url == url_for('account.banned_prompt', username=username):
next_url = url_for('people.index', username=user.username)
session['need_verify'] = 0
return redirect(next_url)
def batch_fake_account_attached():
"""
批量附加假账号
邮箱
@return:
"""
if request.method == 'GET':
form = BatchFakeAcountAttachedForm(next=request.args.get('next', None))
else:
form = BatchFakeAcountAttachedForm(next=request.args.get('next', None))
if form.validate_on_submit():
# 获取指定的表单数据
email_list = request.form.get('email_list', None)
_list = email_list.replace(' ','').split('\r\n')
for email in _list:
if not len(email):
continue
try:
user = UserService.get_by_email(email)
if not user:
continue
if user.id == g.user.id:
continue
if not UserFakeAccountService.check_exist(g.user.id, user.id):
UserFakeAccountService.add(g.user.id, user.id, user.nickname, email)
except Exception, e:
raise e
return render_template("account/batch_fake_account_attached_finsh.html", form=form)
elif form.errors:
for error_name, error_value in form.errors.iteritems():
print "error: %s %s" % (error_name, error_value)
flash(_("Cause an error"), "failed")
def favorites_comment(username):
query, sort, order, page = query_condition()
user = UserService.get_by_username(username)
if not user:
abort(404)
statistic = EntryService.get_statistic_by_author_id(user.id)
_total, _pages, _list = CommentService.getlist_by_author_id(user.id, page)
current_entry_type = 'comment'
return render_template("favorites/%s.html" % current_entry_type,
current_entry_type=current_entry_type,
comments_list=_list,
record_total=_total,
page_total=_pages,
current_page=page,
page_url = '/%s/%s/%s/index' % (URL_BASE, username, current_entry_type),
statistic=statistic,
notices=NoticeService.get_list_for_show(),
people=user)
def validate_email(self, field):
# email不允许重复
if UserService.count_by_email(field.data) > 0:
raise ValidationError, gettext("This email is taken")
def validate_password_old(self, field):
# 验证旧密码是否正确
if not UserService.check_pwd_by_id(int(self.id.data), field.data):
raise ValidationError, gettext("This old password is error")
def validate_password_old(self, field):
# 验证旧密码是否正确
if not UserService.check_pwd_by_id(int(self.id.data), field.data):
raise ValidationError, gettext("This old password is error")
def author_name(self):
return UserService.get_brief_by_id(self.author_id).nickname
def sender(self):
return UserService.get_by_id(self.sender_id)
def get_by_id(self, id, fields=None):
msg = self.get_by_id({'_id': id}, fields)
msg['sender'] = UserService.getnick_by_id(msg['sender_id'])
return msg
def author(self):
return UserService.get_brief_by_id(self.author_id)
def _add_comment(entry_id, parent_id, comment_type=CommentBodyType.comment, chunk_id=0, is_auto_save_img=True):
entry = EntryService.get_by_id(entry_id)
if not entry:
abort(404)
form = CommentNewForm()
url_base = ''
if form.validate_on_submit():
# 获取指定的表单数据
comment = Comment()
form.populate_obj(comment)
# 评论没内容
if not comment.comment:
abort(404)
if parent_id:
parent = CommentService.get_by_id(parent_id)
if not parent:
abort(404)
if comment_type == CommentBodyType.reply:
if parent.body_type != CommentBodyType.comment:
abort(404)
else:
comment.comment = '<blockquote><em>%s</em>%s</blockquote> %s' %\
(parent.nickname, parent.comment, comment.comment)
if comment_type == CommentBodyType.reply:
comment.parent_id = parent.id
comment.entry_id = entry_id
comment.chunk_id = chunk_id
print "===---------------------------------------------------------------------"
print comment.author_id,comment.email ,comment.nickname,comment.homepage
print "===---------------------------------------------------------------------"
if g.user.is_supervisor:
user = UserService.get_by_id(comment.author_id)
comment.email = user.email
comment.nickname = user.nickname
comment.homepage = user.homepage
print "g.user.is_supervisor============================================"
print comment.author_id,comment.email ,comment.nickname,comment.homepage
elif g.user:
print "g.user==========================================================="
print g.user.role
print g.user.is_supervisor
comment.author_id = g.user.id
comment.email = g.user.email
comment.nickname = g.user.nickname
comment.homepage = g.user.homepage
else:
comment.email = request.form['email']
comment.nickname = request.form['nickname']
comment.homepage = request.form['homepage']
if comment.homepage == 'http://':
comment.homepage = app.config['SITE_URL']
#print 'made:', comment.email, comment.nickname, comment.homepage
if not comment.email:
comment.email = '*****@*****.**'
if not comment.nickname:
comment.nickname = u'游客'
if not comment.homepage:
comment.homepage = '#'
if comment_type != CommentBodyType.reply:
comment.parent_id = 0
if g.user and g.user.is_editor:
comment.comment_status = 0
else:
if not check_in_rank(app.config['SAFE_POST_START_TIME'], app.config['SAFE_POST_END_TIME']):
# 需要审核
comment.comment_status = 1
if gfw.check(comment.comment):
# 需要审核
comment.comment_status = 1
comment.body_type = comment_type
comment.created_ip = get_remote_ip()
comment.updated_time = comment.created_time
# slug 有用吗?
comment.slug = str(int_now())
if is_auto_save_img:
comment.content = auto_save_img(comment.comment, app.config['SITE_DOMAIN'], PHOTOS_RELATIVE_PATH)
# 保存数据
if not CommentService.add(comment):
flash(_("Internal error"), "failed")
return render_template("%s/add_comment.html" % url_base, form=form, entries=entry)
# 文章最后回复内容
EntryService.modify_last_comment(entry_id, comment.id)
if comment_type == CommentBodyType.reply:
# 点评,更新主回复时间
CommentService.update_time(parent_id)
elif comment_type in [CommentBodyType.comment, CommentBodyType.appreciation]:
# 更新回复数
EntryService.inc_num_comments(entry_id, 1)
flash(_("Thanks for your comment"), "success")
return redirect(url_for('portal.entry', slug=entry.slug) + '#comment-%d' % comment.id)
return redirect(url_for('portal.entry', slug=entry.slug))
def author(self):
return UserService.get_brief_by_id(self.author_id)
def author_name(self):
return UserService.get_brief_by_id(self.author_id).nickname
def validate_email(self, field):
# email不允许重复
if UserService.count_by_email(field.data) > 0:
raise ValidationError, gettext("This email is taken")