def index():
board_id = int(request.args.get('board_id', -1))
if board_id == -1:
ms = Topic.all()
else:
ms = Topic.all(board_id=board_id)
token = new_csrf_token()
bs = Board.all()
return render_template('topic/index.html', ms=ms, token=token, bs=bs, bid=board_id)
def my_collect():
u = current_user()
token = new_csrf_token()
bs = Board.all()
t = Collect.all(user_id=u.id)
l = []
for c in t:
l.append(Topic.one(id=c.topic_id))
return render_template("topic/collect.html", u=u, ms=l, bs=bs, token=token)
def write():
receiver_id = int(request.args['id'])
r: User = User.one(id=receiver_id)
if r.receive_message is False:
result = '对方不接受私信'
return redirect(url_for('index.user_detail', id=r.id, result=result))
else:
u = current_user()
token = new_csrf_token()
return render_template('mail/write.html', r=r, user=u, token=token)
def new():
board_id = int(request.args.get('board_id'))
bs = Board.all()
user = current_user()
token = new_csrf_token()
return render_template("topic/new.html",
bs=bs,
bid=board_id,
user=user,
token=token)
def index():
# todo:add csrfCheck
board_id = int(request.args.get('board_id', -1))
if board_id == -1:
ms = Topic.all()
else:
ms = Topic.all(board_id=board_id)
token = new_csrf_token()
bs = Board.all()
u = current_user()
return render_template("topic/index.html", u=u, ms=ms, bs=bs, bid=board_id, token=token)
def detail():
result = request.args.get('result', ' ')
topic_id = request.args['id']
m = Topic.get(topic_id)
rs = Reply.all(topic_id=topic_id)
token = new_csrf_token()
return render_template("topic/detail.html",
topic=m,
replies=rs,
token=token,
result=result)
def detail(id):
# id = int(request.args['id'])
# http://localhost:3000/topic/1
# m = Topic.one(id=id)
m = Topic.get(id)
u = current_user()
# 不应该放在路由里面
# m.views += 1
# m.save()
token = new_csrf_token()
# 传递 topic 的所有 reply 到 页面中
return render_template("topic/detail.html", topic=m, token=token, user=u)
def send_to_user(user):
token = new_csrf_token(user.id)
title = '找回密码邮件'
content = '请尽快点击此链接更改密码 https://www.liruipan.com/find_password_view?token={}&user_id={}'.format(token, user.id)
m = flask_mail.Message(
subject=title,
body=content,
sender=admin_mail,
recipients=[user.email]
)
mail.send(m)
return None
def index():
u = current_user()
unread = Messages.all(receiver_id=u.id, read=False)
reads = Messages.all(receiver_id=u.id, read=True)
sends = Messages.all(sender_id=u.id)
token = new_csrf_token()
t = render_template('mail/index.html',
user=u,
unread=unread,
read=reads,
sends=sends,
token=token)
return t
def reset_send_mail():
username = request.form['username']
u = User.one(username=username)
if u is None:
flash('该用户不存在!')
return redirect(url_for('index.index'))
token = new_csrf_token(u)
Messages.send(
title='sc论坛重置密码',
content='http://152.136.129.239/reset/view?token={}'.format(token),
sender_id=0,
receiver_id=u.id)
flash('邮件发送成功!')
return redirect(url_for('index.index'))
def register():
form = request.get_json()
u = User.register(form)
if u is not None:
data = {'message': 'successful'}
session['user_id'] = u.id
session.permanent = True
res = response(data=data, status=status.HTTP_201_CREATED)
csrf_token = new_csrf_token()
res.set_cookie("csrf_token", csrf_token)
return res
else:
data = 'register failed'
return response(data=data, status=status.HTTP_400_BAD_REQUEST)
def user_detail():
user_id = request.args['id']
u = User.find(user_id)
if u is None:
abort(404)
else:
result = request.args.get('result', ' ')
c = current_user()
if c is None:
current_user_id = -1
else:
current_user_id = c.id
token = new_csrf_token()
return render_template('user/profile.html', user=u, current=current_user_id, token=token, result=result)
def index():
u = current_user()
board_id = int(request.args.get('board_id', -1))
if board_id == -1:
ms = Topic.all()
else:
ms = Topic.all(board_id=board_id)
token = new_csrf_token()
bs = Board.all()
return render_template("homepage.html",
ms=ms,
token=token,
bs=bs,
bid=board_id,
user=u)
def search():
u = current_user()
board_id = int(request.args.get('board_id', -1))
content = str(request.args.get('content', -1))
ts = Topic.all()
ms = []
for topic in ts:
if content in topic.title:
ms.append(topic)
token = new_csrf_token()
bs = Board.all()
return render_template("homepage.html",
ms=ms,
token=token,
bs=bs,
bid=board_id,
user=u)
def login():
form = request.get_json()
u = User.validate_login(form)
if u is None:
# 转到 topic.index 页面
data = 'invalid username or password'
return response(data, status=status.HTTP_401_UNAUTHORIZED)
else:
# session 中写入 user_id
session['user_id'] = u.id
# 设置 cookie 有效期为 永久
session.permanent = True
data = {'message': 'successful'}
res = response(data, status=status.HTTP_200_OK)
csrf_token = new_csrf_token()
res.set_cookie("csrf_token", csrf_token)
return res
def change_password():
cap_id = request.args['cap_id']
user_id = int(request.args['user_id'])
form = request.form.to_dict()
u = User.one(username=form['username'])
if u is None or u.id != user_id:
r = '请输入正确的用户名'
else:
content = form['content']
flag = Captcha.scan(cap_id, content)
if flag:
password = User.salted_password(form['password'])
User.update(user_id, password=password)
r = '修改成功,请登陆'
return redirect(url_for('.index', result=r))
else:
r = '验证码不正确,请重新输入'
token = new_csrf_token(user_id)
return redirect(url_for('.find_password_view', token=token, user_id=user_id, result=r))
def profile():
result = request.args.get('result', ' ')
u = current_user()
token = new_csrf_token()
return render_template('user/profile.html', user=u, current=u.id, token=token, result=result)
def index():
ms = Topic.all()
u = current_user()
token = new_csrf_token()
return render_template("topic/index.html", ms=ms, user=u, token=token)
def new():
bs = Board.all()
token = new_csrf_token()
return render_template("topic/new.html", bs=bs, token=token)
def new():
board_id = int(request.args.get('board_id'))
bs = Board.all()
token = new_csrf_token()
return render_template('topic/new.html', bs=bs, token=token, bid=board_id)
def index():
u = current_user()
token = new_csrf_token()
return render_template('admin_index.html', user=u, token=token)
def csrf_new():
token = new_csrf_token()
data = dict(token=token)
return response(data=data, status=status.HTTP_200_OK)
def setting():
u = current_user()
r = request.args.get('result', ' ')
token = new_csrf_token()
return render_template('setting.html', user=u, token=token, result=r)
