def sql_add_admin():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
email = request.form['inputEmailAdmin']
cur = connection.cursor()
if sql_check_email(connection, email) == False:
flash("Invalid email!", 'error')
return redirect(url_for("index"))
id = sql_get_user_by_email(connection, email)
cur.execute("INSERT INTO admins (adminid) VALUES(?)", id)
connection.commit()
flask.session.modified = True
flash("User " + email + " is now an admin!", 'success')
return redirect(url_for("admin"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("admin"))
def sql_delete_user_by_id():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
id = request.form['inputIDDelete']
if session['sessionEmail'] == sql_get_email_by_id(connection, id):
flash(
'You can not delete an account you are currently logged in with!',
'error')
return redirect(url_for("index"))
cur = connection.cursor()
cur.execute("DELETE FROM users WHERE userid = ?", (id, ))
connection.commit()
flask.session.modified = True
flash("Deleted user id " + id + "!", 'success')
return redirect(url_for("admin"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("admin"))
def sql_trump_review():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
quotes = requests.get(
'https://api.whatdoestrumpthink.com/api/v1/quotes/random')
quotes.json()
trump = quotes.json()['message']
connection = sql_load()
title = 'Donald Trump'
date = time.strftime('%Y-%m-%d %H:%M:%S')
rating = random.randint(1, 5)
text = trump
author = sql_get_user_by_email(connection, session['sessionEmail'])
cur = connection.cursor()
cur.execute(
"INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) "
"VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text))
connection.commit()
flask.session.modified = True
flash("Added Trump review!", 'success')
return redirect(url_for("admin"))
def sql_delete_review():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
reviewid = request.form['reviewID']
cur = connection.cursor()
cur.execute("DELETE FROM reviews WHERE reviewid = ?", (reviewid, ))
connection.commit()
flask.session.modified = True
flash("Deleted review with ID of " + reviewid + "!", 'success')
return redirect(url_for("index"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("index"))
def sql_get_admins():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
connection = sql_load()
cur = connection.cursor()
cur.execute("SELECT adminid FROM admins")
rows = cur.fetchall()
flask.session.modified = True
for row in rows:
email = sql_get_email_by_id(connection, row[0])
flash('ID: ' + str(row[0]) + ' | Email: ' + ' ' + email, 'success')
return redirect(url_for("admin"))
def login():
connection = sql_load()
cur = connection.cursor()
if request.method == "POST":
email = request.form['inputEmail']
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
if sql_check_email(connection, email) == False:
try:
check_encrypted_password(
request.form['inputPassword'], "blah"
) #encrypt password so there's no time difference if username is wrong
except:
flash("Invalid credentials!", 'error')
return redirect(url_for("index"))
cur.execute("SELECT * FROM users WHERE email = ?", (email, ))
data = cur.fetchone()[4]
if check_encrypted_password(request.form['inputPassword'], data):
session['logged_in'] = True
session.permanent = True
session['sessionEmail'] = request.form['inputEmail']
if sql_is_admin(session['sessionEmail']):
session['admin'] = True
flash("You are now logged in!", 'success')
return redirect(url_for("index"))
else:
session['login_failures'] = session['login_failures'] + 1
login_failures = session['login_failures']
time.sleep(0.001 * 2**login_failures)
flash("Invalid credentials!", 'error')
else:
flash('Sorry, bots are not allowed!', 'error')
return render_template("login.html")
return render_template("login.html")
def sql_delete_user():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
connection = sql_load()
email = request.form['inputEmailDelete']
captcha_response = request.form['g-recaptcha-response']
if session['sessionEmail'] == email:
flash(
'You can not delete an account you are currently logged in with!',
'error')
return redirect(url_for("index"))
if is_human(captcha_response):
cur = connection.cursor()
if sql_check_email(connection, email) == False:
flash("Invalid email!", 'error')
return redirect(url_for("index"))
cur.execute("DELETE FROM users WHERE email = ?", (email, ))
connection.commit()
flask.session.modified = True
flash("Deleted user " + email + "!", 'success')
return redirect(url_for("admin"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("admin"))