def login():
# Output message if something goes wrong...
msg = ''
# Check if "username" and "password" POST requests exist (user submitted form)
if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
# Create variables for easy access
username = request.form['username']
password = request.form['password']
# Check if account exists using MySQL
cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
cursor.execute(
'SELECT * FROM accounts WHERE username = %s AND password = %s', (
username,
password,
))
# Fetch one record and return result
account = cursor.fetchone()
# If account exists in accounts table in out database
if account:
# Create session data, we can access this data in other routes
session['loggedin'] = True
session['id'] = account['id']
session['username'] = account['username']
# Redirect to home page
return flask.render_template('master.xhtml',
username=session['username'],
pagina=Connect.body("", "chisiamo"),
luogo="index",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
else:
# Account doesnt exist or username/password incorrect
msg = 'Incorrect username/password!'
# Show the login form with message (if any)
return render_template('index.html', msg=msg)
def get(self):
self.render('news.xhtml',
pagina=Connect.body("", "index"),
luogo="index",
menu=Connect.menu(""),
submenu=Connect.submnu(""),
news=Connect.news(""))
def upload():
return flask.render_template('upload_form.html',
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def mugello():
"""Handle the front-page."""
return flask.render_template('master.xhtml',
pagina=Connect.body("", "mugello"),
luogo="mugello",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def arrivare():
return flask.render_template('comearrivare.xhtml',
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def upload_form():
""" show upload form with multiple scenarios """
return flask.render_template('upload_form.html',
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def chisiamo():
return flask.render_template('master.xhtml',
pagina=Connect.body("", "chisiamo"),
luogo="index",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def get(self):
self.render('master.xhtml',
pagina=Connect.body("", "sanpiero"),
luogo="sanpiero",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def get(self):
luogo = self.get_argument('luogo')
self.render('nivo.xhtml',
pagina=Connect.body("", "index"),
luogo="index",
menu=Connect.menu(""),
submenu=Connect.submnu(""),
slider=Connect.slider("", luogo))
def get(self):
titolo = self.get_argument('titolo')
id = self.get_argument('id')
self.render('news_one.xhtml',
news=Connect.news_one("", titolo, id),
pagina=Connect.body("", "sanpiero"),
titolo=titolo,
id=id)
def menu():
return flask.render_template('menu.xhtml',
username=session['username'],
pagina=Connect.body("", "menu"),
luogo="index",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def news_one():
titolo = request.args['titolo']
id = request.args['id']
"""Handle the front-page."""
return flask.render_template('news_one.xhtml',
news=Connect.news_one("", titolo, id),
pagina=Connect.body("", "sanpiero"),
titolo=titolo,
id=id)
def entry_point():
""" simple entry for test """
return flask.render_template('master.xhtml',
luogo="index",
pagina=Connect.body("", "index"),
tempdir="/srv/http/proloco_flask/static/img/",
menu=Connect.menu(""),
submenu=Connect.submnu(""),
submenu2=Connect.submnu2(""))
def get(self):
self.render('manifesta.xhtml',
titolo="Manifestazioni",
per='5%',
go="more",
pagina=Connect.body("", "sanpiero"),
manifestazione="manifestazioni",
news=Connect.manifesta(""),
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def manifestazioni():
return flask.render_template('manifesta.xhtml',
username=session['username'],
titolo="Manifestazioni",
per='5%',
go="more",
pagina=Connect.body("", "sanpiero"),
manifestazione="manifestazioni",
news=Connect.manifesta(""),
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def logout():
# Remove session data, this will log the user out
session.pop('loggedin', None)
session.pop('id', None)
session.pop('username', None)
# Redirect to login page
return flask.render_template('master.xhtml',
luogo="index",
pagina=Connect.body("", "index"),
tempdir="/srv/http/proloco_flask/static/img/",
menu=Connect.menu(""),
submenu=Connect.submnu(""),
submenu2=Connect.submnu2(""))
def manifestazioni_one():
titolo = request.args['titolo']
id = request.args['id']
"""Handle the front-page."""
return flask.render_template('manifesta.xhtml',
username=session['username'],
per='30%',
go="back",
news=Connect.manifesta_one("", titolo, id),
pagina=Connect.body("", "sanpiero"),
titolo=titolo,
id=id,
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def get(self):
self.render('menu.xhtml',
pagina=Connect.body("", "menu"),
luogo="index",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
def single_upload_chunked(filename=None):
"""Saves single file uploaded from <input type="file">, uses stream to read in by chunks
When using direct access to flask.request.stream
you cannot access request.file or request.form first,
otherwise stream is already parsed and empty
This is because of internal workings of werkzeug
Positive test:
curl -X POST http://localhost:8080/singleuploadchunked/car.jpg -d "@tests/car.jpg"
Negative test (no file uploaded, no Content-Length header):
curl -X POST http://localhost:8080/singleuploadchunked/car.jpg
Negative test (not whitelisted file extension):
curl -X POST http://localhost:8080/singleuploadchunked/testdoc.docx -d "@tests/testdoc.docx"
"""
if "Content-Length" not in flask.request.headers:
add_flash_message("did not sense Content-Length in headers")
return flask.redirect(flask.url_for("upload_form"),
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu(""))
if filename is None or filename == '':
add_flash_message("did not sense filename in form action")
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
if not allowed_file(filename):
add_flash_message("not going to process file with extension " +
filename)
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
print("Total Content-Length: " + flask.request.headers['Content-Length'])
fileFullPath = os.path.join(app.config[request.form['uploaddir']],
filename)
chunk_size = app.config['CHUNK_SIZE']
try:
with open(fileFullPath, "wb") as f:
reached_end = False
while not reached_end:
chunk = flask.request.stream.read(chunk_size)
if len(chunk) == 0:
reached_end = True
else:
sys.stdout.write(".")
sys.stdout.flush()
# the idea behind this chunked upload is that large content could be persisted
# somewhere besides the container: S3, NFS, etc...
# So we use a container with minimal mem/disk, that can handle large files
#
#f.write(chunk)
#f.flush()
#print("wrote chunk of {}".format(len(chunk)))
except OSError as e:
add_flash_message("ERROR writing file " + filename + " to disk: " +
StringIO(str(e)).getvalue())
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
print("")
add_flash_message("SUCCESS uploading single file: " + filename)
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
def newss():
return flask.render_template('news.xhtml',
pagina=Connect.body("", "sanpiero"),
manifestazione="news",
news=Connect.news(""))
def multiple_upload(file_element_name="files[]"):
###upload_folder = request.form['uploaddir']
UPLOAD_FOLDER = request.form['uploaddir']
"""Saves files uploaded from <input type="file">, can be multiple files
Positive Test (single file):
curl -X POST http://localhost:8080/multipleupload -F "files[]=@tests/car.jpg"
Positive Test (multiple files):
curl -X POST http://localhost:8080/multipleupload -F "files[]=@tests/car.jpg" -F "files[]=@tests/testdoc.pdf"
Negative Test (using GET method):
curl -X GET http://localhost:8080/multipleupload
Negative Test (no input file element):
curl -X POST http://localhost:8080/multipleupload
Negative Test (not whitelisted file extension):
curl -X POST http://localhost:8080/multipleupload -F "files[]=@tests/testdoc.docx"
"""
# must be POST/PUT
if flask.request.method not in ['POST', 'PUT']:
add_flash_message("Can only upload on POST/PUT methods")
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
# files will be materialized as soon as we touch request.files,
# so check for errors right up front
try:
flask.request.files
except OSError as e:
print("ERROR ON INITIAL TOUCH OF request.files")
add_flash_message("ERROR materializing files to disk: " +
StringIO(str(e)).getvalue())
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
# must have <input type="file"> element
if file_element_name not in flask.request.files:
add_flash_message('No files uploaded')
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
# get list of files uploaded
files = flask.request.files.getlist(file_element_name)
# if user did not select file, filename will be empty
if len(files) == 1 and files[0].filename == '':
add_flash_message('No selected file')
return flask.redirect(
flask.url_for("upload_form",
pagina=Connect.body("", "upload"),
luogo="upload",
menu=Connect.menu(""),
submenu=Connect.submnu("")))
# loop through uploaded files, saving
for ufile in files:
try:
filename = secure_filename(ufile.filename)
UPLOAD_FOLDER = request.form['uploaddir']
if allowed_file(filename):
print("uploading file {} of type {}".format(
filename, ufile.content_type))
##ufile.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
ufile.save(os.path.join(UPLOAD_FOLDER, filename))
#ufile.save(request.form['uploaddir'], filename)
flask.flash("Just uploaded: " + request.form['uploaddir'] +
filename)
else:
add_flash_message("not going to process file with extension " +
filename)
except OSError as e:
add_flash_message("ERROR writing file " + filename + " to disk: " +
StringIO(str(e)).getvalue())
return flask.render_template('ins_manifestazioni.html',
luogo="index",
pagina=Connect.body("", "index"),
tempdir="/srv/http/proloco_flask/static/img/",
menu=Connect.menu(""),
submenu=Connect.submnu(""),
submenu2=Connect.submnu2(""))
