def delete(id):
"""Delete a post.
Ensures that the post exists and that the logged in user is the
author of the post.
"""
get_post(id)
get_db().execute('DELETE FROM post WHERE id = ?', (id,))
get_db().commit()
return redirect(url_for('blog.index'))
def admin():
posts = get_db().execute(
'SELECT p.id, title, created, updated, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.author_id = ?',
(session['user_id'],)
).fetchall()
uploadfiles = get_db().execute('SELECT id, fpath, created from '
'uploadfile where user_id = ?',
(session['user_id'], )
).fetchall()
return render_template('admin/admin.html', **locals())
def upload_img():
# check if the post request has the file part
message = ''
if 'file' not in request.files:
message = 'No file part'
else:
file = request.files.get('file', default=None)
# if user does not select file, browser also
# submit an empty part without filename
if not file or file.filename == '':
message = 'No selected file'
elif not allowed_file(file.filename):
message = u'禁止上传该类型文件'
else:
filename = str(int(time.time())) + secure_filename(file.filename)
file.save(os.path.join(current_app.config['UPLOAD_FOLDER'], filename))
filepath = os.path.join(current_app.config['UPLOAD_FOLDER'][len(current_app.root_path):],
filename)
db = get_db()
db.execute('INSERT INTO uploadfile(fpath, user_id) VALUES(?, ?)',
(filepath, session['user_id']))
db.commit()
return jsonify({
"success" : 1, # 0 表示上传失败,1 表示上传成功
"message" : message,
"url" : filepath # 上传成功时才返回
})
return jsonify({
"success" : 0, # 0 表示上传失败,1 表示上传成功
"message" : message,
"url" : None # 上传成功时才返回
})
def get_post(id, check_author=True):
"""Get a post and its author by id.
Checks that the id exists and optionally that the current user is
the author.
:param id: id of post to get
:param check_author: require the current user to be the author
:return: the post with author information
:raise 404: if a post with the given id doesn't exist
:raise 403: if the current user isn't the author
"""
post = get_db().execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?',
(id,)
).fetchone()
if post is None:
abort(404, "Post id {0} doesn't exist.".format(id))
if check_author and post['author_id'] != g.user['id']:
abort(403)
return post
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
username = request.form.get('username', default=None)
password = request.form.get('password', default=None)
welcode = request.form.get('welcode', default=None)
db = get_db()
error = None
if not welcode or db.execute(
'SELECT welcode FROM welcode WHERE welcode = ?',
(welcode, )).fetchone() is None:
error = u"非受邀用户,Go Out!"
elif not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
db.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def comment(post_id):
"""
add comment ,need user login
"""
if g.user is None:
return jsonify({'status':False, 'msg': '请先登录' })
content = request.form.get('content', '')
if not content.strip():
return jsonify({'status': False, 'msg': '评论内容为空'})
get_db().execute(
'INSERT INTO comment(post_id, user_id, content)'
' VALUES(?, ?, ?)',
(post_id, g.user['id'], content))
get_db().commit()
return jsonify({'status': True, 'msg': 'ok'})
def index():
"""Show all the posts, most recent first."""
posts = get_db().execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC'
).fetchall()
return render_template('blog/index.html', posts=posts)
def get_plugin():
"""Connect to the application's configured database. The connection
is unique for each request and will be reused if this is called
again.
"""
if 'plugin_matrix' not in g:
db = get_db()
plugin = db.execute('select name,script, id from plugin').fetchall()
return plugin
def load_logged_in_user():
"""If a user id is stored in the session, load the user object from
the database into ``g.user``."""
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def category(id=None):
if id is None:
return redirect(url_for('blog.index'))
else:
_id = id.split('_')[0]
category = get_db().execute(
'SELECT value FROM category where id = ?',
(_id, )
).fetchone()
if category is None:
return render_template('404.html')
posts = get_db().execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.id in (SELECT post_id from category_post'
' WHERE category_id = ? ) ORDER BY created DESC',
(_id,)
).fetchall()
return render_template('blog/category.html', posts = posts, category = category)
def deleteFile(id):
db = get_db()
uploadfile = db.execute('SELECT fpath from uploadfile WHERE id = ? and user_id = ?',
(id, session['user_id'])).fetchone()
if uploadfile is None:
return jsonify({'status':-1, 'msg':u'该文件不存在'})
db.execute('DELETE FROM uploadfile WHERE id = ? and user_id = ?', (id, session['user_id']))
db.commit()
os.remove(current_app.root_path + uploadfile['fpath'])
return jsonify({'status':0, 'msg':u'删除成功'})
def set_plugin(plugin_id, post_id, use):
db = get_db()
id = db.execute(
'select id from use_plugin where plugin_id = ? and post_id = ?',
(plugin_id, post_id)).fetchone()
if id:
db.execute('update use_plugin set use=? where id=?', (use, id['id']))
else:
db.execute(
'insert into use_plugin(plugin_id, post_id, use) values(?,?,?)',
(plugin_id, post_id, use))
db.commit()
def add_plugin(name, script):
db = get_db()
has = db.execute('select id from plugin where name = ?',
(name, )).fetchone()
if has:
return has['id']
else:
db.execute('INSERT INTO plugin(name, script) VALUES(?, ?)',
(name, script))
db.commit()
id = db.execute('select id from plugin where name = ?',
(name, )).fetchone()
return id['id']
def update(id):
"""Update a post if the current user is the author."""
post = get_post(id)
if request.method == 'POST':
title = request.form.get('title',default = None)
body = request.form.get('body', default = None)
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
get_db().execute(
'UPDATE post SET title = ?, body = ? WHERE id = ?',
(title, body, id)
)
get_db().commit()
return redirect(url_for('blog.index'))
return render_template('blog/update.html', post=post)
def plugin_query():
posts = get_db().execute(
'SELECT p.id, title, author_id'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.author_id = ?',
(session['user_id'],)
).fetchall()
plugin_list = plugin.get_plugin()
plugin_use = plugin.use_plugin_all()
return jsonify({
"posts": posts,
"plugin_list": plugin_list,
"plugin_use": plugin_use,
})
def create():
"""Create a new post for the current user."""
if request.method == 'POST':
title = request.form.get('title',default = None)
body = request.form.get('body', default = None)
category_ids = request.form.getlist('categories')
error = None
if not category_ids:
error = 'category is required.'
elif not title:
error = 'Title is required.'
elif not body:
error = 'Content is required.'
if error is not None:
flash(error)
else:
db = get_db()
post_id = -1
try:
db.execute(
'INSERT INTO post (title, body, author_id)'
' VALUES (?, ?, ?)',
(title, body, g.user['id'])
)
post_id = db.execute(
'SELECT max(id) as mid FROM post'
).fetchone()['mid']
print(post_id)
db.commit()
except Exception as e:
print(e)
traceback.print_exc()
if post_id != -1:
print(category_ids)
for cid in category_ids:
db.execute(
'INSERT INTO category_post(category_id, post_id)'
'VALUES (?, ?)',
(cid, post_id)
)
db.commit()
else:
print('insert error')
return redirect(url_for('blog.index'))
return render_template('blog/create.html')
def deleteCategory():
category_ids = request.form.getlist('categories')
if category_ids:
db = get_db()
for category_id in category_ids:
if db.execute(
'SELECT value FROM category WHERE id = ? and user_id = ?',
(category_id, session['user_id'])
).fetchone() is not None:
db.execute(
'DELETE FROM category where id = ?',
(category_id, )
)
db.commit()
return redirect(url_for('admin.admin'))
def addCategory():
category = request.form.get("category", default=None)
error = None
if not category:
error = u"类别不能为空!"
flash(error)
else:
db = get_db()
if db.execute(
'SELECT value FROM category WHERE value = ?',
(category, )
).fetchone() is None:
db.execute(
'INSERT into category(value, user_id) VALUES(?, ?)',
(category, session['user_id'] )
)
db.commit()
return redirect(url_for('admin.admin'))
def upload():
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part')
else:
file = request.files.get('file', default=None)
# if user does not select file, browser also
# submit an empty part without filename
if not file or file.filename == '':
flash('No selected file')
elif not allowed_file(file.filename):
flash(u'禁止上传该类型文件')
else:
filename = str(int(time.time())) + secure_filename(file.filename)
file.save(os.path.join(current_app.config['UPLOAD_FOLDER'], filename))
db = get_db()
db.execute('INSERT INTO uploadfile(fpath, user_id) VALUES(?, ?)',
(os.path.join(current_app.config['UPLOAD_FOLDER'][len(current_app.root_path):],
filename), session['user_id']))
db.commit()
return redirect(url_for('admin.admin'))
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == 'POST':
username = request.form.get('username', default=None)
password = request.form.get('password', default=None)
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
# store the user id in a new session and return to the index
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def get_categories():
return db.get_db().execute(
'SELECT id, value FROM category ORDER BY id DESC').fetchall()
def update_plugin(plugin_id, name, script):
db = get_db()
db.execute('update plugin set name=?, script=? where id=?',
(name, script, plugin_id))
db.commit()
def use_plugin(post_id):
db = get_db()
return db.execute("select * from use_plugin where post_id=?",
(post_id, )).fetchall()
def use_plugin_all():
db = get_db()
return db.execute("select * from use_plugin").fetchall()