def newimg():
"""
:URL: /newimg
:Method: POST
Upload a new image.
"""
pd = PageData()
if request.method == 'POST':
if 'img' in request.files:
if request.form['title'] == '':
title = request.files['img'].filename
else:
title = request.form['title']
if 'username' in session:
userid = pd.authuser.uid
else:
userid = None
img = new_img(request.files['img'], title, request.form['parent'],
userid, request.remote_addr)
if img:
flash('Uploaded {}'.format(request.files['img'].filename))
return redirect_back('/image/' + str(img))
else:
flash('An error occurred while processing {}'.format(
request.files['img'].filename))
return redirect_back(url_for('index'))
def admin_set_accesslevel(user, level):
"""
:URL: /admin/users/<user>/accesslevel/<level>
Change a user's access level. The user requesting the access level change must be more privileged
than the level they are setting.
Redirects back if there was an error, otherwise redirects to the user's profile.
"""
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(
level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' +
pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def admin_set_accesslevel(user, level):
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(
level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' +
pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def pm(username):
pd = PageData()
try:
pd.recipient = SiteUser.create(username)
except (NoItem, NoUser):
return page_not_found(404)
if 'username' in session:
if request.method == 'POST':
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = deobfuscate(request.form['parent'])
else:
parent = None
if message and subject:
messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject, message, messagestatus['unread_pm'], parent)
if messageid:
flash('Message sent!')
if parent:
return redirect_back('/user/' + username + '/pm')
else:
return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate((messageid)))
else:
# TODO re-fill form
flash('No message or subject')
return redirect_back('/user/' + username + '/pm')
return render_template('sendpm.html', pd=pd)
def link_facebook_account(username):
pd = PageData();
logger.info('Started Facebook auth for {} ({}), referrer was {}'.format(username, request.remote_addr, request.referrer))
if 'username' in session:
try:
user = SiteUser.create(session['username'])
user.authenticate(request.form['password'])
except (NoUser, AuthFail):
flash('Authentication failed, please check your password and try again.')
logger.info('Facebook auth link failed for username {} ip {}'.format(user.username, request.remote_addr))
return redirect_back(url_for('index'))
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, session['username'])
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
flash('Your account is now linked to Facebook.')
logger.info('Facebook auth linked for username {} ID {} ip {}'.format(user.username, session['facebook_id'], request.remote_addr))
return redirect(url_for('index'))
return redirect_back(url_for('index'))
def admin_set_accesslevel(user, level):
"""
:URL: /admin/users/<user>/accesslevel/<level>
Change a user's access level. The user requesting the access level change must be more privileged
than the level they are setting.
Redirects back if there was an error, otherwise redirects to the user's profile.
"""
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect_back('index')
def link_facebook_account(username):
pd = PageData()
logger.info('Started Facebook auth for {} ({}), referrer was {}'.format(
username, request.remote_addr, request.referrer))
if 'username' in session:
try:
user = SiteUser.create(session['username'])
user.authenticate(request.form['password'])
except (NoUser, AuthFail):
flash(
'Authentication failed, please check your password and try again.'
)
logger.info(
'Facebook auth link failed for username {} ip {}'.format(
user.username, request.remote_addr))
return redirect_back(url_for('index'))
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, session['username'])
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
flash('Your account is now linked to Facebook.')
logger.info('Facebook auth linked for username {} ID {} ip {}'.format(
user.username, session['facebook_id'], request.remote_addr))
return redirect(url_for('index'))
return redirect_back(url_for('index'))
def newimg():
"""
:URL: /newimg
:Method: POST
Upload a new image.
"""
pd = PageData()
if request.method == 'POST':
if 'img' in request.files:
if request.form['title'] == '':
title = request.files['img'].filename
else:
title = request.form['title']
if 'username' in session:
userid = pd.authuser.uid
else:
userid = None
img = new_img(request.files['img'], title, request.form['parent'], userid, request.remote_addr)
if img:
flash('Uploaded {}'.format(request.files['img'].filename))
return redirect_back('/image/' + str(img))
else:
flash('An error occurred while processing {}'.format(request.files['img'].filename))
return redirect_back(url_for('index'))
def reparent(img_id):
"""
:URL: /reparent
:Method: POST
Reparent an image.
"""
pd = PageData()
if request.method == 'POST':
newid = request.form['parent']
try:
img = core.SiteImage.create(img_id)
item = core.SiteItem.create(newid)
except (core.NoItem, core.NoImage):
return page_not_found()
if img:
img.reparent(newid)
return redirect_back('/image/' + str(img))
else:
flash('Unable to reparent {}'.format(img_id))
return redirect_back(url_for('index'))
def login():
if request.method == 'POST':
try:
user = SiteUser.create(request.form['username'])
except NoUser as e:
flash('Login unsuccessful.')
return redirect_back(url_for('index'))
try:
user.authenticate(request.form['password'])
except (NoUser, AuthFail) as e:
if user.accesslevel is 0:
flash('Your account has been banned')
session.pop('username', None)
else:
flash('Login unsuccessful.')
return redirect_back(url_for('index'))
user.seen()
session['username'] = user.username
session.permanent = True
flash('You were successfully logged in')
if not request.args.get('index'):
return redirect_back(url_for('index'))
else:
return redirect(url_for('index'))
return redirect(url_for('error'))
def edititem(item_id=None):
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'desc' in request.form:
if request.form['name'] == '':
flash('No name for this item?')
return redirect_back("/item/new")
try:
item = SiteItem.create(request.form['uid'])
item_id = uid_by_item(request.form['name'])
if not item_id or item_id == int(request.form['uid']):
uid = request.form['uid']
ip = request.remote_addr
if item.name != request.form['name']:
item.name = request.form['name']
item.update()
old = core.digest(item.body())
new = core.digest(request.form['desc'])
# silently discard null edits
if old != new:
new_edit(uid, request.form['desc'], userid, ip)
logger.info('item {} edited by user {} ({})'.format(uid, userid, ip))
else:
logger.info('null edit discarded for item {} by user {} ({})'.format(uid, userid, ip))
return redirect('/item/' + str(uid))
else:
flash(item.name + " already exists!")
item_id = request.form['uid']
except NoItem:
if uid_by_item(request.form['name']):
flash(request.form['name'] + " already exists!")
return redirect_back("/item/new")
uid = new_item(request.form['name'], request.form['desc'], userid, request.remote_addr)
return redirect('/item/' + str(uid))
if item_id:
try:
pd.item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd.title="Editing: %s" % pd.item.name
else:
pd.title="Editing: New Item"
return render_template('edititem.html', pd=pd)
def editstring():
if request.method == 'POST':
if 'text' in request.form:
if request.form['text'] == '':
return redirect_back('index')
ss = SiteString('welcomebanner')
ss.string = request.form['text']
ss.update()
return redirect_back('index')
def editstring():
if request.method == 'POST':
if 'text' in request.form:
if request.form['text'] == '':
return redirect_back('index')
ss = SiteString('welcomebanner')
ss.string = request.form['text']
ss.update()
return redirect_back('index')
def edititem(item_id=None):
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'desc' in request.form:
if request.form['name'] == '':
flash('No name for this item?')
return redirect_back("/item/new")
try:
item = SiteItem.create(request.form['uid'])
item_id = uid_by_item(request.form['name'])
if not item_id or item_id == int(request.form['uid']):
item.name = request.form['name']
item.update()
# todo: check for null edits
new_edit(request.form['uid'], request.form['desc'], userid,
request.remote_addr)
uid = request.form['uid']
flash('Edited item!')
return redirect('/item/' + str(uid))
else:
flash(item.name + " already exists!")
item_id = request.form['uid']
except NoItem:
if uid_by_item(request.form['name']):
flash(request.form['name'] + " already exists!")
return redirect_back("/item/new")
uid = new_item(request.form['name'], request.form['desc'],
userid, request.remote_addr)
return redirect('/item/' + str(uid))
if item_id:
try:
pd.item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd.title = "Editing: %s" % pd.item.name
else:
pd.title = "Editing: New Item"
return render_template('edititem.html', pd=pd)
def pm_action(username, messageid, action):
"""
:URL: /user/<username>/pm/<messageid>/<action>
:Methods: GET, POST
:Actions:
* read
* unread
* delete
* undelete
Setting the accept:application/json header will return JSON instead of a redirect.
"""
pd = PageData()
dmid = deobfuscate(messageid)
if not 'username' in session or pd.authuser.username != username or dmid is None:
return render_template('pm_error.html', pd=pd)
pm = TradeMessage.create(dmid)
if action == 'read':
pm.read(pd.authuser.username)
elif action == 'unread':
pm.unread(pd.authuser.username)
elif action == 'delete':
pm.delete(pd.authuser.username)
elif action == 'undelete':
pm.undelete(pd.authuser.username)
if request_wants_json():
return '{}'
else:
return redirect_back('/')
def new_facebook_user():
pd = PageData()
logger.info('Started Facebook new user for {}, referrer was {}'.format(
request.remote_addr, request.referrer))
if not check_new_user(request, nopass=True):
pd.username = request.form['username']
pd.email = request.form['email']
return redirect_back(url_for('index'))
password = ''.join(random.choice(string.printable) for _ in range(100))
if not new_user(request.form['username'], password, request.form['email'],
request.remote_addr):
return render_template('error.html', pd=pd)
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, request.form['username'])
try:
user = SiteUser.create(request.form['username'])
session['username'] = user.username
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
except (NoUser, AuthFail):
return render_template('error.html', pd=pd)
logger.info('New Facebook user {} ID {} ip {}'.format(
user.username, session['facebook_id'], request.remote_addr))
flash('Welcome ' + request.form['username'])
return redirect(url_for('index'))
def pm_action(username, messageid, action):
"""
:URL: /user/<username>/pm/<messageid>/<action>
:Methods: GET
:Actions:
* read
* unread
* delete
* undelete
Setting the accept:application/json header will return JSON instead of a redirect.
"""
pd = PageData()
dmid = deobfuscate(messageid)
if not 'username' in session or pd.authuser.username != username or dmid is None:
return render_template('pm_error.html', pd=pd)
pm = TradeMessage.create(dmid)
if action == 'read':
pm.read(pd.authuser.username)
elif action == 'unread':
pm.unread(pd.authuser.username)
elif action == 'delete':
pm.delete(pd.authuser.username)
elif action == 'undelete':
pm.undelete(pd.authuser.username)
if request_wants_json():
return '{}'
else:
return redirect_back('/')
def new_facebook_user():
pd = PageData();
logger.info('Started Facebook new user for {}, referrer was {}'.format(request.remote_addr, request.referrer))
if not check_new_user(request, nopass=True):
pd.username = request.form['username']
pd.email = request.form['email']
return redirect_back(url_for('index'))
password = ''.join(random.choice(string.printable) for _ in range(100))
if not new_user(request.form['username'], password, request.form['email'], request.remote_addr):
return render_template('error.html', pd=pd)
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, request.form['username'])
try:
user = SiteUser.create(request.form['username'])
session['username'] = user.username
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
except (NoUser, AuthFail):
return render_template('error.html', pd=pd)
logger.info('New Facebook user {} ID {} ip {}'.format(user.username, session['facebook_id'], request.remote_addr))
flash('Welcome ' + request.form['username'])
return redirect(url_for('index'))
def upload_error():
"""
:URL: /upload_error
On the main site any over-size uploads will be redirected here.
Flash a message to the user and attempt to redirect_back()
"""
flash('Your upload is too large, please resize it and try again.')
return redirect_back('error')
def upload_error():
"""
:URL: /upload_error
On the main site any over-size uploads will be redirected here.
Flash a message to the user and attempt to redirect_back()
"""
flash('Your upload is too large, please resize it and try again.')
return redirect_back('error')
def itemaction(item_id, action):
"""
:URL: /item/<item_id>/<action>
:Methods: GET, POST
Update or query the logged in user's record for an item.
If a POST request is received then the current record is returned instead of a redirect back to the previous page.
Setting the accept:application/json header will always return JSON regardless of request type.
:Allowed actions:
* 'status' - Return the item's current status
* 'have' - Mark an item as part of the user's collection
* 'donthave' - Remove the item from the user's collection
* 'show' - If the item is in the user's collection mark it as visible to others
* 'hide' - If the item is in the user's collection hide it from others
* 'willtrade' - Mark the item as available for trade
* 'wonttrade' - Don't show this item as available for trade
* 'want' - Add this item to the user's want list
* 'dontwant ' - Remove this item from the user's want list
:Sample record:
.. code-block:: javascript
{"hidden": 1, "want": 0, "have": 1, "willtrade": 0}
"""
try:
user = SiteUser.create(session['username'])
except (NoUser, KeyError):
user = None
def get_record():
return json.dumps(user.query_collection(item_id).values())
if action == 'status':
if not user:
return '{}'
else:
return get_record()
if user:
try:
ownwant(item_id, user.uid, actions[action])
except (NoItem, KeyError, ValueError):
return page_not_found()
if request.method == 'POST' or request_wants_json():
return get_record()
else:
if request_wants_json():
return '{}', 400
flash('You must be logged in to have a collection')
return redirect_back('/item/' + item_id)
def itemaction(item_id, action):
"""
:URL: /item/<item_id>/<action>
:Methods: GET, POST
Update or query the logged in user's record for an item.
If a POST request is received then the current record is returned instead of a redirect back to the previous page.
Setting the accept:application/json header will always return JSON regardless of request type.
:Allowed actions:
* 'status' - Return the item's current status
* 'have' - Mark an item as part of the user's collection
* 'donthave' - Remove the item from the user's collection
* 'show' - If the item is in the user's collection mark it as visible to others
* 'hide' - If the item is in the user's collection hide it from others
* 'willtrade' - Mark the item as available for trade
* 'wonttrade' - Don't show this item as available for trade
* 'want' - Add this item to the user's want list
* 'dontwant ' - Remove this item from the user's want list
:Sample record:
.. code-block:: javascript
{"hidden": 1, "want": 0, "have": 1, "willtrade": 0}
"""
try:
user = SiteUser.create(session['username'])
except (NoUser, KeyError):
user = None
def get_record():
return json.dumps(user.query_collection(item_id).values())
if action == 'status':
if not user:
return '{}'
else:
return get_record()
if user:
try:
ownwant(item_id, user.uid, actions[action])
except (NoItem, KeyError):
return page_not_found()
if request.method == 'POST' or request_wants_json():
return get_record()
else:
if request_wants_json():
return '{}', 400
flash('You must be logged in to have a collection')
return redirect_back('/item/' + item_id)
def accepttradeitem(username, messageid, action, item=None):
return page_not_found()
pd = PageData()
if not pd.authuser.username == username:
return page_not_found()
if 'username' in session:
if item:
try:
ti = TradeItem(item)
except NoItem:
return page_not_found()
if action == "accept":
ti.accept()
elif action == "reject":
ti.reject()
else:
return page_not_found()
else:
try:
t = TradeMessage.create(deobfuscate(messageid))
except NoItem:
return page_not_found()
if action == "settle":
t.settle()
elif action == "cancel":
t.cancel()
elif action == "reject":
t.reject()
elif action == "reopen":
# FIXME
pass
elif action == "add":
flash('Coming soon...')
return redirect_back('/')
else:
return page_not_found()
return redirect_back('index')
def accepttradeitem(username, messageid, action, item=None):
return page_not_found()
pd = PageData()
if not pd.authuser.username == username:
return page_not_found()
if 'username' in session:
if item:
try:
ti = TradeItem(item)
except NoItem:
return page_not_found()
if action == "accept":
ti.accept()
elif action == "reject":
ti.reject()
else:
return page_not_found()
else:
try:
t = TradeMessage.create(deobfuscate(messageid))
except NoItem:
return page_not_found()
if action == "settle":
t.settle()
elif action == "cancel":
t.cancel()
elif action == "reject":
t.reject()
elif action == "reopen":
# FIXME
pass
elif action == "add":
flash('Coming soon...')
return redirect_back('/')
else:
return page_not_found()
return redirect_back('index')
def pm(username):
pd = PageData()
try:
pmuser = SiteUser.create(username)
except (NoItem, NoUser):
return page_not_found()
if 'username' in session:
if session['username'] == username:
pd.profileuser = pmuser
return render_template('profile/messages.html', pd=pd)
else:
pd.recipient = pmuser
if request.method == 'POST':
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = deobfuscate(request.form['parent'])
else:
parent = None
if message and subject:
messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject,
message, None, parent)
if messageid:
flash('Message sent!')
if parent:
return redirect_back('/user/' + username + '/pm')
else:
return redirect('/user/' + pd.authuser.username +
'/pm/' + obfuscate((messageid)))
else:
# TODO re-fill form
flash('No message or subject')
return redirect_back('/user/' + username + '/pm')
return render_template('sendpm.html', pd=pd)
def editstring():
"""
:URL: /admin/strings/edit
:Method: POST
Update a SiteString object.
.. todo:: Only supports the welcome banner right now... not very useful.
"""
if request.method == 'POST':
if 'text' in request.form:
if request.form['text'] == '':
return redirect_back('index')
ss = SiteString('welcomebanner')
ss.string = request.form['text']
ss.update()
return redirect_back('index')
def editstring():
"""
:URL: /admin/strings/edit
:Method: POST
Update a SiteString object.
.. todo:: Only supports the welcome banner right now... not very useful.
"""
if request.method == 'POST':
if 'text' in request.form:
if request.form['text'] == '':
return redirect_back('index')
ss = SiteString('welcomebanner')
ss.string = request.form['text']
ss.update()
return redirect_back('index')
def logout():
for key in session.keys():
if 'facebook' not in key:
session.pop(key, None)
flash('You were successfully logged out')
if not request.args.get('index'):
return redirect_back(url_for('index'))
else:
return redirect(url_for('index'))
def newtag():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'tag' in request.form:
if request.form['tag'] == '':
return redirect_back('index')
try:
Tags().retrieve(request.form['tag'].strip())
flash('Tag already exists!')
except IndexError:
Tags().insert_children([request.form['tag']], pd.decode(request.form['parent']))
return redirect_back('index')
def admin_reset_pw(user):
pd = PageData()
try:
user = SiteUser.create(user)
user.forgot_pw_reset(ip='0.0.0.0', admin=True)
except NoUser:
return page_not_found(404)
flash('A new password has been e-mailed to ' + user.username + '.')
return redirect_back('/admin')
def flag_image(img_id):
pd = PageData()
try:
flagimg = SiteImage.create(img_id)
flagimg.flag()
except NoImage:
return page_not_found(404)
flash("The image has been flagged and will be reviewed by a moderator.")
return redirect_back('index')
def mod_tag_delete(tag):
pd = PageData()
tree = Tags()
decode_tag = pd.decode(tag)
parent = tree.parent_of(decode_tag)
if tree.delete(decode_tag):
return redirect('/tag/' + pd.encode(parent))
else:
flash('Unable to delete tag: ' + decode_tag)
return redirect_back('/tag/' + tag)
def admin_reset_pw(user):
pd = PageData()
try:
user = SiteUser.create(user)
user.forgot_pw_reset(ip='0.0.0.0', admin=True)
except NoUser:
return page_not_found(404)
flash('A new password has been e-mailed to ' + user.username + '.')
return redirect_back('/admin')
def flag_image(img_id):
pd = PageData()
try:
flagimg = SiteImage.create(img_id)
flagimg.flag()
except NoImage:
return page_not_found(404)
flash("The image has been flagged and will be reviewed by a moderator.")
return redirect_back('index')
def mod_tag_delete(tag):
pd = PageData()
tree = Tags()
decode_tag = pd.decode(tag)
parent = tree.parent_of(decode_tag)
if tree.delete(decode_tag):
return redirect('/tag/' + pd.encode(parent))
else:
flash('Unable to delete tag: ' + decode_tag)
return redirect_back('/tag/' + tag)
def newtag():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'tag' in request.form:
if request.form['tag'] == '':
return redirect_back('index')
try:
Tags().retrieve(request.form['tag'].strip())
flash('Tag already exists!')
except IndexError:
Tags().insert_children([request.form['tag']], pd.decode(request.form['parent']))
return redirect_back('index')
def admin_set_accesslevel(user, level):
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def reparent(img_id):
"""
:URL: /reparent
:Method: POST
Reparent an image.
"""
pd = PageData()
if request.method == 'POST':
newid = request.form['parent']
try:
img = core.SiteImage.create(img_id)
item = core.SiteItem.create(newid)
except (core.NoItem, core.NoImage):
return page_not_found()
if img:
img.reparent(newid)
return redirect_back('/image/' + str(img))
else:
flash('Unable to reparent {}'.format(img_id))
return redirect_back(url_for('index'))
def tagreparent():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'reparent' in request.form:
try:
Tags().reparent(pd.decode(request.form['name']), pd.decode(request.form['reparent']))
except IndexError:
flash('Error reparenting tag!')
return redirect_back('index')
def searchitem():
pd = PageData()
if request.method == 'POST':
if 'query' in request.form:
pd.query = request.form['query']
else:
pd.query = request.args.get('query')
if pd.query == '':
return redirect_back('/')
if pd.query is not None:
pd.results = core.item_search(pd.query)
if len(pd.results) == 0:
pd.results = [None]
return render_template('search.html', pd=pd)
def tagreparent():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'reparent' in request.form:
try:
Tags().reparent(pd.decode(request.form['name']), pd.decode(request.form['reparent']))
except IndexError:
flash('Error reparenting tag!')
return redirect_back('index')
def tagitem():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'tag' in request.form:
if request.form['tag'] == '':
return redirect_back('index')
try:
item = SiteItem.create(request.form['uid'])
item.add_tag(request.form['tag'][:64])
return redirect('/item/' + str(item.uid))
except NoItem:
return page_not_found()
def admin_reset_pw(user):
"""
:URL: /admin/users/<user>/resetpw
Reset the password for a user. Must be an admin.
"""
pd = PageData()
try:
user = SiteUser.create(user)
user.forgot_pw_reset(ip='0.0.0.0', admin=True)
except NoUser:
return page_not_found()
flash('A new password has been e-mailed to ' + user.username + '.')
return redirect_back('/admin')
def admin_reset_pw(user):
"""
:URL: /admin/users/<user>/resetpw
Reset the password for a user. Must be an admin.
"""
pd = PageData()
try:
user = SiteUser.create(user)
user.forgot_pw_reset(ip='0.0.0.0', admin=True)
except NoUser:
return page_not_found()
flash('A new password has been e-mailed to ' + user.username + '.')
return redirect_back('/admin')
def tagitem():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'tag' in request.form:
if request.form['tag'] == '':
return redirect_back('index')
try:
item = SiteItem.create(request.form['uid'])
item.add_tag(request.form['tag'][:64])
return redirect('/item/' + str(item.uid))
except NoItem:
return page_not_found()
def flag_image(img_id):
"""
:URL: /image/<img_id>/flag
Flag an image for review by a moderator.
.. todo:: Add support for a note and record who flagged it.
"""
pd = PageData()
try:
flagimg = SiteImage.create(img_id)
flagimg.flag()
except NoImage:
return page_not_found()
flash("The image has been flagged and will be reviewed by a moderator.")
return redirect_back('index')
def flag_image(img_id):
"""
:URL: /image/<img_id>/flag
Flag an image for review by a moderator.
.. todo:: Add support for a note and record who flagged it.
"""
pd = PageData()
try:
flagimg = SiteImage.create(img_id)
flagimg.flag()
except NoImage:
return page_not_found()
flash("The image has been flagged and will be reviewed by a moderator.")
return redirect_back('index')
def dontwant(item_id):
update = dict(want=0)
ownwant(item_id, update)
return redirect_back('/item/' + item_id)
def inner(*args, **kwargs): #1
if not check_level(1):
flash('Please log in, accounts are free!')
return redirect_back(url_for('accessdenied'))
else:
return func(*args, **kwargs) #
def donthave(item_id):
update = dict(willtrade=0, own=0)
ownwant(item_id, update)
return redirect_back('/item/' + item_id)
def inner(*args, **kwargs): #1
if not check_level(1):
flash('Please log in, accounts are free!')
return redirect_back(url_for('accessdenied'))
else:
return func(*args, **kwargs) #
def fblogin():
"""
:URL: /fbauth
:Methods: GET
Facebook auth callback URI
"""
logger.info('Started Facebook auth for {}, referrer was {}'.format(
request.remote_addr, request.referrer))
try:
facebook = OAuth2Session(FB_CLIENT_ID,
redirect_uri=redirect_uri(),
state=session['facebook_state'])
facebook = facebook_compliance_fix(facebook)
except KeyError:
flash(
'Unable to log in via Facebook, do you have cookies enabled for this site?'
)
logger.info('Failed to find Facebook state information for {}'.format(
request.remote_addr))
return redirect_back(url_for('index'))
try:
token = facebook.fetch_token(token_url,
client_secret=FB_SECRET_ID,
authorization_response=request.url)
response = facebook.get(
'https://graph.facebook.com/v2.5/me?fields=id,name,email').content
except (MismatchingStateError, MissingTokenError) as e:
flash(
'Facebook was not able to provide us with the information we need to authenticate your account.'
)
logger.info('Facebook auth exception for {}: {}'.format(
request.remote_addr, e))
return redirect_back(url_for('index'))
decoded = json.loads(response)
user_key = 'oauth-facebook-{}'.format(decoded['id'])
try:
username = SiteKey(user_key)
user = SiteUser(username.value)
if user.accesslevel is 0:
flash('Your account has been banned')
logger.info(
'Successful Facebook auth for {} but user is banned'.format(
user.username))
session.pop('username', None)
session.pop('facebook_id', None)
username.delete()
return redirect_back(url_for('index'))
user.seen()
session['username'] = user.username
session['facebook_token'] = token
session['facebook_id'] = decoded['id']
session['facebook_name'] = decoded['name']
session['facebook_email'] = decoded['email']
session.permanent = True
# This profile update block won't be needed out of testing
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
# end block
flash('You were successfully logged in')
logger.info('Successful Facebook auth for {} (ID {})'.format(
user.username, decoded['id']))
return redirect_back(url_for('index'))
except NoKey:
session['facebook_token'] = token
session['facebook_id'] = decoded['id']
session['facebook_name'] = decoded['name']
session['facebook_email'] = decoded['email']
pd = PageData()
pd.title = "Log in with Facebook"
logger.info(
'Successful Facebook auth for ID {} but this person has no linked account'
.format(decoded['id']))
return render_template('new_facebook_user.html', pd=pd)
flash('Facebook authentication failed :(')
logger.info('Facebook auth error for {}'.format(request.remote_addr))
return redirect_back(url_for('index'))
def edit_image(img_id):
"""
:URL: /image/<img_id>/edit
Very basic image editor. Applies a list of operations to an image
and either presents a preview back to the user or saves it to the
database as a new image.
"""
pd = PageData()
min_size = 200
try:
img = SiteImageEditor(img_id)
except NoImage:
return page_not_found()
preview = request.args.get('preview')
save = request.args.get('save')
pd.img = img
pd.ops = ''
pd.num_ops = 0
for op in range(1,20):
command = request.args.get('op{}'.format(op))
if command:
if command == 'rotate':
degrees = request.args.get('op{}_degrees'.format(op))
try:
degrees = int(degrees)
except:
return page_not_found()
img.rotate(degrees)
pd.ops = "{}&op{}=rotate&op{}_degrees={}".format(pd.ops, op, op, degrees)
pd.num_ops = op
elif command == 'crop':
x1 = request.args.get('op{}_x1'.format(op))
y1 = request.args.get('op{}_y1'.format(op))
x2 = request.args.get('op{}_x2'.format(op))
y2 = request.args.get('op{}_y2'.format(op))
try:
x1 = int(x1)
y1 = int(y1)
x2 = int(x2)
y2 = int(y2)
except:
return page_not_found()
new_width = x2 - x1
new_height = y2 - y1
if new_width < min_size:
flash("The selection is too narrow, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size))
return redirect_back(url_for('index'))
if new_height < min_size:
flash("The selection is too short, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size))
return redirect_back(url_for('index'))
img.crop(x1, y1, x2, y2)
pd.ops = "{base}&op{op}=crop&op{op}_x1={x1}&op{op}_y1={y1}&op{op}_x2={x2}&op{op}_y2={y2}".format(base=pd.ops, op=op, x1=x1, y1=y1, x2=x2, y2=y2)
pd.num_ops = op
else:
return page_not_found()
if preview == 'true':
return send_file(img.preview(), mimetype='image/jpeg')
if save:
if 'username' in session:
userid = pd.authuser.uid
else:
userid = None
new_img = img.save(userid, request.remote_addr)
return redirect('/image/' + str(new_img))
return render_template('imageedit.html', pd=pd)
def logout():
# remove the username from the session if it's there
session.pop('username', None)
flash('You were successfully logged out')
return redirect_back('index')
def willtrade(item_id):
update = dict(own=1, hidden=0, willtrade=1)
ownwant(item_id, update)
return redirect_back('/item/' + item_id)
def upload_error():
flash('Your upload is too large, please resize it and try again.')
return redirect_back('error')
def fblogin():
"""
:URL: /fbauth
:Methods: GET
Facebook auth callback URI
"""
logger.info('Started Facebook auth for {}, referrer was {}'.format(request.remote_addr, request.referrer))
try:
facebook = OAuth2Session(FB_CLIENT_ID, redirect_uri=redirect_uri(), state=session['facebook_state'])
facebook = facebook_compliance_fix(facebook)
except KeyError:
flash('Unable to log in via Facebook, do you have cookies enabled for this site?')
logger.info('Failed to find Facebook state information for {}'.format(request.remote_addr))
return redirect_back(url_for('index'))
try:
token = facebook.fetch_token(token_url, client_secret=FB_SECRET_ID, authorization_response=request.url)
response = facebook.get('https://graph.facebook.com/v2.5/me?fields=id,name,email').content
except (MismatchingStateError, MissingTokenError) as e:
flash('Facebook was not able to provide us with the information we need to authenticate your account.')
logger.info('Facebook auth exception for {}: {}'.format(request.remote_addr, e))
return redirect_back(url_for('index'))
decoded = json.loads(response)
user_key = 'oauth-facebook-{}'.format(decoded['id'])
try:
username = SiteKey(user_key)
user = SiteUser(username.value)
if user.accesslevel is 0:
flash('Your account has been banned')
logger.info('Successful Facebook auth for {} but user is banned'.format(user.username))
session.pop('username', None)
session.pop('facebook_id', None)
username.delete()
return redirect_back(url_for('index'))
user.seen()
session['username'] = user.username
session['facebook_token'] = token
session['facebook_id'] = decoded['id']
session['facebook_name'] = decoded['name']
session['facebook_email'] = decoded['email']
session.permanent = True
# This profile update block won't be needed out of testing
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
# end block
flash('You were successfully logged in')
logger.info('Successful Facebook auth for {} (ID {})'.format(user.username, decoded['id']))
return redirect_back(url_for('index'))
except NoKey:
session['facebook_token'] = token
session['facebook_id'] = decoded['id']
session['facebook_name'] = decoded['name']
session['facebook_email'] = decoded['email']
pd = PageData();
pd.title = "Log in with Facebook"
logger.info('Successful Facebook auth for ID {} but this person has no linked account'.format(decoded['id']))
return render_template('new_facebook_user.html', pd=pd)
flash('Facebook authentication failed :(')
logger.info('Facebook auth error for {}'.format(request.remote_addr))
return redirect_back(url_for('index'))
def trade(username, itemid=None, messageid=None):
pd = PageData()
status = messagestatus['unread_trade']
try:
pd.tradeuser = SiteUser.create(username)
except NoUser:
return page_not_found(404)
if 'username' in session:
if request.method == 'POST':
authuseritems = request.form.getlist('authuseritem')
tradeuseritems = request.form.getlist('tradeuseritem')
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = request.form['parent']
else:
if messageid:
parent = core.deobfuscate(messageid)
messageid = parent
status = messagestatus['unread_pm']
flashmsg = 'Message sent!'
else:
parent = None
messageid = None
flashmsg = 'Submitted trade request!'
if message and subject:
pmid = send_pm(pd.authuser.uid, pd.tradeuser.uid, subject,
message, status, parent)
if not messageid:
messageid = pmid
elif tradeuseritems or authuseritems:
flashmsg = 'Trade updated'
for item in authuseritems:
add_tradeitem(item, messageid, pd.authuser.uid,
tradeitemstatus['accepted'])
for item in tradeuseritems:
add_tradeitem(item, messageid, pd.tradeuser.uid,
tradeitemstatus['unmarked'])
flash(flashmsg)
return redirect('/user/' + pd.authuser.username + '/pm/' +
obfuscate(messageid))
if message == '':
flash('Please add a message')
return redirect_back('/')
pd.title = "Trading with {}".format(username)
try:
pd.authuser.ownwant = pd.authuser.query_collection(itemid)
except AttributeError:
pass
try:
pd.tradeuser.ownwant = pd.tradeuser.query_collection(itemid)
pd.item = SiteItem(itemid)
except NoItem:
if messageid:
try:
pd.trademessage = TradeMessage.create(deobfuscate(messageid))
except NoItem:
return page_not_found(404)
else:
return page_not_found(404)
return render_template('trade.html', pd=pd)
def trade(username, itemid=None, messageid=None):
pd = PageData()
status = messagestatus['unread_trade']
try:
pd.tradeuser = SiteUser.create(username)
except NoUser:
return page_not_found(404)
if 'username' in session:
if request.method == 'POST':
authuseritems = request.form.getlist('authuseritem')
tradeuseritems = request.form.getlist('tradeuseritem')
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = request.form['parent']
else:
if messageid:
parent = core.deobfuscate(messageid)
messageid = parent
status = messagestatus['unread_pm']
flashmsg = 'Message sent!'
else:
parent = None
messageid = None
flashmsg = 'Submitted trade request!'
if message and subject:
pmid = send_pm(pd.authuser.uid, pd.tradeuser.uid, subject, message, status, parent)
if not messageid:
messageid = pmid
elif tradeuseritems or authuseritems:
flashmsg = 'Trade updated'
for item in authuseritems:
add_tradeitem(item, messageid, pd.authuser.uid, tradeitemstatus['accepted'])
for item in tradeuseritems:
add_tradeitem(item, messageid, pd.tradeuser.uid, tradeitemstatus['unmarked'])
flash(flashmsg)
return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate(messageid))
if message == '':
flash('Please add a message')
return redirect_back('/')
pd.title = "Trading with {}".format(username)
try:
pd.authuser.ownwant = pd.authuser.query_collection(itemid)
except AttributeError:
pass
try:
pd.tradeuser.ownwant = pd.tradeuser.query_collection(itemid)
pd.item = SiteItem(itemid)
except NoItem:
if messageid:
try:
pd.trademessage = TradeMessage.create(deobfuscate(messageid))
except NoItem:
return page_not_found(404)
else:
return page_not_found(404)
return render_template('trade.html', pd=pd)
def upload_error():
flash('Your upload is too large, please resize it and try again.')
return redirect_back('error')
