def save(req):
(uid, uname, editable) = jotools.get_login_user(req)
if not editable:
joheaders.error_page(req, _(u'You are not allowed to edit data'))
return '\n'
if req.method != 'POST':
joheaders.error_page(req, _(u'Only POST requests are allowed'))
return '\n'
tid = jotools.toint(jotools.get_param(req, "tid", "0"))
if tid == 0:
joheaders.error_page(req, _(u'Parameter %s is required') % u'tid')
return '\n'
db = jodb.connect()
for field in req.form.list:
if field.name.startswith('checked'):
wid = jotools.toint(field.name[7:])
if wid == 0: continue
db.query("INSERT INTO task_word(tid, wid, uid) VALUES(%i, %i, %i)" %
(tid, wid, uid))
joheaders.redirect_header(req, u"show?tid=%i" % tid)
def _html(req, db, query):
offset_s = `jotools.toint(jotools.get_param(req, 'offset', u'0'))`
limit_s = `jotools.toint(jotools.get_param(req, 'limit', u'200'))`
if limit_s == u'0': limit_s = u'ALL'
param_s = u''
for field in req.form.list:
if not field.name in ['limit', 'offset'] and jotools.checkid(field.name):
param_s = param_s + field.name + u'=' + jotools.get_param(req, field.name, u'') + u'&'
results = db.query("%s LIMIT %s OFFSET %s" % (query, limit_s, offset_s))
if results.ntuples() == 0:
joheaders.error_page(req, _(u'No matching words were found'))
return "\n"
elif results.ntuples() == 1:
joheaders.redirect_header(req, _config.WWW_ROOT_DIR + "/word/edit?wid=%i" \
% results.getresult()[0][0])
return "\n"
else:
(uid, uname, editable) = jotools.get_login_user(req)
joheaders.page_header_navbar_level1(req, _('Search results'), uid, uname)
jotools.write(req, u'<table><tr><th>%s</th><th>%s</th></tr>\n' \
% (_("Word"), _("Word class")))
for result in results.getresult():
jotools.write(req, _print_html_line(db, result[0],
unicode(result[1], 'UTF-8'),
unicode(result[2], 'UTF-8')))
jotools.write(req, u"</table>\n")
if not limit_s == u'ALL' and results.ntuples() == jotools.toint(limit_s):
jotools.write(req, (u'<p><a href="wlist?%soffset=%i&limit=%s">' +
u"%s ...</a></p>\n") % (param_s, int(offset_s)+int(limit_s),
limit_s, _(u'More results')))
joheaders.page_footer_plain(req)
return '\n'
def logout(req, wid = None):
if req.method != 'POST':
joheaders.error_page(req, _(u'Only POST requests are allowed'))
return '\n'
session = jotools.get_session(req)
if session != '':
db = jodb.connect_private()
db.query(("update appuser set session_key = NULL, session_exp = NULL " +
"where session_key = '%s'") % session)
req.headers_out['Set-Cookie'] = 'session=; path=%s; expires=Thu, 01-Jan-1970 00:00:01 GMT' \
% _config.WWW_ROOT_DIR
if wid == None: wid_n = 0
else: wid_n = jotools.toint(wid)
if wid_n == 0: joheaders.redirect_header(req, _config.WWW_ROOT_DIR + u"/")
else: joheaders.redirect_header(req, _config.WWW_ROOT_DIR + u"/word/edit?wid=%i" % wid_n)
return "</html>"
def login(req, wid = None):
if req.method != 'POST':
joheaders.error_page(req, _(u'Only POST requests are allowed'))
return '\n'
password = jotools.get_param(req, 'password', None)
username = jotools.get_param(req, 'username', None)
if username == None or password == None or not jotools.checkuname(username):
joheaders.error_page(req,
_(u"Missing or incorrect username or password"))
return '\n'
pwhash = sha.new((_config.PW_SALT + password).encode('UTF-8')).hexdigest()
db = jodb.connect_private()
results = db.query(("select uid, isadmin from appuser where uname = '%s' and pwhash = '%s' " +
"and disabled = FALSE") % (username.encode('UTF-8'), pwhash))
if results.ntuples() == 0:
joheaders.error_page(req, _(u"Incorrect username or password"))
return '\n'
(uid, isadmin) = results.getresult()[0]
if isadmin == 'f' and _config.ONLY_ADMIN_LOGIN_ALLOWED:
joheaders.error_page(req, _(u"Only administrator logins are allowed at the moment"))
return '\n'
# Generate session key
sesssha = sha.new()
sesssha.update(username)
sesssha.update(pwhash)
if hasattr(os, 'urandom'): # this is only available in Python >= 2.4
sesssha.update(os.urandom(15))
else:
sesssha.update(`time.time()`)
sesssha.update(`random.random()`)
sesssha.update(`os.times()`)
sesskey = sesssha.hexdigest()
db.query(("update appuser set session_key = '%s', session_exp = CURRENT_TIMESTAMP + " +
"interval '%i seconds' where uid = %i") % (sesskey, _config.SESSION_TIMEOUT, uid))
if _config.WWW_ROOT_DIR == '': cookiepath = '/'
else: cookiepath = _config.WWW_ROOT_DIR
req.headers_out['Set-Cookie'] = 'session=%s; path=%s' % (sesskey, cookiepath)
if wid == None: wid_n = 0
else: wid_n = jotools.toint(wid)
if wid_n != 0:
joheaders.redirect_header(req, _config.WWW_ROOT_DIR + u"/word/edit?wid=%i" % wid_n)
elif jotools.get_param(req, 'redir', None) != None:
joheaders.redirect_header(req, _config.WWW_ROOT_DIR +
jotools.get_param(req, 'redir', u''))
else: joheaders.redirect_header(req, _config.WWW_ROOT_DIR + u"/")
return "</html>"
def change(req, wid = None):
if req.method != 'POST':
joheaders.error_page(req, _(u'Only POST requests are allowed'))
return '\n'
(uid, uname, editable) = jotools.get_login_user(req)
if not editable:
joheaders.error_page(req, _(u'You are not allowed to edit data'))
return '\n'
if (wid == None):
joheaders.error_page(req, _(u'Parameter %s is required') % u'wid')
return '\n'
wid_n = jotools.toint(wid)
db = jodb.connect()
db.query("begin")
wclass_results = db.query("select class from word where wid = %i" % wid_n)
if wclass_results.ntuples() == 0:
joheaders.error_page(req, _(u'Word %i does not exist') % wid_n)
db.query("rollback")
return '\n'
wclass = wclass_results.getresult()[0][0]
edfield_results = db.query(("select a.type, a.aid, a.descr from attribute a, attribute_class ac " +
"where a.aid = ac.aid and ac.classid = %i and a.editable = TRUE") % wclass)
eid = db.query("select nextval('event_eid_seq')").getresult()[0][0]
event_inserted = False
messages = []
for attribute in edfield_results.getresult():
if attribute[0] == 1: # string attribute
html_att = 'string%i' % attribute[1]
newval = jotools.get_param(req, html_att, None)
if newval == None: continue
vresults = db.query(("select s.value from string_attribute_value s where " +
"s.wid = %i and s.aid = %i") % (wid_n, attribute[1]))
if vresults.ntuples() == 0: oldval = u""
else: oldval = unicode(vresults.getresult()[0][0], 'UTF-8')
if oldval == newval: continue
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
if newval == u'':
db.query(("delete from string_attribute_value where wid = %i " +
"and aid = %i") % (wid_n, attribute[1]))
elif oldval == u'':
db.query(("insert into string_attribute_value(wid, aid, value, eevent) " +
"values(%i, %i, '%s', %i)") % (wid_n, attribute[1],
jotools.escape_sql_string(newval), eid))
else:
db.query(("update string_attribute_value set value='%s', eevent=%i " +
"where wid=%i and aid=%i") %
(jotools.escape_sql_string(newval), eid, wid_n, attribute[1]))
messages.append(u"%s: '%s' -> '%s'" % (unicode(attribute[2], 'UTF-8'),
oldval, newval))
if attribute[0] == 3: # integer attribute
html_att = 'int%i' % attribute[1]
newval_s = jotools.get_param(req, html_att, None)
if newval_s == None: continue
newval_s = newval_s.strip()
if newval_s == u'':
newval = None
else:
try: newval = int(newval_s)
except ValueError: continue
# Limit value range to prevent troubles with storing the
# value into the database
if newval < -1000000 or newval > 1000000: continue
vresults = db.query(("select i.value from int_attribute_value i where " +
"i.wid = %i and i.aid = %i") % (wid_n, attribute[1]))
if vresults.ntuples() == 0: oldval = None
else: oldval = vresults.getresult()[0][0]
if oldval == newval: continue
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
if newval == None:
db.query(("delete from int_attribute_value where wid = %i " +
"and aid = %i") % (wid_n, attribute[1]))
elif oldval == None:
db.query(("insert into int_attribute_value(wid, aid, value, eevent) " +
"values(%i, %i, %i, %i)") % (wid_n, attribute[1],
newval, eid))
else:
db.query(("update int_attribute_value set value=%i, eevent=%i " +
"where wid=%i and aid=%i") %
(newval, eid, wid_n, attribute[1]))
if oldval == None: oldval_s = _(u'(None)')
else: oldval_s = `oldval`
if newval == None: newval_s = _(u'(None)')
else: newval_s = `newval`
messages.append(u"%s: %s -> %s" % (unicode(attribute[2], 'UTF-8'),
oldval_s, newval_s))
comment = jotools.get_param(req, 'comment', u'')
if comment != u'':
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
db.query("update event set comment = '%s' where eid = %i" \
% (jotools.escape_sql_string(comment), eid))
if event_inserted and len(messages) > 0:
mess_str = jotools.escape_sql_string(reduce(lambda x, y: x + u"\n" + y, messages, u""))
db.query("update event set message = '%s' where eid = %i" % (mess_str, eid))
db.query("commit")
joheaders.redirect_header(req, u'edit?wid=%i' % wid_n)
return '\n'
def add(req):
(uid, uname, editable) = jotools.get_login_user(req)
if not editable:
joheaders.error_page(req, _(u'You are not allowed to edit data'))
return '\n'
db = jodb.connect()
if req.method != 'POST':
joheaders.error_page(req, _(u'Only POST requests are allowed'))
return '\n'
db.query("BEGIN")
if jotools.get_param(req, 'confirm', u'') == u'on': confirm = True
else: confirm = False
nwordlist = []
added_count = 0
need_confirm_count = 0
i = -1
while True:
i = i + 1
nword = jotools.get_param(req, 'word%i' % i, u'')
if nword == u'': break
word = {'word': nword, 'try_again': True, 'confirmed': False, 'wid': None}
word['oword'] = jotools.get_param(req, 'origword%i' % i, None)
nclass = jotools.get_param(req, 'class%i' % i, None)
if not nclass in [None, u'']: nclass = jotools.toint(nclass)
else: nclass = None
word['cid'] = nclass
if confirm and nclass != 0 and jotools.get_param(req, 'confirm%i' % i, u'') != u'on':
word['error'] = _(u'Word was not added')
word['try_again'] = False
if jotools.get_param(req, 'confirm%i' % i, u'') == u'on': word['confirmed'] = True
stored_word = _store_word(db, word, uid)
if stored_word['wid'] != None: added_count = added_count + 1
if stored_word['try_again']: need_confirm_count = need_confirm_count + 1
nwordlist.append(stored_word)
db.query("COMMIT")
if added_count == 1 and len(nwordlist) == 1:
# No confirmation screen if exactly 1 word was successfully added
joheaders.redirect_header(req, "edit?wid=%i" % nwordlist[0]['wid'])
return '\n'
joheaders.page_header_navbar_level1(req, _(u"Add words"), uid, uname)
if need_confirm_count > 0:
jotools.write(req, u'<p>' + _(u'''Adding some words failed or requires confirmation.
Make the required changes and mark the words that you still want to add.''') + u'</p>')
jotools.write(req, u'<form method="post" action="add">\n')
jotools.write(req,
u'<table class="border"><tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th></tr>\n' \
% (_(u'Word'), _(u'Word class'), _(u'Confirm addition'), _(u'Notes')))
_add_entry_fields(req, db, nwordlist, None)
jotools.write(req, u'</table>\n<p>' +
u'<input type="hidden" name="confirm" value="on">' +
u'<input type="submit" value="%s"></p></form>\n' % _(u'Continue'))
joheaders.page_footer_plain(req)
return '\n'
else:
jotools.write(req, u'<p>%s:</p>' % _(u'The following changes were made'))
jotools.write(req,
u'<table class="border"><tr><th>%s</th><th>%s</th><th>%s</th></tr>\n' \
% (_(u'Word'), _(u'Word class'), _(u'Notes')))
_add_entry_fields(req, db, nwordlist, None)
jotools.write(req, u'</table>\n')
jotools.write(req, u'<p><a href="../">%s ...</a></p>\n' \
% _(u'Back to main page'))
joheaders.page_footer_plain(req)
return '\n'
def rwords(req, wid = None):
(uid, uname, editable) = jotools.get_login_user(req)
if not editable:
joheaders.error_page(req, _(u'You are not allowed to edit data'))
return '\n'
if wid == None:
joheaders.error_page(req, _(u'Parameter %s is required') % u'wid')
return '\n'
wid_n = jotools.toint(wid)
db = jodb.connect()
results = db.query("select word, class from word where wid = %i" % wid_n)
if results.ntuples() == 0:
joheaders.error_page(req, _(u'Word %i does not exist') % wid_n)
return '\n'
wordinfo = results.getresult()[0]
if req.method == 'GET': # show editor
word = unicode(wordinfo[0], 'UTF-8')
classid = wordinfo[1]
title1 = _(u'Word') + u': ' + word
link1 = u'edit?wid=%i' % wid_n
title2 = _(u'related words')
joheaders.page_header_navbar_level2(req, title1, link1, title2, uid, uname, wid_n)
jotools.write(req, u'<p>%s</p>\n' % joeditors.call(db, u'word_class', [classid]))
jotools.write(req, joeditors.call(db, u'rwords_edit_form', [wid_n]))
joheaders.page_footer_plain(req)
return '\n'
if req.method != 'POST':
joheaders.error_page(req, _(u'Only GET and POST requests are allowed'))
return '\n'
db.query("begin")
rword_results = db.query("SELECT rwid, related_word FROM related_word WHERE wid = %i" % wid_n)
rword_res = rword_results.getresult()
eid = db.query("select nextval('event_eid_seq')").getresult()[0][0]
event_inserted = False
messages = []
for attribute in rword_res:
html_att = 'rword%i' % attribute[0]
if jotools.get_param(req, html_att, u'') == u'on': remove = True
else: remove = False
if not remove: continue
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
db.query("delete from related_word where wid = %i and rwid = %i" \
% (wid_n, attribute[0]))
messages.append(_(u"Alternative spelling removed: '%s'") \
% jotools.escape_html(unicode(attribute[1], 'UTF-8')))
newwords = jotools.get_param(req, 'add', u'')
for word in jotools.unique(newwords.split()):
if not jotools.checkword(word): continue
already_listed = False
for attribute in rword_res:
if word == unicode(attribute[1], 'UTF-8'):
already_listed = True
break
if already_listed: continue
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
db.query("insert into related_word(wid, eevent, related_word) values(%i, %i, '%s')" \
% (wid_n, eid, jotools.escape_sql_string(word)))
messages.append(_(u"Alternative spelling added: '%s'") % jotools.escape_html(word))
comment = jotools.get_param(req, 'comment', u'')
if comment != u'':
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
db.query("update event set comment = '%s' where eid = %i" \
% (jotools.escape_sql_string(comment), eid))
if event_inserted and len(messages) > 0:
mess_str = jotools.escape_sql_string(reduce(lambda x, y: x + u"\n" + y, messages, u""))
db.query("update event set message = '%s' where eid = %i" % (mess_str, eid))
db.query("commit")
joheaders.redirect_header(req, u'edit?wid=%i' % wid_n)
return '\n'
def flags(req, wid = None):
(uid, uname, editable) = jotools.get_login_user(req)
if not editable:
joheaders.error_page(req, _(u'You are not allowed to edit data'))
return '\n'
if wid == None:
joheaders.error_page(req, _(u'Parameter %s is required') % u'wid')
return '\n'
wid_n = jotools.toint(wid)
db = jodb.connect()
results = db.query("select word, class from word where wid = %i" % wid_n)
if results.ntuples() == 0:
joheaders.error_page(req, _(u'Word %i does not exist') % wid_n)
return '\n'
wordinfo = results.getresult()[0]
if req.method == 'GET': # show editor
word = unicode(wordinfo[0], 'UTF-8')
classid = wordinfo[1]
title1 = _(u'Word') + u': ' + word
link1 = u'edit?wid=%i' % wid_n
title2 = _(u'flags')
joheaders.page_header_navbar_level2(req, title1, link1, title2, uid, uname, wid_n)
jotools.write(req, u'<p>%s</p>\n' % joeditors.call(db, u'word_class', [classid]))
jotools.write(req, joeditors.call(db, u'flag_edit_form', [wid_n, classid]))
joheaders.page_footer_plain(req)
return '\n'
if req.method != 'POST':
joheaders.error_page(req, _(u'Only GET and POST requests are allowed'))
return '\n'
db.query("begin")
edfield_results = db.query(("SELECT a.aid, a.descr, CASE WHEN fav.wid IS NULL THEN 'f' ELSE 't' END " +
"FROM attribute_class ac, attribute a " +
"LEFT OUTER JOIN flag_attribute_value fav ON (a.aid = fav.aid and fav.wid = %i) " +
"WHERE a.aid = ac.aid AND ac.classid = %i AND a.type = 2" +
"ORDER BY a.descr") % (wid_n, wordinfo[1]))
eid = db.query("select nextval('event_eid_seq')").getresult()[0][0]
event_inserted = False
messages = []
for attribute in edfield_results.getresult():
html_att = 'attr%i' % attribute[0]
if jotools.get_param(req, html_att, u'') == u'on': newval = True
else: newval = False
if attribute[2] == 't': oldval = True
else: oldval = False
if oldval == newval: continue
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
if newval == False:
db.query(("delete from flag_attribute_value where wid = %i " +
"and aid = %i") % (wid_n, attribute[0]))
messages.append(_(u"Flag removed: '%s'") % unicode(attribute[1], 'UTF-8'))
if newval == True:
db.query(("insert into flag_attribute_value(wid, aid, eevent) " +
"values(%i, %i, %i)") % (wid_n, attribute[0], eid))
messages.append(_(u"Flag added: '%s'") % unicode(attribute[1], 'UTF-8'))
comment = jotools.get_param(req, 'comment', u'')
if comment != u'':
if not event_inserted:
db.query("insert into event(eid, eword, euser) values(%i, %i, %i)" % \
(eid, wid_n, uid))
event_inserted = True
db.query("update event set comment = '%s' where eid = %i" \
% (jotools.escape_sql_string(comment), eid))
if event_inserted and len(messages) > 0:
mess_str = jotools.escape_sql_string(reduce(lambda x, y: x + u"\n" + y, messages, u""))
db.query("update event set message = '%s' where eid = %i" % (mess_str, eid))
db.query("commit")
joheaders.redirect_header(req, u'edit?wid=%i' % wid_n)
return '\n'