def changepassword(): print('in change password function') #result = Users.changepassword(db.conn, None) if request.method == 'POST': result = Users.changepassword(db, request.form) result1 = Users.userprofile(db, request.form) if not result: message = {'message': 'Username/Password Changed', 'type': 'success'} return render_template('userprofile.html', data=result1[0], message=message) else: message = {'message': 'Username/Password change Failed', 'type': 'error'} return render_template('userprofile.html', data=result1[0], message=message) return render_template('userprofile.html', data=result1[0]) return render_template('changepwd.html')
def login(): logging.info('Started login') message = None global notifications if notifications: message = notifications notifications = None if 'uid' in session: logging.info(session) return redirect(url_for('show_feed')) if request.method == 'POST': result = Users.loginForm(db, request.form) if not result: notifications = {'message': 'Logged in', 'type': 'success'} #XSS Protection response = make_response( render_template('user-feed.html', message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response else: message = {'message': 'Failed to log in', 'type': 'error'} response = make_response( render_template('login.html', message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response response = make_response(render_template('login.html', message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response
def register(): message = None global notifications if notifications: message = notifications notifications = None if request.method == 'POST': result = Users.registerUser(db, request.form, config['pw_rounds']) print(result) if not result: notifications = {'message': 'Registration successful', 'type': 'success'} #if session['username'] == 'admin': #return redirect(url_for('register')) #else: return redirect(url_for('login')) else: message = {'message': 'Something went wrong: ' + result, 'type': 'error'} return render_template('register.html', message=message) if 'username' in session :#and session['username'] == 'admin': return render_template('register.html', message=message) if config['registration_enabled']: return render_template('register.html', message=message) else: notifications = {'message': 'User registration is disabled by the admin', 'type': 'warning'} if 'username' in session: return redirect(url_for('index')) else: return redirect(url_for('login'))
def update_profile(): notifications = None if 'uid' not in session: logging.info(session) return redirect(url_for('login')) if request.method == 'POST': logging.info("POST on update profile") result = Users.update_profile_details(db.conn, request.form) if not result: message = { 'message': 'Profile update successful', 'type': 'success' } response = make_response( render_template("edit_profile.html", message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response else: message = { 'message': 'Something went wrong: ' + result, 'type': 'error' } response = make_response( render_template("edit_profile.html", message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response return render_template('edit_profile.html')
def join_block(): if 'uid' not in session: logging.info(session) return redirect(url_for('login')) if request.method == 'POST': logging.info("/join_block") result = Users.requestBlock(db, request.form) if not result: message = {'message': 'Registration successful', 'type': 'success'} response = make_response( render_template("login.html", message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response else: message = { 'message': 'Something went wrong: ' + result, 'type': 'error' } response = make_response( render_template("join_block.html", message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response if request.method == 'GET': logging.info('populate available blocks') #blocks = return render_template('join_block.html')
def profile(): message = None global notifications if notifications: message = notifications notifications = None if 'uid' not in session: return redirect(url_for('login')) result = Users.userprofile(db, request.form) print (result[0]) return render_template('userprofile.html', data=result[0])
def index(): message = None global notifications if notifications: message = notifications notifications = None if 'username' not in session: message = {'message': 'Please log in', 'type': 'warning'} return redirect(url_for('login')) res = Users.getUserBlockLinkInfo(db) res = int(0) if res == "Failed" else res blocks = Block_Details.getblock_info(db) return render_template('index.html', session=session, message=message, blocks=blocks, blockId=int(res))
def delUser(user): global notifications if 'username' not in session: notifications = {'message': 'Please log in', 'type': 'warning'} return redirect(url_for('login')) if session['username'] != 'admin': notifications = {'message': 'Admin only page', 'type': 'error'} return redirect(url_for('index')) result = Users.deleteUser(db, user) if not result: notifications = {'message': 'User deleted successfully', 'type': 'success'} return redirect(url_for('users', message="User deleted successfully")) notifications = {'message': 'Something went wrong: ' + result, 'type': 'error'} return redirect(url_for('users', message="Something went wrong: " + result))
def logout(): logging.info('logout pressed') global notifications if 'uid' not in session: return redirect(url_for('index')) result = Users.logout(db) if not result: session.pop('uid', None) notifications = {'message': 'Logged out', 'type': 'success'} #XSS Protection response = make_response(render_template('index.html')) response.headers['X-XSS-Protection'] = '1; mode=block' return response else: notifications = {'message': 'Log out Failed', 'type': 'error'}
def users(): message = None global notifications if notifications: message = notifications notifications = None if 'username' not in session: notifications = {'message': 'Please log in', 'type': 'warning'} return redirect(url_for('login')) #if session['username'] != 'admin': #return redirect(url_for('index', message="Admin only page")) users = Users.getUsers(db) if not users: notifications = {'message': 'Failed to retrieve users', 'type': 'error'} return render_template('users.html', message=message) return render_template('users.html', users=users, message=message)
def login(): message = None global notifications if notifications: message = notifications notifications = None if 'username' in session: return redirect(url_for('index')) if request.method == 'POST': result = Users.loginForm(db, request.form) if not result: notifications = {'message': 'Logged in', 'type': 'success'} return redirect(url_for('index')) else: message = {'message': 'Failed to log in', 'type': 'error'} return render_template('login.html', message=message) return render_template('login.html', message=message)
def profile(): if 'uid' not in session: return redirect(url_for('login')) profile = [] if request.method == 'GET': logging.info("Get profile") profile_data = Users.view_profile(db.conn, request.form) if profile_data[10]: block_id = profile_data[10] block_name = Block.getBlockNameFromBid(db, block_id) logging.info(profile_data) else: block_name = "block approval pending" if profile_data: profile.append({"Fname": profile_data[1], "LName": profile_data[2], "email": profile_data[3], "Username": profile_data[5], "apt": profile_data[5],\ "street": profile_data[6], "city": profile_data[7], "state": profile_data[8], "zip": profile_data[9],"block_name" : block_name, "email_preference": profile_data[14]}) logging.info(profile) return render_template('show_profile.html', profileInfo=profile)
def login(): logging.info('Started login') message = None global notifications if notifications: message = notifications notifications = None if 'uid' in session: logging.info(session) return redirect(url_for('profile')) print("Inside login") if request.method == 'POST': result = Users.loginForm(db, request.form) print(result) if not result: notifications = {'message': 'Logged in', 'type': 'success'} return redirect(url_for('profile')) else: message = {'message': 'Failed to log in', 'type': 'error'} return render_template('login.html', message=message) return render_template('login.html', message=message)
def gethoodlist(): logging.info("in get hoodlist") hoodlist = Hood.gethoodlist(db) if request.method == 'POST': logging.info("/gethoodlist") result = Users.requestBlock(db.conn, request.form) if not result: message = {'message': 'Registration successful', 'type': 'success'} response = make_response(redirect("/login")) response.headers['X-XSS-Protection'] = '1; mode=block' return response else: message = { 'message': 'Something went wrong: ' + result, 'type': 'error' } response = make_response( render_template("join_block.html", message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response return render_template('join_block.html', hoodinfo=hoodlist)
def signup(): message = None global notifications if notifications: message = notifications notifications = None if 'uid' in session: return redirect(url_for('index')) if request.method == 'POST': logging.info("sign up") result = Users.signupUser(db.conn, request.form, config['pw_rounds']) if not result: notifications = { 'message': 'Registration successful', 'type': 'success' } #XSS Protection response = make_response(redirect('gethoodlist')) response.headers['X-XSS-Protection'] = '1; mode=block' return response else: message = { 'message': 'Something went wrong: ' + result, 'type': 'error' } response = make_response( render_template('sign-up.html', message=message)) response.headers['X-XSS-Protection'] = '1; mode=block' return response if config['registration_enabled']: return render_template('sign-up.html', message=message) else: notifications = { 'message': 'User registration is disabled by the admin', 'type': 'warning' } if 'uid' in session: return redirect(url_for('index')) else: return redirect(url_for('join_block'))
def show_feed(): logging.info("Show feed") if 'uid' not in session: logging.info(session) return redirect(url_for('login')) db = DB() if request.method == 'GET': logging.info(request) # friend friendThreads = message_boards.getUserFriendThreads(db, latest=True) logout_time = Users.get_logout_time(db) logging.info(logout_time) #newFriendThreads = message_boards.getLatestThreads(db, logout_time, 'f') logging.info(friendThreads) friendThreadInfo = [] if friendThreads: for ft in friendThreads: logging.info(ft) threadDeets = message_boards.getThreadDetails(db, ft, 'f') if threadDeets: friendThreadInfo.append({ 'tid': threadDeets[0], 'CreatedBy': threadDeets[1], 'Title': threadDeets[2], 'Description_Msg': threadDeets[3], 'CreatedAt': threadDeets[4] }) logging.info(friendThreadInfo) # Neighbors neighborThreads = message_boards.getUserNeighborThreads(db, latest=True) logging.info(neighborThreads) neighborThreadInfo = [] if neighborThreads: for nt in neighborThreads: logging.info(nt) threadDeets = message_boards.getThreadDetails(db, nt, 'n') logging.info(threadDeets) if threadDeets: neighborThreadInfo.append({ 'tid': threadDeets[0], 'CreatedBy': threadDeets[1], 'Title': threadDeets[2], 'Description_Msg': threadDeets[3], 'CreatedAt': threadDeets[4] }) logging.info(neighborThreadInfo) #block blockThreads = message_boards.getUserBlockThreads(db, latest=True) logging.info(blockThreads) blockThreadInfo = [] if blockThreads: for bt in blockThreads: logging.info(bt) threadDeets = message_boards.getThreadDetails(db, bt, 'b') if threadDeets: blockThreadInfo.append({ 'tid': threadDeets[0], 'CreatedBy': threadDeets[1], 'Title': threadDeets[2], 'Description_Msg': threadDeets[3], 'CreatedAt': threadDeets[4] }) #hood hoodThreads = message_boards.getUserHoodThreads(db, latest=True) logging.info("hood threads") logging.info(hoodThreads) hoodThreadInfo = [] if hoodThreads: for ht in hoodThreads: threadDeets = message_boards.getThreadDetails(db, ht, 'h') logging.info("HOOD threadDeets") logging.info(threadDeets) if threadDeets: hoodThreadInfo.append({ 'tid': threadDeets[0], 'CreatedBy': threadDeets[1], 'Title': threadDeets[2], 'Description_Msg': threadDeets[3], 'CreatedAt': threadDeets[4] }) return render_template('user-feed.html', friendFeedInfo=friendThreadInfo, neighborFeedInfo=neighborThreadInfo, blockFeedInfo=blockThreadInfo, hoodFeedInfo=hoodThreadInfo) if request.method == 'POST': logging.info("POST feed") if request.form['CreateThreadBtn'] == 'Save changes': logging.info("Creating new thread") result = message_boards.postNewThread(db, request.form) logging.info(result) return render_template('user-feed.html')