def form(request):
message = None
if request.method == "POST":
form = UserSendSpecialMailForm(request.POST, request=request)
if form.is_valid():
user = form.found_user
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation == User.ACTIVATION_NONE:
return error403(request, Message(request, "users/activation/not_required", extra={"user": user}))
if user.activation == User.ACTIVATION_ADMIN:
return error403(request, Message(request, "users/activation/only_by_admin", extra={"user": user}))
request.messages.set_flash(Message(request, "users/activation/resent", extra={"user": user}), "success")
user.email_user(request, "users/activation/resend", _("Account Activation"))
return redirect(reverse("index"))
else:
message = Message(request, form.non_field_errors()[0], "error")
else:
form = UserSendSpecialMailForm(request=request)
return request.theme.render_to_response(
"users/resend_activation.html",
{"message": message, "form": FormLayout(form)},
context_instance=RequestContext(request),
)
def reset(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation != User.ACTIVATION_NONE:
return error403(request, Message(request, 'users/activation/required', {'user': user}))
if not token or not user.token or user.token != token:
return error403(request, Message(request, 'users/invalid_confirmation_link', {'user': user}))
new_password = get_random_string(6)
user.token = None
user.set_password(new_password)
user.save(force_update=True)
# Logout signed in and kill remember me tokens
Session.objects.filter(user=user).update(user=None)
Token.objects.filter(user=user).delete()
# Set flash and mail new password
request.messages.set_flash(Message(request, 'users/password/reset_done', extra={'user':user}), 'success')
user.email_user(
request,
'users/password/new',
_("Your New Password"),
{'password': new_password}
)
return redirect(reverse('sign_in'))
except User.DoesNotExist:
return error404(request)
def activate(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
current_activation = user.activation
# Run checks
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation == User.ACTIVATION_NONE:
return error403(request, Message(request, "users/activation/not_required", extra={"user": user}))
if user.activation == User.ACTIVATION_ADMIN:
return error403(request, Message(request, "users/activation/only_by_admin", extra={"user": user}))
if not token or not user.token or user.token != token:
return error403(request, Message(request, "users/invalid_confirmation_link", extra={"user": user}))
# Activate and sign in our member
user.activation = User.ACTIVATION_NONE
sign_user_in(request, user)
# Update monitor
request.monitor["users_inactive"] = request.monitor["users_inactive"] - 1
if current_activation == User.ACTIVATION_CREDENTIALS:
request.messages.set_flash(
Message(request, "users/activation/credentials", extra={"user": user}), "success"
)
else:
request.messages.set_flash(Message(request, "users/activation/new", extra={"user": user}), "success")
return redirect(reverse("index"))
except User.DoesNotExist:
return error404(request)
def reset(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation != User.ACTIVATION_NONE:
return error403(
request,
Message(request, 'users/activation/required', {'user': user}))
if not token or not user.token or user.token != token:
return error403(
request,
Message(request, 'users/invalid_confirmation_link',
{'user': user}))
new_password = get_random_string(6)
user.token = None
user.set_password(new_password)
user.save(force_update=True)
# Logout signed in and kill remember me tokens
Session.objects.filter(user=user).update(user=None)
Token.objects.filter(user=user).delete()
# Set flash and mail new password
request.messages.set_flash(
Message(request, 'users/password/reset_done',
extra={'user': user}), 'success')
user.email_user(request, 'users/password/new', _("Your New Password"),
{'password': new_password})
return redirect(reverse('sign_in'))
except User.DoesNotExist:
return error404(request)
def activate(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
current_activation = user.activation
# Run checks
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation == User.ACTIVATION_NONE:
return error403(
request,
Message(request,
'users/activation/not_required',
extra={'user': user}))
if user.activation == User.ACTIVATION_ADMIN:
return error403(
request,
Message(request,
'users/activation/only_by_admin',
extra={'user': user}))
if not token or not user.token or user.token != token:
return error403(
request,
Message(request,
'users/invalid_confirmation_link',
extra={'user': user}))
# Activate and sign in our member
user.activation = User.ACTIVATION_NONE
sign_user_in(request, user)
# Update monitor
request.monitor[
'users_inactive'] = request.monitor['users_inactive'] - 1
if current_activation == User.ACTIVATION_CREDENTIALS:
request.messages.set_flash(
Message(request,
'users/activation/credentials',
extra={'user': user}), 'success')
else:
request.messages.set_flash(
Message(request, 'users/activation/new', extra={'user': user}),
'success')
return redirect(reverse('index'))
except User.DoesNotExist:
return error404(request)
def form(request):
message = None
if request.method == 'POST':
form = UserSendSpecialMailForm(request.POST, request=request)
if form.is_valid():
user = form.found_user
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
elif user.activation != User.ACTIVATION_NONE:
return error403(
request,
Message(request, 'users/activation/required',
{'user': user}))
user.token = get_random_string(12)
user.save(force_update=True)
request.messages.set_flash(
Message(request,
'users/password/reset_confirm',
extra={'user': user}), 'success')
user.email_user(request, 'users/password/confirm',
_("Confirm New Password Request"))
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0])
else:
form = UserSendSpecialMailForm(request=request)
return request.theme.render_to_response(
'users/forgot_password.html', {
'message': message,
'form': FormLayout(form),
},
context_instance=RequestContext(request))
def form(request):
message = None
if request.method == 'POST':
form = UserSendSpecialMailForm(request.POST, request=request)
if form.is_valid():
user = form.found_user
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
elif user.activation != User.ACTIVATION_NONE:
return error403(request, Message(request, 'users/activation/required', {'user': user}))
user.token = get_random_string(12)
user.save(force_update=True)
request.messages.set_flash(Message(request, 'users/password/reset_confirm', extra={'user':user}), 'success')
user.email_user(
request,
'users/password/confirm',
_("Confirm New Password Request")
)
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0])
else:
form = UserSendSpecialMailForm(request=request)
return request.theme.render_to_response('users/forgot_password.html',
{
'message': message,
'form': FormLayout(form),
},
context_instance=RequestContext(request));
def __call__(self, request, **kwargs):
self.request = request
self.mode = kwargs['mode']
try:
if not request.user.is_authenticated():
raise ACLError403(_("Guest, you have to sign-in in order to be able to delete replies."))
self.fetch_thread(kwargs)
if self.mode in ['hide_post', 'delete_post']:
self.fetch_post(kwargs)
except (Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e.message)
except ACLError404 as e:
return error404(request, e.message)
if self.mode == 'delete_thread':
self.thread.delete()
self.forum.sync()
self.forum.save(force_update=True)
request.messages.set_flash(Message(_('Thread "%(thread)s" has been deleted.') % {'thread': self.thread.name}), 'success', 'threads')
return redirect(reverse('forum', kwargs={'forum': self.thread.forum.pk, 'slug': self.thread.forum.slug}))
if self.mode == 'hide_thread':
self.thread.start_post.deleted = True
self.thread.start_post.save(force_update=True)
self.thread.last_post.set_checkpoint(request, 'deleted')
self.thread.last_post.save(force_update=True)
self.thread.sync()
self.thread.save(force_update=True)
self.forum.sync()
self.forum.save(force_update=True)
request.messages.set_flash(Message(_('Thread "%(thread)s" has been deleted.') % {'thread': self.thread.name}), 'success', 'threads')
if request.acl.threads.can_see_deleted_threads(self.thread.forum):
return redirect(reverse('thread', kwargs={'thread': self.thread.pk, 'slug': self.thread.slug}))
return redirect(reverse('forum', kwargs={'forum': self.thread.forum.pk, 'slug': self.thread.forum.slug}))
if self.mode == 'delete_post':
self.post.delete()
self.thread.sync()
self.thread.save(force_update=True)
self.forum.sync()
self.forum.save(force_update=True)
request.messages.set_flash(Message(_("Selected Reply has been deleted.")), 'success', 'threads')
return redirect(reverse('thread', kwargs={'thread': self.thread.pk, 'slug': self.thread.slug}))
if self.mode == 'hide_post':
self.post.deleted = True
self.post.edit_date = timezone.now()
self.post.edit_user = request.user
self.post.edit_user_name = request.user.username
self.post.edit_user_slug = request.user.username_slug
self.post.save(force_update=True)
self.thread.sync()
self.thread.save(force_update=True)
self.forum.sync()
self.forum.save(force_update=True)
request.messages.set_flash(Message(_("Selected Reply has been deleted.")), 'success', 'threads_%s' % self.post.pk)
return self.redirect_to_post(self.post)
def decorator(*args, **kwargs):
request = args[0]
try:
if not request.firewall.admin and request.jam.is_jammed():
return error403(request, _("You have used up allowed attempts quota and we temporarily banned you from accessing this page."))
except AttributeError:
pass
return f(*args, **kwargs)
def error_banned(request, user=None, ban=None):
if not user:
user = request.user
if not ban:
ban = request.ban
return error403(
request, Message(request, 'banned', extra={
'user': user,
'ban': ban
}), _("You are banned"))
def process_view(self, request, callback, callback_args, callback_kwargs):
# Block all crawlers with 403
if request.user.is_crawler():
request.theme.reset_theme()
return error403(request)
else:
# If we are not authenticated or not admin, force us to sign in right way
if not request.user.is_authenticated():
return signin(request)
else:
return None
def form(request):
message = None
if request.method == 'POST':
form = UserSendSpecialMailForm(request.POST, request=request)
if form.is_valid():
user = form.found_user
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation == User.ACTIVATION_NONE:
return error403(
request,
Message(request,
'users/activation/not_required',
extra={'user': user}))
if user.activation == User.ACTIVATION_ADMIN:
return error403(
request,
Message(request,
'users/activation/only_by_admin',
extra={'user': user}))
request.messages.set_flash(
Message(request,
'users/activation/resent',
extra={'user': user}), 'success')
user.email_user(
request,
'users/activation/resend',
_("Account Activation"),
)
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0], 'error')
else:
form = UserSendSpecialMailForm(request=request)
return request.theme.render_to_response(
'users/resend_activation.html', {
'message': message,
'form': FormLayout(form),
},
context_instance=RequestContext(request))
def process_view(self, request, callback, callback_args, callback_kwargs):
# Block all crawlers with 403
if request.user.is_crawler():
request.theme.reset_theme()
return error403(request)
else:
# If we are not authenticated or not admin, force us to sign in right way
if not request.user.is_authenticated():
return signin(request)
elif not request.user.is_god() and not request.acl.admin.is_admin():
request.messages.set_message(Message(_("Your account does not have admin privileges")), 'error', 'security')
return signin(request)
return None
def __call__(self, request, slug=None, thread=None, post=None):
self.request = request
try:
self.fetch_thread(thread)
if post:
self.fetch_post(post)
return self.make_jump()
except (Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e.message)
except ACLError404 as e:
return error404(request, e.message)
def __call__(self, request, **kwargs):
self.request = request
self.forum = None
self.thread = None
self.post = None
try:
self.fetch_target(kwargs)
if not request.user.is_authenticated():
raise ACLError403(_("Guest, you have to sign-in in order to see posts changelogs."))
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist, Change.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e.message)
except ACLError404 as e:
return error404(request, e.message)
return self.dispatch(request, **kwargs)
def __call__(self, request, slug=None, thread=None, page=0):
self.request = request
self.pagination = None
self.parents = None
self.ignored = False
self.watcher = None
try:
self.fetch_thread(thread)
self.fetch_posts(page)
self.message = request.messages.get_message('threads')
self.make_thread_form()
if self.thread_form:
response = self.handle_thread_form()
if response:
return response
self.make_posts_form()
if self.posts_form:
response = self.handle_posts_form()
if response:
return response
except Thread.DoesNotExist:
return error404(self.request)
except ACLError403 as e:
return error403(request, e.message)
except ACLError404 as e:
return error404(request, e.message)
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return request.theme.render_to_response('threads/thread.html',
{
'message': self.message,
'forum': self.forum,
'parents': self.parents,
'thread': self.thread,
'is_read': self.tracker.is_read(self.thread),
'count': self.count,
'posts': self.posts,
'ignored_posts': self.ignored,
'watcher': self.watcher,
'pagination': self.pagination,
'quick_reply': FormFields(QuickReplyForm(request=request)).fields,
'thread_form': FormFields(self.thread_form).fields if self.thread_form else None,
'posts_form': FormFields(self.posts_form).fields if self.posts_form else None,
},
context_instance=RequestContext(request));
def __call__(self, request, **kwargs):
self.request = request
self.forum = None
self.thread = None
self.post = None
try:
self.fetch_target(kwargs)
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e.message)
except ACLError404 as e:
return error404(request, e.message)
return request.theme.render_to_response('threads/details.html',
{
'forum': self.forum,
'parents': self.parents,
'thread': self.thread,
'post': self.post,
},
context_instance=RequestContext(request))
def decorator(*args, **kwargs):
request = args[0]
if not request.firewall.admin and request.jam.is_jammed():
return error403(request,
Message(request, 'security/forbidden_jammed'))
return f(*args, **kwargs)
def register(request):
if request.settings['account_activation'] == 'block':
return error403(
request, Message(request, 'users/registration/registrations_off'))
message = None
if request.method == 'POST':
form = UserRegisterForm(request.POST, request=request)
if form.is_valid():
need_activation = 0
if request.settings['account_activation'] == 'user':
need_activation = User.ACTIVATION_USER
if request.settings['account_activation'] == 'admin':
need_activation = User.ACTIVATION_ADMIN
new_user = User.objects.create_user(
form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'],
ip=request.session.get_ip(request),
activation=need_activation,
request=request)
if need_activation == User.ACTIVATION_NONE:
# No need for activation, sign in user
sign_user_in(request, new_user)
request.messages.set_flash(
Message(request,
'users/activation/none',
extra={'user': new_user}), 'success')
if need_activation == User.ACTIVATION_USER:
# Mail user activation e-mail
request.messages.set_flash(
Message(request,
'users/registration/activation_user',
extra={'user': new_user}), 'info')
new_user.email_user(
request,
'users/activation/user',
_("Welcome aboard, %(username)s!" %
{'username': new_user.username}),
)
if need_activation == User.ACTIVATION_ADMIN:
# Require admin activation
request.messages.set_flash(
Message(request,
'users/registration/activation_admin',
extra={'user': new_user}), 'info')
new_user.email_user(
request, 'users/activation/admin',
_("Welcome aboard, %(username)s!" %
{'username': new_user.username}),
{'password': form.cleaned_data['password']})
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0])
if request.settings['registrations_jams']:
SignInAttempt.objects.register_attempt(
request.session.get_ip(request))
# Have we jammed our account?
if SignInAttempt.objects.is_jammed(
request.session.get_ip(request)):
request.jam.expires = timezone.now()
return redirect(reverse('register'))
else:
form = UserRegisterForm(request=request)
return request.theme.render_to_response(
'users/register.html', {
'message': message,
'form': FormLayout(form),
'hide_signin': True,
},
context_instance=RequestContext(request))
def decorator(*args, **kwargs):
request = args[0]
if not request.firewall.admin and request.user.is_authenticated():
return error403(
request, Message(request, 'security/forbidden_authenticated'))
return f(*args, **kwargs)
def decorator(*args, **kwargs):
request = args[0]
if not request.firewall.admin and request.user.is_authenticated():
from misago.views import error403
return error403(request, _("%(username)s, this page is not available to signed in users.") % {'username': request.user.username})
return f(*args, **kwargs)
def decorator(*args, **kwargs):
request = args[0]
if request.user.is_crawler():
return error403(request)
return f(*args, **kwargs)
def __call__(self, request, **kwargs):
self.request = request
self.forum = None
self.thread = None
self.quote = None
self.post = None
self.parents = None
self.mode = kwargs.get('mode')
if self.request.POST.get('quick_reply') and self.mode == 'new_post':
self.mode = 'new_post_quick'
try:
self.fetch_target(kwargs)
if not request.user.is_authenticated():
raise ACLError403(_("Guest, you have to sign-in in order to post replies."))
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e.message)
except ACLError404 as e:
return error404(request, e.message)
message = request.messages.get_message('threads')
if request.method == 'POST':
form = self.get_form(True)
# Show message preview
if 'preview' in request.POST:
if form['post'].value():
md, preparsed = post_markdown(request, form['post'].value())
else:
md, preparsed = None, None
form.empty_errors()
return request.theme.render_to_response('threads/posting.html',
{
'mode': self.mode,
'forum': self.forum,
'thread': self.thread,
'post': self.post,
'quote': self.quote,
'parents': self.parents,
'message': message,
'preview': preparsed,
'form': FormLayout(form),
},
context_instance=RequestContext(request));
# Commit form to database
if form.is_valid():
# Record original vars if user is editing
if self.mode in ['edit_thread', 'edit_post']:
old_name = self.thread.name
old_post = self.post.post
# If there is no change, throw user back
changed_name = (old_name != form.cleaned_data['thread_name']) if self.mode == 'edit_thread' else False
changed_post = old_post != form.cleaned_data['post']
changed_anything = changed_name or changed_post
# Some extra initialisation
now = timezone.now()
md = None
moderation = False
if not request.acl.threads.acl[self.forum.pk]['can_approve']:
if self.mode == 'new_thread' and request.acl.threads.acl[self.forum.pk]['can_start_threads'] == 1:
moderation = True
if self.mode in ['new_post', 'new_post_quick'] and request.acl.threads.acl[self.forum.pk]['can_write_posts'] == 1:
moderation = True
# Get or create new thread
if self.mode == 'new_thread':
thread = Thread.objects.create(
forum=self.forum,
name=form.cleaned_data['thread_name'],
slug=slugify(form.cleaned_data['thread_name']),
start=now,
last=now,
moderated=moderation,
score=request.settings['thread_ranking_initial_score'],
)
if moderation:
thread.replies_moderated += 1
else:
thread = self.thread
if self.mode == 'edit_thread':
thread.name = form.cleaned_data['thread_name']
thread.slug = slugify(form.cleaned_data['thread_name'])
thread.previous_last = thread.last
# Create new message
if self.mode in ['new_thread', 'new_post', 'new_post_quick']:
# Use last post instead?
if self.mode in ['new_post', 'new_post_quick']:
merge_diff = (now - self.thread.last)
merge_diff = (merge_diff.days * 86400) + merge_diff.seconds
if (self.mode in ['new_post', 'new_post_quick']
and request.settings.post_merge_time
and merge_diff < (request.settings.post_merge_time * 60)
and self.thread.last_poster_id == request.user.id):
# Overtake posting
post = self.thread.last_post
post.appended = True
post.moderated = moderation
post.date = now
post.post = '%s\n\n- - -\n**%s**\n%s' % (post.post, _("Added on %(date)s:") % {'date': date(now, 'SHORT_DATETIME_FORMAT')}, form.cleaned_data['post'])
md, post.post_preparsed = post_markdown(request, post.post)
post.save(force_update=True)
thread.last = now
thread.save(force_update=True)
self.forum.last = now
self.forum.save(force_update=True)
# Ignore rest of posting action
request.messages.set_flash(Message(_("Your reply has been added to previous one.")), 'success', 'threads_%s' % post.pk)
return self.redirect_to_post(post)
else:
md, post_preparsed = post_markdown(request, form.cleaned_data['post'])
post = Post.objects.create(
forum=self.forum,
thread=thread,
merge=thread.merges,
user=request.user,
user_name=request.user.username,
ip=request.session.get_ip(request),
agent=request.META.get('HTTP_USER_AGENT'),
post=form.cleaned_data['post'],
post_preparsed=post_preparsed,
date=now,
moderated=moderation,
)
post.appended = False
elif changed_post:
# Change message
post = self.post
post.post = form.cleaned_data['post']
md, post.post_preparsed = post_markdown(request, form.cleaned_data['post'])
post.edits += 1
post.edit_date = now
post.edit_user = request.user
post.edit_user_name = request.user.username
post.edit_user_slug = request.user.username_slug
post.save(force_update=True)
# Record this edit in changelog?
if self.mode in ['edit_thread', 'edit_post'] and changed_anything:
self.post.change_set.create(
forum=self.forum,
thread=self.thread,
post=self.post,
user=request.user,
user_name=request.user.username,
user_slug=request.user.username_slug,
date=now,
ip=request.session.get_ip(request),
agent=request.META.get('HTTP_USER_AGENT'),
reason=form.cleaned_data['edit_reason'],
size=len(self.post.post),
change=len(self.post.post) - len(old_post),
thread_name_old=old_name if self.mode == 'edit_thread' and form.cleaned_data['thread_name'] != old_name else None,
thread_name_new=self.thread.name if self.mode == 'edit_thread' and form.cleaned_data['thread_name'] != old_name else None,
post_content=old_post,
)
# Set thread start post and author data
if self.mode == 'new_thread':
thread.start_post = post
thread.start_poster = request.user
thread.start_poster_name = request.user.username
thread.start_poster_slug = request.user.username_slug
if request.user.rank and request.user.rank.style:
thread.start_poster_style = request.user.rank.style
# Reward user for posting new thread?
if not request.user.last_post or request.user.last_post < timezone.now() - timedelta(seconds=request.settings['score_reward_new_post_cooldown']):
request.user.score += request.settings['score_reward_new_thread']
# New post - increase post counters, thread score
# Notify quoted post author and close thread if it has hit limit
if self.mode in ['new_post', 'new_post_quick']:
if moderation:
thread.replies_moderated += 1
else:
thread.replies += 1
if thread.last_poster_id != request.user.pk:
thread.score += request.settings['thread_ranking_reply_score']
# Notify quoted poster of reply?
if self.quote and self.quote.user_id and self.quote.user_id != request.user.pk and not self.quote.user.is_ignoring(request.user):
alert = self.quote.user.alert(ugettext_lazy("%(username)s has replied to your post in thread %(thread)s").message)
alert.profile('username', request.user)
alert.post('thread', self.thread, post)
alert.save_all()
if (self.request.settings.thread_length > 0
and not thread.closed
and thread.replies >= self.request.settings.thread_length):
thread.closed = True
post.set_checkpoint(self.request, 'limit')
# Reward user for posting new post?
if not post.appended and (not request.user.last_post or request.user.last_post < timezone.now() - timedelta(seconds=request.settings['score_reward_new_post_cooldown'])):
request.user.score += request.settings['score_reward_new_post']
# Update last poster data
if not moderation and self.mode not in ['edit_thread', 'edit_post']:
thread.last = now
thread.last_post = post
thread.last_poster = request.user
thread.last_poster_name = request.user.username
thread.last_poster_slug = request.user.username_slug
thread.last_poster_style = request.user.rank.style
# Final update of thread entry
if self.mode != 'edit_post':
thread.save(force_update=True)
# Update forum and monitor
if not moderation:
if self.mode == 'new_thread':
self.request.monitor['threads'] = int(self.request.monitor['threads']) + 1
self.forum.threads += 1
if self.mode in ['new_thread', 'new_post', 'new_post_quick']:
self.request.monitor['posts'] = int(self.request.monitor['posts']) + 1
self.forum.posts += 1
if self.mode in ['new_thread', 'new_post', 'new_post_quick'] or (
self.mode == 'edit_thread'
and self.forum.last_thread_id == thread.pk
and self.forum.last_thread_name != thread.name):
self.forum.last_thread = thread
self.forum.last_thread_name = thread.name
self.forum.last_thread_slug = thread.slug
self.forum.last_thread_date = thread.last
if self.mode in ['new_thread', 'new_post', 'new_post_quick']:
self.forum.last_poster = thread.last_poster
self.forum.last_poster_name = thread.last_poster_name
self.forum.last_poster_slug = thread.last_poster_slug
self.forum.last_poster_style = thread.last_poster_style
if self.mode != 'edit_post':
self.forum.save(force_update=True)
# Update user
if not moderation:
if self.mode == 'new_thread':
request.user.threads += 1
request.user.posts += 1
if self.mode in ['new_thread', 'new_post', 'new_post_quick']:
request.user.last_post = thread.last
request.user.save(force_update=True)
# Notify users about post
if md:
try:
if self.quote and self.quote.user_id:
del md.mentions[self.quote.user.username_slug]
except KeyError:
pass
if md.mentions:
post.notify_mentioned(request, md.mentions)
post.save(force_update=True)
# Set thread watch status
if self.mode == 'new_thread' and request.user.subscribe_start:
ThreadWatch.objects.create(
user=request.user,
forum=self.forum,
thread=thread,
last_read=now,
email=(request.user.subscribe_start == 2),
)
if self.mode in ['new_post', 'new_post_quick'] and request.user.subscribe_reply:
try:
watcher = ThreadWatch.objects.get(user=request.user, thread=self.thread)
except ThreadWatch.DoesNotExist:
ThreadWatch.objects.create(
user=request.user,
forum=self.forum,
thread=thread,
last_read=now,
email=(request.user.subscribe_reply == 2),
)
# Set flash and redirect user to his post
if self.mode == 'new_thread':
if moderation:
request.messages.set_flash(Message(_("New thread has been posted. It will be hidden from other members until moderator reviews it.")), 'success', 'threads')
else:
request.messages.set_flash(Message(_("New thread has been posted.")), 'success', 'threads')
return redirect(reverse('thread', kwargs={'thread': thread.pk, 'slug': thread.slug}) + ('#post-%s' % post.pk))
if self.mode in ['new_post', 'new_post_quick']:
thread.email_watchers(request, post)
if moderation:
request.messages.set_flash(Message(_("Your reply has been posted. It will be hidden from other members until moderator reviews it.")), 'success', 'threads_%s' % post.pk)
else:
request.messages.set_flash(Message(_("Your reply has been posted.")), 'success', 'threads_%s' % post.pk)
return self.redirect_to_post(post)
if self.mode == 'edit_thread':
request.messages.set_flash(Message(_("Your thread has been edited.")), 'success', 'threads_%s' % self.post.pk)
if self.mode == 'edit_post':
request.messages.set_flash(Message(_("Your reply has been edited.")), 'success', 'threads_%s' % self.post.pk)
return self.redirect_to_post(self.post)
return redirect(reverse('thread', kwargs={'thread': self.thread.pk, 'slug': self.thread.slug}) + ('#post-%s' % self.post.pk))
message = Message(form.non_field_errors()[0], 'error')
else:
form = self.get_form()
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return request.theme.render_to_response('threads/posting.html',
{
'mode': self.mode,
'forum': self.forum,
'thread': self.thread,
'post': self.post,
'quote': self.quote,
'parents': self.parents,
'message': message,
'form': FormLayout(form),
},
context_instance=RequestContext(request));
def decorator(*args, **kwargs):
request = args[0]
if not request.user.is_authenticated():
from misago.views import error403
return error403(request, _("Dear Guest, only signed in members are allowed to access this page. Please sign in or register and try again."))
return f(*args, **kwargs)
def error_banned(request, user=None, ban=None):
if not user:
user = request.user
if not ban:
ban = request.ban
return error403(request, Message(request, 'banned', extra={'user': user, 'ban': ban}), _("You are banned"));
def register(request):
if request.settings['account_activation'] == 'block':
return error403(request, Message(request, 'users/registration/registrations_off'))
message = None
if request.method == 'POST':
form = UserRegisterForm(request.POST, request=request)
if form.is_valid():
need_activation = 0
if request.settings['account_activation'] == 'user':
need_activation = User.ACTIVATION_USER
if request.settings['account_activation'] == 'admin':
need_activation = User.ACTIVATION_ADMIN
new_user = User.objects.create_user(
form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'],
ip=request.session.get_ip(request),
activation=need_activation,
request=request
)
if need_activation == User.ACTIVATION_NONE:
# No need for activation, sign in user
sign_user_in(request, new_user)
request.messages.set_flash(Message(request, 'users/activation/none', extra={'user':new_user}), 'success')
if need_activation == User.ACTIVATION_USER:
# Mail user activation e-mail
request.messages.set_flash(Message(request, 'users/registration/activation_user', extra={'user':new_user}), 'info')
new_user.email_user(
request,
'users/activation/user',
_("Welcome aboard, %(username)s!" % {'username': new_user.username}),
)
if need_activation == User.ACTIVATION_ADMIN:
# Require admin activation
request.messages.set_flash(Message(request, 'users/registration/activation_admin', extra={'user':new_user}), 'info')
new_user.email_user(
request,
'users/activation/admin',
_("Welcome aboard, %(username)s!" % {'username': new_user.username}),
{'password': form.cleaned_data['password']}
)
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0])
if request.settings['registrations_jams']:
SignInAttempt.objects.register_attempt(request.session.get_ip(request))
# Have we jammed our account?
if SignInAttempt.objects.is_jammed(request.session.get_ip(request)):
request.jam.expires = timezone.now()
return redirect(reverse('register'))
else:
form = UserRegisterForm(request=request)
return request.theme.render_to_response('users/register.html',
{
'message': message,
'form': FormLayout(form),
'hide_signin': True,
},
context_instance=RequestContext(request));
def decorator(*args, **kwargs):
request = args[0]
if not request.csrf.request_secure(request):
return error403(request,
Message(request, 'security/forbidden_request'))
return f(*args, **kwargs)
def decorator(*args, **kwargs):
request = args[0]
if not request.csrf.request_secure(request):
from misago.views import error403
return error403(request, _("Request authorization is invalid. Please try again."))
return f(*args, **kwargs)
def decorator(*args, **kwargs):
request = args[0]
if not request.firewall.admin and request.user.is_authenticated():
return error403(request, Message(request, 'security/forbidden_authenticated'))
return f(*args, **kwargs)
def decorator(*args, **kwargs):
request = args[0]
if not request.csrf.request_secure(request):
return error403(request, Message(request, 'security/forbidden_request'))
return f(*args, **kwargs)
def decorator(*args, **kwargs):
request = args[0]
if not request.firewall.admin and request.jam.is_jammed():
return error403(request, Message(request, 'security/forbidden_jammed'))
return f(*args, **kwargs)
