def account():
form = UpdateAccountForm()
if form.validate_on_submit():
if form.picture.data:
picture_file = save_picture(form.picture.data)
logged_in_user[0].image_file = picture_file
logged_in_user[0].username = form.username.data
logged_in_user[0].email = form.email.data
# current_user.image_file = picture_file
# current_user.username = form.username.data
# current_user.email = form.email.data
cursor.execute(
f"update users set user_name='{logged_in_user[0].username}', user_email='{logged_in_user[0].email}' where user_id='{logged_in_user[0].id}'"
)
# cursor.execute("update users set user_name=%s, user_email=%s where user_id=%s",
# (current_user.username, current_user.email, current_user.id))
db.commit()
flash('Your account has been updated!', 'success')
return redirect(url_for('account'))
elif request.method == 'GET':
form.username.data = logged_in_user[0].username
form.email.data = logged_in_user[0].email
# form.username.data = current_user.username
# form.email.data = current_user.email
image_file = url_for('static',
filename='profile_pics/' +
logged_in_user[0].image_file)
# image_file = url_for('static', filename='profile_pics/' + current_user.image_file)
return render_template('account.html',
title='Account',
image_file=image_file,
form=form)
def delete_post(post_id):
cursor.execute(f"select * from posts where post_id='{post_id}'")
p = cursor.fetchone()
if p is not None:
if p[4] != current_user.id:
abort(403)
cursor.execute(f"delete from posts where post_id='{p[0]}'")
db.commit()
flash('Your post has been deleted!', 'success')
return redirect(url_for('home'))
def new_post():
form = PostForm()
if form.validate_on_submit():
cursor.execute(
"insert into posts(post_title, post_date, post_content, user_id)"
"values(%s,%s,%s,%s)",
(form.title.data, utc_to_local(
datetime.utcnow()), form.content.data, current_user.id))
db.commit()
flash('Your post has been created!', 'success')
return redirect(url_for('home'))
return render_template('create_post.html',
title='New Post',
form=form,
legend='Create Post')
def register():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user_name = form.username.data
user_email = form.email.data
user_password = hashed_password
cursor.execute(
"insert into users(user_name, user_email, user_password)"
"values(%s,%s,%s)", (user_name, user_email, user_password))
db.commit()
flash('Your account has been created! You are able to log in now.',
'success')
return redirect(url_for('login'))
return render_template("register.html", title='Register', form=form)
def update_post(post_id):
cursor.execute("select * from posts where post_id=%s", (post_id, ))
p = cursor.fetchone()
if p is not None:
if p[4] != current_user.id:
abort(403)
form = PostForm()
if form.validate_on_submit():
cursor.execute(
f"update posts set post_title='{form.title.data}', post_content='{form.content.data}' where post_id='{p[0]}'"
)
db.commit()
flash('Your post has been updated!', 'success')
return redirect(url_for('post', post_id=p[0]))
elif request.method == 'GET':
form.title.data = p[1]
form.content.data = p[3]
return render_template('create_post.html',
title='Update Post',
form=form,
legend='Update Post')
else:
abort(404)