def delete_text():
if not check_credentials.csrf_check(request.form["csrf_token"]):
return render_template(
"error.html",
error="detected csrf_vulnerability exploitation attempt")
page_id = request.form["page_id"]
if not check_credentials.check_page_ownership(page_id):
return render_template("error.html", error="insufficient credentials")
allow_pi = check_credentials.is_pi()
allow_member = check_credentials.is_member()
if "delete_publication" in request.form:
publications = sql_quories.fetch_publications(page_id)
return render_template("delete_text.html",
publications=publications,
allow_pi=allow_pi,
allow_member=allow_member,
form="delete_publication",
page_id=page_id)
elif "delete_keyword" in request.form:
keywords = sql_quories.fetch_keywords(page_id)
return render_template("delete_text.html",
keywords=keywords,
allow_pi=allow_pi,
allow_member=allow_member,
form="delete_keyword",
page_id=page_id)
else:
return redirect("/")
def member_page(page_id):
name = sql_quories.fetch_title(page_id)
introductory_text = sql_quories.fetch_introduction(page_id)
keywords = sql_quories.fetch_keywords(page_id)
publications = sql_quories.fetch_publications(page_id)
allow_pi = check_credentials.is_pi()
allow_member = check_credentials.check_page_ownership(page_id)
allow_student = check_credentials.is_student()
return render_template("member_page.html", name=name, introductory_text=introductory_text, \
allow_pi=allow_pi, allow_member=allow_member, allow_student=allow_student, page_id=page_id, \
keywords=keywords, publications=publications)
def new_page():
if not check_credentials.csrf_check(request.form["csrf_token"]):
return render_template(
"error.html",
error="detected csrf_vulnerability exploitation attempt")
if check_credentials.is_member(
) and check_credentials.check_page_ownership(0):
return render_template("error.html", error="already has personal page")
if check_credentials.is_pi() or check_credentials.is_member():
return render_template("new_page.html")
else:
return render_template("error.html", error="insufficient credentials")
def change_text():
if not check_credentials.csrf_check(request.form["csrf_token"]):
return render_template(
"error.html",
error="detected csrf_vulnerability exploitation attempt")
page_id = request.form["page_id"]
if not check_credentials.check_page_ownership(page_id):
return render_template("error.html", error="insufficient credentials")
allow_pi = check_credentials.is_pi()
allow_member = check_credentials.is_member()
if "old_text" in request.form:
old_text = request.form["old_text"]
if "change_name" in request.form:
return render_template("change_text.html",
allow_pi=allow_pi,
allow_member=allow_member,
form="change_name",
page_id=page_id,
old_text=old_text)
elif "change_introduction" in request.form:
return render_template("change_text.html",
allow_pi=allow_pi,
allow_member=allow_member,
form="change_introduction",
page_id=page_id,
old_text=old_text)
elif "add_new_keyword" in request.form:
return render_template("change_text.html",
allow_pi=allow_pi,
allow_member=allow_member,
form="add_new_keyword",
page_id=page_id)
elif "add_new_publication" in request.form:
return render_template("change_text.html",
allow_pi=allow_pi,
allow_member=allow_member,
form="add_new_publication",
page_id=page_id)
else:
return redirect("/")
def delete_logo():
if not check_credentials.csrf_check(request.form["csrf_token"]):
return render_template(
"error.html",
error="detected csrf_vulnerability exploitation attempt")
if not check_credentials.check_page_ownership(1):
return render_template("error.html", error="insufficient credentials")
allow_pi = check_credentials.is_pi()
logo_ids = sql_quories.fetch_image_ids()
logos = sql_quories.fetch_images()
combined_logo_info = zip(logo_ids, logos)
return render_template("delete_text.html",
allow_pi=allow_pi,
form="delete_logo",
combined_logo_info=combined_logo_info)
def update():
if not check_credentials.csrf_check(request.form["csrf_token"]):
return render_template(
"error.html",
error="detected csrf_vulnerability exploitation attempt")
if "changed_name" in request.form:
new_title = request.form["changed_name"]
page_id = request.form["page_id"]
if check_credentials.check_page_ownership(page_id):
if len(new_title) > 200:
return render_template("error.html",
error="new_title too long")
sql_quories.update_title(new_title, page_id)
if page_id == "1": return redirect("/")
else: return redirect("member_page/" + str(page_id))
else:
return render_template("error.html",
error="insufficient credentials")
elif "changed_introduction" in request.form:
new_introduction = request.form["changed_introduction"]
page_id = request.form["page_id"]
if check_credentials.check_page_ownership(page_id):
if len(new_introduction) > 10000:
return render_template("error.html",
error="new_introduction too long")
sql_quories.update_introduction(new_introduction, page_id)
if page_id == "1": return redirect("/")
else: return redirect("member_page/" + str(page_id))
else:
return render_template("error.html",
error="insufficient credentials")
elif "new_name" in request.form:
if check_credentials.is_pi() or check_credentials.is_member():
new_name = request.form["new_name"]
new_introduction = request.form["new_introduction"]
if len(new_name) > 200 or len(new_introduction) > 10000:
return render_template(
"error.html",
error="new_name or new_introduction too long")
sql_quories.insert_page(new_name, new_introduction)
#after page creation: adding credentials for PI (and whomever just created the page)
new_page_id = sql_quories.insert_credentials(session, new_name)
return redirect("member_page/" + str(new_page_id))
else:
return render_template("error.html",
error="insufficient credentials")
elif "new_topic" in request.form:
if check_credentials.is_pi() or check_credentials.is_member():
new_topic = request.form["new_topic"]
new_description = request.form["new_description"]
if len(new_topic) > 200 or len(new_description) > 10000:
return render_template(
"error.html",
error="new_topic or new_description too long")
new_topic_id = sql_quories.insert_topic(new_topic, new_description,
session["username"])
return redirect("student_topics/" + str(new_topic_id))
else:
return render_template("error.html",
error="insufficient credentials")
elif "new_keyword" in request.form:
new_keyword = request.form["new_keyword"]
page_id = request.form["page_id"]
if check_credentials.check_page_ownership(page_id):
if len(new_keyword) > 200:
return render_template("error.html",
error="new_keyword too long")
sql_quories.add_keyword(new_keyword, page_id)
if page_id == "1": return redirect("/")
else: return redirect("member_page/" + str(page_id))
else:
return render_template("error.html",
error="insufficient credentials")
elif "publication_title" in request.form:
page_id = request.form["page_id"]
data_fields = []
if check_credentials.check_page_ownership(page_id):
for k in request.form.keys():
if len(request.form[k]) > 200:
return render_template(
"error.html",
error="maximum field length is 200 characters")
data_fields.append(request.form[k])
if len(request.form["publication_volume"]) != 0:
if re.search('^[0-9]+$',
request.form["publication_volume"]) == None:
return render_template(
"error.html",
error="publication volume has to be numbers")
if len(request.form["publication_year"]) != 0:
if re.search('^[0-9]+$',
request.form["publication_year"]) == None:
return render_template(
"error.html",
error="publication year has to be numbers")
sql_quories.add_publication([data_fields[0]] + data_fields[3:],
page_id)
if page_id == "1": return redirect("/")
else: return redirect("member_page/" + str(page_id))
else:
return render_template("error.html",
error="insufficient credentials")
elif "delete_publication" in request.form:
page_id = request.form["page_id"]
publications = sql_quories.fetch_publications(page_id)
for publication in publications:
if publication[0] in request.form:
sql_quories.remove_publication(publication[0])
return redirect("/")
elif "delete_keyword" in request.form:
page_id = request.form["page_id"]
keywords = sql_quories.fetch_keywords(page_id)
for keyword in keywords:
if keyword[0] in request.form:
sql_quories.remove_keyword(keyword[0])
return redirect("/")
elif "delete_logo" in request.form:
logo_ids = sql_quories.fetch_image_ids()
for logo_id in logo_ids:
if str(logo_id[0]) in request.form:
sql_quories.remove_logo(logo_id[0])
return redirect("/")
else:
return redirect("/")