def delete_text(): if not check_credentials.csrf_check(request.form["csrf_token"]): return render_template( "error.html", error="detected csrf_vulnerability exploitation attempt") page_id = request.form["page_id"] if not check_credentials.check_page_ownership(page_id): return render_template("error.html", error="insufficient credentials") allow_pi = check_credentials.is_pi() allow_member = check_credentials.is_member() if "delete_publication" in request.form: publications = sql_quories.fetch_publications(page_id) return render_template("delete_text.html", publications=publications, allow_pi=allow_pi, allow_member=allow_member, form="delete_publication", page_id=page_id) elif "delete_keyword" in request.form: keywords = sql_quories.fetch_keywords(page_id) return render_template("delete_text.html", keywords=keywords, allow_pi=allow_pi, allow_member=allow_member, form="delete_keyword", page_id=page_id) else: return redirect("/")
def member_page(page_id): name = sql_quories.fetch_title(page_id) introductory_text = sql_quories.fetch_introduction(page_id) keywords = sql_quories.fetch_keywords(page_id) publications = sql_quories.fetch_publications(page_id) allow_pi = check_credentials.is_pi() allow_member = check_credentials.check_page_ownership(page_id) allow_student = check_credentials.is_student() return render_template("member_page.html", name=name, introductory_text=introductory_text, \ allow_pi=allow_pi, allow_member=allow_member, allow_student=allow_student, page_id=page_id, \ keywords=keywords, publications=publications)
def new_page(): if not check_credentials.csrf_check(request.form["csrf_token"]): return render_template( "error.html", error="detected csrf_vulnerability exploitation attempt") if check_credentials.is_member( ) and check_credentials.check_page_ownership(0): return render_template("error.html", error="already has personal page") if check_credentials.is_pi() or check_credentials.is_member(): return render_template("new_page.html") else: return render_template("error.html", error="insufficient credentials")
def change_text(): if not check_credentials.csrf_check(request.form["csrf_token"]): return render_template( "error.html", error="detected csrf_vulnerability exploitation attempt") page_id = request.form["page_id"] if not check_credentials.check_page_ownership(page_id): return render_template("error.html", error="insufficient credentials") allow_pi = check_credentials.is_pi() allow_member = check_credentials.is_member() if "old_text" in request.form: old_text = request.form["old_text"] if "change_name" in request.form: return render_template("change_text.html", allow_pi=allow_pi, allow_member=allow_member, form="change_name", page_id=page_id, old_text=old_text) elif "change_introduction" in request.form: return render_template("change_text.html", allow_pi=allow_pi, allow_member=allow_member, form="change_introduction", page_id=page_id, old_text=old_text) elif "add_new_keyword" in request.form: return render_template("change_text.html", allow_pi=allow_pi, allow_member=allow_member, form="add_new_keyword", page_id=page_id) elif "add_new_publication" in request.form: return render_template("change_text.html", allow_pi=allow_pi, allow_member=allow_member, form="add_new_publication", page_id=page_id) else: return redirect("/")
def delete_logo(): if not check_credentials.csrf_check(request.form["csrf_token"]): return render_template( "error.html", error="detected csrf_vulnerability exploitation attempt") if not check_credentials.check_page_ownership(1): return render_template("error.html", error="insufficient credentials") allow_pi = check_credentials.is_pi() logo_ids = sql_quories.fetch_image_ids() logos = sql_quories.fetch_images() combined_logo_info = zip(logo_ids, logos) return render_template("delete_text.html", allow_pi=allow_pi, form="delete_logo", combined_logo_info=combined_logo_info)
def update(): if not check_credentials.csrf_check(request.form["csrf_token"]): return render_template( "error.html", error="detected csrf_vulnerability exploitation attempt") if "changed_name" in request.form: new_title = request.form["changed_name"] page_id = request.form["page_id"] if check_credentials.check_page_ownership(page_id): if len(new_title) > 200: return render_template("error.html", error="new_title too long") sql_quories.update_title(new_title, page_id) if page_id == "1": return redirect("/") else: return redirect("member_page/" + str(page_id)) else: return render_template("error.html", error="insufficient credentials") elif "changed_introduction" in request.form: new_introduction = request.form["changed_introduction"] page_id = request.form["page_id"] if check_credentials.check_page_ownership(page_id): if len(new_introduction) > 10000: return render_template("error.html", error="new_introduction too long") sql_quories.update_introduction(new_introduction, page_id) if page_id == "1": return redirect("/") else: return redirect("member_page/" + str(page_id)) else: return render_template("error.html", error="insufficient credentials") elif "new_name" in request.form: if check_credentials.is_pi() or check_credentials.is_member(): new_name = request.form["new_name"] new_introduction = request.form["new_introduction"] if len(new_name) > 200 or len(new_introduction) > 10000: return render_template( "error.html", error="new_name or new_introduction too long") sql_quories.insert_page(new_name, new_introduction) #after page creation: adding credentials for PI (and whomever just created the page) new_page_id = sql_quories.insert_credentials(session, new_name) return redirect("member_page/" + str(new_page_id)) else: return render_template("error.html", error="insufficient credentials") elif "new_topic" in request.form: if check_credentials.is_pi() or check_credentials.is_member(): new_topic = request.form["new_topic"] new_description = request.form["new_description"] if len(new_topic) > 200 or len(new_description) > 10000: return render_template( "error.html", error="new_topic or new_description too long") new_topic_id = sql_quories.insert_topic(new_topic, new_description, session["username"]) return redirect("student_topics/" + str(new_topic_id)) else: return render_template("error.html", error="insufficient credentials") elif "new_keyword" in request.form: new_keyword = request.form["new_keyword"] page_id = request.form["page_id"] if check_credentials.check_page_ownership(page_id): if len(new_keyword) > 200: return render_template("error.html", error="new_keyword too long") sql_quories.add_keyword(new_keyword, page_id) if page_id == "1": return redirect("/") else: return redirect("member_page/" + str(page_id)) else: return render_template("error.html", error="insufficient credentials") elif "publication_title" in request.form: page_id = request.form["page_id"] data_fields = [] if check_credentials.check_page_ownership(page_id): for k in request.form.keys(): if len(request.form[k]) > 200: return render_template( "error.html", error="maximum field length is 200 characters") data_fields.append(request.form[k]) if len(request.form["publication_volume"]) != 0: if re.search('^[0-9]+$', request.form["publication_volume"]) == None: return render_template( "error.html", error="publication volume has to be numbers") if len(request.form["publication_year"]) != 0: if re.search('^[0-9]+$', request.form["publication_year"]) == None: return render_template( "error.html", error="publication year has to be numbers") sql_quories.add_publication([data_fields[0]] + data_fields[3:], page_id) if page_id == "1": return redirect("/") else: return redirect("member_page/" + str(page_id)) else: return render_template("error.html", error="insufficient credentials") elif "delete_publication" in request.form: page_id = request.form["page_id"] publications = sql_quories.fetch_publications(page_id) for publication in publications: if publication[0] in request.form: sql_quories.remove_publication(publication[0]) return redirect("/") elif "delete_keyword" in request.form: page_id = request.form["page_id"] keywords = sql_quories.fetch_keywords(page_id) for keyword in keywords: if keyword[0] in request.form: sql_quories.remove_keyword(keyword[0]) return redirect("/") elif "delete_logo" in request.form: logo_ids = sql_quories.fetch_image_ids() for logo_id in logo_ids: if str(logo_id[0]) in request.form: sql_quories.remove_logo(logo_id[0]) return redirect("/") else: return redirect("/")