def all_gossips():
try:
page = int(request.args.get('page'))
if page < 1:
raise TypeError
except (TypeError, ValueError):
page = 1
search = request.args.get('search')
offset = 10 * (page - 1)
search_flag = 0
if search != None:
gossips, success = database.search_gossips(offset, 10, search)
search_flag = 1
else:
gossips, success = database.get_latest_gossips(offset, 10)
if not success:
error("all_gossips", gossips, session.get('username'))
flash('Oops, something wrong happened!', "danger")
return render_template('error.html')
r = make_response(
render_template('gossips.html',
posts=gossips,
search_text=search,
search=search_flag))
return r
def newuser():
if request.method == 'POST':
username = request.form.get('username')
psw1 = request.form.get('password1')
psw2 = request.form.get('password2')
if username == '' or psw1 == '' or psw2 == '':
flash('All fields are required', 'danger')
return redirect('/register')
# username = username.encode('utf-8')
psw1 = psw1.encode('utf-8')
psw2 = psw2.encode('utf-8')
if psw1 == psw2:
psw = Password(psw1)
hashed_psw = psw.get_hashed_password()
message, success = database.insert_user(username, hashed_psw)
if success == 1:
flash('New user added!', 'primary')
return redirect('/login')
else:
error('newuser', message, session.get('username'))
flash('Internal error!', 'danger')
return redirect('/register')
flash('Passwords must be the same!', 'danger')
return redirect('/register')
else:
return render_template('register.html')
def gossip(id):
if request.method == 'POST':
comment = request.form.get('comment')
user = session.get('username')
date = datetime.datetime.now()
if comment == '':
flash('All fields are required', 'danger')
return redirect('/gossip/{}'.format(id))
message, success = database.post_comment(user, comment, id, date)
if not success:
error('gossip', message, session.get('username'))
flash('Couldn\'t add comment, please try again', 'danger')
return redirect('/gossip/{}'.format(id))
flash('New comment added', 'primary')
return redirect('/gossip/{}'.format(id))
else:
gossip, success = database.get_gossip(id)
if not success:
error('gossip', gossip, session.get('username'))
flash('Couldn\'t get gossip, please try again', 'danger')
return redirect('/gossip')
comments, success = database.get_comments(id)
if comments == None:
comments = []
return render_template('gossip.html',
post=gossip,
comments=comments,
id=id)
def csrf_protect():
'''
CSRF PROTECION
'''
if request.method == 'POST':
token_csrf = session.get('_csrf_token')
form_token = request.form.get('_csrf_token')
if not token_csrf or str(token_csrf) != str(form_token):
error('csrf_protect', 'wrong value for csrf_token',
session.get('username'))
return 'ERROR: Wrong value for csrf_token'
def csrf_protect():
'''
CSRF PROTECION
'''
if request.method == "POST":
token_csrf = session.get('_csrf_token')
form_token = request.form.get('_csrf_token')
if not token_csrf or str(token_csrf) != str(form_token):
error("csrf_protect", "wrong value for csrf_token",
session.get("username"))
return "ERROR: Wrong value for csrf_token"
def login():
if request.method == 'POST':
username = request.form.get('username')
psw = Password(request.form.get('password').encode('utf-8'))
user_password, success = database.get_user_password(username)
if not success or user_password == None or not psw.validate_password(
user_password[0]):
error('gossip', 'User not found or wrong password',
session.get('username'))
flash('User not found or wrong password', 'danger')
return render_template('login.html')
session['username'] = username
return redirect('/gossip')
else:
return render_template('login.html')
def all_gossips():
search = request.args.get('search')
search_flag = 0
if search != None:
gossips, success = database.search_gossips(search)
search_flag = 1
else:
gossips, success = database.get_latest_gossips()
if not success:
error('all_gossips', gossips, session.get('username'))
return 'Internal error!'
r = make_response(
render_template('gossips.html',
posts=gossips,
search_text=search,
search=search_flag))
return r
def newgossip():
if request.method == 'POST':
text = request.form.get('text', "").encode('utf-8')
subtitle = request.form.get('subtitle', "").encode('utf-8')
title = request.form.get('title', "").encode('utf-8')
author = session.get('username', "")
date = datetime.datetime.now()
if author == '' or text == '' or subtitle == '' or title == '':
error("gossip", "invalid parameters", session.get('username'))
flash('Todos os campos devem ser preenchidos', "danger")
return render_template('newgossip.html',
title=title,
subtitle=subtitle,
text=text)
database.post_gossip(author, text, title, subtitle, date)
flash('New gossip added', "primary")
return redirect('/gossip')
else:
return render_template('newgossip.html')
def newuser():
if request.method == 'POST':
username = request.form.get('username')
psw1 = request.form.get('password1')
psw2 = request.form.get('password2')
if psw1 == psw2:
psw = Password(str(psw1))
hashed_psw = psw.get_hashed_password()
message, success = database.insert_user(str(username), hashed_psw)
if success == 1:
flash("New user added!", "primary")
return redirect('/login')
else:
error("newuser", message, session.get('username'))
return render_template('error.html')
flash("Passwords must be the same!", "danger")
return redirect('/register')
else:
return render_template('register.html')
def gossip(id):
if request.method == 'POST':
comment = request.form.get('comment').encode('utf-8')
user = session.get('username')
date = datetime.datetime.now()
message, success = database.post_comment(user, comment, id, date)
if not success:
error("gossip", message, session.get('username'))
flash('Oops, something wrong happened', "danger")
return render_template('error.html')
flash('New comment added', "primary")
return redirect('/gossip/{}'.format(id))
else:
gossip, success = database.get_gossip(id)
if not success:
error("gossip", gossip, session.get('username'))
flash('Oops, something wrong happened!', "danger")
return render_template('error.html')
comments, success = database.get_comments(id)
if not success:
error("gossip", comments, session.get('username'))
flash('Oops, something wrong happened!', "danger")
return render_template('error.html')
if comments == None:
comments = []
return render_template('gossip.html',
post=gossip,
comments=comments,
id=id)
def newgossip():
if request.method == 'POST':
text = request.form.get('text')
subtitle = request.form.get('subtitle')
title = request.form.get('title')
author = session.get('username')
date = datetime.datetime.now()
if author == None or text == None or subtitle == None or title == None:
error('gossip', 'Invalid parameters', session.get('username'))
flash('All fields are required', 'danger')
return render_template('newgossip.html',
title=title,
subtitle=subtitle,
text=text)
message, success = database.post_gossip(author, text, title, subtitle,
date)
if success == 0:
flash('Coulnd\'t add gossip, please try again', 'danger')
else:
flash('New gossip added', 'primary')
return redirect('/newgossip')
else:
return render_template('newgossip.html')
