def post_to_wall(username):
post_author = session.get("username")
wall_text = request.form.get("wallText")
wall_owner_id = model.get_user_by_name(username)
post_author_id = model.get_user_by_name(post_author)
model.make_wall_post(wall_owner_id, post_author_id, wall_text)
return redirect(url_for("view_user", username=username))
def make_new_post(username):
owner_id = model.get_user_by_name(username)
author_id = model.get_user_by_name(session["username"])
created_at = datetime.now()
content = request.form.get("wall_post")
model.make_wall_post(owner_id, author_id, created_at, content)
return redirect(url_for("view_user", username=username))
def search_user():
username_to_search = request.form.get("search")
model.get_user_by_name(username_to_search)
if model.get_user_by_name(username_to_search) == "Nope":
flash("User not found")
return redirect(request.referrer)
else:
return redirect("/user/%s"%username_to_search)
def post_to_wall(username):
post_author = session.get("username")
wall_text = request.form.get("wallText")
wall_owner = username
post_author_id = model.get_user_by_name(post_author)
wall_owner_id = model.get_user_by_name(wall_owner)
model.create_wall_post(wall_owner_id, post_author_id, wall_text)
#return "%s %s %s" % (wall_text, post_author, wall_owner)
return redirect(url_for("view_user", username=username))
def create_account():
# get username and password and verify_password from form data
username= request.form.get("username")
password= request.form.get("password")
verify_password= request.form.get("password_verify")
# get user id from session, if it exists
user_id = session.get("user_id")
if user_id:
# if the user is logged in, send them to their own page
username = model.get_name_by_user(user_id)
return redirect(url_for("view_user",username=username ))
elif model.get_user_by_name(username) != None:
# if username is already in the database, flash error message and redirect to same page
flash("That username is taken, please try another")
return redirect(url_for("register"))
elif verify_password != password:
# if the passwords don't match, flash error message and redirect
flash("Your passwords didn't match")
return redirect(url_for("register"))
#check if password verify matches password
else:
# if they passed all those checks, create a new user in the database
# and redirect to their own page
model.make_new_user(username, password)
# flashed messages are fetched using flask function in the jinja template
# in HTML call get_flashed_messages() to display
flash("Your account has been created please login")
return redirect(url_for("index"))
def view_user(username):
model.connect_to_db()
user_id = model.get_user_by_name(username)
wall_posts = model.get_wallposts_by_userid(user_id)
return render_template("wall.html",
wall_posts=wall_posts,
username=username)
def create_account():
# get username, password and verify_password from form data
username = request.form.get("username")
password = request.form.get("password")
verify_password = request.form.get("password_verify")
# get user id from session, if it exists
user_id = session.get("user_id")
if user_id:
# if the user is logged in, send them to their own wall
username = model.get_name_by_user(user_id)
return redirect(url_for("view_user",username=username))
# if username is already in the database, flash error message and redirect to same page
elif model.get_user_by_name(username) != None:
flash("That username is taken, please try another")
return redirect(url_for("register"))
# if the passwords don't match, flash error message and redirect
elif verify_password != password:
flash("Your passwords didn't match")
return redirect(url_for("register"))
#check if password verify matches password
else:
# if they passed all those checks, create a new user in the database
# and redirect to their own page
model.make_new_user(username, password)
# flashed messages are fetched using flask function in the jinja template
# in HTML, call get_flashed_messages() to display
flash("Your account has been created please login")
return redirect(url_for("index"))
def view_user(username):
user_id = model.get_user_by_name(username)
wall_posts = model.get_wall_posts_by_user_id(user_id)
return render_template(
"wall.html",
# orange 'wallpost' gets fed to HTML
wallpost=wall_posts)
def view_user(username):
model.connect_to_db()
owner_id = model.get_user_by_name(username)
wallposts = model.get_wall_posts(owner_id)
html = render_template("wall.html", wallposts=wallposts)
# print "print in_view user fucntion"
return html
def add_collection(user, auth):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
if not is_user_logged_in(session, auth, user.display_name):
return error_request_denied()
body = bottle.request.json
name_missing = "name" not in body
description_missing = "description" not in body
if name_missing or description_missing:
bottle.response.status = 400
return {"error": "Missing required parameters."}
name = body["name"]
description = body["description"]
already_exists = get_collection_by_name(session, name)
if already_exists:
bottle.response.status = 400
return {"error": "There is already a collection with that name."}
new_collection = Collection(user=user, name=name, description=description)
session.add(new_collection)
session.commit()
return {"id": new_collection.id}
def view_user(username):
user_id = model.get_user_by_name(username)
wall_posts = model.get_wall_posts_by_id(user_id)
author_name = model.get_name_by_id(session["user_id"])
return render_template('wall.html', wall_posts=wall_posts,
username=username,
author_name=author_name)
def update_collection(user, name, auth):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
if not is_user_logged_in(session, auth, user.display_name):
return error_request_denied()
collection = get_collection_by_name(session, name)
if not collection:
return error_not_found("Collection")
body = bottle.request.json
name_missing = "name" not in body
description_missing = "description" not in body
if name_missing or description_missing:
bottle.response.status = 400
return {"error": "Missing required parameters"}
collection_name = body["name"]
collection_description = body["description"]
existing_collection = get_collection_by_name(session, collection_name)
if existing_collection:
return {"error": "A collection already exists with this name."}
collection.name = collection_name
collection.description = collection_description
session.commit()
def view_user(username):
model.connect_to_db()
user_id = model.get_user_by_name(username)
posts = model.get_wall_posts(user_id[0])
return render_template("wall.html", posts = posts,
logged_in = session["user_id"],
username = username)
def view_user(username):
model.connect_to_db()
owner_id = model.get_user_by_name(username)
wallposts = model.get_wall_posts(owner_id)
html = render_template("wall.html", wallposts = wallposts)
# print "print in_view user fucntion"
return html
def get_item_image(user, collection, item, image):
user_name = user
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
collection_name = collection
collection = get_collection_by_name(session, collection)
if not collection:
return error_not_found("Collection")
if collection.user != user:
return error_not_found("Image")
item = get_item_by_name(session, user_name, collection_name, item)
if not item:
return error_not_found("Item")
item_image = get_image_by_id(session, image)
return {
"caption": item_image.caption,
"description": item_image.description
}
def profile():
if not session.get("username"):
return redirect(url_for("index"))
user = get_user_by_name(session["username"])
user_history = list(get_user_history(user._id))
pokemons_count = {}
for req in user_history:
if req.pokemon_name not in pokemons_count.keys():
pokemons_count.update({req.pokemon_name: 1})
else:
pokemons_count[req.pokemon_name] += 1
popular_pokemon = sorted(pokemons_count.items(), key=lambda x: x[1], reverse=True)[0][0]
popular_img = get_pokemon_by_name(popular_pokemon).pokemon_img
user_data = {
"id": user._id,
"username": user.name,
"email": user.email,
"count": len(user_history),
"pokemon": popular_pokemon,
"img": popular_img
}
return render_template("profile.html", user_data=user_data)
def post_to_wall(username):
id_from_users = model.get_user_by_name(username)
author_id_from_users = session['username']
date_time = str(datetime.datetime.now())
post = request.form.get("post")
model.post_to_wall(id_from_users, author_id_from_users, date_time, post)
return redirect("/user/%s"%username)
def post_to_wall(username):
model.connect_to_db()
content = request.form.get("content")
author_id = session['user_id']
owner_id = model.get_user_by_name(username)
model.create_new_post(owner_id, author_id, content)
# redirect_string = "/user/%s" % username
return redirect(url_for('view_user', username=username))
def post_to_wall(username):
author_id = session.get("username", None)
new_post = request.form.get("wall_post_text")
model.connect_to_db()
user_id = model.get_user_by_name(username)[0]
model.add_new_post(user_id, user_id, author_id, datetime.datetime.now(), new_post)
return redirect(url_for("view_user", username=username))
def post_on_wall(username):
text = request.form.get("newPost")
username = request.form.get("username")
user_id = session.get("username")
ownerId = model.get_user_by_name(username)
model.make_post(ownerId, user_id, text)
return redirect("/user/%s"%username)
def view_user(username):
ownerId = model.get_user_by_name(username)
#get wall posts from id and send to wall.html
rows = model.getPosts(ownerId)
posts = []
for row in rows:
posts.append(row)
return render_template("wall.html", posts=posts, username=username)
def post_to_wall(username):
model.connect_to_db()
wall_owner = model.get_user_by_name(username)
current_user = session.get('user_id')
wall_content = request.form.get("wall_content")
model.add_wall_post(current_user, wall_owner, wall_content)
return redirect(url_for('view_user', username=username))
def post_to_wall(username):
model.connect_to_db()
owner_id = model.get_user_by_name(username)
author_id = session.get('user_id')
created_at = datetime.datetime.now()
content = request.form.get('content')
model.post_wall_posts(owner_id, author_id, created_at, content)
return redirect(url_for('view_user', username=username))
def post_to_wall(username):
model.connect_to_db()
content = request.form.get("content")
author_id = session['user_id']
owner_id = model.get_user_by_name(username)
model.create_new_post(owner_id, author_id, content)
# redirect_string = "/user/%s" % username
return redirect(url_for('view_user', username=username))
def post_to_wall(username):
model.connect_to_db()
owner_id = model.get_user_by_name(username)
author_id = session.get('user_id')
created_at = datetime.datetime.now()
content = request.form.get('content')
model.post_wall_posts(owner_id, author_id, created_at, content)
return redirect(url_for('view_user', username = username))
def view_user(username):
model.connect_to_db()
user_id = model.get_user_by_name(username)
wall_posts = model.get_wall_posts_for_user(user_id)
return render_template("wall_posts.html", username = username,
wall_posts = wall_posts,
user_id = session.get('user_id'))
def post_to_wall(username):
model.connect_to_db()
wall_owner = model.get_user_by_name(username)
current_user = session.get('user_id')
wall_content = request.form.get("wall_content")
model.add_wall_post(current_user, wall_owner, wall_content)
return redirect(url_for('view_user', username=username))
def show_wall_posts(profile):
model.connect_to_db()
display_id = model.get_user_by_name(profile)
if display_id:
posts = model.get_posts_by_user_id(display_id)
pretty_data = make_pretty_data(posts)
return render_template("wall.html", posts=pretty_data, profile=profile)
flash("No user by that name.","alert-danger")
return redirect(url_for("index"))
def view_user(username):
model.connect_to_db()
user_id = model.get_user_by_name(username)
wall_posts = model.get_wall_posts_for_user(user_id)
return render_template("wall_posts.html",
username=username,
wall_posts=wall_posts,
user_id=session.get('user_id'))
def create_account():
username = request.form.get("username")
password = request.form.get("password")
if model.get_user_by_name(username):
flash("Your account already exists!")
return redirect("/")
else:
model.create_user(username, password)
return redirect("/")
def create_account():
username = request.form.get("username")
password = request.form.get("password")
if model.get_user_by_name(username):
flash("There is already a user by that name")
return redirect(url_for("create_account"))
else:
flash("User created, please log in")
model.add_user_to_db(username, password)
return redirect(url_for("index"))
def create_account():
model.connect_to_db()
username = request.form.get('username')
password = request.form.get('password')
if model.get_user_by_name(username):
flash("That user already exists!")
return redirect(url_for("register"))
else:
model.add_new_user(username, password)
flash("New user created!")
return redirect(url_for("index"))
def create_account(): # THIS DOESN'T WORK RIGHT NOW
username = request.form.get("username")
password = request.form.get("password")
if model.get_user_by_name(username):
flash("Your account already exists!")
return redirect(url_for("index"))
else:
model.create_user(username, password)
flash("You successfully created your account!")
return redirect("/")
def create_account():
model.connect_to_db()
username = request.form.get('username')
password = request.form.get('password')
if model.get_user_by_name(username):
flash("That user already exists!")
return redirect(url_for("register"))
else:
model.add_new_user(username, password)
flash("New user created!")
return redirect(url_for("index"))
def pokemon():
if not session.get("username"):
return redirect(url_for("index"))
found_user = get_user_by_name(session["username"])
user_history = get_user_history(found_user._id)
if len(list(user_history)) < 9:
necessary_pokemons = list(user_history)
else:
necessary_pokemons = user_history[len(list(user_history)) - 9:]
return render_template("history.html", pokemons=necessary_pokemons)
def view_user(username):
check_logged_in = session.get("user_id")
user_id = model.get_user_by_name(username)
if user_id == None:
flash("That user does not exist.")
return redirect(url_for("register"))
else:
#wall_posts is a list of tuples
wall_posts = model.get_wall_by_user(user_id)
#this generates the wall page from template these variable are for jinja to include{{}}
html = render_template("mypage.html", wall_posts=wall_posts, check_logged_in=check_logged_in, username=username)
return html
def valid_login(username, password):
have_error = False
params = {'username': username}
user = model.get_user_by_name(username)
if user:
if valid_pw(password, user.password):
return have_error, params, user
else:
have_error = True
params['error'] = 'Invalid Password'
else:
have_error = True
params['error'] = 'Invalid User'
return have_error, params, user
def create_account():
if session.get('username'):
real_name = session.get('actual_username')
return redirect("/user/%s"%real_name)
else:
username = request.form.get("username")
password = request.form.get("password")
if model.get_user_by_name(username) == "Nope":
model.register_new_user(username, password)
flash("Account created!")
return redirect(url_for("process_login"))
else:
flash("You already exist!")
return redirect(url_for("register"))
def valid_login(username, password):
have_error = False
params = {'username': username}
user = model.get_user_by_name(username)
if user:
if valid_pw(password, user.password):
return have_error, params, user
else:
have_error = True
params['error'] = 'Invalid Password'
else:
have_error = True
params['error'] = 'Invalid User'
return have_error, params, user
def create_account():
model.connect_to_db()
username = request.form.get("username")
user_id = model.get_user_by_name("username")
if user_id == None:
print 'there is no user id.'
username = request.form.get("username")
password = request.form.get("password")
flash('Account successfully created.')
model.create_new_account(username, password)
return redirect(url_for("index"))
else:
flash('User already exists.')
return redirect(url_for('register'))
def post_to_wall(profile):
content = request.form.get("post_text")
# the person writing the post is the person logged in
author_id = session['user_id']
model.connect_to_db()
# the owner is the person's wall we are currently looking at, and then we need the ID of that person
owner_id = model.get_user_by_name(profile)
# insert a row into the DB that contains the relevant data
# if we are missing any of these pieces, don't write to the db.
if owner_id and author_id and content:
model.write_wall_post(owner_id, author_id, content)
else:
flash("Not enough data to write wall post.","alert-danger")
# then render the page with all of the wall posts on it, including the one we just wrote.
return redirect(url_for("show_wall_posts", profile=profile))
def create_account():
if session.get('username'):
redirect(url_for("view_user", username = session.get("username")))
else:
model.connect_to_db()
username = request.form.get("username")
user_id = model.new_user_id()
if request.form.get("password") == request.form.get("password_verify"):
password = request.form.get("password")
if model.get_user_by_name(username):
flash("That username is already taken!")
return redirect(url_for("register"))
else:
model.add_new_user(user_id, username, password)
return redirect(url_for("view_user", username=username))
def create_account():
model.connect_to_db()
username = request.form.get("username")
user_id = model.get_user_by_name("username")
if user_id == None:
print 'there is no user id.'
username = request.form.get("username")
password = request.form.get("password")
flash('Account successfully created.')
model.create_new_account(username,password)
return redirect(url_for("index"))
else:
flash('User already exists.')
return redirect(url_for('register'))
def POST(self):
"""
Compares given CIN, username and password to db entry
"""
i = web.input()
form = self.form()
logger.debug('Logged_in: %s', session.logged_in)
output=[]
if ospath.exists('banned_ip.chess'):
with open('banned_ip.chess','r') as bfd:
for line in bfd:
if web.ctx['ip'] in line:
t = line[line.find('|')+2:-1].strip()
d = datetime.strptime(t,self.time_format)
dc = datetime.utcnow()
if d + self.bannedtimer <= dc:
return "<h1>Too many failed login attempts.</h1><br /><h2>Please try again at a later time</h2>"
else:
output.append(line)
with open('banned_ip.chess','w') as bfd:
f.writelines(output)
if not form.validates():
return render.login(form, users=model.get_all_users())
else:
try:
u = model.get_user_by_name(i.cin, i.username.strip().lower())[0]
except IndexError:
return render.login(form,"User does not exist! If you need an account, please contact your local admin.", users=model.get_all_users())
check = True if bcrypt.hashpw(i.password, u.password) == u.password else False
#Check is user authentication was a great success
if check:
session.logged_in = True
session.username = i.username
session.cin = int(i.cin)
session.priv = u.privilege
raise web.seeother('/')
else:
try:
session['loginfails'] += 1
except KeyError:
session['loginfails'] = 0
if session['loginfails'] > MAX_LOGIN_ATTEMPTS:
ip = web.ctx['ip']
logger.warning('IP %s has attempted too many unsuccessfull logins', ip)
session['loginfails']=0
with open('banned_ip.chess','a') as bfd:
bfd.write("%s | %s"%(web.ctx['ip'],datetime.utcnow()))
return render.login(form,"login failed!", users=model.get_all_users())
def POST(self):
i = web.input()
users = model.get_user_by_name(i.cin, i.uname)
try:
user = [u for u in users if u.username == i.uname.lower()][0]
except IndexError:
raise web.notfound("User doesn't exist")
if user:
key = uuid4().hex
#web.sendmail('*****@*****.**',user.email,'Password Reset Email',
# 'Dear %s,\n We have received notice that you have submitted a password reset.\n You can follow up on this by following this link: %s\n If you did not request this, alert us to possible security exploits by contacting us at (08)95863555 or by email at [email protected]' % (user.username, '/forgottenpassword/'+str(user.userID)+'@'+str(user.FK_clientID)+'@'+key))
model.generate_recovery_link(user.FK_clientID, user.userID, key)
raise web.seeother('/forgotpassword/'+str(user.userID)+'@'+str(user.FK_clientID)+'@'+key)
else:
raise web.seeother('/recover/')
def signin():
if session.get("username"):
return redirect(url_for("search"))
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
user = get_user_by_name(username)
if user and check_password_hash(user.password, password):
session["username"] = username
return redirect(url_for("search", name=user.name))
else:
flash("Неправильный логин или пароль!")
return render_template("signin.html")
def post_to_wall(username):
#request.form is dictionary from form with method post
# get content from submitted form
content = request.form.get("content")
#get the current user from the session
author_id = session.get("user_id")
# look up the person whose page it is
owner_id = model.get_user_by_name(username)
# add post to database
model.post_to_wall(owner_id, author_id, content)
# send user back to same page
# url_for is a flask function that finds the right url based on handler name
return redirect(url_for("view_user",username=username ))
def view_user(username):
logged_in = False
user_id = model.get_user_by_name(username)[0]
if session.get("user_id"):
logged_in = True
if user_id != None:
wall_posts = model.get_wall_posts(user_id)
if not wall_posts:
return render_template("wall.html", message="This user has no posts.",
logged_in=logged_in)
else:
return render_template("wall.html", posts=wall_posts,
logged_in=logged_in)
print wall_posts
else:
return render_template("wall.html", message="Not a valid user.")
def delete_collection(user, collection, auth):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
if not is_user_logged_in(session, auth, user.display_name):
return error_request_denied()
collection_record = get_collection_by_name(session, collection)
collection_not_found = not collection_record
if collection_not_found:
return error_not_found("Collection")
session.delete(collection_record)
session.commit()
def delete_item(user, collection, item):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
collection = get_collection_by_name(session, collection)
if not collection:
return error_not_found("Collection")
item = get_item_by_name(session, user.display_name, collection.name, item)
if not item:
return error_not_found("Item")
session.delete(item)
def get_collection(user, name, auth):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
if not is_user_logged_in(session, auth, user.display_name):
return error_request_denied()
items = get_collection_items(session, name)
return {
'data': [{
"id": item.id,
"name": item.name,
"description": item.description
} for item in items]
}
def example(user, auth):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
if not is_user_logged_in(session, auth, user.display_name):
return error_request_denied()
result = {}
for collection in user.collections:
result[collection.name] = {
"id": collection.id,
"name": collection.name,
"description": collection.description
}
return result
def process_login():
model.connect_to_db()
username = request.form.get("username")
password = request.form.get("password")
# Checks user authenticated to then create a session
user_id = model.authenticate(username, password)
if user_id != None:
flash("User authenticated!")
session['user_id'] = user_id
session['username'] = username
elif model.get_user_by_name(username) is None:
flash("Username does not exist, please register a new account")
return redirect(url_for("register"))
else:
flash(
"Password incorrect, there may be a ferret stampede in progress!")
return redirect(url_for("index"))
def view_user(username):
logged_in = False
user_id = model.get_user_by_name(username)[0]
if session.get("user_id"):
logged_in = True
if user_id != None:
wall_posts = model.get_wall_posts(user_id)
if not wall_posts:
return render_template("wall.html",
message="This user has no posts.",
logged_in=logged_in)
else:
return render_template("wall.html",
posts=wall_posts,
logged_in=logged_in)
print wall_posts
else:
return render_template("wall.html", message="Not a valid user.")
def get_collection(user, name, auth):
user = get_user_by_name(session, user)
if not user:
return error_user_not_found()
if not is_user_logged_in(session, auth, user.display_name):
return error_request_denied()
collection = get_collection_by_name(session, name)
if not collection:
return error_not_found("Collection")
return {
"id": collection.id,
"name": collection.name,
"description": collection.description
}
def view_user(username):
# TODO: How do you navigate to other users' walls?
# TODO: Sort & display by datetime
# check if the user is logged in.
# the template uses this to determine whether or not to display wall post form
check_logged_in = session.get("user_id")
# get user_id for the owner of the page
user_id = model.get_user_by_name(username)
if user_id == None:
flash("That user does not exist.")
# Is this where we should redirect to?
return redirect(url_for("register"))
else:
# get list of wall_posts from database
# wall_posts is a list of tuples
wall_posts = model.get_wall_by_user(user_id)
html = render_template("wall.html", wall_posts=wall_posts, check_logged_in=check_logged_in, username=username)
return html
def signup():
if session.get("username"):
return redirect(url_for("search"))
if request.method == "POST":
username = request.form["username"]
email = request.form["email"]
password = request.form["password"]
password = generate_password_hash(password)
if get_user_by_name(username):
flash("Пользователь с таким именем уже зарегистрирован!")
return redirect(url_for("signup"))
elif get_user_by_email(email):
flash("Пользователь с такой почтой уже зарегистрирован!")
return redirect(url_for("signup"))
else:
add_user(username, email, password)
session["username"] = username
return redirect(url_for("search"))
return render_template("signup.html")
def search():
if not session.get("username"):
return redirect(url_for("index"))
if request.method == "POST":
try:
if request.form["random_button"]:
pokemon_data = get_pokemon_data(randint(1, 807))
send_info(pokemon_data, session)
except:
user_input = request.form["user_input"].lower()
pokemon_data = get_pokemon_data(user_input)
if pokemon_data != "Error":
send_info(pokemon_data, session)
found_user = get_user_by_name(session["username"])
add_user_request(found_user._id, pokemon_data["_id"], pokemon_data["name"], pokemon_data["pokemonType"][0], pokemon_data["sprites"])
else:
session.pop("pokemon_name", None)
return render_template("search.html")