def loginView(request): if request.user.is_authenticated(): return redirect('website:catalogue') if request.method == 'POST': name = request.POST.get('login','') pw = request.POST.get('password','') #check if either is only whitespace if isNoneOrEmptyOrBlankString(name) or isNoneOrEmptyOrBlankString(pw): return HttpResponseBadRequest('username and/or password is empty') user = authenticate(username=name,password=pw) if user is not None: if user.is_active: login(request, user) #go to next or url root(index) return redirect(request.REQUEST.get('next','/')) else: messages.error(request, 'User not found') return redirect('website:index') elif request.method == 'GET': nextPage = request.REQUEST.get('next','/') if nextPage != '/': messages.warning(request,"You need to be logged in to view this page") return render(request, 'authenticate/login.html',{'next':nextPage})
def signup(request): if request.method == 'POST': name = request.POST.get('name','') pw = request.POST.get('password','') email = request.POST.get('email','') if not verifyCaptcha(request.POST.get('g-recaptcha-response','')): messages.error(request, "Captcha could not be validated") return redirect('website:index') #check if either is only whitespace if isNoneOrEmptyOrBlankString(name) or isNoneOrEmptyOrBlankString(pw) or isNoneOrEmptyOrBlankString(email): return HttpResponseBadRequest('username and/or password is empty') if len(User.objects(username=name)) != 0: messages.error(request, "Username" + name + "already taken") return redirect('website:index') if len(User.objects(email=email)) != 0: messages.error(request, "Email" + email + "already taken") return redirect('website:index') maxLength = len("IraklisDimitriadis") #this should be a good maxLength if len(name) > maxLength: messages.error(request, "Your name is too long. Use less than "+maxLength+" letters.") return redirect('website:index') user = User.create_user(name,pw,email) user.save() UserExtension(user=user,karma=0).save() #log user in after registrartion user = authenticate(username=name,password=pw) if user is not None: if user.is_active: login(request, user) messages.success(request, 'Your account was created. Click OK to begin using Lemur.') return redirect('website:catalogue') elif request.method == 'GET': return redirect('website:index') messages.error(request, "The server let's you know, that something unexpected happened.") return redirect('website:index')
def editComment(request,commentID): if request.method == 'POST': comment = CommentPost.objects.get(id=commentID) if request.user == comment.author or request.user.is_superuser: newText = request.POST.get('newText','') if isNoneOrEmptyOrBlankString(newText): return HttpResponseBadRequest('text field is empty') newText = escape(newText) #escaping for sanitizing html code in text #newText = markdown2.markdown(text) #render markdown syntax to html! if (commentSpamDetection(newText)): return HttpResponseBadRequest("spam detected.") comment.rawText = newText comment.isEdited = True comment.lastEdit = datetime.datetime.now() comment.save() renderOneCommentText(comment.slide.id,comment.page,comment) return redirect(request.POST.get('redirectURL','website:index')) else: return PermissionDenied('Illegal operation') else: raise Http404
def postComment(request): if request.method == 'POST': text = request.POST.get('commentText','') if isNoneOrEmptyOrBlankString(text): return HttpResponseBadRequest('text field is empty') text = escape(text) #escaping for sanitizing html code in text #text = markdown2.markdown(text) #render markdown syntax to html! if (commentSpamDetection(text)): return HttpResponseBadRequest("spam detected.") hadTags = False slideId = request.POST.get('slideId','') pageNumber = request.POST.get('pageNumber',"1") slide = Slide.objects.get(id=slideId) isAnonymous = False user = request.user tagData = request.POST.get('TagData','') tagList = None if tagData is not '': hadTags = True tagList = [] tagNameList = [] tagDataDecoded = json.loads(tagData) for tag in tagDataDecoded['items']: tagName = tag['tagName'] #validate inputs if( float(tag["relCoordLeft"]) > (1-float(tag["relWidth"])) or float(tag["relCoordLeft"]) < 0 or float(tag["relCoordTop"]) > (1-float(tag["relHeight"])) or float(tag["relCoordTop"]) < 0 or float(tag["relHeight"]) > 0.6 or float(tag["relHeight"]) < 0.03 or float(tag['relWidth']) > 0.8 or float(tag['relWidth']) < 0.03 or len(tagName) > 11 or len(tagName) < 3 or isDuplicateTag(slideId,pageNumber,tagName)): return HttpResponseBadRequest("illegal values") if (tagName in tagNameList): return HttpResponseBadRequest("duplicate Tag Name") tagNameList.append(tagName) relCoords = Coordinate(left=tag["relCoordLeft"],top=tag["relCoordTop"]) relDimensions = Dimensions(height=tag["relHeight"],width=tag['relWidth']) newTag = SlideTag(tagName=tag['tagName'],color=tag['color'],relCoords=relCoords,relDimensions=relDimensions) tagList.append(newTag) if 'anonymous' in request.POST: #user = None isAnonymous = True comment = CommentPost(rawText=text,renderedText=text,author=user,authorExtension=getUserExtension(user), date=datetime.datetime.now(),authorUserSymbol=getCurrentUserSymbol(request), rootID=request.POST.get('rootID','None'), isAnonymous=isAnonymous,attachedTags=tagList, slide=slide, page=pageNumber).save() comment.strID = str(comment.id) #this is because cancer django can't convert Objects to strings in templates #handling of (optinal) slide tag comment.save() upvoteComment(user,comment) #upvote own comment to make user not able to upvote it afterwards #render comments if hadTags: renderCommentTexts(slideId,pageNumber) #render all comments else: renderOneCommentText(slideId,pageNumber,comment) #remove one Karma, so that posting comments does not increase it userExtension = getUserExtension(user) userExtension.karma = userExtension.karma - 1 userExtension.save() return redirect(request.POST.get('redirectURL','website:index')) else: return render(request,'comments.html', generateContext(request, currentPage=breadcrumbsStringGenerator([('website:catalogue','Catalogue')],'Comment Test'), additional={'commentList':CommentPost.objects.order_by('-votes','-date')}))