Exemplo n.º 1
0
def sql_add_review():
    connection = sql_load()

    title = request.form['inputTitle']
    date = time.strftime('%Y-%m-%d %H:%M:%S')
    rating = request.form['inputRating']
    email = request.form['inputAuthorEmail']
    text = request.form['inputText']
    captcha_response = request.form['g-recaptcha-response']

    if is_human(captcha_response):
        author = sql_get_user_by_email(connection, email)

        cur = connection.cursor()

        cur.execute(
            "INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) "
            "VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text))
        connection.commit()
        flask.session.modified = True
        flash("Post created!", 'success')
        return redirect(url_for("index"))
    else:
        flash('Sorry, bots are not allowed!', 'error')
        return redirect(url_for("index"))
Exemplo n.º 2
0
def sql_user_password():
    if not session['logged_in']:
        flash('You are not logged in!', 'error')
        return redirect(url_for("index"))

    connection = sql_load()
    cur = connection.cursor()

    current_password = request.form['CurrentPassword']
    new_password = request.form['NewPassword']
    email = session['sessionEmail']
    encrypt = pwd_context.encrypt(new_password)
    captcha_response = request.form['g-recaptcha-response']

    if not CheckPasswordRules(new_password):
        flash("Your password did not meet the validation rules!", 'error')
        return redirect(url_for("account"))

    if is_human(captcha_response):
        cur.execute("SELECT * FROM users WHERE email = ?", (email, ))
        data = cur.fetchone()[4]
        flask.session.modified = True
        if check_encrypted_password(current_password, data):
            cur.execute("UPDATE users SET password = ? WHERE email = ?",
                        (encrypt, email))
            connection.commit()

            flash("Password updated!", 'success')
            return redirect(url_for("account"))

        flash("Failed!", 'error')
        return redirect(url_for("account"))
    else:
        flash('Sorry, bots are not allowed!', 'error')
        return redirect(url_for("account"))
Exemplo n.º 3
0
def sql_add_admin():
    if not session['logged_in']:
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    if not sql_is_admin(session['sessionEmail']):
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    captcha_response = request.form['g-recaptcha-response']

    if is_human(captcha_response):

        connection = sql_load()

        email = request.form['inputEmailAdmin']

        cur = connection.cursor()

        if sql_check_email(connection, email) == False:
            flash("Invalid email!", 'error')
            return redirect(url_for("index"))

        id = sql_get_user_by_email(connection, email)

        cur.execute("INSERT INTO admins (adminid) VALUES(?)", id)
        connection.commit()
        flask.session.modified = True
        flash("User " + email + " is now an admin!", 'success')
        return redirect(url_for("admin"))

    else:
        status = "Sorry ! Bots are not allowed."
        flash(status)
        return redirect(url_for("admin"))
Exemplo n.º 4
0
def sql_update_bio():
    if not session['logged_in']:
        flash('You are not logged in!', 'error')
        return redirect(url_for("index"))

    captcha_response = request.form['g-recaptcha-response']

    if is_human(captcha_response):

        connection = sql_load()
        cur = connection.cursor()

        email = request.form['Email']
        bio = request.form['Bio']

        user_id = sql_get_user_by_email(connection, email)

        cur.execute("UPDATE users SET bio = ? WHERE userid = ?",
                    (bio, user_id))
        connection.commit()

        flask.session.modified = True

        flash("Bio updated!", 'success')
        return redirect(url_for("index"))
    else:
        status = "Sorry ! Bots are not allowed."
        flash(status)
        return redirect(url_for("account"))
Exemplo n.º 5
0
def sql_delete_user_by_id():
    if not session['logged_in']:
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    if not sql_is_admin(session['sessionEmail']):
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    captcha_response = request.form['g-recaptcha-response']

    if is_human(captcha_response):
        connection = sql_load()

        id = request.form['inputIDDelete']

        if session['sessionEmail'] == sql_get_email_by_id(connection, id):
            flash(
                'You can not delete an account you are currently logged in with!',
                'error')
            return redirect(url_for("index"))

        cur = connection.cursor()

        cur.execute("DELETE FROM users WHERE userid = ?", (id, ))
        connection.commit()
        flask.session.modified = True
        flash("Deleted user id " + id + "!", 'success')
        return redirect(url_for("admin"))
    else:
        status = "Sorry ! Bots are not allowed."
        flash(status)
        return redirect(url_for("admin"))
Exemplo n.º 6
0
def sql_trump_review():
    if not session['logged_in']:
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    if not sql_is_admin(session['sessionEmail']):
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    quotes = requests.get(
        'https://api.whatdoestrumpthink.com/api/v1/quotes/random')
    quotes.json()

    trump = quotes.json()['message']
    connection = sql_load()

    title = 'Donald Trump'
    date = time.strftime('%Y-%m-%d %H:%M:%S')
    rating = random.randint(1, 5)
    text = trump
    author = sql_get_user_by_email(connection, session['sessionEmail'])

    cur = connection.cursor()

    cur.execute(
        "INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) "
        "VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text))
    connection.commit()
    flask.session.modified = True
    flash("Added Trump review!", 'success')
    return redirect(url_for("admin"))
Exemplo n.º 7
0
def sql_delete_review():
    if not session['logged_in']:
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    if not sql_is_admin(session['sessionEmail']):
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    captcha_response = request.form['g-recaptcha-response']

    if is_human(captcha_response):

        connection = sql_load()

        reviewid = request.form['reviewID']

        cur = connection.cursor()

        cur.execute("DELETE FROM reviews WHERE reviewid = ?", (reviewid, ))
        connection.commit()
        flask.session.modified = True
        flash("Deleted review with ID of " + reviewid + "!", 'success')
        return redirect(url_for("index"))
    else:
        status = "Sorry ! Bots are not allowed."
        flash(status)
        return redirect(url_for("index"))
Exemplo n.º 8
0
def sql_add_user():
    connection = sql_load()
    first = request.form['inputName']
    last = request.form['inputSurname']
    email = request.form['inputEmail']
    password_original = request.form['inputPassword']
    password = pwd_context.encrypt(password_original)
    captcha_response = request.form['g-recaptcha-response']

    if not CheckPasswordRules(password):
        flash("Your password did not meet the validation rules!", 'error')
        return render_template("register.html")

    cur = connection.cursor()
    cur.execute("SELECT * FROM users WHERE email = ?", (email, ))

    if is_human(captcha_response):
        if cur.fetchone() == None:
            cur.execute(
                "INSERT INTO users (firstname, lastname, email, password) VALUES(?, ?, ?, ?)",
                (first, last, email, password))
            connection.commit()
            session['logged_in'] = True
            session.permanent = True
            session['sessionEmail'] = email

            flash("Registration successful!", 'success')
            return redirect(url_for("index"))
        else:
            flash("Email address already in use!", 'error')
            return render_template("register.html")
    else:
        flash("Sorry, bots are not allowed!", 'error')
        return render_template("register.html")
Exemplo n.º 9
0
def sql_get_review_author(reviewid):
    connection = sql_load()
    cur = connection.cursor()

    cur.execute("SELECT reviewauthor FROM reviews WHERE reviewid = " + str(reviewid))
    result = cur.fetchall()

    return result[0][0]
Exemplo n.º 10
0
def sql_get_public_user_data(userid):
    connection = sql_load()
    cur = connection.cursor()

    cur.execute("SELECT firstname, lastname, bio FROM users WHERE userid = " + str(userid))
    result = cur.fetchall()

    return result
Exemplo n.º 11
0
def sql_search_threads(term, reviews):
    connection = sql_load()

    rows = list(reviews)  # holds all reviews
    list_of_lists = [list(elem) for elem in rows]

    relevant = []

    for row2 in list_of_lists:
        # print(str(row2))
        get_name = row2[4]
        get_rating = row2[3]

        author_name = sql_get_user_by_id(connection, get_name)

        if term in row2[5].lower(
        ):  # if search is found in row[5] that holds review text
            author_id = row2[4]

            # print("test: " + str(test))
            author_name = sql_get_user_by_id(connection, author_id)

            row2[4] = author_name

            relevant.append(row2)  # add to empty list newly modified row
        elif term in row2[1].lower():
            author_id = row2[4]

            author_name = sql_get_user_by_id(connection, author_id)

            row2[4] = author_name

            relevant.append(row2)  # add to empty list newly modified row
        elif term in str(author_name).lower():
            author_id = row2[4]

            author_name = sql_get_user_by_id(connection, author_id)

            row2[4] = author_name

            relevant.append(row2)  # add to empty list newly modified row
        elif term in str(get_rating):
            author_id = row2[4]

            author_name = sql_get_user_by_id(connection, author_id)

            row2[4] = author_name

            relevant.append(row2)  # add to empty list newly modified row

    return relevant
Exemplo n.º 12
0
def sql_is_admin(email):
    connection = sql_load()
    cur = connection.cursor()

    id = sql_get_user_by_email(connection, email)

    cur.execute("SELECT adminid FROM admins WHERE adminid = ?", (id))
    result = cur.fetchall()

    if not result:
        return False

    else:
        return True
Exemplo n.º 13
0
def sql_get_comments(reviewid):
    connection = sql_load()
    cur = connection.cursor()

    cur.execute("SELECT commentuserid, commentdate, comment FROM comments WHERE commentreviewid = " + str(reviewid))

    rows = list(cur)
    list_of_lists = [list(elem) for elem in rows]

    for row in list_of_lists:
        author_id = row[0]
        author_name = sql_get_user_by_id(connection, author_id)

        row[0] = author_name

    return list_of_lists
Exemplo n.º 14
0
def search():
    connection = sql_load()
    cur = connection.cursor()
    term = request.form['inputSearch'].lower(
    )  # holds what is entered in the search bar

    cur.execute("SELECT * FROM reviews")
    results = sql_search_threads(
        term,
        cur.fetchall())  # fetchall holds all reviews, term is what is sent in
    # the search bar
    flask.session.modified = True
    if not results or results == None:
        flash("No results", 'error')
        return redirect(url_for("index"))
    else:
        return render_template("search.html", reviews=results)
Exemplo n.º 15
0
def sql_add_comment():
    connection = sql_load()

    reviewid = request.form['commentReviewID']
    email = request.form['commentEmail']
    date = time.strftime('%Y-%m-%d %H:%M:%S')
    comment = request.form['comment']

    userid = sql_get_user_by_email(connection, email)

    cur = connection.cursor()

    cur.execute(
        "INSERT INTO comments (commentreviewid, commentuserid, commentdate, comment) "
        "VALUES(?, ?, ?, ?)", (reviewid, userid, date, comment))
    connection.commit()

    flash("Comment added!", 'success')
    return redirect(url_for("index"))
Exemplo n.º 16
0
def sql_get_admins():
    if not session['logged_in']:
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    if not sql_is_admin(session['sessionEmail']):
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    connection = sql_load()
    cur = connection.cursor()

    cur.execute("SELECT adminid FROM admins")
    rows = cur.fetchall()
    flask.session.modified = True
    for row in rows:
        email = sql_get_email_by_id(connection, row[0])
        flash('ID: ' + str(row[0]) + ' | Email: ' + ' ' + email, 'success')

    return redirect(url_for("admin"))
Exemplo n.º 17
0
def login():
    connection = sql_load()
    cur = connection.cursor()
    if request.method == "POST":
        email = request.form['inputEmail']
        captcha_response = request.form['g-recaptcha-response']

        if is_human(captcha_response):
            if sql_check_email(connection, email) == False:
                try:
                    check_encrypted_password(
                        request.form['inputPassword'], "blah"
                    )  #encrypt password so there's no time difference if username is wrong

                except:
                    flash("Invalid credentials!", 'error')
                    return redirect(url_for("index"))

            cur.execute("SELECT * FROM users WHERE email = ?", (email, ))
            data = cur.fetchone()[4]
            if check_encrypted_password(request.form['inputPassword'], data):
                session['logged_in'] = True
                session.permanent = True
                session['sessionEmail'] = request.form['inputEmail']

                if sql_is_admin(session['sessionEmail']):
                    session['admin'] = True
                flash("You are now logged in!", 'success')
                return redirect(url_for("index"))

            else:
                session['login_failures'] = session['login_failures'] + 1
                login_failures = session['login_failures']
                time.sleep(0.001 * 2**login_failures)
                flash("Invalid credentials!", 'error')
        else:
            flash('Sorry, bots are not allowed!', 'error')
            return render_template("login.html")

    return render_template("login.html")
Exemplo n.º 18
0
def sql_delete_user():
    if not session['logged_in']:
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    if not sql_is_admin(session['sessionEmail']):
        flash('You are not an admin!', 'error')
        return redirect(url_for("index"))

    connection = sql_load()

    email = request.form['inputEmailDelete']
    captcha_response = request.form['g-recaptcha-response']

    if session['sessionEmail'] == email:
        flash(
            'You can not delete an account you are currently logged in with!',
            'error')
        return redirect(url_for("index"))

    if is_human(captcha_response):

        cur = connection.cursor()

        if sql_check_email(connection, email) == False:
            flash("Invalid email!", 'error')
            return redirect(url_for("index"))

        cur.execute("DELETE FROM users WHERE email = ?", (email, ))
        connection.commit()
        flask.session.modified = True
        flash("Deleted user " + email + "!", 'success')
        return redirect(url_for("admin"))
    else:
        status = "Sorry ! Bots are not allowed."
        flash(status)
        return redirect(url_for("admin"))
Exemplo n.º 19
0
def index():
    connection = sql_load()
    load_reviews = sql_threads(connection)
    flask.session.modified = True

    return render_template("index.html", reviews=load_reviews)
Exemplo n.º 20
0
def admin():
    flask.session.modified = True
    sql_load()

    return render_template("admin.html")