def changepassword():
print('in change password function')
#result = Users.changepassword(db.conn, None)
if request.method == 'POST':
result = Users.changepassword(db, request.form)
result1 = Users.userprofile(db, request.form)
if not result:
message = {'message': 'Username/Password Changed', 'type': 'success'}
return render_template('userprofile.html', data=result1[0], message=message)
else:
message = {'message': 'Username/Password change Failed', 'type': 'error'}
return render_template('userprofile.html', data=result1[0], message=message)
return render_template('userprofile.html', data=result1[0])
return render_template('changepwd.html')
def login():
logging.info('Started login')
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'uid' in session:
logging.info(session)
return redirect(url_for('show_feed'))
if request.method == 'POST':
result = Users.loginForm(db, request.form)
if not result:
notifications = {'message': 'Logged in', 'type': 'success'}
#XSS Protection
response = make_response(
render_template('user-feed.html', message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
else:
message = {'message': 'Failed to log in', 'type': 'error'}
response = make_response(
render_template('login.html', message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
response = make_response(render_template('login.html', message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
def register():
message = None
global notifications
if notifications:
message = notifications
notifications = None
if request.method == 'POST':
result = Users.registerUser(db, request.form, config['pw_rounds'])
print(result)
if not result:
notifications = {'message': 'Registration successful', 'type': 'success'}
#if session['username'] == 'admin':
#return redirect(url_for('register'))
#else:
return redirect(url_for('login'))
else:
message = {'message': 'Something went wrong: ' + result, 'type': 'error'}
return render_template('register.html', message=message)
if 'username' in session :#and session['username'] == 'admin':
return render_template('register.html', message=message)
if config['registration_enabled']:
return render_template('register.html', message=message)
else:
notifications = {'message': 'User registration is disabled by the admin', 'type': 'warning'}
if 'username' in session:
return redirect(url_for('index'))
else:
return redirect(url_for('login'))
def update_profile():
notifications = None
if 'uid' not in session:
logging.info(session)
return redirect(url_for('login'))
if request.method == 'POST':
logging.info("POST on update profile")
result = Users.update_profile_details(db.conn, request.form)
if not result:
message = {
'message': 'Profile update successful',
'type': 'success'
}
response = make_response(
render_template("edit_profile.html", message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
else:
message = {
'message': 'Something went wrong: ' + result,
'type': 'error'
}
response = make_response(
render_template("edit_profile.html", message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
return render_template('edit_profile.html')
def join_block():
if 'uid' not in session:
logging.info(session)
return redirect(url_for('login'))
if request.method == 'POST':
logging.info("/join_block")
result = Users.requestBlock(db, request.form)
if not result:
message = {'message': 'Registration successful', 'type': 'success'}
response = make_response(
render_template("login.html", message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
else:
message = {
'message': 'Something went wrong: ' + result,
'type': 'error'
}
response = make_response(
render_template("join_block.html", message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
if request.method == 'GET':
logging.info('populate available blocks')
#blocks =
return render_template('join_block.html')
def profile():
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'uid' not in session:
return redirect(url_for('login'))
result = Users.userprofile(db, request.form)
print (result[0])
return render_template('userprofile.html', data=result[0])
def index():
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'username' not in session:
message = {'message': 'Please log in', 'type': 'warning'}
return redirect(url_for('login'))
res = Users.getUserBlockLinkInfo(db)
res = int(0) if res == "Failed" else res
blocks = Block_Details.getblock_info(db)
return render_template('index.html', session=session, message=message, blocks=blocks, blockId=int(res))
def delUser(user):
global notifications
if 'username' not in session:
notifications = {'message': 'Please log in', 'type': 'warning'}
return redirect(url_for('login'))
if session['username'] != 'admin':
notifications = {'message': 'Admin only page', 'type': 'error'}
return redirect(url_for('index'))
result = Users.deleteUser(db, user)
if not result:
notifications = {'message': 'User deleted successfully', 'type': 'success'}
return redirect(url_for('users', message="User deleted successfully"))
notifications = {'message': 'Something went wrong: ' + result, 'type': 'error'}
return redirect(url_for('users', message="Something went wrong: " + result))
def logout():
logging.info('logout pressed')
global notifications
if 'uid' not in session:
return redirect(url_for('index'))
result = Users.logout(db)
if not result:
session.pop('uid', None)
notifications = {'message': 'Logged out', 'type': 'success'}
#XSS Protection
response = make_response(render_template('index.html'))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
else:
notifications = {'message': 'Log out Failed', 'type': 'error'}
def users():
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'username' not in session:
notifications = {'message': 'Please log in', 'type': 'warning'}
return redirect(url_for('login'))
#if session['username'] != 'admin':
#return redirect(url_for('index', message="Admin only page"))
users = Users.getUsers(db)
if not users:
notifications = {'message': 'Failed to retrieve users', 'type': 'error'}
return render_template('users.html', message=message)
return render_template('users.html', users=users, message=message)
def login():
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'username' in session:
return redirect(url_for('index'))
if request.method == 'POST':
result = Users.loginForm(db, request.form)
if not result:
notifications = {'message': 'Logged in', 'type': 'success'}
return redirect(url_for('index'))
else:
message = {'message': 'Failed to log in', 'type': 'error'}
return render_template('login.html', message=message)
return render_template('login.html', message=message)
def profile():
if 'uid' not in session:
return redirect(url_for('login'))
profile = []
if request.method == 'GET':
logging.info("Get profile")
profile_data = Users.view_profile(db.conn, request.form)
if profile_data[10]:
block_id = profile_data[10]
block_name = Block.getBlockNameFromBid(db, block_id)
logging.info(profile_data)
else:
block_name = "block approval pending"
if profile_data:
profile.append({"Fname": profile_data[1], "LName": profile_data[2], "email": profile_data[3], "Username": profile_data[5], "apt": profile_data[5],\
"street": profile_data[6], "city": profile_data[7], "state": profile_data[8], "zip": profile_data[9],"block_name" : block_name, "email_preference": profile_data[14]})
logging.info(profile)
return render_template('show_profile.html', profileInfo=profile)
def login():
logging.info('Started login')
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'uid' in session:
logging.info(session)
return redirect(url_for('profile'))
print("Inside login")
if request.method == 'POST':
result = Users.loginForm(db, request.form)
print(result)
if not result:
notifications = {'message': 'Logged in', 'type': 'success'}
return redirect(url_for('profile'))
else:
message = {'message': 'Failed to log in', 'type': 'error'}
return render_template('login.html', message=message)
return render_template('login.html', message=message)
def gethoodlist():
logging.info("in get hoodlist")
hoodlist = Hood.gethoodlist(db)
if request.method == 'POST':
logging.info("/gethoodlist")
result = Users.requestBlock(db.conn, request.form)
if not result:
message = {'message': 'Registration successful', 'type': 'success'}
response = make_response(redirect("/login"))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
else:
message = {
'message': 'Something went wrong: ' + result,
'type': 'error'
}
response = make_response(
render_template("join_block.html", message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
return render_template('join_block.html', hoodinfo=hoodlist)
def signup():
message = None
global notifications
if notifications:
message = notifications
notifications = None
if 'uid' in session:
return redirect(url_for('index'))
if request.method == 'POST':
logging.info("sign up")
result = Users.signupUser(db.conn, request.form, config['pw_rounds'])
if not result:
notifications = {
'message': 'Registration successful',
'type': 'success'
}
#XSS Protection
response = make_response(redirect('gethoodlist'))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
else:
message = {
'message': 'Something went wrong: ' + result,
'type': 'error'
}
response = make_response(
render_template('sign-up.html', message=message))
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
if config['registration_enabled']:
return render_template('sign-up.html', message=message)
else:
notifications = {
'message': 'User registration is disabled by the admin',
'type': 'warning'
}
if 'uid' in session:
return redirect(url_for('index'))
else:
return redirect(url_for('join_block'))
def show_feed():
logging.info("Show feed")
if 'uid' not in session:
logging.info(session)
return redirect(url_for('login'))
db = DB()
if request.method == 'GET':
logging.info(request)
# friend
friendThreads = message_boards.getUserFriendThreads(db, latest=True)
logout_time = Users.get_logout_time(db)
logging.info(logout_time)
#newFriendThreads = message_boards.getLatestThreads(db, logout_time, 'f')
logging.info(friendThreads)
friendThreadInfo = []
if friendThreads:
for ft in friendThreads:
logging.info(ft)
threadDeets = message_boards.getThreadDetails(db, ft, 'f')
if threadDeets:
friendThreadInfo.append({
'tid': threadDeets[0],
'CreatedBy': threadDeets[1],
'Title': threadDeets[2],
'Description_Msg': threadDeets[3],
'CreatedAt': threadDeets[4]
})
logging.info(friendThreadInfo)
# Neighbors
neighborThreads = message_boards.getUserNeighborThreads(db,
latest=True)
logging.info(neighborThreads)
neighborThreadInfo = []
if neighborThreads:
for nt in neighborThreads:
logging.info(nt)
threadDeets = message_boards.getThreadDetails(db, nt, 'n')
logging.info(threadDeets)
if threadDeets:
neighborThreadInfo.append({
'tid': threadDeets[0],
'CreatedBy': threadDeets[1],
'Title': threadDeets[2],
'Description_Msg': threadDeets[3],
'CreatedAt': threadDeets[4]
})
logging.info(neighborThreadInfo)
#block
blockThreads = message_boards.getUserBlockThreads(db, latest=True)
logging.info(blockThreads)
blockThreadInfo = []
if blockThreads:
for bt in blockThreads:
logging.info(bt)
threadDeets = message_boards.getThreadDetails(db, bt, 'b')
if threadDeets:
blockThreadInfo.append({
'tid': threadDeets[0],
'CreatedBy': threadDeets[1],
'Title': threadDeets[2],
'Description_Msg': threadDeets[3],
'CreatedAt': threadDeets[4]
})
#hood
hoodThreads = message_boards.getUserHoodThreads(db, latest=True)
logging.info("hood threads")
logging.info(hoodThreads)
hoodThreadInfo = []
if hoodThreads:
for ht in hoodThreads:
threadDeets = message_boards.getThreadDetails(db, ht, 'h')
logging.info("HOOD threadDeets")
logging.info(threadDeets)
if threadDeets:
hoodThreadInfo.append({
'tid': threadDeets[0],
'CreatedBy': threadDeets[1],
'Title': threadDeets[2],
'Description_Msg': threadDeets[3],
'CreatedAt': threadDeets[4]
})
return render_template('user-feed.html',
friendFeedInfo=friendThreadInfo,
neighborFeedInfo=neighborThreadInfo,
blockFeedInfo=blockThreadInfo,
hoodFeedInfo=hoodThreadInfo)
if request.method == 'POST':
logging.info("POST feed")
if request.form['CreateThreadBtn'] == 'Save changes':
logging.info("Creating new thread")
result = message_boards.postNewThread(db, request.form)
logging.info(result)
return render_template('user-feed.html')
