def load_posts_to_be_reviewed():
if g.user:
if g.user['admin'] == 1:
posts = get_db().execute(
'SELECT * FROM post WHERE reviewed = 1'
).fetchall()
g.postcount = len(posts)
def register():
# when user submitted form
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
confirm = request.form['confirm']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not password == confirm:
error = 'Passwords must match.'
elif db.execute('SELECT id FROM user WHERE name = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if error is None:
# insert new user in database
db.execute('INSERT INTO user (name, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
print("User inserted")
db.commit()
# redirect to login view
return redirect(url_for('auth.login'))
flash(error)
# render register template
return render_template('auth/register.html')
def search():
if request.method == 'POST':
db = get_db()
query = request.form['query']
error = None
results = None
if not query:
error = "Type your search query above."
if error is None:
results = db.execute(
'SELECT * FROM post, user WHERE content LIKE ? AND user.id = post.uid AND post.reviewed == 0',
('%' + query + '%', )).fetchall()
if results is None:
error = 'We couldnt find anything matching your query'
if error is None:
return render_template('search/results.html',
results=results,
page=0)
flash(error)
return render_template('search/results.html')
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE name = ?',
(username, )).fetchone()
if user is None:
error = "Incorrect username."
elif not check_password_hash(user['password'], password):
error = "Incorrect password."
if error is None:
session.clear()
if user['admin'] == 1:
session['admin'] = True
else:
session['admin'] = False
session['user_id'] = user['id']
from . import user
return redirect(url_for('user.show_profile',
id=session['user_id']))
flash(error)
return render_template('auth/login.html')
def get_user(id):
user = get_db().execute('SELECT * FROM user WHERE id = ?',
(id, )).fetchone()
if user is None:
abort(404, 'User with id {} doesn\'t exist.'.format(id))
return user
def follows(fid, uid):
db = get_db()
if db.execute('SELECT * FROM follows WHERE fid = ? AND uid = ?',
(fid, uid)).fetchone() is not None:
return True
else:
return False
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def release_post(pid):
db = get_db()
db.execute(
'UPDATE post SET reviewed = 0 WHERE pid = ?', (pid,)
)
db.commit()
message = "Released post!"
flash(message)
return redirect(url_for('admin.admin_panel'))
def delete_post(pid):
db = get_db()
db.execute(
'DELETE FROM post WHERE pid = ?', (pid,)
)
db.commit()
message="Deleted post!"
flash(message)
return redirect(url_for('admin.admin_panel'))
def edit_user(id):
user = get_user(id)
if request.method == 'POST':
username = request.form['username']
desc = request.form['desc']
role = request.form['role']
adminPwd = request.form['adminPwd']
db = get_db()
error = None
file = None
imgAdded = False
# check if the post request has the file part
if 'file' in request.files:
f = request.files['file']
filename = secure_filename(f.filename)
filetype = filename.rsplit('.', 1)[1].lower()
f.save(os.path.join(current_app.config['UPLOAD_FOLDER'], str(g.user["id"])+"."+filetype))
imgAdded = True
if not check_password_hash(g.user['password'], adminPwd):
error = 'Incorrect admin password. Correct password required to edit user.'
if error is None:
if username is not "":
db.execute(
'UPDATE user SET name = ? WHERE id = ?', (username, id,)
)
if desc is not "":
db.execute(
'UPDATE user SET descrip = ? WHERE id = ?', (desc, id,)
)
if imgAdded:
db.execute(
'UPDATE user SET avatar = 1 WHERE id = ?', (id,)
)
if role == 'restricted':
db.execute(
'UPDATE user SET restricted = 1 WHERE id = ?', (id,)
)
if role == 'admin':
db.execute(
'UPDATE user SET admin = 1 WHERE id = ?', (id,)
)
db.commit()
return redirect(url_for('user.show_profile', id = user['id']))
flash(error)
return render_template('admin/edituser.html', user = user)
def delete(id):
db = get_db()
db.execute(
'DELETE FROM user WHERE id = ?', (id,)
)
db.commit()
message = "Deleted user!"
flash(message)
return redirect(url_for('admin.user_view'))
def show_profile(id):
db = get_db()
user = get_user(id)
following = follows(g.user['id'], user['id'])
posts = db.execute(
'SELECT * FROM post, user WHERE uid = ? AND user.id = ? AND reviewed = 0 ORDER BY created DESC',
(id, id)).fetchall()
return render_template('user/profile.html',
user=user,
follows=following,
posts=posts)
def admin_panel(page=0):
db = get_db()
postcount = g.postcount
pagecount = int(postcount / 5 + 1)
posts = db.execute(
'SELECT * FROM post JOIN user WHERE post.uid = user.id AND post.reviewed = 1 ORDER BY created DESC LIMIT 5 OFFSET ?', (str(page*5),)
).fetchall()
return render_template('admin/panel.html', posts = posts, pagecount=pagecount, page=page)
def user_view(sort='id.asc'):
db = get_db()
sortBy = sort.split('.')[0]
sortOrder = sort.split('.')[1]
if sortBy not in ['id', 'name', 'follower', 'registered']:
sortBy = 'id'
if sortOrder not in ['asc', 'desc']:
sortOrder = 'asc'
query = 'SELECT * FROM user AS u LEFT OUTER JOIN (SELECT uid, count(uid) AS follower FROM follows GROUP BY uid) AS f ON u.id = f.uid ORDER BY {} {}'.format(sortBy, sortOrder)
users = db.execute(
query
).fetchall()
return render_template('admin/userview.html', users = users, sort='{}.{}'.format(sortBy, sortOrder))
def unfollow(id):
user = get_user(id)
#if no user is logged in, redirect to login
if not g.user:
return redirect(url_for('auth.login'))
#else add follower to user
db = get_db()
db.execute('DELETE FROM follows WHERE fid = ? AND uid = ?',
(g.user['id'], user['id']))
db.commit()
return redirect(url_for('user.show_profile', id=user['id']))
def delete(id):
db = get_db()
error = None
post = db.execute('SELECT * FROM post where pid = ?', (id, )).fetchone()
if post is not None:
if post['uid'] == g.user['id']:
db.execute('DELETE FROM post WHERE pid = ?', (id, ))
db.commit()
return redirect(url_for('blog.feedpage', page=0))
else:
error = "Cannot delete others posts."
else:
error = "Post does not exist."
flash(error)
return redirect(url_for('blog.feedpage', page=0))
def unrestrict(id):
db = get_db()
user = get_user(id)
error = None
if user['restricted'] != 1:
error = "User already unrestricted."
if error is None:
db.execute(
'UPDATE user SET restricted = 0 WHERE id = ?', (id,)
)
db.commit()
return redirect(url_for('admin.user_view'))
flash(error)
return redirect(url_for('admin.user_view'))
def strip(id):
db=get_db()
user = get_user(id)
error = None
if user['admin'] != 1:
error = 'User has no admin rights.'
if error is None:
db.execute(
'UPDATE user SET admin = 0 WHERE id = ?', (id,)
)
db.commit()
return redirect(url_for('admin.user_view'))
flash(error)
return redirect(url_for('admin.user_view'))
def create():
db = get_db()
if request.method == 'POST':
content = request.form['content']
error = None
if not content:
error = "Content is required."
if error is None:
db.execute(
'INSERT INTO post(uid, content, reviewed) VALUES (?, ?, ?)',
(g.user['id'], content, g.user['restricted']))
db.commit()
return redirect(url_for('user.show_profile', id=g.user['id']))
flash(error)
return render_template('blog/create.html')
def promote(id):
db=get_db()
user = get_user(id)
error = None
if user['restricted'] == 1:
error = 'Cannot promote restricted user.'
elif user['admin'] == 1:
error = 'User is already an admin.'
if error is None:
db.execute(
'UPDATE user SET admin = 1 WHERE id = ?', (id,)
)
db.commit()
return redirect(url_for('admin.user_view'))
flash(error)
return redirect(url_for('admin.user_view'))
def feedpage(page):
db = get_db()
error = None
allPosts = db.execute(
'SELECT * FROM post NATURAL JOIN (SELECT uid FROM follows WHERE fid = ?) JOIN user WHERE user.id = post.uid AND reviewed = 0',
(g.user['id'], )).fetchall()
pagecount = int(len(allPosts) / 5) + 1
order = request.args.get("order")
if order == "asc":
posts = db.execute(
'SELECT * FROM post NATURAL JOIN (SELECT uid FROM follows WHERE fid = ?) JOIN user WHERE user.id = post.uid AND reviewed = 0 ORDER BY created ASC LIMIT 5 OFFSET ?',
(g.user['id'], str(page * 5))).fetchall()
else:
posts = db.execute(
'SELECT * FROM post NATURAL JOIN (SELECT uid FROM follows WHERE fid = ?) JOIN user WHERE user.id = post.uid AND reviewed = 0 ORDER BY created DESC LIMIT 5 OFFSET ?',
(g.user['id'], str(page * 5))).fetchall()
if posts is None:
error = "No posts available."
if error is None:
if order == "asc":
return render_template('blog/index.html',
posts=posts,
page=page,
pagecount=pagecount,
order="asc")
else:
return render_template('blog/index.html',
posts=posts,
page=page,
pagecount=pagecount,
order="desc")
flash(error)
return render_template('blog/index.html')
def searchrefined():
if request.method == 'POST':
db = get_db()
username = request.form['username']
contentcontains = request.form['contentcontains']
error = None
if user is None and contentcontains is None:
error = "You must enter some values for refined search."
if error is None:
if contentcontains is None and username is not None:
results = db.execute(
'SELECT * FROM post, user WHERE name LIKE ? AND user.id = post.uid',
('%' + username + '%', )).fetchall()
elif contentcontains is not None and username is None:
results = db.execute(
'SELECT * FROM post, user WHERE content LIKE ? AND user.id = post.uid',
('%' + contentcontains + '%', )).fetchall()
else:
results = db.execute(
'SELECT * FROM post, user WHERE name LIKE ? AND content LIKE ? AND user.id = post.uid',
(
'%' + username + '%',
'%' + contentcontains + '%',
)).fetchall()
if results is None:
error = 'We couldnt find anything matching your query'
if error is None:
return render_template('search/results.html',
results=results,
page=0)
flash(error)
return render_template('search/results.html')
def follow(id):
user = get_user(id)
error = None
#if no user is logged in, redirect to login
if not g.user:
return redirect(url_for('auth.login'))
#else add follower to user
db = get_db()
if db.execute('SELECT * FROM follows where fid = ? AND uid = ?',
(g.user['id'], user['id'])).fetchone() is not None:
error = 'You are already following {}'.format(user['name'])
if error is None:
db.execute('INSERT INTO follows (fid, uid) VALUES (?, ?)',
(g.user['id'], user['id']))
db.commit()
return redirect(url_for('user.show_profile', id=user['id']))
flash(error)
return redirect(url_for('user.show_profile', id=user['id']))
def edit_user(id):
user = get_user(id)
if request.method != 'POST':
session['descrip'] = user['descrip']
session['name'] = user['name']
session['admin'] = user['admin']
session['restricted'] = user['restricted']
print('descrip saved in session')
if request.method == 'POST':
errorTransaction = None
changedAttributes = []
if session['descrip'] != user['descrip']:
changedAttributes.append('description')
if session['name'] != user['name']:
changedAttributes.append('username')
if session['admin'] != user['admin']:
changedAttributes.append('admin rights')
if session['restricted'] != user['restricted']:
changedAttributes.append('restricted user')
if changedAttributes != []:
errorTransaction = "{} {}".format(
"The following attributes were changed by an admin:",
', '.join('%s' % attribute
for attribute in tuple(changedAttributes)))
flash(errorTransaction)
username = request.form['username']
desc = request.form['desc']
newPwd = request.form['newPwd']
confirm = request.form['confirm']
db = get_db()
error = None
file = None
imgAdded = False
# check if the post request has the file part
if 'file' in request.files:
f = request.files['file']
filename = secure_filename(f.filename)
filetype = filename.rsplit('.', 1)[1].lower()
f.save(
os.path.join(current_app.config['UPLOAD_FOLDER'],
str(g.user["id"]) + "." + filetype))
imgAdded = True
if not confirm:
error = 'Password is required to confirm.'
elif not check_password_hash(user['password'], confirm):
error = 'Incorrect password.'
if error is None:
if username is not "":
db.execute('UPDATE user SET name = ? WHERE id = ?', (
username,
id,
))
if desc is not "":
db.execute('UPDATE user SET descrip = ? WHERE id = ?', (
desc,
id,
))
if newPwd is not "":
db.execute('UPDATE user SET password = ? WHERE id = ?', (
generate_password_hash(newPwd),
id,
))
if imgAdded:
db.execute('UPDATE user SET avatar = ? WHERE id = ?', (
1,
id,
))
db.commit()
return redirect(url_for('user.show_profile', id=user['id']))
flash(error)
if g.user['id'] == id:
return render_template('user/edit.html', user=user)
else:
return redirect(url_for('blog.feedpage'))
