def get_post(id, check_author=True): get_db().cursor.execute( 'SELECT p.postid, subject, body, postdate, creatorid, username' ' FROM posts p JOIN users u ON p.creatorid = u.userid' ' WHERE p.postid = %s', (id, )) post = get_db().cursor.fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_author and post[4] != g.userid: abort(403) return post
def delete(id): get_post(id) db = get_db() db.cursor.execute('DELETE FROM posts WHERE postid = %s', (id, )) db.commit() return redirect(url_for('blog.index'))
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None db.cursor.execute( 'SELECT * from Users WHERE username = %s', (username,) ) user = db.cursor.fetchone() # verify password if user is None: error = 'Username does not exist.' elif not check_password_hash(user[2], password): error = 'You entered an incorrect password.' if error is None: # store the user id in a new session and return to homepage session.clear() session['user_id'] = user[0] return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] firstName = request.form['firstName'] lastName = request.form['lastName'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' db.cursor.execute( 'SELECT userID from Users WHERE username = %s', (username,) ) if db.cursor.fetchone() is not None: error = 'User {0} is already registered.'.format(username) # redirect to login page after done executing # saves registered username and hashed pw to db if error is None: db.cursor.execute( 'INSERT INTO Users (username, pass, firstName, lastName) VALUES (%s, %s, %s, %s)', (username, generate_password_hash(password), firstName, lastName) ) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def index(): db = get_db() db.cursor.execute( 'SELECT p.postid, subject, body, postdate, creatorid, username' ' FROM posts p JOIN users u ON p.creatorid = u.userid' ' ORDER BY postdate DESC') p = db.cursor.fetchall() return render_template('blog/index.html', posts=p)
def search(searchstring=""): s = searchstring if not s: s = "" db = get_db() db.cursor.execute( 'SELECT p.postid, subject, body, postdate, creatorid, username' ' FROM posts p JOIN users u ON p.creatorid = u.userid' ' WHERE body LIKE %s' ' OR subject LIKE %s' ' ORDER BY postdate DESC', ( '%' + s + '%', '%' + s + '%', )) p = db.cursor.fetchall() return render_template('blog/search.html', posts=p)
def create(): if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.cursor.execute( 'INSERT INTO posts (subject, body, creatorid)' ' VALUES (%s, %s, %s)', (title, body, g.userid)) db.commit() return redirect(url_for('blog.index')) return render_template('blog/create.html')
def update(id): post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.cursor.execute( 'UPDATE posts SET subject = %s, body = %s WHERE postid = %s', (title, body, id)) db.commit() return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post)
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.userid = None else: get_db().cursor.execute( 'SELECT * from Users WHERE userID = %s', (user_id,) ) u = get_db().cursor.fetchone() if(u): g.userid = u[0] g.username = u[1] g.firstname = u[3] g.filter = "" get_db().cursor.execute( 'SELECT * from access_types WHERE userID = %s', (user_id,) ) a = get_db().cursor.fetchone() if(a): g.userisadmin = True