def restpass(request):
title = "Reset password"
submitted_hmac = request.matchdict.get('hmac')
user_id = request.matchdict.get('user_id')
form = Form(request, schema=ResetPasswordForm)
if 'form_submitted' in request.POST and form.validate():
user = Users.get_by_id(user_id)
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new(
'%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key),
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
#Fix me reset email, no such attribute email
user.password = form.data['password']
DBSession.merge(user)
DBSession.flush()
request.session.flash(
'success; Password Changed. Please log in')
return HTTPFound(location=request.route_url('login'))
else:
request.session.flash(
'warning; Invalid request, please try again')
return HTTPFound(location=request.route_url('forgot_password'))
action_url = request.route_url("reset_password",
user_id=user_id,
hmac=submitted_hmac)
return {
'title': title,
'form': FormRenderer(form),
'action_url': action_url
}
def promo_sub(request):
id = request.matchdict['id']
user = Users.get_by_id(id)
if not user:
return HTTPNotFound()
form = Form(request, schema=PromoSubSchema)
if 'submit' in request.POST and form.validate():
plan_id = form.data['plan']
plan = DBSession.query(Plans).get(plan_id)
if plan:
subscription = Subscription(user=user,
plan=plan,
amount=0,
no_of_months=1,
discount="100%",
status="Active",
start_date=datetime.today(),
end_date=datetime.today() +
timedelta(days=30))
DBSession.add(subscription)
DBSession.flush()
if request.is_xhr:
html = """<div class="alert alert-success alert-dismissable col-xs-12">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
User subscription
</div>"""
return Response(html)
request.session.flash('success; User subscribed')
return HTTPFound(
location=request.route_url('profile', prefix=user.prefix))
if request.is_xhr:
html = """<div class="alert alert-danger alert-dismissable col-xs-12">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
An error occured, user Not subscribed
</div>"""
return Response(html)
request.session.flash('danger; An error occured, user subscribed %s' %
form.all_errors())
return HTTPFound(
location=request.route_url('profile', prefix=user.prefix))
if request.is_xhr:
html = """<div class="alert alert-danger alert-dismissable col-xs-12">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
An error occured, user Not subscribed
</div>"""
return Response(html)
request.session.flash('danger; An error occured, user subscribed %s' %
form.all_errors())
return HTTPFound(location=request.route_url('profile', prefix=user.prefix))
def make_admin(request):
id = request.matchdict['id']
user = Users.get_by_id(id)
pos = request.matchdict['pos']
group = DBSession.query(Groups).filter(Groups.name == pos).first()
if user and group:
try:
user.mygroups.append(group)
request.session.flash('success; %s added to group %s' %
(user.fullname, group.name))
except:
request.session.flash('danger; request not completed')
return HTTPFound(location=request.route_url('search_user_list'))
request.session.flash('danger; Not successfull')
return HTTPFound(location=request.route_url('user_list'))
def make_premium(self):
for r in self.request.params:
opts = r
params = json.loads(opts)
id = params['id']
user_id = params['user_id']
user = Users.get_by_id(user_id)
positive = params['positive']
listing = Listings.get_by_id(id)
if listing:
if int(positive) == 1:
#we already have it as premium, remove
premium = DBSession.query(Featured_Content).filter(
Featured_Content.name == 'Premium').first()
premium.featured_properties.remove(listing)
DBSession.flush()
return dict(isOk=1, message="listing removed from premium")
else:
active_sub = user.active_subscription
if not active_sub:
return dict(
isOk=0,
message="Upgrade your account to feature this listing")
premium = DBSession.query(Featured_Content).filter(
Featured_Content.name == 'Premium').first()
if premium.featured_properties:
user_total_premium = 0
for item in premium.featured_properties:
if item.user == user:
user_total_premium += 1
if user_total_premium < active_sub[
0].plan.max_premium_listings:
premium.featured_properties.append(listing)
DBSession.flush()
return dict(isOk=1,
message="listing given a premium identity")
return dict(
isOk=0,
message=
"You have exceeded your allocation. Upgrade for more")
premium.featured_properties.append(listing)
DBSession.flush()
return dict(isOk=1, message="listing given a premium identity")
return dict(isOk=0, message="No such listing")
def inbox(self):
id = self.request.matchdict['id']
user = Users.get_by_id(id)
if not user:
self.session.flash('info; No such user')
return HTTPFound(location=self.request.route_url('home'))
messages = DBSession.query(Messages).filter(
Messages.user_id == user.id).order_by(
Messages.created.desc()).all()
page_url = PageURL_WebOb(self.request)
paginator = Page(messages,
page=int(self.request.params.get("page", 1)),
url=page_url)
for message in messages:
message.is_seen = True
DBSession.flush()
return dict(user=user, paginator=paginator, mess='mess')
def deny_admin(request):
id = request.matchdict['id']
user = Users.get_by_id(id)
pos = request.matchdict['pos']
group = DBSession.query(Groups).filter(Groups.name == pos).first()
if user and group:
try:
user.mygroups.remove(group)
request.session.flash('success; %s removed from group %s' %
(user.fullname, group.name))
except:
request.session.flash(
'danger; Action cannot be performed because %s is not in the group %s'
% (user.fullname, group.name))
return HTTPFound(location=request.route_url('search_user_list'))
request.session.flash('danger; Not successfull')
return HTTPFound(location=request.route_url('user_list'))
def verify_email(request):
title = "Email Confirmation"
submitted_hmac = request.matchdict.get('hmac')
user_id = request.matchdict.get('user_id')
user = Users.get_by_id(user_id)
current_time = time.time()
time_key = int(base64.b64decode(submitted_hmac[10:]))
if current_time < time_key:
hmac_key = hmac.new(
'%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key),
user.email).hexdigest()[0:10]
if hmac_key == submitted_hmac[0:10]:
#Fix me reset email, no such attribute email
user.email_verified = True
DBSession.merge(user)
DBSession.flush()
if user.email_verified:
message = 'Your email is now confirmed. Thank you for joining us'
request.session.flash('success;%s' % message)
return HTTPFound(location='/')
else:
message = 'Error verifying message'
request.session.flash('success;%s' % message)
return HTTPFound(location='/')