def search(): """ This function is to search other available user according to the user's text input if user doesn't input anything, it will return all available user input: user search input return: list of all available user """ if not g.user: flash("You are not signed in") return redirect(url_for('index')) matching = [] if request.method == 'POST': for key in r_server.hkeys('users'): if key: currentUser = r_server.hgetall('user:%s' % r_server.hget('users', key)) if currentUser: if request.form['inputSearch'].lower() in currentUser.get( 'firstName' ).lower() or request.form[ 'inputSearch'].lower() in currentUser.get( 'lastName' ).lower() or request.form[ 'inputSearch'].lower() in currentUser.get( 'email' ).lower(): if currentUser.get('email') not in g.user.get('email'): matching.append(currentUser) return render_template('search.html', matching=matching) else: error = "Unable to search" flash(error) return redirect(url_for('index', error='Search Error'))
def deletePost(): """ This function can be used to delete user's post, but user must have be the one who posted it input: post_ID return: success: delete post from the database failure: user doesn't have authority to delete the post """ if not g.user: flash('You are not signed in') return redirect(url_for('index', error='Deletion Error')) error = None if request.method == 'POST': if 'inputPostID' not in request.form: error = "ID is unavailable" flash(error) elif request.form['inputPostID'] in r_server.lrange( 'posts:%s' % escape(session['user_id']), 0, 1000): postID = request.form["inputPostID"] if r_server.hget('post:%s' % postID, 'fileType'): k = Key(bucket) k.key = S3_KEY_PREFIX+'post/'+postID k.key += '.'+r_server.hget('post:%s' % postID, 'fileType') bucket.delete_key(k) if r_server.lrem( 'posts:%s' % escape(session['user_id']), int(postID), 0 ) and r_server.delete( 'post:%s' % postID ) and r_server.zrem( 'timeline:%s' % escape(session['user_id']), postID ) and r_server.zrem('timeline:', postID): for follower in r_server.lrange( 'followed:%s' % escape(session['user_id']), 0, 1000): r_server.zrem("timeline:%s" % follower, postID) flash('deletion successfull') return redirect(url_for('index')) else: flash('deletion failed') return redirect(url_for('index', error='delete error')) else: error = "you are not allowed to delete the post" flash(error) else: error = "you are not allowed to delete the post" flash(error) return redirect(url_for('index', error='Deletion Error'))
def loginplus(): """ This function allow user to log in to Tera without registering this function will take user's data from the authenticated google plus user return: already registered email: login to the web application unregistered email: save the user's data into Redis and login """ if 'credentials' not in session: flash('credential not in session') return redirect(url_for('oauth2callback')) credentials = client.OAuth2Credentials.from_json(session['credentials']) if credentials.access_token_expired: flash('credential expired') return redirect(url_for('oauth2callback')) else: flash('service built') http_auth = credentials.authorize(httplib2.Http()) service = discovery.build('plus', 'v1', http_auth) try: person = service.people().get(userId='me').execute() user_id = r_server.hget('users', person['emails'][0]['value'].lower()) if user_id: session['user_id'] = user_id flash('You sign in through google plus') return redirect(url_for('index')) else: r_server.incr('next_userID') user_id = r_server.get('next_userID') if r_server.hmset( "user:%s" % user_id, { "firstName": person['name']['givenName'].capitalize(), "lastName": person['name']['familyName'].capitalize(), "email": person['emails'][0]['value'].lower(), "userID": user_id } ) and r_server.hset( "users", person['emails'][0]['value'].lower(), user_id ): session['user_id'] = user_id flash('You are registered using google plus') return redirect(url_for('index')) else: error = "sign up failure" flash(error) r_server.decr('next_userID') except client.AccessTokenRefreshError: error = 'The credentials have been revoked or expired, please re-run' error += 'the application to re-authorize.' flash(error) return redirect(url_for('index', error='Google Plus Login'))
def signin(): """ This sign function allow user to use registered account to sign in input: post of user's email and password return: success: back to index function to render timeline.html failure: go back to sign in page in index.html and show errors """ if g.user: flash('you are already signed in') return redirect(url_for('index')) error = None user_id = None if request.method == 'POST': if not request.form['logEmail'] or '@' not in request.form['logEmail']: error = 'invalid email address' flash(error) else: user_id = r_server.hget('users', request.form['logEmail'].lower()) if not request.form['logPassword']: error = 'invalid password' flash(error) if not user_id: error = 'invalid email' flash(error) else: if not pbkdf2_sha256.verify( request.form['logPassword'], r_server.hget( 'user:%s' % user_id, "password" ) ): error = 'invalid password' flash(error) if not error: session['user_id'] = user_id flash('successfully signed in') return redirect(url_for("index")) return redirect(url_for('index', error='Sign in'))
def signup(): """ This function will accept post form data about the user and increase next_userID for user if he is successfully registered input: user's first name, last name, email, and password return: success: user is registered, signed in, and redirected to index to render timeline.html failure: user go back to the index.html with all of the error shown to enable user to easily fix the problem """ if g.user: return redirect(url_for('index')) error = None if request.method == 'POST': if not request.form['inputFirstName']: error = 'You have to enter your first name' flash(error) if not request.form['inputLastName']: error = 'You have to enter your last name' flash(error) if not request.form['suEmail'] or '@' not in request.form['suEmail']: error = 'You have to enter a valid email address' flash(error) if not request.form['suPassword']: error = 'You have to enter a password' flash(error) elif len( request.form['suPassword'] ) < 8 or len( request.form['suPassword'] ) > 36: error = 'Your password must be between 8-36 character' flash(error) if r_server.hget('users', request.form['suEmail']) is not None: error = 'The email already exist' flash(error) if not error: r_server.incr('next_userID') user_id = r_server.get('next_userID') password = pbkdf2_sha256.encrypt(request.form['suPassword'], rounds=200000, salt_size=16) if r_server.hmset( "user:%s" % user_id, { "firstName": request.form['inputFirstName'].encode('utf8'), "lastName": request.form['inputLastName'].encode('utf8'), "email": request.form['suEmail'].lower(), "password": password, "userID": user_id } ) and r_server.hset( "users", request.form['suEmail'].lower(), user_id ): session['user_id'] = user_id flash('successfully signed up') return redirect(url_for('index')) else: error = "sign up failure" flash(error) r_server.decr('next_userID') else: error = "please fill the sign up form correctly first" flash(error) return redirect(url_for('index', error='Sign up'))