def edit_article(id):
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('SELECT * from article where id = %s', [id])
article = cursor.fetchone()
form = ArticleForm(request.form)
form.title.data = article['title']
form.body.data = article['body']
if request.method == 'POST' and form.validate():
title = request.form['title']
body = request.form['body']
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute(
'update article set title = %s,body=%s where id = %s',
(title, body, id))
connection.commit()
cursor.close()
flash('Article Updated', 'success')
return redirect(url_for('dashboard'))
return render_template('edit_article.html', form=form)
def authors():
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('select * from users')
authors = cursor.fetchall()
cursor.close()
return render_template('authors.html', authors=authors)
def add_article():
form = ArticleForm(request.form)
if request.method == 'POST' and form.validate():
title = form.title.data
body = form.body.data
username = session['username']
if request.files['file']:
file = request.files['file']
filename = secure_filename(file.filename)
file.save(os.path.join(dir, app.config['UPLOAD_FOLDER'], filename))
else:
filename = None
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute(' SELECT id FROM users WHERE username = %s',
(username))
id = cursor.fetchone()
result = cursor.execute(
'insert into article(title,body,author,photo) values (%s,%s,%s,%s)',
(title, body, id['id'], filename))
cursor.execute("SELECT COUNT(*) FROM article")
property_count = cursor.fetchone()
session['count'] = property_count['COUNT(*)']
connection.commit()
cursor.close()
flash('Article Created', 'success')
return redirect(url_for('dashboard'))
return render_template('add_article.html', form=form)
def dashboard():
connection = mysql.connect()
cursor = connection.cursor()
username = session['username']
result = cursor.execute('select id from users where username = %s',
username)
id = cursor.fetchone()
if session['role'] == 'admin':
result = cursor.execute('select * from article')
article = cursor.fetchall()
else:
result = cursor.execute('select * from article where author = %s',
id['id'])
article = cursor.fetchall()
if result > 0:
return render_template('dashboard.html',
article=article,
username=username,
result=result)
else:
msg = 'No Articles Found'
return render_template('dashboard.html', msg=msg, result=result)
cursor.close()
return render_template('/dashboard.html')
def article(id):
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('select * from article where id = %s', [id])
article = cursor.fetchone()
result = cursor.execute('select username from users where id = %s',
article['author'])
name = cursor.fetchone()
result = cursor.execute(
'select id from article where id > %s order by id ASC', id)
last = cursor.fetchone()
if last: last = last['id']
if (id != last and last != None):
last = last
else:
last = id
result = cursor.execute(
'select id from article where id < %s order by id desc', id)
first = cursor.fetchone()
if first: first = first['id']
if (id != first and first != None):
first = first
else:
first = id
cursor.close()
return render_template('article.html',
id=id,
article=article,
name=name['username'],
first=first,
last=last,
UPLOAD_FOLDER=UPLOAD_FOLDER)
def articles():
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('select * from article')
article = cursor.fetchall()
connection = mysql.connect()
if result > 0:
return render_template('articles.html',
article=article,
title='Articles')
else:
msg = 'No Articles Found'
return render_template('articles.html', msg=msg, title='Articles')
cursor.close()
def assign_user(id):
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('update users set role = "user" where id = %s', id)
connection.commit()
cursor.close()
#flash('User Assigned amdmin', 'success')
return redirect(url_for('users'))
def users():
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('select * from users where id != %s ',
(session['id']))
user = cursor.fetchall()
cursor.close()
return render_template('users.html', user=user)
def delete_user(id):
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('delete from users where id = %s', [id])
connection.commit()
cursor.close()
flash('User Deleted', 'success')
return redirect(url_for('users'))
def settings():
form = UpdateForm(request.form)
connection = mysql.connect()
cursor = connection.cursor()
username = session['username']
result = cursor.execute('SELECT * from users where username = %s',
username)
article = cursor.fetchone()
id = article['id']
form = UpdateForm(request.form)
form.name.data = article['name']
form.username.data = article['username']
form.email.data = article['email']
form.password.data = article['password']
form.confirm.data = article['password']
if request.method == 'POST' and form.validate():
name = request.form['name']
email = request.form['email']
username = request.form['username']
password = sha256_crypt.encrypt(str(request.form['password']))
session['username'] = username
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute(
'update users set name = %s,email=%s,username=%s,password=%s where id = %s',
(name, email, username, password, id))
connection.commit()
cursor.close()
flash('User Updated', 'success')
return redirect(url_for('dashboard'))
return render_template('setting.html', form=form)
def login():
if request.method == 'POST':
username = request.form['username']
password_candidate = request.form['password']
cursor = mysql.connect().cursor()
result = cursor.execute('select * from users where username = %s',
(username))
if result > 0:
data = cursor.fetchone()
password = data['password']
if sha256_crypt.verify(password_candidate, password):
connection = mysql.connect()
cursor = connection.cursor()
cursor.execute("SELECT COUNT(*) FROM article")
property_count = cursor.fetchone()
cursor.execute("SELECT role FROM users where id = %s",
data['id'])
role = cursor.fetchone()
session['count'] = property_count['COUNT(*)']
session['role'] = role['role']
session['logged_in'] = True
session['username'] = username
session['id'] = data['id']
flash('You are noew logged in', 'success')
return redirect(url_for('dashboard'))
else:
error = 'invalid username or password'
return render_template('login.html', error=error)
cursor.close()
else:
error = 'invalid username or password'
return render_template('login.html', error=error)
return render_template('login.html')
def author(name):
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('select id from users where username = %s ', name)
if result > 0:
id = cursor.fetchone()
result = cursor.execute('select * from article where author = %s ',
id['id'])
article = cursor.fetchall()
cursor.close()
return render_template('author.html', article=article, name=name)
else:
msg = 'author not found'
cursor.close()
return render_template('author.html', msg=msg)
def delete_article(id):
connection = mysql.connect()
cursor = connection.cursor()
result = cursor.execute('select photo from article where id = %s', [id])
photo = cursor.fetchone()
print(photo)
if photo['photo']:
print photo
photo = photo['photo']
os.remove(os.path.join(dir, UPLOAD_FOLDER, photo))
result = cursor.execute('delete from article where id = %s', [id])
cursor.execute("SELECT COUNT(*) FROM article")
property_count = cursor.fetchone()
session['count'] = property_count['COUNT(*)']
connection.commit()
cursor.close()
flash('Article Deleted', 'success')
return redirect(url_for('dashboard'))
def signUp():
# read the posted values from the UI
_name = request.form['inputName']
_email = request.form['inputEmail']
_password = request.form['inputPassword']
mysql.init_app(app)
conn = mysql.connect()
cursor = conn.cursor()
data = cursor.fetchall()
cursor.callproc('sp_createUser', (_name, _email, _password))
# validate the received values
if _name and _email and _password:
return json.dumps({'html': '<span>All fields good !!</span>'})
else:
return json.dumps({'html': '<span>Enter the required fields</span>'})
if len(data) is 0:
conn.commit()
return json.dumps({'message': 'User created successfully !'})
else:
return json.dumps({'error': str(data[0])})
def regsiter():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
name = form.name.data
email = form.email.data
username = form.username.data
password = sha256_crypt.encrypt(str(form.password.data))
connection = mysql.connect()
cursor = connection.cursor()
check = cursor.execute(
'select * from users where username = %s and email = %s',
(username, email))
cursor.execute(
'INSERT INTO users (name,email,username,password) VALUES (%s,%s,%s,%s)',
(name, email, username, password))
connection.commit()
cursor.close()
flash('You are now registered and can login', 'success')
return redirect(url_for('login'))
return render_template('regsiter.html', form=form)