def comment(id):
body = request.form['body']
reply_to = request.form['reply_to']
insert_db(
'INSERT INTO comment (reviewer_id, post_id, body, reply_to)'
'VALUES (%s, %s, %s, %s) ', (g.user['id'], id, body, reply_to)
)
return redirect(url_for('blog.article', id=id))
def create():
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
insert_db(
'INSERT INTO post (title, body, author_id) '
'VALUES (%s, %s, %s)', (title, body, g.user['id'])
)
return redirect(url_for('blog.index'))
return render_template('blog/create.html')
def update(id):
post = get_post(id)
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
insert_db(
'UPDATE post SET title = %s, body = %s'
' WHERE id = %s',
(title, body, id)
)
return redirect(url_for('blog.article', id=id))
return render_template('blog/update.html', post=post)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif query_db('SELECT id FROM user WHERE username = %s', (username, )):
error = 'User {} is already registered'.format(username)
if error is None:
if not insert_db(
'INSERT INTO user (username, password) VALUES (%s, %s)',
(username, generate_password_hash(password))):
error = 'System error, please try again.'
else:
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def delete(id):
get_post(id)
insert_db('DELETE FROM post WHERE id = %s', (id,))
return redirect(url_for('blog.index'))