def form(request): message = None if request.method == 'POST': form = UserSendActivationMailForm(request.POST, request=request) if form.is_valid(): user = form.found_user user_ban = Ban.objects.check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return redirect_message(request, Message(_("%(username)s, your account is already active.") % {'username': user.username}), 'info') if user.activation == User.ACTIVATION_ADMIN: return redirect_message(request, Message(_("%(username)s, only board administrator can activate your account.") % {'username': user.username}), 'info') user.email_user( request, 'users/activation/resend', _("Account Activation"), ) return redirect_message(request, Message(_("%(username)s, e-mail containing new activation link has been sent to %(email)s.") % {'username': user.username, 'email': user.email}), 'success') else: message = Message(form.non_field_errors()[0], 'error') else: form = UserSendActivationMailForm(request=request) return request.theme.render_to_response('resend_activation.html', { 'message': message, 'form': FormLayout(form), }, context_instance=RequestContext(request));
def handle_posts_form(self): if self.request.method == 'POST' and self.request.POST.get('origin') == 'posts_form': self.posts_form = self.posts_form(self.request.POST, request=self.request) if self.posts_form.is_valid(): checked_items = [] for post in self.posts: if str(post.pk) in self.posts_form.cleaned_data['list_items']: checked_items.append(post.pk) if checked_items: form_action = getattr(self, 'post_action_' + self.posts_form.cleaned_data['list_action']) try: response = form_action(checked_items) if response: return response return redirect(self.request.path) except forms.ValidationError as e: self.message = Message(e.messages[0], messages.ERROR) else: self.message = Message(_("You have to select at least one post."), messages.ERROR) else: if 'list_action' in self.posts_form.errors: self.message = Message(_("Requested action is incorrect."), messages.ERROR) else: self.message = Message(posts_form.non_field_errors()[0], messages.ERROR) else: self.posts_form = self.posts_form(request=self.request)
def crop(request, upload=False): if upload and (not request.user.avatar_temp or not 'upload' in settings.avatars_types): return error404(request) if not upload and request.user.avatar_type != 'upload': messages.error(request, _("Crop Avatar option is avaiable only when you use uploaded image as your avatar."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) message = request.messages.get_message('usercp_avatar') if request.method == 'POST': if request.csrf.request_secure(request): try: image_path = settings.MEDIA_ROOT + 'avatars/' if upload: source = Image.open(image_path + request.user.avatar_temp) else: source = Image.open(image_path + request.user.avatar_original) width, height = source.size aspect = float(width) / float(request.POST['crop_b']) crop_x = int(aspect * float(request.POST['crop_x'])) crop_y = int(aspect * float(request.POST['crop_y'])) crop_w = int(aspect * float(request.POST['crop_w'])) crop = source.crop((crop_x, crop_y, crop_x + crop_w, crop_y + crop_w)) if upload: image_name, image_extension = path(request.user.avatar_temp).splitext() else: image_name, image_extension = path(request.user.avatar_original).splitext() image_name = '%s_%s%s' % (request.user.pk, random_string(8), image_extension) resizeimage(crop, settings.AVATAR_SIZES[0], image_path + image_name, info=source.info, format=source.format) for size in settings.AVATAR_SIZES[1:]: resizeimage(crop, size, image_path + str(size) + '_' + image_name, info=source.info, format=source.format) request.user.delete_avatar_image() if upload: request.user.delete_avatar_original() request.user.avatar_type = 'upload' request.user.avatar_original = '%s_org_%s%s' % (request.user.pk, random_string(8), image_extension) source.save(image_path + request.user.avatar_original) request.user.delete_avatar_temp() request.user.avatar_image = image_name request.user.avatar_crop = [str(float(request.POST[x])) for x in ('crop_x', 'crop_y', 'crop_w')] request.user.save(force_update=True) messages.success(request, _("Your avatar has been cropped."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) except Exception: message = Message(_("Form contains errors."), messages.ERROR) else: message = Message(_("Request authorisation is invalid."), messages.ERROR) return render_to_response('usercp/avatar_crop.html', context_instance=RequestContext(request, { 'message': message, 'after_upload': upload, 'avatar_size': settings.AVATAR_SIZES[0], 'avatar_crop': request.user.avatar_crop if not upload else None, 'source': 'avatars/%s' % (request.user.avatar_temp if upload else request.user.avatar_original), 'tab': 'avatar'}));
def reset(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation != User.ACTIVATION_NONE: return error403( request, Message(request, 'users/activation/required', {'user': user})) if not token or not user.token or user.token != token: return error403( request, Message(request, 'users/invalid_confirmation_link', {'user': user})) new_password = get_random_string(6) user.token = None user.set_password(new_password) user.save(force_update=True) # Logout signed in and kill remember me tokens Session.objects.filter(user=user).update(user=None) Token.objects.filter(user=user).delete() # Set flash and mail new password request.messages.set_flash( Message(request, 'users/password/reset_done', extra={'user': user}), 'success') user.email_user(request, 'users/password/new', _("Your New Password"), {'password': new_password}) return redirect(reverse('sign_in')) except User.DoesNotExist: return error404(request)
def activate(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) current_activation = user.activation # Run checks user_ban = Ban.objects.check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return redirect_message(request, Message(_("%(username)s, your account is already active.") % {'username': user.username}), 'info') if user.activation == User.ACTIVATION_ADMIN: return redirect_message(request, Message(_("%(username)s, only board administrator can activate your account.") % {'username': user.username}), 'info') if not token or not user.token or user.token != token: return redirect_message(request, Message(_("%(username)s, your activation link is invalid. Try again or request new activation e-mail.") % {'username': user.username}), 'error') # Activate and sign in our member user.activation = User.ACTIVATION_NONE sign_user_in(request, user) # Update monitor User.objects.resync_monitor(request.monitor) if current_activation == User.ACTIVATION_CREDENTIALS: return redirect_message(request, Message(_("%(username)s, your account has been successfully reactivated after change of sign-in credentials.") % {'username': user.username}), 'success') else: return redirect_message(request, Message(_("%(username)s, your account has been successfully activated. Welcome aboard!") % {'username': user.username}), 'success') except User.DoesNotExist: return error404(request)
def activate(request, token): new_credentials = request.session.get('new_credentials') if not new_credentials or new_credentials['token'] != token: return error404(request) if new_credentials['new_email']: request.user.set_email(new_credentials['new_email']) if new_credentials['new_password']: request.user.set_password(new_credentials['new_password']) try: request.user.full_clean() request.user.save(force_update=True) request.user.sessions.exclude(id=request.session.id).delete() request.user.signin_tokens.all().delete() request.messages.set_flash( Message( _("%(username)s, your Sign-In credentials have been changed.") % {'username': request.user.username}), 'success', 'security') request.session.sign_out(request) del request.session['new_credentials'] return redirect(reverse('sign_in')) except ValidationError: request.messages.set_flash( Message( _("Your new credentials have been invalidated. Please try again." )), 'error', 'usercp_credentials') return redirect(reverse('usercp_credentials'))
def thread_action_move(self): message = None if self.request.POST.get('do') == 'move': form = MoveThreadsForm(self.request.POST, request=self.request, forum=self.forum) if form.is_valid(): new_forum = form.cleaned_data['new_forum'] self.thread.move_to(new_forum) self.thread.save(force_update=True) self.thread.set_checkpoint(self.request, 'moved', forum=self.forum) self.forum.sync() self.forum.save(force_update=True) new_forum.sync() new_forum.save(force_update=True) self.request.messages.set_flash( Message( _('Thread has been moved to "%(forum)s".') % {'forum': new_forum.name}), 'success', 'threads') return None message = Message(form.non_field_errors()[0], 'error') else: form = MoveThreadsForm(request=self.request, forum=self.forum) return self.request.theme.render_to_response( '%ss/move_thread.html' % self.type_prefix, { 'type_prefix': self.type_prefix, 'message': message, 'forum': self.forum, 'parents': self.parents, 'thread': self.thread, 'form': FormLayout(form), }, context_instance=RequestContext(self.request))
def signature(request): # Intercept all requests if we can't use signature if not request.acl.usercp.can_use_signature(): return error403(request) if request.user.signature_ban: return request.theme.render_to_response('usercp/signature_banned.html', context_instance=RequestContext(request, { 'tab': 'signature', })); siggy_text = '' message = request.messages.get_message('usercp_signature') if request.method == 'POST': form = SignatureForm(request.POST, request=request, initial={'signature': request.user.signature}) if form.is_valid(): request.user.signature = form.cleaned_data['signature'] if request.user.signature: request.user.signature_preparsed = signature_markdown(request.acl, request.user.signature) else: request.user.signature_preparsed = None request.user.save(force_update=True) request.messages.set_flash(Message(_("Your signature has been changed.")), 'success', 'usercp_signature') return redirect(reverse('usercp_signature')) else: message = Message(form.non_field_errors()[0], 'error') else: form = SignatureForm(request=request, initial={'signature': request.user.signature}) return request.theme.render_to_response('usercp/signature.html', context_instance=RequestContext(request, { 'message': message, 'tab': 'signature', 'form': FormLayout(form), }));
def form(request): message = None if request.method == 'POST': form = UserSendSpecialMailForm(request.POST, request=request) if form.is_valid(): user = form.found_user user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) elif user.activation != User.ACTIVATION_NONE: return error403( request, Message(request, 'users/activation/required', {'user': user})) user.token = get_random_string(12) user.save(force_update=True) request.messages.set_flash( Message(request, 'users/password/reset_confirm', extra={'user': user}), 'success') user.email_user(request, 'users/password/confirm', _("Confirm New Password Request")) return redirect(reverse('index')) else: message = Message(request, form.non_field_errors()[0]) else: form = UserSendSpecialMailForm(request=request) return request.theme.render_to_response( 'users/forgot_password.html', { 'message': message, 'form': FormLayout(form), }, context_instance=RequestContext(request))
def settings(request, group_id=None, group_slug=None): # Load groups and find selected group settings_groups = SettingsGroup.objects.all().order_by('key') if not group_id: active_group = settings_groups[0] group_id = active_group.pk else: group_id = int(group_id) for group in settings_groups: if group.pk == group_id: active_group = group break else: return error404(request, _('Requested settings group could not be found.')) # Load selected group settings and turn them into form group_settings = Setting.objects.filter(group=active_group).order_by('position') last_fieldset = (None, []) group_form = {'layout': []} for setting in group_settings: # New field subgroup? if setting.separator and last_fieldset[0] != setting.separator: if last_fieldset[0]: group_form['layout'].append(last_fieldset) last_fieldset = (_(setting.separator), []) last_fieldset[1].append(setting.pk) group_form[setting.pk] = setting.get_field() group_form['layout'].append(last_fieldset) SettingsGroupForm = type('SettingsGroupForm', (Form,), group_form) #Submit form message = request.messages.get_message('admin_settings') if request.method == 'POST': form = SettingsGroupForm(request.POST, request=request) if form.is_valid(): for setting in form.cleaned_data.keys(): request.settings[setting] = form.cleaned_data[setting] cache.delete('settings') request.messages.set_flash(Message(_('Configuration has been changed.')), 'success', 'admin_settings') return redirect(reverse('admin_settings', kwargs={ 'group_id': active_group.pk, 'group_slug': active_group.key, })) else: message = Message(form.non_field_errors()[0], 'error') else: form = SettingsGroupForm(request=request) # Display settings group form return request.theme.render_to_response('settings/settings.html', { 'message': message, 'groups': settings_groups, 'active_group': active_group, 'search_form': FormFields(SearchForm(request=request)), 'form': FormLayout(form), 'raw_form': form, }, context_instance=RequestContext(request));
def action_soft(self, ids): if self._action_soft(ids): self.request.messages.set_flash( Message(_('Selected threads have been hidden.')), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No threads were hidden.')), 'info', 'threads')
def action_undelete(self, ids): if self._action_undelete(ids): self.request.messages.set_flash( Message(_('Selected reports have been restored.')), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No reports were restored.')), 'info', 'threads')
def action_hard(self, ids): if self._action_hard(ids): self.request.messages.set_flash( Message(_('Selected threads have been deleted.')), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No threads were deleted.')), 'info', 'threads')
def action_normal(self, ids): if self._action_normal(ids): self.mass_resolve(ids) self.request.messages.set_flash( Message(_('Selected reports were set as bogus.')), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No reports were set as bogus.')), 'info', 'threads')
def action_normal(self, ids): if self._action_normal(ids): self.request.messages.set_flash( Message(_('Selected threads weight has been removed.')), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No threads have had their weight removed.')), 'info', 'threads')
def handle_form(self): if self.request.method == 'POST': self.form = self.form(self.request.POST, request=self.request) if self.form.is_valid(): checked_items = [] posts = [] for thread in self.threads: if str(thread.pk) in self.form.cleaned_data[ 'list_items'] and thread.forum_id == self.forum.pk: posts.append(thread.start_post_id) if thread.start_post_id != thread.last_post_id: posts.append(thread.last_post_id) checked_items.append(thread.pk) if checked_items: if posts: for post in Post.objects.filter( id__in=posts).prefetch_related('user'): for thread in self.threads: if thread.start_post_id == post.pk: thread.start_post = post if thread.last_post_id == post.pk: thread.last_post = post if thread.start_post_id == post.pk or thread.last_post_id == post.pk: break action_call = 'action_' + self.form.cleaned_data[ 'list_action'] action_extra_args = [] if ':' in action_call: action_extra_args = action_call[action_call.index(':' ) + 1:].split(',') action_call = action_call[:action_call.index(':')] form_action = getattr(self, action_call) try: response = form_action(checked_items, *action_extra_args) if response: return response return redirect(self.request.path) except forms.ValidationError as e: self.message = Message(e.messages[0], messages.ERROR) else: self.message = Message( _("You have to select at least one thread."), messages.ERROR) else: if 'list_action' in self.form.errors: self.message = Message(_("Requested action is incorrect."), messages.ERROR) else: self.message = Message(self.form.non_field_errors()[0], messages.ERROR) else: self.form = self.form(request=self.request)
def action_accept(self, ids): if self._action_accept(ids): self.request.messages.set_flash( Message( _('Selected threads have been marked as reviewed and made visible to other members.' )), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No threads were marked as reviewed.')), 'info', 'threads')
def action_annouce(self, ids): if self._action_annouce(ids): self.request.messages.set_flash( Message( _('Selected threads have been turned into announcements.') ), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No threads were turned into announcements.')), 'info', 'threads')
def action_sticky(self, ids): if self._action_sticky(ids): self.request.messages.set_flash( Message( _('Selected threads have been sticked to the top of list.') ), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No threads were turned into stickies.')), 'info', 'threads')
def username(request): if not request.acl.usercp.show_username_change(): return error404(request) changes_left = request.acl.usercp.changes_left(request.user) next_change = None if request.acl.usercp.changes_expire() and not changes_left: next_change = request.user.namechanges.filter( date__gte=timezone.now() - timedelta(days=request.acl.usercp.acl['changes_expire']), ).order_by('-date')[0] next_change = next_change.date + timedelta(days=request.acl.usercp.acl['changes_expire']) message = request.messages.get_message('usercp_username') if request.method == 'POST': if not changes_left: message = Message(_("You have exceeded the maximum number of name changes."), messages.ERROR) form = UsernameChangeForm(request=request) else: org_username = request.user.username form = UsernameChangeForm(request.POST, request=request) if form.is_valid(): request.user.set_username(form.cleaned_data['username']) request.user.save(force_update=True) request.user.sync_username() request.user.namechanges.create(date=timezone.now(), old_username=org_username) messages.success(request, _("Your username has been changed."), 'usercp_username') # Alert followers of namechange alert_time = timezone.now() bulk_alerts = [] alerted_users = [] for follower in request.user.follows_set.iterator(): alerted_users.append(follower.pk) alert = Alert(user=follower, message=ugettext_lazy("User that you are following, %(username)s, has changed his name to %(newname)s").message, date=alert_time) alert.strong('username', org_username) alert.profile('newname', request.user) alert.hydrate() bulk_alerts.append(alert) if bulk_alerts: Alert.objects.bulk_create(bulk_alerts) User.objects.filter(id__in=alerted_users).update(alerts=F('alerts') + 1) # Hop back return redirect(reverse('usercp_username')) message = Message(form.non_field_errors()[0], messages.ERROR) else: form = UsernameChangeForm(request=request) return render_to_response('usercp/username.html', context_instance=RequestContext(request, { 'message': message, 'changes_left': changes_left, 'form': form, 'next_change': next_change, 'changes_history': request.user.namechanges.order_by('-date')[:10], 'tab': 'username'}));
def response(self): if self.post.moderated: self.request.messages.set_flash( Message( _("Your reply has been posted. It will be hidden from other members until moderator reviews it." )), 'success', 'threads_%s' % self.post.pk) else: self.request.messages.set_flash( Message(_("Your reply has been posted.")), 'success', 'threads_%s' % self.post.pk) return self.redirect_to_post(self.post)
def gravatar(request): if not 'gravatar' in request.settings.avatars_types: return error404(request) if request.user.avatar_type != 'gravatar': if request.csrf.request_secure(request): request.user.delete_avatar() request.user.avatar_type = 'gravatar' request.user.save(force_update=True) request.messages.set_flash(Message(_("Your avatar has been changed to Gravatar.")), 'success', 'usercp_avatar') else: request.messages.set_flash(Message(_("Request authorisation is invalid.")), 'error', 'usercp_avatar') return redirect(reverse('usercp_avatar'))
def action(self, target): target.delete() with UpdatingMonitor() as cm: monitor.increase('bans_version') if target.test == 0: return Message(_('E-mail and username Ban "%(ban)s" has been lifted.') % {'ban': target.ban}, messages.SUCCESS), False if target.test == 1: return Message(_('Username Ban "%(ban)s" has been lifted.') % {'ban': target.ban}, messages.SUCCESS), False if target.test == 2: return Message(_('E-mail Ban "%(ban)s" has been lifted.') % {'ban': target.ban}, messages.SUCCESS), False if target.test == 3: return Message(_('IP Ban "%(ban)s" has been lifted.') % {'ban': target.ban}, messages.SUCCESS), False
def update_watcher(self, request, watcher): watcher.email = True if watcher.pk: request.messages.set_flash( Message( _('You will now receive e-mail with notification when somebody replies to this thread.' )), 'success', 'threads') else: request.messages.set_flash( Message( _('This thread has been added to your watched threads list. You will also receive e-mail with notification when somebody replies to it.' )), 'success', 'threads')
def get_and_validate_target(self, target): try: model = self.admin.model.objects.select_related().get(pk=target) self.get_target(model) return model except self.admin.model.DoesNotExist: self.request.messages.set_flash(Message(self.notfound_message), 'error', self.admin.id) except ValueError as e: self.request.messages.set_flash(Message(e.args[0]), 'error', self.admin.id) return None
def gallery(request): if not 'gallery' in settings.avatars_types: return error404(request) allowed_avatars = [] galleries = [] for directory in path( settings.STATICFILES_DIRS[0]).joinpath('avatars').dirs(): if directory[-7:] != '_locked' and directory[-8:] != '_default': gallery = {'name': directory[-7:], 'avatars': []} avatars = directory.files('*.gif') avatars += directory.files('*.jpg') avatars += directory.files('*.jpeg') avatars += directory.files('*.png') for item in avatars: gallery['avatars'].append('/'.join(path(item).splitall()[-2:])) galleries.append(gallery) allowed_avatars += gallery['avatars'] if not allowed_avatars: messages.info(request, _("No avatar galleries are available at the moment."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) message = request.messages.get_message('usercp_avatar') if request.method == 'POST': if request.csrf.request_secure(request): new_avatar = request.POST.get('avatar_image') if new_avatar in allowed_avatars: request.user.delete_avatar() request.user.avatar_type = 'gallery' request.user.avatar_image = new_avatar request.user.save(force_update=True) messages.success( request, _("Your avatar has been changed to one from gallery."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) message = Message(_("Selected Avatar is incorrect."), messages.ERROR) else: message = Message(_("Request authorisation is invalid."), messages.ERROR) return render_to_response('usercp/avatar_gallery.html', context_instance=RequestContext( request, { 'message': message, 'galleries': galleries, 'tab': 'avatar' }))
def post_action_protect(self, ids): protected = 0 for post in self.posts: if post.pk in ids and not post.protected: protected += 1 if protected: self.thread.post_set.filter(id__in=ids).update(protected=True) self.request.messages.set_flash( Message(_('Selected posts have been protected from edition.')), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No posts were protected.')), 'info', 'threads')
def update_watcher(self, request, watcher): watcher.deleted = True watcher.delete() if watcher.email: request.messages.set_flash( Message( _('This thread has been removed from your watched threads list. You will no longer receive e-mails with notifications when somebody replies to it.' )), 'success', 'threads') else: request.messages.set_flash( Message( _('This thread has been removed from your watched threads list.' )), 'success', 'threads')
def post_action_unprotect(self, ids): unprotected = 0 for post in self.posts: if post.pk in ids and post.protected: unprotected += 1 if unprotected: self.thread.post_set.filter(id__in=ids).update(protected=False) self.request.messages.set_flash( Message( _('Protection from editions has been removed from selected posts.' )), 'success', 'threads') else: self.request.messages.set_flash( Message(_('No posts were unprotected.')), 'info', 'threads')
def activate(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) current_activation = user.activation # Run checks user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return error403( request, Message(request, 'users/activation/not_required', extra={'user': user})) if user.activation == User.ACTIVATION_ADMIN: return error403( request, Message(request, 'users/activation/only_by_admin', extra={'user': user})) if not token or not user.token or user.token != token: return error403( request, Message(request, 'users/invalid_confirmation_link', extra={'user': user})) # Activate and sign in our member user.activation = User.ACTIVATION_NONE sign_user_in(request, user) # Update monitor request.monitor[ 'users_inactive'] = request.monitor['users_inactive'] - 1 if current_activation == User.ACTIVATION_CREDENTIALS: request.messages.set_flash( Message(request, 'users/activation/credentials', extra={'user': user}), 'success') else: request.messages.set_flash( Message(request, 'users/activation/new', extra={'user': user}), 'success') return redirect(reverse('index')) except User.DoesNotExist: return error404(request)