def logout():
# if user is not logged in, show him an error message saying he can't access this page.
if (not isUserLoggedIn()):
return abort(403)
session.clear()
flash("You have successfully logged out", "success")
return sendUserToHome()
def write_delete(postid):
# if the user is not logged in, disallow from accessing this link.
if (not isUserLoggedIn()):
return abort(403)
deletePost(postid)
flash("You have successfully deleted the content", "success")
return sendUserToHome()
def loginUser(username: str, password: str):
# run query, retrieve the accountID, password and salt from username variable.
with MySQL() as c:
c.execute(
"SELECT accountID, password, salt FROM accounts WHERE username = %s",
username)
accResult = c.fetchone()
# if there is no result returned, we send the user a error message then redirect back to index.html
if (accResult == None):
flash("Invalid password or username, please try again.", "danger")
return sendUserToHome()
# we set retPassword and retSalt variable to the password and hash we retrieved from the database.
retPassword, retSalt = accResult["password"], accResult["salt"]
# password variable will be sha256 hash and salt concatted together.
password = hashlib.sha256(password.encode() + retSalt.encode()).hexdigest()
# compare password, if password is the same, let the code continue else we return an error message and redirect the user back to index.html
if password.upper() != retPassword:
flash("Wrong password, please try again.", "danger")
return sendUserToHome()
# if user ticked the box, set the 'remember_me' session to true.
if request.form.get("checkbox"):
session.permanent = True # save session for 31 days, if remember me box is ticked.
session["remember_me"] = True
# if user logged in, we check in our admin database if they're admin, if they are, set session 'isAdmin' to true
with MySQL() as c:
c.execute("SELECT adminLevel FROM admins WHERE userID = %s",
accResult['accountID'])
admResult = c.fetchone()
if (admResult):
if (admResult['adminLevel'] >= 1):
session['isAdmin'] = True
# if none of the error code above occured, set the session 'logged_in' to true and 'accountid' to the accountID from the database, show message to user that he logged in.
setUserLoggedIn(True)
session["accountid"] = accResult["accountID"]
flash("Successfully logged in", "success")
def edit_success(postid):
# if the user is not logged in, disallow from accessing this link.
if (not isUserLoggedIn()):
return abort(403)
title = request.form.get('news_title')
content = request.form.get('news_message')
updatePost(title, content, postid)
flash("You have successfully edited the content", "success")
return sendUserToHome()
def write_success():
# if the user is not logged in, disallow from accessing this link.
if (not isUserLoggedIn()):
return abort(403)
title = request.form.get('news_title')
content = request.form.get('news_message')
author = session.get("accountid")
writePost(title, content, author)
flash("You have successfully posted the content", "success")
return sendUserToHome()
def index():
return sendUserToHome()