def user(name):
try:
user = sql.getUser(name)
except sql.SQLError:
abort(404)
tasks = sorted(sql.getTasks(), key=lambda x: (x.categorie, x.points, x.level))
return render_template("main.html",
view="user.html",
user=user,
tasks=tasks,
solved=sql.getSolved(user.login))
def me():
if not "login" in session:
return redirect(url_for("login"))
try:
user = sql.getUser(session["login"])
except sql.SQLError:
abort(404)
if request.method == "POST":
doPost(user)
user = sql.getUser(session["login"])
maxpoints = sql.getMaxPoints()
try:
percents = int(user.points / float(maxpoints) * 100)
except ZeroDivisionError:
percents = 0
medals = json.loads(user.medals) if user.medals is not None else None
csrf_token = uuid.uuid4()
session["csrf_token"] = csrf_token
return render_template(
"main.html", view="me.html", user=user, percents=percents, medals=medals, csrf_token=csrf_token
)
def admin_user():
if not "admin" in session or not session["admin"]:
abort(404)
login = request.args.get("login", None)
try:
user = sql.getUser(login)
except sql.SQLError:
flash("No such user", "danger")
return redirect(url_for('admin'))
if request.method == 'POST':
ret = doPost(user)
if ret:
return ret
user = sql.getUser(login)
tasks = sorted(sql.getTasks(), key=(lambda x : (x.categorie, x.points, x.level)))
medals = json.loads(user.medals) if user.medals is not None else None
csrf_token = uuid.uuid4()
session['csrf_token'] = csrf_token
return render_template("main.html", view="admin_user.html", user=user,
tasks=tasks, solved=sql.getSolved(user.login),
medals=medals, csrf_token=csrf_token)
def login():
if request.method == 'POST':
try:
username = request.form.get("username", None)
password = request.form.get("password", None)
user = sql.getUser(username)
if bcrypt.hashpw(str(password), str(user.password)) == user.password:
session["login"] = user.login
session["points"] = user.points
session["admin"] = user.isadmin
flash("Login successful", "success")
return redirect(url_for('mainindex'))
else:
raise sql.SQLError
except sql.SQLError:
flash("Login Failure", "error")
return render_template("main.html", view="login.html")
def admin_adduser():
if not "admin" in session or not session["admin"]:
abort(404)
login = request.args.get("login", None) or request.form.get("login", None)
if not login:
flash("Login is missing", "danger")
return redirect(url_for('admin'))
try:
user = sql.getUser(login)
return redirect(url_for("admin_user", login=login))
except sql.SQLError:
pass
if request.method == 'POST':
if doPost(login):
return redirect(url_for("admin_user", login=login))
csrf_token = uuid.uuid4()
session['csrf_token'] = csrf_token
return render_template("main.html", view="admin_adduser.html",
user=login, csrf_token=csrf_token)
