def process (self, email=None, password=None):
# Clean up text for usage with database.
email = sqlutils.quote (email)
password = sqlutils.quote (password)
# Encrypt password using the same encryption we used when the password
# was stored in the database.
password = crypt.crypt (password, "23")
description = None
results = None
# Try to connect to the database.
try:
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchone()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
# FIXME: do something more useful here.
pass
# If we don't have any results, the email address wasn't on record.
if (results == None):
return self.index (errornotfound=True)
else:
stored_password = ""
try:
stored_password = results[sqlutils.getfieldindex ("password", description)]
except:
# FIXME: do something more useful here.
raise cherrypy.HTTPRedirect ("/fatalerror")
# Verify password equivalence.
if (password <> stored_password):
return self.index (errorbadpassword=True)
else:
# If we got this far, the email address was on record, and the password
# matches it, so we deem the user to be logged in. Hooray!
user_id = None
user_level = 0
try:
user_id = results[sqlutils.getfieldindex ("user_id", description)]
user_level = results[sqlutils.getfieldindex ("level", description)]
except:
# FIXME: do something more useful here.
raise cherrypy.HTTPRedirect ("/fatalerror")
# If the user level is 2 or higher, the user is an admin user.
pageutils.set_logged_in (user_id, (user_level > 1))
# FIXME: Might want to redirect to some sort of user dashboard page in the future.
raise cherrypy.HTTPRedirect ("/")
def index (self):
# Verify user is logged-in admin.
if (not pageutils.is_admin_p()):
raise cherrypy.HTTPRedirect ("/")
description = None
results = None
# Try to connect to the database.
try:
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM articles")
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchall()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
pass
pagecontents = "<p><a href=\"/admin/articles/new\">Create New Article</a></p>\n"
pagecontents += "<h3>Article Listing</h3>\n"
pagecontents += "<ul>\n"
if (results == []):
pagecontents += "<li>No articles found in database.</li>\n"
for result in results:
try:
title = result[sqlutils.getfieldindex ("title", description)]
slug = result[sqlutils.getfieldindex ("slug", description)]
article_id = result[sqlutils.getfieldindex ("article_id", description)]
pagecontents += "<li><a href=\"/admin/articles/edit/" + slug + "\">" + title + "</a>\n"
pagecontents += "[<a href=\"/admin/articles/delete/" + article_id + "\">Delete</a>]</li>\n"
except:
pass
pagecontents += "</ul>\n"
# Present listing of all articles.
return pageutils.generate_page ("Articles Administration", pagecontents)
def edit (self, article_slug = None):
# Verify user is logged-in admin.
if (not pageutils.is_admin_p()):
raise cherrypy.HTTPRedirect ("/")
# Verify we have an article to work with.
if (article_slug == None):
raise cherrypy.HTTPRedirect ("/articles/")
description = None
results = None
# Try to connect to the database.
try:
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM articles WHERE slug=%s", [article_slug])
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchone()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
pass
if (results == None):
return pageutils.generate_page ("Invalid Article Specified", "Invalid Article Specified")
# Obtain the article title from the database results.
title = ""
try:
title = results[sqlutils.getfieldindex ("title", description)]
except:
pass
# Obtain the article body from the database results.
body = ""
try:
body = results[sqlutils.getfieldindex ("body", description)]
except:
pass
# Obtain the article display value.
display = ""
try:
display = str(results[sqlutils.getfieldindex ("display", description)])
except:
pass
# Obtain the article_id.
article_id = ""
try:
article_id = str(results[sqlutils.getfieldindex ("article_id", description)])
except:
pass
slug = article_slug
return self.new (edit=True, title=title, body=body, display=display, slug=slug, article_id=article_id)
def index (self, discussion_id=None):
# If discussion_id is None, display main discussion table of contents.
# Else, display specified discussion.
# Available to all, logged in or not.
# Toplevel index.
if (discussion_id == None):
description = None
results = None
author_description = None
author_results = []
# Get discussion listing from database
try:
# Try to connect to the database.
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM discussions WHERE refers_to IS null ORDER BY creation_date")
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchall()
# Get and store the user (author) data.
for result in results:
dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
[str(result[sqlutils.getfieldindex("author_id", description)])])
if (dbcursor.description <> None):
author_description = dbcursor.description
author_results.append (dbcursor.fetchone())
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
return pageutils.generate_page ("Database Error",
"<div class=\"error\">Can't get discussion data.</div>\n")
# Build the page.
pagetext = ""
if (pageutils.is_logged_in_p()):
pagetext += "<a href=\"/discussions/new\">Start New Discussion</a>\n"
else:
pagetext += "<a href=\"/login\">Log In</a> to start a new discussion</a>\n"
pagetext += "<ul>\n"
for result in results:
pagetext += "<li>\n"
pagetext += ("<a href=\"/discussions/" +
str(result[sqlutils.getfieldindex ("discussion_id", description)]) +
"\">" + result[sqlutils.getfieldindex ("subject", description)] + "</a> (posted by ")
for author in author_results:
if author == None:
continue
if author[0] == result[sqlutils.getfieldindex ("author_id", description)]:
pagetext += author[sqlutils.getfieldindex ("name", author_description)]
pagetext += " on " + result[sqlutils.getfieldindex ("creation_date", description)] + ")\n"
pagetext += "</li>\n"
pagetext += "</ul>\n"
return pageutils.generate_page ("Discussions", pagetext)
# Display a specific discussion.
else:
# Make sure we have a potentially-valid discussion id.
try:
discussion_id = str(int(discussion_id))
except:
return pageutils.generate_page ("Invalid Discussion",
"<div class=\"error\">Can't present the requested discussion.</div>\n")
description = None
results = None
reply_results = []
author_description = None
author_results = []
# Get discussion listing from database
try:
# Try to connect to the database.
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM discussions WHERE discussion_id=%s", [discussion_id])
description = dbcursor.description
results = dbcursor.fetchone()
# Get the user (author) data for the main discussion.
dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
[str(results[sqlutils.getfieldindex("author_id", description)])])
author_description = dbcursor.description
author_results.append (dbcursor.fetchone())
# Get any comments/replies for this discussion thread.
dbcursor.execute ("SELECT * FROM discussions WHERE refers_to=%s", [discussion_id])
reply_results = dbcursor.fetchall()
# Get and store the user (author) data.
for result in reply_results:
dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
[str(result[sqlutils.getfieldindex("author_id", description)])])
author_results.append (dbcursor.fetchone())
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
return pageutils.generate_page ("Database Error",
"<div class=\"error\">Can't get discussion data.</div>\n")
# Build page.
pagetitle = results[sqlutils.getfieldindex("subject", description)]
pagetext = "<p>" + results[sqlutils.getfieldindex("body", description)] + "</p>\n"
for author in author_results:
if author == None:
continue
# Find the author info to display.
if author[0] == results[sqlutils.getfieldindex ("author_id", description)]:
pagetext += "<p><i>posted by " + author[sqlutils.getfieldindex ("name", author_description)]
pagetext += (" on " + results[sqlutils.getfieldindex ("creation_date", description)] +
"</i></p>\n")
break
if (pageutils.is_admin_p()):
pagetext += ("<p>[<a href=\"/admin/discussions/delete/" +
str(results[sqlutils.getfieldindex("discussion_id", description)]) +
"\">Delete Discussion</a>]</p>")
pagetext += "<hr width=\"50%\">\n"
pagetext += "<h3>Replies</h3>\n"
# Do we have any replies to show?
if (reply_results <> None):
for result in reply_results:
pagetext += "<p>"
pagetext += result[sqlutils.getfieldindex ("body", description)]
for author in author_results:
if author == None:
continue
# Find the author info to display.
if author[0] == result[sqlutils.getfieldindex ("author_id", description)]:
pagetext += "<p><i>posted by " + author[sqlutils.getfieldindex ("name", author_description)]
pagetext += (" on " +
result[sqlutils.getfieldindex ("creation_date", description)] +
"</i></p>\n")
break
pagetext += "</p>\n"
# If the user is admin, post link to delete the reply.
if (pageutils.is_admin_p()):
pagetext += ("<p>[<a href=\"/admin/discussions/delete/" +
str(result[sqlutils.getfieldindex ("discussion_id", description)]) +
"\">Delete Reply</a>]</p>\n")
pagetext += "<hr width=50%>\n"
# If user is logged in, post link to add a reply.
if (pageutils.is_logged_in_p()):
pagetext += "<p><a href=\"/discussions/reply/" + discussion_id + "\">Add a reply</a></p>\n"
else:
pagetext += "<p><a href=\"/login\">Log in</a> to add a reply</a></p>\n"
# Generate page
return pageutils.generate_page (pagetitle, pagetext)
def index(self, event_id=None):
# If event_id is None, display main event table of contents.
# Else, display specified event details.
# Available to all, logged in or not.
# Build table of contents.
if event_id == None:
description = None
results = None
# Get event listing from database
try:
# Try to connect to the database.
dbconnection = pgdb.connect(database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute("SELECT * FROM events ORDER BY start_date")
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchall()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
return pageutils.generate_page("Database Error", '<div class="error">Can\'t get event data.</div>\n')
# Build the page.
pagetext = ""
if pageutils.is_logged_in_p():
pagetext += '<a href="/events/new">Add New Event</a>\n'
else:
pagetext += '<a href="/login">Log In</a> to add a new event</a>\n'
pagetext += "<ul>\n"
most_recent_month = None
most_recent_year = None
for result in results:
start_date = result[sqlutils.getfieldindex("start_date", description)]
end_date = result[sqlutils.getfieldindex("end_date", description)]
if most_recent_year <> pageutils.get_year(start_date):
most_recent_year = pageutils.get_year(start_date)
pagetext += "</ul><h2>" + str(most_recent_year) + "</h2><ul>\n"
if most_recent_month <> pageutils.get_month(start_date):
most_recent_month = pageutils.get_month(start_date)
pagetext += "</ul><h3>" + most_recent_month + "</h3><ul>\n"
pagetext += (
"<li>"
+ '<a href="/events/'
+ str(result[sqlutils.getfieldindex("event_id", description)])
+ '">'
+ result[sqlutils.getfieldindex("title", description)]
+ "</a> ("
+ str(pageutils.get_month(start_date))
+ " "
+ str(pageutils.get_day(start_date))
)
if result[sqlutils.getfieldindex("end_date", description)] <> None:
pagetext += " - " + pageutils.get_month(end_date) + " " + str(pageutils.get_day(end_date))
pagetext += ")</li>\n"
pagetext += "</ul>\n"
return pageutils.generate_page("Events", pagetext)
# Show specific event.
else:
description = None
result = None
# Get event listing from database
try:
# Try to connect to the database.
dbconnection = pgdb.connect(database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute("SELECT * FROM events WHERE event_id=%s", [str(event_id)])
# Get the cursor description and results from the query.
description = dbcursor.description
result = dbcursor.fetchone()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
return pageutils.generate_page("Database Error", '<div class="error">Can\'t get event data.</div>\n')
# Build the page.
pagetext = ""
start_date = result[sqlutils.getfieldindex("start_date", description)]
end_date = result[sqlutils.getfieldindex("end_date", description)]
pagetext += "<h3>" + pageutils.get_month(start_date) + " " + str(pageutils.get_day(start_date))
if end_date <> None:
pagetext += " - " + pageutils.get_month(end_date) + " " + str(pageutils.get_day(end_date))
pagetext += ", " + pageutils.get_year(end_date)
else:
pagetext += ", " + pageutils.get_year(start_date)
pagetext += "</h3>\n"
pagetext += "<p>" + result[sqlutils.getfieldindex("description", description)]
pagetitle = result[sqlutils.getfieldindex("title", description)]
if pageutils.is_admin_p():
pagetext += (
'<p>[<a href="/admin/events/delete/'
+ str(result[sqlutils.getfieldindex("event_id", description)])
+ '">Delete Event</a>]</p>'
)
return pageutils.generate_page(pagetitle, pagetext)
def index (self, article_slug=None):
# If article_slug is None, display main article table of contents.
# Else, display specified article.
# Available to all, logged in or not.
if (article_slug == None):
article_slug = "map"
description = None
results = None
comments_description = None
comments_results = None
author_results = []
author_description = None
# Get article, comment, and comment-author data from database.
try:
# Try to connect to the database.
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM articles WHERE slug=%s", [article_slug])
# Get the cursor description and results from the query.
description = dbcursor.description
results = dbcursor.fetchone()
# Get any comments for the article.
if (results <> None):
dbcursor.execute ("SELECT * FROM articles WHERE refers_to=%s",
[str(results[sqlutils.getfieldindex ("article_id", description)])])
comments_description = dbcursor.description
comments_results = dbcursor.fetchall()
# Store the user info for the author of the comment, for use when we display the comment.
for result in comments_results:
dbcursor.execute ("SELECT * FROM users WHERE user_id=%s",
[str(result[sqlutils.getfieldindex ("author_id", comments_description)])])
author_description = dbcursor.description
author_results.append (dbcursor.fetchone())
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
pass
if (results == None):
# The "welcome" article is the main front page. We need to have this page.
if (article_slug == "welcome"):
return pageutils.generate_page ("Welcome",
"You will need to create an article with the slug: welcome")
# We also need a "map" page.
elif (article_slug == "map"):
return pageutils.generate_page ("Map",
"You will need to create an article with the slug: map")
else:
raise cherrypy.HTTPRedirect ("/404")
# Obtain the article title from the database results.
pagetitle = ""
try:
pagetitle += results[sqlutils.getfieldindex ("title", description)]
except:
pagetitle = "Database Error."
# Obtain the article body from the database results.
pagetext = ""
try:
pagetext += results[sqlutils.getfieldindex ("body", description)]
except:
pagetext += "<p>Database Error.</p>"
# Do we want to show comments on this page?
try:
if (int(results[sqlutils.getfieldindex ("display", description)]) > 1):
pagetext += "<hr><h3>User Comments</h3>"
# Do we have any comments to show?
if (comments_results <> None):
for result in comments_results:
pagetext += "<p>"
pagetext += result[sqlutils.getfieldindex ("body", comments_description)]
for author in author_results:
if author == None:
continue
# Find the author info to display.
if author[0] == result[sqlutils.getfieldindex ("author_id", comments_description)]:
pagetext += "<p><i>posted by " + author[sqlutils.getfieldindex ("name", author_description)]
pagetext += " on " + result[sqlutils.getfieldindex ("creation_date", comments_description)] + "</i></p>\n"
break
# If the user is admin, post link to delete the comment.
if (pageutils.is_admin_p()):
pagetext += ("<p>[<a href=\"/admin/articles/delete/" +
str(result[sqlutils.getfieldindex ("article_id", comments_description)]) +
"\">Delete Comment</a>]</p>\n")
pagetext += "</p>"
pagetext += "<hr width=50%>\n"
# If user is logged in, post link to add a comment.
if (pageutils.is_logged_in_p()):
pagetext += "<p><a href=\"/articles/comment/" + article_slug + "\">Add a comment</a></p>\n"
else:
pagetext += "<p><a href=\"/login\">Log in</a> to add a comment</a></p>\n"
except:
pass
# Build the whole page and return it.
return pageutils.generate_page (pagetitle, pagetext)
def process (self, name=None, email=None, password=None, passwordverify=None, url=None):
# If we got to this page through the /register form, all fields should be filled
# in, with the possible exception of URL, which is optional. If they aren't all
# filled in, then something unexpected happened, and we shouldn't continue processing
# the form.
if (name == None or email == None or password == None or passwordverify == None):
return self.index (errormissing = True, name=name, email=email,
password=password, passwordverify=passwordverify,
url=url)
else:
# Store original values as given in case we need to represent the form.
originalname = name
originalemail = email
originalpassword = password
originalpasswordverify = passwordverify
originalurl = url
# Remove any leading/trailing spaces.
name = string.strip(name)
email = string.strip(email)
password = string.strip(password)
passwordverify = string.strip(passwordverify)
url = string.strip(url)
level = "1" # default level for regular user.
# Verify all required fields are filled in.
if (name == '' or email == '' or password == '' or passwordverify == ''):
return self.index (errormissing = True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
# Verify email address is plausibly valid.
if (re.match (pageutils.emailregex, email) == None):
return self.index (erroremail = True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
# Verify passwords match.
if (password <> passwordverify):
return self.index (errorverify = True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
# Encypt the password. Once we do this, we can't get the original
# password back out of the database, so we can't send the original
# password back to the user if they lose it. We can generate a new
# password and send them that.
password = crypt.crypt (password, "23")
# Add http:// to the URL if needed.
if (url[0:7] =="http://" or url == ""):
pass
else:
url = "http://" + url
# Ensure that email address hasn't already been used in database.
try:
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
results = dbcursor.fetchone()
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
if (results <> None):
return self.index (errorduplicate=True, name=originalname, email=originalemail,
password=originalpassword, passwordverify=originalpasswordverify,
url=originalurl)
except:
return pageutils.generate_page ("Database Error", "Database Error")
try:
# Connect to the database and insert the values.
dbconnection = pgdb.connect (database_connect_fields)
dbcursor = dbconnection.cursor()
dbcursor.execute ("INSERT INTO users (name, email, password, url, level) " +
"VALUES (%s, %s, %s, %s, %s)",
[name, email, password, url, level])
dbconnection.commit()
# Now fetch the user_id so we can automatically log the user in.
dbcursor.execute ("SELECT * FROM users WHERE email=%s", [email])
description = dbcursor.description
results = dbcursor.fetchone()
user_id = None
user_level = 0
try:
user_id = results[sqlutils.getfieldindex ("user_id", description)]
user_level = results[sqlutils.getfieldindex ("level", description)]
except:
pass
pageutils.set_logged_in (user_id, (user_level > 1))
# Close the database cursor and connection.
dbcursor.close()
dbconnection.close()
except:
# FIXME: this is a public user page; provide more interesting feedback in this event.
return pageutils.generate_page ("Invalid SQL Query", "Invalid SQL Query!")
raise cherrypy.HTTPRedirect ("/register/thanks")
