def editArea(id): if "user_id" in session: if not users.getAdmin(session["user_id"]): abort(403) else: return render_template("error.html", message="You need to log in first") area_info = areas.areaInfo(id) if request.method == "GET": return render_template("editarea.html", info=area_info) if request.method == "POST": if not users.getAdmin(session["user_id"]): abort(403) if not users.checkCsrfToken(request.form["csrf_token"]): abort(403) topic = request.form["topic"] rules = request.form["rules"] listed = request.form["listed"] areas.editArea(topic,rules,listed,id) if listed == "False": return redirect("/") return redirect(session.get("url","/"))
def deleteMessage(message_id,user_id): if not (checkMessageOwner(message_id,user_id) or users.getAdmin(user_id)): return False sql = "UPDATE messages SET listed=False WHERE id=:message_id" result = db.session.execute(sql, {"message_id":message_id}) db.session.commit() return True
def editMessage(message_id,user_id,message): if not (checkMessageOwner(message_id,user_id) or users.getAdmin(user_id)): return False sql = "UPDATE messages SET message=:message WHERE id=:message_id" result = db.session.execute(sql, {"message_id":message_id,"message":message}) db.session.commit() return True
def editThread(thread_id,user_id,message, topic): if not (checkThreadOwner(thread_id,user_id) or users.getAdmin(user_id)): return False sql = "UPDATE threads SET message=:message WHERE id=:thread_id" result = db.session.execute(sql, {"message":message,"thread_id":thread_id}) sql = "UPDATE threads SET topic=:topic WHERE id=:thread_id" result = db.session.execute(sql, {"topic":topic,"thread_id":thread_id}) db.session.commit() return True
def index(): area_list,last_message,total_messages,total_threads = areas.fetchAreaValues() active_threads = areas.getActiveThreads(0) if "user_id" in session: if users.getAdmin(session["user_id"]): return render_template("indexAdmin.html",areas=area_list,last_message=last_message, threads=active_threads,total_messages=total_messages,total_threads=total_threads) session["url"] = url_for("index") return render_template("index.html",areas=area_list,last_message=last_message,threads=active_threads,total_messages=total_messages, total_threads=total_threads)
def newArea(): if not users.checkCsrfToken(request.form["csrf_token"]): abort(403) if "user_id" in session: if users.getAdmin(session["user_id"]): topic = request.form["topic"] rules = request.form["rules"] listed = request.form["listed"] areas.addArea(topic,rules,listed) return redirect("/") else: abort(403)
def deleteThread(thread_id,user_id): if not (checkThreadOwner(thread_id,user_id) or users.getAdmin(user_id)): return False sql = "UPDATE messages SET listed=False WHERE thread_id=:thread_id RETURNING image_id" result = db.session.execute(sql,{"thread_id":thread_id}) if result: imagehandler.removeThreadImages(result.fetchall()) sql = "UPDATE threads SET listed=False WHERE id=:thread_id RETURNING image_id" result = db.session.execute(sql,{"thread_id":thread_id}) db.session.commit() if result: imagehandler.removeImage(result.fetchone()[0]) return True
def editMessage(id): if "user_id" not in session: return render_template("error.html", message="You need to log in to edit a message.") if request.method == "GET": message_info = threads.getMessageContent(id) if (threads.checkMessageOwner(id, int(session["user_id"])) or users.getAdmin(session["user_id"])): return render_template("editmessage.html", info=message_info) else: return render_template("error.html", message="You can't edit someone else's message!") if request.method == "POST": if not users.checkCsrfToken(request.form["csrf_token"]): abort(403) message = request.form["message"] if len(message) > 1000: return render_template("error.html", message="Message too long! (Over 1000 characters)") if threads.editMessage(id, int(session["user_id"]), message): return redirect(session.get("url","/")) else: abort(403)