def sql_add_review(): connection = sql_load() title = request.form['inputTitle'] date = time.strftime('%Y-%m-%d %H:%M:%S') rating = request.form['inputRating'] email = request.form['inputAuthorEmail'] text = request.form['inputText'] captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): author = sql_get_user_by_email(connection, email) cur = connection.cursor() cur.execute( "INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) " "VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text)) connection.commit() flask.session.modified = True flash("Post created!", 'success') return redirect(url_for("index")) else: flash('Sorry, bots are not allowed!', 'error') return redirect(url_for("index"))
def sql_add_user(): connection = sql_load() first = request.form['inputName'] last = request.form['inputSurname'] email = request.form['inputEmail'] password_original = request.form['inputPassword'] password = pwd_context.encrypt(password_original) captcha_response = request.form['g-recaptcha-response'] if not CheckPasswordRules(password): flash("Your password did not meet the validation rules!", 'error') return render_template("register.html") cur = connection.cursor() cur.execute("SELECT * FROM users WHERE email = ?", (email, )) if is_human(captcha_response): if cur.fetchone() == None: cur.execute( "INSERT INTO users (firstname, lastname, email, password) VALUES(?, ?, ?, ?)", (first, last, email, password)) connection.commit() session['logged_in'] = True session.permanent = True session['sessionEmail'] = email flash("Registration successful!", 'success') return redirect(url_for("index")) else: flash("Email address already in use!", 'error') return render_template("register.html") else: flash("Sorry, bots are not allowed!", 'error') return render_template("register.html")
def sql_user_password(): if not session['logged_in']: flash('You are not logged in!', 'error') return redirect(url_for("index")) connection = sql_load() cur = connection.cursor() current_password = request.form['CurrentPassword'] new_password = request.form['NewPassword'] email = session['sessionEmail'] encrypt = pwd_context.encrypt(new_password) captcha_response = request.form['g-recaptcha-response'] if not CheckPasswordRules(new_password): flash("Your password did not meet the validation rules!", 'error') return redirect(url_for("account")) if is_human(captcha_response): cur.execute("SELECT * FROM users WHERE email = ?", (email, )) data = cur.fetchone()[4] flask.session.modified = True if check_encrypted_password(current_password, data): cur.execute("UPDATE users SET password = ? WHERE email = ?", (encrypt, email)) connection.commit() flash("Password updated!", 'success') return redirect(url_for("account")) flash("Failed!", 'error') return redirect(url_for("account")) else: flash('Sorry, bots are not allowed!', 'error') return redirect(url_for("account"))
def sql_update_bio(): if not session['logged_in']: flash('You are not logged in!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() cur = connection.cursor() email = request.form['Email'] bio = request.form['Bio'] user_id = sql_get_user_by_email(connection, email) cur.execute("UPDATE users SET bio = ? WHERE userid = ?", (bio, user_id)) connection.commit() flask.session.modified = True flash("Bio updated!", 'success') return redirect(url_for("index")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("account"))
def sql_add_admin(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() email = request.form['inputEmailAdmin'] cur = connection.cursor() if sql_check_email(connection, email) == False: flash("Invalid email!", 'error') return redirect(url_for("index")) id = sql_get_user_by_email(connection, email) cur.execute("INSERT INTO admins (adminid) VALUES(?)", id) connection.commit() flask.session.modified = True flash("User " + email + " is now an admin!", 'success') return redirect(url_for("admin")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("admin"))
def sql_delete_user_by_id(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() id = request.form['inputIDDelete'] if session['sessionEmail'] == sql_get_email_by_id(connection, id): flash( 'You can not delete an account you are currently logged in with!', 'error') return redirect(url_for("index")) cur = connection.cursor() cur.execute("DELETE FROM users WHERE userid = ?", (id, )) connection.commit() flask.session.modified = True flash("Deleted user id " + id + "!", 'success') return redirect(url_for("admin")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("admin"))
def sql_delete_review(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): connection = sql_load() reviewid = request.form['reviewID'] cur = connection.cursor() cur.execute("DELETE FROM reviews WHERE reviewid = ?", (reviewid, )) connection.commit() flask.session.modified = True flash("Deleted review with ID of " + reviewid + "!", 'success') return redirect(url_for("index")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("index"))
def login(): connection = sql_load() cur = connection.cursor() if request.method == "POST": email = request.form['inputEmail'] captcha_response = request.form['g-recaptcha-response'] if is_human(captcha_response): if sql_check_email(connection, email) == False: try: check_encrypted_password( request.form['inputPassword'], "blah" ) #encrypt password so there's no time difference if username is wrong except: flash("Invalid credentials!", 'error') return redirect(url_for("index")) cur.execute("SELECT * FROM users WHERE email = ?", (email, )) data = cur.fetchone()[4] if check_encrypted_password(request.form['inputPassword'], data): session['logged_in'] = True session.permanent = True session['sessionEmail'] = request.form['inputEmail'] if sql_is_admin(session['sessionEmail']): session['admin'] = True flash("You are now logged in!", 'success') return redirect(url_for("index")) else: session['login_failures'] = session['login_failures'] + 1 login_failures = session['login_failures'] time.sleep(0.001 * 2**login_failures) flash("Invalid credentials!", 'error') else: flash('Sorry, bots are not allowed!', 'error') return render_template("login.html") return render_template("login.html")
def sql_delete_user(): if not session['logged_in']: flash('You are not an admin!', 'error') return redirect(url_for("index")) if not sql_is_admin(session['sessionEmail']): flash('You are not an admin!', 'error') return redirect(url_for("index")) connection = sql_load() email = request.form['inputEmailDelete'] captcha_response = request.form['g-recaptcha-response'] if session['sessionEmail'] == email: flash( 'You can not delete an account you are currently logged in with!', 'error') return redirect(url_for("index")) if is_human(captcha_response): cur = connection.cursor() if sql_check_email(connection, email) == False: flash("Invalid email!", 'error') return redirect(url_for("index")) cur.execute("DELETE FROM users WHERE email = ?", (email, )) connection.commit() flask.session.modified = True flash("Deleted user " + email + "!", 'success') return redirect(url_for("admin")) else: status = "Sorry ! Bots are not allowed." flash(status) return redirect(url_for("admin"))