def sql_add_review():
connection = sql_load()
title = request.form['inputTitle']
date = time.strftime('%Y-%m-%d %H:%M:%S')
rating = request.form['inputRating']
email = request.form['inputAuthorEmail']
text = request.form['inputText']
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
author = sql_get_user_by_email(connection, email)
cur = connection.cursor()
cur.execute(
"INSERT INTO reviews (reviewtitle, reviewdate, reviewrating, reviewauthor, reviewtext) "
"VALUES(?, ?, ?, ?, ?)", (title, date, rating, author, text))
connection.commit()
flask.session.modified = True
flash("Post created!", 'success')
return redirect(url_for("index"))
else:
flash('Sorry, bots are not allowed!', 'error')
return redirect(url_for("index"))
def sql_add_user():
connection = sql_load()
first = request.form['inputName']
last = request.form['inputSurname']
email = request.form['inputEmail']
password_original = request.form['inputPassword']
password = pwd_context.encrypt(password_original)
captcha_response = request.form['g-recaptcha-response']
if not CheckPasswordRules(password):
flash("Your password did not meet the validation rules!", 'error')
return render_template("register.html")
cur = connection.cursor()
cur.execute("SELECT * FROM users WHERE email = ?", (email, ))
if is_human(captcha_response):
if cur.fetchone() == None:
cur.execute(
"INSERT INTO users (firstname, lastname, email, password) VALUES(?, ?, ?, ?)",
(first, last, email, password))
connection.commit()
session['logged_in'] = True
session.permanent = True
session['sessionEmail'] = email
flash("Registration successful!", 'success')
return redirect(url_for("index"))
else:
flash("Email address already in use!", 'error')
return render_template("register.html")
else:
flash("Sorry, bots are not allowed!", 'error')
return render_template("register.html")
def sql_user_password():
if not session['logged_in']:
flash('You are not logged in!', 'error')
return redirect(url_for("index"))
connection = sql_load()
cur = connection.cursor()
current_password = request.form['CurrentPassword']
new_password = request.form['NewPassword']
email = session['sessionEmail']
encrypt = pwd_context.encrypt(new_password)
captcha_response = request.form['g-recaptcha-response']
if not CheckPasswordRules(new_password):
flash("Your password did not meet the validation rules!", 'error')
return redirect(url_for("account"))
if is_human(captcha_response):
cur.execute("SELECT * FROM users WHERE email = ?", (email, ))
data = cur.fetchone()[4]
flask.session.modified = True
if check_encrypted_password(current_password, data):
cur.execute("UPDATE users SET password = ? WHERE email = ?",
(encrypt, email))
connection.commit()
flash("Password updated!", 'success')
return redirect(url_for("account"))
flash("Failed!", 'error')
return redirect(url_for("account"))
else:
flash('Sorry, bots are not allowed!', 'error')
return redirect(url_for("account"))
def sql_update_bio():
if not session['logged_in']:
flash('You are not logged in!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
cur = connection.cursor()
email = request.form['Email']
bio = request.form['Bio']
user_id = sql_get_user_by_email(connection, email)
cur.execute("UPDATE users SET bio = ? WHERE userid = ?",
(bio, user_id))
connection.commit()
flask.session.modified = True
flash("Bio updated!", 'success')
return redirect(url_for("index"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("account"))
def sql_add_admin():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
email = request.form['inputEmailAdmin']
cur = connection.cursor()
if sql_check_email(connection, email) == False:
flash("Invalid email!", 'error')
return redirect(url_for("index"))
id = sql_get_user_by_email(connection, email)
cur.execute("INSERT INTO admins (adminid) VALUES(?)", id)
connection.commit()
flask.session.modified = True
flash("User " + email + " is now an admin!", 'success')
return redirect(url_for("admin"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("admin"))
def sql_delete_user_by_id():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
id = request.form['inputIDDelete']
if session['sessionEmail'] == sql_get_email_by_id(connection, id):
flash(
'You can not delete an account you are currently logged in with!',
'error')
return redirect(url_for("index"))
cur = connection.cursor()
cur.execute("DELETE FROM users WHERE userid = ?", (id, ))
connection.commit()
flask.session.modified = True
flash("Deleted user id " + id + "!", 'success')
return redirect(url_for("admin"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("admin"))
def sql_delete_review():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
connection = sql_load()
reviewid = request.form['reviewID']
cur = connection.cursor()
cur.execute("DELETE FROM reviews WHERE reviewid = ?", (reviewid, ))
connection.commit()
flask.session.modified = True
flash("Deleted review with ID of " + reviewid + "!", 'success')
return redirect(url_for("index"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("index"))
def login():
connection = sql_load()
cur = connection.cursor()
if request.method == "POST":
email = request.form['inputEmail']
captcha_response = request.form['g-recaptcha-response']
if is_human(captcha_response):
if sql_check_email(connection, email) == False:
try:
check_encrypted_password(
request.form['inputPassword'], "blah"
) #encrypt password so there's no time difference if username is wrong
except:
flash("Invalid credentials!", 'error')
return redirect(url_for("index"))
cur.execute("SELECT * FROM users WHERE email = ?", (email, ))
data = cur.fetchone()[4]
if check_encrypted_password(request.form['inputPassword'], data):
session['logged_in'] = True
session.permanent = True
session['sessionEmail'] = request.form['inputEmail']
if sql_is_admin(session['sessionEmail']):
session['admin'] = True
flash("You are now logged in!", 'success')
return redirect(url_for("index"))
else:
session['login_failures'] = session['login_failures'] + 1
login_failures = session['login_failures']
time.sleep(0.001 * 2**login_failures)
flash("Invalid credentials!", 'error')
else:
flash('Sorry, bots are not allowed!', 'error')
return render_template("login.html")
return render_template("login.html")
def sql_delete_user():
if not session['logged_in']:
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
if not sql_is_admin(session['sessionEmail']):
flash('You are not an admin!', 'error')
return redirect(url_for("index"))
connection = sql_load()
email = request.form['inputEmailDelete']
captcha_response = request.form['g-recaptcha-response']
if session['sessionEmail'] == email:
flash(
'You can not delete an account you are currently logged in with!',
'error')
return redirect(url_for("index"))
if is_human(captcha_response):
cur = connection.cursor()
if sql_check_email(connection, email) == False:
flash("Invalid email!", 'error')
return redirect(url_for("index"))
cur.execute("DELETE FROM users WHERE email = ?", (email, ))
connection.commit()
flask.session.modified = True
flash("Deleted user " + email + "!", 'success')
return redirect(url_for("admin"))
else:
status = "Sorry ! Bots are not allowed."
flash(status)
return redirect(url_for("admin"))
