def edit_user(name):
if request.method == 'POST' and user.is_admin():
password = request.form.get('password', None)
error = 'Passwords not the same.'
if password == request.form.get('password2', None):
result = database.update_user(name,
password,
request.form['email'],
request.form['privilege'],
request.form['active'])
if result[0]:
flash('User updated.')
return redirect(url_for('display_admin_users'))
else:
error=result[1]
return render_admin_page('edit_user.html', error=error)
elif user.is_admin():
result = database.get_user(name)
if result[0]:
theUser = dict(name=name, email=result[1][1],
privilege=result[1][2], active=result[1][3])
return render_admin_page('edit_user.html', user=theUser)
else:
return render_admin_page('edit_user.html', error=result[1])
else:
return redirect(url_for('display_news'))
def logout():
user.log_out()
@after_this_request
def delete_cookies(response):
response.set_cookie('persist_name', '', expires=0)
response.set_cookie('persist_token', '', expires=0)
response.set_cookie('persist_id', '', expires=0)
flash('You have been logged out')
return redirect(url_for('display_news'))
def add_page():
error = None
if request.method == 'POST' and user.is_admin():
result = database.insert_page(request.form['slug'],
request.form['title'],
request.form['content'])
if result[0]:
flash('Page created.')
return redirect(url_for('display_admin_pages'))
else:
error = result[1]
return render_admin_page('edit_page.html', error=error)
def register():
error = None
if request.method == 'POST':
if request.form['password'] != request.form['password2']:
error = "Passwords not the same"
else:
username = request.form['first'] + ' ' + request.form['last']
error = (database.register_user(username,
request.form['password'],
request.form['email']))[1]
if error is None:
flash('Your account will be activated shortly.')
return render_user_page('login.html', error=error)
def login():
error = None
if request.method == 'POST':
result = database.validate_user(request.form['username'],
request.form['password'])
print(result)
if result[0]:
user.log_in(request.form['username'],
result[1][0], result[1][1], result[1][2])
if request.form.get('remember', False):
after_this_request(user.persist_login)
flash('You have been logged in')
return redirect(url_for('display_news'))
else:
error = result[1]
return render_user_page('login.html', error=error)
def auto_log_in():
name = request.cookies.get('persist_name', None)
token = request.cookies.get('persist_token', None)
series_id = request.cookies.get('persist_id', None)
if name and token and series_id:
logins = database.get_persist_logins(name)
for login in logins:
if token == login[1] and series_id == login[2]:
user = database.get_user(name)
log_in(name, user[1][1], user[1][2], user[1][4])
new_token = b64encode(urandom(64))
database.update_persist_login(token, new_token)
return new_token
elif series_id == login[2]:
database.delete_persist_login(series_id)
flash('It appears your user session has been hijacked, \
please ensure that your browser is secure.')
return None
def edit_page(slug):
if request.method == 'POST' and user.is_admin():
result = database.update_page(slug,
request.form['title'],
request.form['content'])
if result[0]:
flash('Page created.')
return redirect(url_for('display_admin_pages'))
else:
return render_admin_page('edit_page.html', error=result[1])
elif user.is_admin():
result = database.get_page(slug)
if result[0]:
page = dict(title=result[1][0], slug=slug,
content=result[1][1])
return render_admin_page('edit_page.html', page=page)
else:
return render_admin_page('edit_page.html', error=result[1])
else:
return redirect(url_for('display_news'))
def add_reply(parent_id):
error = None
if user.is_logged_in():
if request.method == 'POST':
result = database.insert_post(request.form['title'],
request.form['content'],
request.form['author'],
0,
parent_id,
0)
if result[0]:
flash('Post created.')
redir = request.args.get('redirect', parent_id)
return redirect(url_for('display_post',
post_id=redir))
else:
error = result[1]
return render_user_page('edit_post.html',
error=error, parent=parent_id)
else:
return redirect(url_for('display_news'))
def add_post():
error = None
if user.is_logged_in():
if request.method == 'POST':
if user.is_admin():
pinned = request.form.get('pinned', 0)
else:
pinned = 0
result = database.insert_post(request.form['title'],
request.form['content'],
request.form['author'],
0,
None,
pinned)
if result[0]:
flash('Post created.')
return redirect(url_for('display_threads'))
else:
error = result[1]
return render_user_page('edit_post.html', error=error)
else:
return redirect(url_for('display_news'))
def edit_post(post_id):
if user.is_logged_in():
result = database.get_post(post_id)
if not result[0]:
return render_user_page('edit_post.html', error=result[1])
post = dict(id=result[1][0], title=result[1][1],
content=result[1][2], author=result[1][3],
posted=format_dt(result[1][4]), locked=result[1][6],
pinned=result[1][7])
if post['locked'] and not user.is_admin():
return redirect(url_for('display_news'))
if (user.get_name() == post['author'] or user.is_admin()):
if request.method == 'POST':
if user.is_admin():
locked = request.form.get('locked', 0)
pinned = request.form.get('pinned', 0)
else:
locked = 0
pinned = 0
result = database.update_post(post_id,
request.form['title'],
request.form['content'],
locked,
pinned)
if result[0]:
flash('Post Updated.')
redir = request.args.get('redirect', post_id)
return redirect(url_for('display_post',
post_id=redir))
else:
return render_user_page('edit_post.html',
error=result[1])
else:
return render_user_page('edit_post.html', post=post)
else:
return redirect(url_for('display_news'))