def signup():
if request.method == 'POST':
name1 = request.form['name']
psw = request.form['psw']
email = request.form['email']
sumname = exSQLFind('select COUNT(name) from users where name=\'%s\'' %
name1)
sumemail = exSQLFind(
'select COUNT(email) from users where email=\'%s\'' % email)
code = 200
if sumname > 0:
code = 230
if sumemail > 0:
code = 231
if code == 200:
db = get_db()
cursor = db.cursor()
cursor.execute(
'insert into users (name,psw,email,userid) values (%s,%s,%s,%s)',
[name1, psw, email, str(uuid.uuid4())])
db.commit()
dic = {'code': code}
response = getResponse(dic, 200)
return response
def getgames():
if request.method =='POST':
userid = request.form['id']
numuser = exSQLFind('select count(*) from users where userid = \'%s\';'%userid)
if numuser == 1:
numgame = exSQLFind("select count(*) from games;")
ran = range(numgame)
li = random.sample(ran, 10)
sIdList = []
idList = []
db = get_db()
cursor = db.cursor()
for i in li:
cursor.execute('select id,steamid from games where id=\'%s\';'%i)
ids = cursor.fetchall()[0]
id = ids[0]
idList.append(id)
gameid = ids[1]
sIdList.append(gameid)
dic = {'sid':sIdList,'id':idList}
response = getResponse(dic,200)
return response
else:
response = getResponse('',404)
return response
def index():
db = get_db()
posts = db.execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC'
).fetchall()
return render_template('blog/index.html', posts=posts)
def test_delete_entry_logout(self):
title='Hello'
with flaskr.app.test_client() as c:
rv = c.post('/delete/<path:title>', data=dict(
title=title
),follow_redirects=True)
assert b'Entry was successfully deleted' not in rv.data
db = flaskr.get_db()
cur = db.execute('select * from entries where title=?', [title])
assert cur.fetchall() is not None
def get_post(id, check_author=True):
post = get_db().execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?',
(id,)
).fetchone()
if post is None:
abort(404, "Post id {0} doesn't exist.".format(id))
if check_author and post['author_id'] != g.user['id']:
abort(403)
return post
def test_delete_entry_login(self):
with flaskr.app.test_client() as c:
rv = c.post('/login', data=dict(
username=flaskr.app.config['USERNAME'],
password=flaskr.app.config['PASSWORD']
), follow_redirects=True)
assert b'You were logged in' in rv.data
title='Hello'
rv = c.post('/delete/<path:title>', data=dict(
title=title
),follow_redirects=True)
assert b'Entry was successfully deleted' in rv.data
db = flaskr.get_db()
cur = db.execute('select * from entries where title=?', [title])
assert cur.fetchone() is None
def test_faked_post(self):
ts = time.time()
# mock data
with app.app_context():
db = get_db()
db.execute("insert into entries (user, title, text) values (?, ?, ?)", [self.user, "Current timestamp", ts])
db.commit()
# go to main page
self.driver.get("http://localhost:5000")
# check if mcoked content is correct
post = self.driver.find_element_by_css_selector(".%s" % self.user).text
assert "Current timestamp\n%d" % ts in post
def test_faked_post(self):
ts = time.time()
# mock data
with app.app_context():
db = get_db()
db.execute(
'insert into entries (user, title, text) values (?, ?, ?)',
[self.user, 'Current timestamp', ts])
db.commit()
# go to main page
self.driver.get('http://localhost:5000')
# check if mcoked content is correct
post = self.driver.find_element_by_css_selector('.%s' % self.user).text
assert 'Current timestamp\n%d' % ts in post
def create():
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO post (title, body, author_id)'
' VALUES (?, ?, ?)',
(title, body, g.user['id'])
)
db.commit()
return redirect(url_for('blog.index'))
return render_template('blog/create.html')
def update(id):
post = get_post(id)
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE post SET title = ?, body = ?'
' WHERE id = ?',
(title, body, id)
)
db.commit()
return redirect(url_for('blog.index'))
return render_template('blog/update.html', post=post)
def exSQLFind(str):
db = get_db()
cursor = db.cursor()
cursor.execute(str)
return cursor.fetchall()[0][0]
def delete(id):
get_post(id)
db = get_db()
db.execute('DELETE FROM post WHERE id = ?', (id,))
db.commit()
return redirect(url_for('blog.index'))
def test_db_create_connection(self):
with flaskr.app.test_request_context():
assert isinstance(flaskr.get_db(), sqlite3.Connection)
rv = self.app.get('/')
assert b'Unbelievable. No entries here so far' in rv.data