def normalize(self):
try:
if not hasattr(self, 'commentid'):
self.commentid = 0 # insert new comment
elif self.commentid < 0:
flask.abort(400, u'Bad comment id.')
if not hasattr(self, 'comment'):
flask.abort(400, u'Empty comments are not allowed.')
if hasattr(self, 'postdate'):
if self.postdate < 1104566400:
flask.abort(400, u'Comment date before 2005')
else:
self.whenposted = int(time.time())
if not hasattr(self, 'screenname'):
u = current_user
if not u.is_authenticated:
flask.abort(400, u'A comment must have an owner.')
self.screenname = u.id
if not gal_utils.legalOwner(self.screenname):
flask.abort(400, u'Bad owner.')
except HTTPException:
raise
except:
flask.abort(400, u'Cannot instantiate a comment.')
def DesignByDesigner(name, start, num, ccOnly):
if not gal_utils.legalOwner(name):
flask.abort(400, u'Bad request.')
db = gal_utils.get_db()
if ccOnly:
query = (Design.Query_base + u'WHERE owner=%s AND ' + Design.Query_CC +
u' ORDER BY whenuploaded DESC LIMIT %s,%s')
else:
query = (Design.Query_base + u'WHERE owner=%s ORDER BY whenuploaded '
u'DESC LIMIT %s,%s')
with closing(db.cursor(dictionary=True, buffered=True)) as cursor:
cursor.execute(query, (name, start, num))
return complete(cursor)
def get(username):
if not gal_utils.legalOwner(username):
return None
db = gal_utils.get_db()
with closing(db.cursor(buffered=True)) as cursor:
cursor.execute(u'SELECT user_password, user_rank, user_email FROM phpbb3_users '
u'WHERE username=%s', (username,))
data = cursor.fetchone()
if data is None or len(data) < 3 or not isinstance(data[1], int):
return None
if not isinstance(data[0], text) and not isinstance(data[0], bytearray):
return None
if not isinstance(data[2], text) and not isinstance(data[2], bytearray):
return None
user = User(username)
if hasattr(data[0], 'decode'):
user.password_hash = data[0].decode('utf-8')
else:
user.password_hash = data[0]
user.is_admin = data[1] == 1
user.is_tagger = username in ['MtnViewJohn', 'MtnViewMark', 'kipling', 'Guigui']
if hasattr(data[2], 'decode'):
user.email = data[2].decode('utf-8')
else:
user.email = data[2]
cursor.execute(u'SELECT UNIX_TIMESTAMP(lastlogin), UNIX_TIMESTAMP(joinedon), '
u'numposts, numlogins, lastdesign, notify_of_comments, ccURI '
u'FROM gal_users WHERE screenname=%s', (username,))
data = cursor.fetchone()
if data is None or len(data) < 7 or not isinstance(data[0], int) or \
not isinstance(data[1], int) or not isinstance(data[2], int) or \
not isinstance(data[3], int) or not isinstance(data[4], int) or \
not isinstance(data[5], int) or not isinstance(data[6], text):
return user
user.lastlogin = data[0]
user.joinedon = data[1]
user.numposts = data[2]
user.numlogins = data[3]
user.lastdesign = data[4]
user.notify = data[5] != 0
user.ccURI = data[6]
user.inGalUsers = True
return user
def canLogin(username, password):
if not gal_utils.legalOwner(username) or not isinstance(password, text):
return None
u = get(username)
if u is None:
return None
try:
if not phpbb3_context.verify(password, u.password_hash):
return None
except ValueError:
if not bcrypt.verify(password, u.password_hash):
return None
except:
return None
return u
def DesignFavorites(name, start, num, ccOnly):
if not gal_utils.legalOwner(name):
flask.abort(400, u'Bad request.')
db = gal_utils.get_db()
if ccOnly:
query = (
Design.Query_base_d + ', gal_favorites AS f WHERE ' +
Design.Query_CC +
' AND f.screenname=%s AND f.designid = d.designid ORDER BY d.designid '
'DESC LIMIT %s,%s')
else:
query = (
Design.Query_base_d + ', gal_favorites AS f WHERE '
'f.screenname=%s AND f.designid = d.designid ORDER BY d.designid '
'DESC LIMIT %s,%s')
with closing(db.cursor(dictionary=True, buffered=True)) as cursor:
cursor.execute(query, (name, start, num))
return complete(cursor)
def init(self, **data):
try:
if 'screenname' in data:
if not gal_utils.legalOwner(data['screenname']):
flask.abort(400, u'Bad screenname.')
if hasattr(self, 'screenname'
) and self.screenname != data['screenname']:
flask.abort(400, u'Comment owner cannot be changed.')
self.screenname = data['screenname']
if 'comment' in data:
self.comment = data['comment']
if 'postdate' in data:
if not isinstance(data['postdate'], int):
flask.abort(
400, u'Comment date must be a POSIX timestamp int.')
elif data['postdate'] < 1104566400:
flask.abort(400, u'Comment date before 2005')
elif hasattr(self,
'postdate') and self.postdate != data['postdate']:
flask.abort(400, u'Comment post date cannot be changed.')
self.postdate = data['postdate']
if 'commentid' in data:
id = int(data['commentid'])
if id < 0:
flask.abort(400, u'Illegal Comment ID.')
if hasattr(self, 'commentid') and self.commentid != id:
flask.abort(400, u'Comment ID cannot be changed.')
self.commentid = id
except HTTPException:
raise
except:
flask.abort(400, u'Cannot instantiate a comment.')
def init(self, **data):
try:
if 'designid' in data:
id = int(data['designid'])
if id < 0:
flask.abort(400, u'Illegal Design ID.')
if hasattr(self, 'designid') and self.designid != id:
flask.abort(400, u'Design ID cannot be changed.')
self.designid = id
if 'owner' in data:
if not gal_utils.legalOwner(data['owner']):
flask.abort(400, u'Bad owner.')
if hasattr(self, 'owner') and self.owner != data['owner']:
flask.abort(400, u'Design owner cannot be changed.')
self.owner = data['owner']
if 'title' in data and len(data['title']) > 0:
title = data['title'].strip()
if (len(title) < 3 or len(title) > 100):
flask.abort(
400,
u'The title must be between 3 and 100 characters.')
self.title = title
if 'variation' in data:
var = data['variation'].strip()
if not gal_utils.legalVariation(var):
flask.abort(400, u'Illegal variation.')
self.variation = var
if 'tiled' in data:
tiled = int(data['tiled'])
if tiled < 0 or tiled > 3:
flask.abort(400, u'Illegal tile type.')
self.tiled = tiled
if 'ccURI' in data and 'ccName' in data and 'ccImage' in data:
if gal_utils.validateLicense(data):
self.ccURI = data['ccURI']
self.ccName = data['ccName']
self.ccImage = data['ccImage']
else:
self.ccURI = u''
self.ccName = u''
self.ccImage = u'No license chosen'
if 'cclicense' in data and isinstance(data['cclicense'], text):
if data['cclicense'] == u'zero':
self.ccURI = u'https://creativecommons.org/publicdomain/zero/1.0/'
self.ccName = u'CC0 1.0 Universal (CC0 1.0) Public Domain Dedication'
self.ccImage = u'http://i.creativecommons.org/p/zero/1.0/88x31.png'
elif data['cclicense'] in CC_names:
self.ccURI = u'https://creativecommons.org/licenses/' + data[
'cclicense'] + u'/4.0/'
self.ccName = CC_names[data['cclicense']]
self.ccImage = u'http://i.creativecommons.org/l/' + data[
'cclicense'] + u'/4.0/88x31.png'
elif data['cclicense'] != u'-':
self.ccURI = u''
self.ccName = u''
self.ccImage = u'No license chosen'
if 'filelocation' in data:
if not gal_utils.legalFilePath(data['filelocation'], True):
flask.abort(400, u'Illegal cfdg file specification.')
self.filelocation = data['filelocation']
if 'S3' in data:
if isinstance(data['S3'], bool):
self.S3 = data['S3']
elif isinstance(data['S3'], text):
if data['S3'] == u'Y':
self.S3 = True
elif data['S3'] == u'N':
self.S3 = False
else:
flask.abort(400, u'Illegal enum value for S3 flag.')
else:
flask.abort(400, u'S3 flag must be bool or enum Y/N.')
if 'imageversion' in data:
v = int(data['imageversion'])
if v < 0: flask.abort(400, u'Illegal image version.')
self.imageversion = v
if 'imagelocation' in data:
if not gal_utils.legalFilePath(data['imagelocation'], False):
flask.abort(400, u'Illegal image file specification.')
self.imagelocation = data['imagelocation']
if 'thumblocation' in data:
if not gal_utils.legalFilePath(data['thumblocation'], False):
flask.abort(400, u'Illegal image file specification.')
self.thumblocation = data['thumblocation']
if 'sm_thumblocation' in data:
if not gal_utils.legalFilePath(data['sm_thumblocation'],
False):
flask.abort(400, u'Illegal image file specification.')
self.sm_thumblocation = data['sm_thumblocation']
if 'numvotes' in data:
num = int(data['numvotes'])
if num < 0: flask.abort(400, u'Illegal vote count.')
self.numvotes = num
if 'uploaddate' in data:
if isinstance(data['uploaddate'], int):
if data['uploaddate'] < 1104566400:
flask.abort(400, u'Upload date before 2005')
else:
self.uploaddate = data['uploaddate']
else:
flask.abort(400,
u'Upload date must be a POSIX timestamp int.')
if 'notes' in data:
if len(data['notes']) > 1000:
flask.abort(400,
u'Notes cannot be longer than 1000 bytes.')
self.notes = data['notes']
except HTTPException:
raise
except:
if 'wsgi.errors' in os.environ:
traceback.print_exc(None, os.environ['wsgi.errors'])
else:
traceback.print_exc()
flask.abort(400, u'Cannot instantiate a design.')
def normalize(self):
try:
if not hasattr(self, 'designid'):
self.designid = 0 # INSERT new design
elif self.designid < 0:
flask.abort(400, u'Bad design id.')
if not hasattr(self, 'owner'):
u = current_user
if not u.is_authenticated or self.designid > 0:
flask.abort(400, u'A design must have an owner.')
self.owner = u.id
if not gal_utils.legalOwner(self.owner):
flask.abort(400, 'Bad owner.')
if not hasattr(self, 'title'):
flask.abort(400, u'A design must have a title.')
elif self.title != self.title.strip() or len(
self.title) < 3 or len(self.title) > 100:
flask.abort(400, 'Bad title.')
if not hasattr(self, 'variation'):
self.variation = u''
elif not gal_utils.legalVariation(self.variation):
flask.abort(400, u'Bad variation.')
if not hasattr(self, 'tiled'):
self.tiled = 0
elif self.tiled < 0 or self.tiled > 3:
flask.abort(400, u'Bad tiling state.')
if not hasattr(self, 'S3'):
self.S3 = False
elif not isinstance(self.S3, bool):
flask.abort(400, u'Bad S3 state.')
if not hasattr(self, 'filelocation'):
self.filelocation = u''
elif not gal_utils.legalFilePath(self.filelocation, True):
flask.abort(400, u'Bad cfdg file path.')
if not hasattr(self, 'imagelocation'):
self.imagelocation = u''
elif not gal_utils.legalFilePath(self.imagelocation, False):
flask.abort(400, u'Bad image file path.')
if not hasattr(self, 'thumblocation'):
self.thumblocation = u''
elif not gal_utils.legalFilePath(self.thumblocation, False):
flask.abort(400, u'Bad image file path.')
if not hasattr(self, 'sm_thumblocation'):
self.sm_thumblocation = u''
elif not gal_utils.legalFilePath(self.sm_thumblocation, False):
flask.abort(400, u'Bad image file path.')
if not hasattr(self, 'imageversion'):
self.imageversion = 0
elif self.imageversion < 0:
flask.abort(400, u'Bad image version.')
if not hasattr(self, 'numvotes'):
self.numvotes = 0
elif self.numvotes < 0:
flask.abort(400, u'Bad vote count.')
if not hasattr(self, 'notes'):
self.notes = u''
elif len(self.notes) > 1000:
flask.abort(400, u'Notes cannot be longer than 1000 bytes.')
if hasattr(self, 'ccURI') and hasattr(self, 'ccName') and hasattr(
self, 'ccImage'):
if not gal_utils.validateLicense(self.__dict__):
self.ccURI = u''
self.ccName = u''
self.ccImage = u'No license chosen'
else:
self.ccURI = u''
self.ccName = u''
self.ccImage = u'No license chosen'
if hasattr(self, 'uploaddate'):
if self.uploaddate < 1104566400:
flask.abort(400, u'Upload date before 2005')
else:
self.uploaddate = int(time.time())
except HTTPException:
raise
except:
if 'wsgi.errors' in os.environ:
traceback.print_exc(None, os.environ['wsgi.errors'])
else:
traceback.print_exc()
flask.abort(400, u'Cannot normalize a design.')