def viewAlbum(): cur = db_con() albumid = request.args.get("id") username = "" accessLevel = 2 if 'username' in session: if not session_exists_check(): prev = "/n5hyqyyzaor/pa2/album?id="+str(albumid) return render_template("login.html",back_url = prev) accessLevel = album_authen(session['username'],albumid) username = session['username'] if (accessLevel == 0): return redirect(url_for('main.index')) cur.execute("SELECT access FROM Album WHERE albumid = '"+albumid+"'") access = cur.fetchone()[0] if access == 'private': if not session_exists_check(): prev = "/album?id="+str(albumid) return render_template("login.html",back_url = prev) else : username = session["username"] options = {"edit": False, "canEdit":False} if accessLevel == 3: options["canEdit"] = True albumid = request.args.get("id") cur.execute("SELECT * FROM User") usrs = cur.fetchall() albumid = request.args.get("id") # check for invalid album id cur.execute("SELECT count(1) FROM Album WHERE albumid = '" + albumid +"'") result = cur.fetchone() if albumid == "" or result[0] == 0: return make_response(render_template('404.html'),404) cur.execute("SELECT * from Contain where albumid='" + albumid + "' ORDER BY sequencenum") rows = cur.fetchall() cur.execute("SELECT title FROM Album WHERE albumid='" + albumid + "'") title = cur.fetchone()[0] cur.execute("SELECT * from Photo INNER JOIN Contain on Photo.picid=Contain.picid where albumid= '" + albumid + "' ORDER BY sequencenum") thumb = cur.fetchall() cur.execute("SELECT username FROM Album WHERE albumid='" + albumid + "'") own = cur.fetchone()[0] resp = make_response(render_template("edit_album.html", albumOwner= own, zipped = zip(rows, thumb), users = usrs, user = username, pics=rows, id = albumid, albumTitle = title, **options)) if accessLevel != 2 : resp.set_cookie('lastactivity',str(time.time()) ) return resp
def editAlbum(): #albumid = request.form['id'] albumid = request.args.get("id") if not session_exists_check(): prev = "/n5hyqyyzaor/pa2/album/edit?id="+albumid#?url="+url_for('main.edit_acc') return render_template("login.html",back_url = prev) #album_id = request.args.get("id") accessLevel = album_authen(session['username'],albumid) if (accessLevel != 3): return redirect(url_for('main.index')) username = session["username"] options = {"edit": True, "canEdit": False} if accessLevel == 3: options["canEdit"] = True cur.execute("SELECT * FROM User") usrs = cur.fetchall() #albumid = request.args.get("id") # check for invalid album id cur.execute("SELECT count(1) FROM Album WHERE albumid = '" + albumid +"'") result = cur.fetchone() if(request.method=="POST"): op = request.form["op"] if (op == "delete"): picid = request.form["picid"] albumid = request.form["albumid"] cur.execute("SELECT * FROM Photo WHERE picid ='" + picid + "'") pic = cur.fetchone() #Remove from Contain cur.execute("DELETE FROM Contain WHERE picid='"+ picid + "'") #Remove phy files os.remove(app.config['UPLOAD_FOLDER'] + pic[1]) #Remove from Photo cur.execute("DELETE FROM Photo WHERE picid='" + picid + "'") #Update date modified updateTime(albumid) elif (op == "add"): file = request.files['file'] albumid = request.form["albumid"] if file and allowed_file(file.filename): filename = secure_filename(file.filename) # picid i = datetime.now() picid = hashlib.md5("filename" + i.strftime('%y-%m-%d-%H:%M:%S')).hexdigest() # extention ext = file.filename.rsplit('.', 1)[1] # seq num seqnum = '0' cur.execute("SELECT MAX(sequencenum) FROM Contain where albumid ='" + albumid + "'") row = cur.fetchone() if row[0] != None: seqnum = str(int(row[0]) + 1) strDate = i.strftime('%y-%m-%d') # URL url = "/pictures/" + picid + "." + ext # Save physical files file.save(os.path.join(app.config['UPLOAD_FOLDER'] + "/pictures", picid+"."+ext)) # Insert into Photo cur.execute("INSERT INTO Photo VALUES('" + picid + "', '" + url + "', '" + ext + "', '" + strDate + "')") # Insert into Contain cur.execute("INSERT INTO Contain VALUES(" + albumid + ", '" + picid + "', '" + picid + "." + ext + "'," + seqnum + ")") # Update last updated date updateTime(albumid) elif (op=="change"): access = request.form['access'] if(access != "nochange"): cur.execute("UPDATE Album SET access='" + access + "' WHERE albumid='" + albumid + "'") updateTime(albumid) if access == "public": cur.execute("DELETE FROM AlbumAccess WHERE username !='" + username + "' AND albumid = '" + albumid + "'") else: operation = request.form['submit'] if operation == 'Add': name = request.form['names'] # cur.execute("INSERT INTO AlbumAccess VALUES('" + albumid + "','" + name +"')") cur.execute("INSERT INTO AlbumAccess VALUES('"+albumid + "','" +name +"') ON DUPLICATE KEY UPDATE albumid=albumid") elif operation == 'revoke': name = request.form['name'] cur.execute("DELETE FROM AlbumAccess WHERE username ='******' AND albumid = '" + albumid + "'") elif operation == 'rename': newTitle = request.form['newName'] cur.execute("UPDATE Album SET title = '" + newTitle + "' WHERE albumid = '" + albumid + "'") cur.execute("SELECT count(1) FROM Album WHERE albumid = '" + albumid + "'") result = cur.fetchone() if albumid == "" or result[0] == 0: return make_response(render_template('404.html'),404) cur.execute("SELECT * from Contain where albumid='" + albumid + "' ORDER BY sequencenum") rows = cur.fetchall() cur.execute("SELECT username FROM AlbumAccess WHERE albumid='" + albumid + "'") aUsers = cur.fetchall() cur.execute("SELECT username FROM User WHERE username NOT IN (SELECT username FROM AlbumAccess WHERE albumid ='" + albumid + "')") usrs = cur.fetchall() cur.execute("SELECT username FROM Album WHERE albumid ='" + albumid + "'") owner = cur.fetchone() #print owner == usrs[0] newUsrs = [] for a in usrs: if a != owner: newUsrs.append(a) cur.execute("SELECT title FROM Album WHERE albumid='" + albumid + "'") title = cur.fetchone()[0] cur.execute("SELECT username FROM Album WHERE albumid='" + albumid + "'") own = cur.fetchone()[0] cur.execute("SELECT * from Photo INNER JOIN Contain on Photo.picid=Contain.picid where albumid= '" + albumid + "' ORDER BY sequencenum") thumb = cur.fetchall() resp = make_response(render_template("edit_album.html", albumOwner = own, zipped = zip(rows, thumb), unallowedUsers = newUsrs, allowedUsers = aUsers, user = username , pics=rows, id = albumid, albumTitle = title, **options)) resp.set_cookie('lastactivity',str(time.time())) return resp