示例#1
0
    def create(cls, title, text, created, creator):
        topic = cls(title=title, text=text, created=created, creator=creator)

        db.add(topic)
        db.commit()

        return topic
示例#2
0
def signup():

    # displays the signup page
    if request.method == "GET":
        return render_template("signup.html")
    else:
        # Get the new user information.
        name = request.form.get("user-name")
        email = request.form.get("user-email")
        password = request.form.get("signup-password")
        password2 = request.form.get("signup-password2")
        # Do the two passwords match?
        if password != password2:
            return "The Passwords Do Not Match.  Please try again."
        else:
            # if the passwords match, create a new user, put it in the db.
            hashed_password = hashlib.sha256(password.encode()).hexdigest()
            session_token = str(uuid.uuid4())
            active = 1
            user = User(name=name,
                        email=email,
                        password_hash=hashed_password,
                        session_token=session_token,
                        active=active)

            db.add(user)
            db.commit()

        response = make_response(redirect(url_for('index')))
        response.set_cookie("session_token",
                            session_token,
                            httponly=True,
                            samesite='Strict')

        return response
示例#3
0
def login():
    # display the index page to allow login credentials.
    if request.method == "GET":
        return render_template("index.html")

    # enter the login credentials
    else:
        email = request.form.get("user-email")
        password = request.form.get("login-password")
        hashed_password = hashlib.sha256(password.encode()).hexdigest()
        # define the user
        user = db.query(User).filter_by(email=email).first()
        # if no user, then haven't signed up.
        if not user:
            return render_template("signup.html")
        else:
            # if there is a user, checking on correct password
            if hashed_password != user.password_hash:
                return "Incorrect Password.  Please Try Again"
            # is the user active?  If so, proceed, if not, back to signup.
            elif user.active == 1:
                # if active, create session_token and commit to the database
                session_token = str(uuid.uuid4())
                user.session_token = session_token

                db.add(user)
                db.commit()

                response = make_response(redirect(url_for('index')))
                response.set_cookie("session_token",
                                    session_token,
                                    httponly=True,
                                    samesite='Strict')

            return response
示例#4
0
    def create(cls, text, created, author, topic):
        comment = cls(text=text, created=created, author=author, topic=topic)

        db.add(comment)
        db.commit()

        return comment
示例#5
0
def topic_edit(topic_id):

    # get the topic that is to be edited
    topic = db.query(Topic).get(int(topic_id))

    # Only allow the creator of the Topic to edit it.
    user = get_user()

    if user.name == topic.creator.name:

        # display the topic to be edited
        if request.method == "GET":
            return render_template("topic_edit.html", topic=topic)
        # get the edited topic details and post it
        else:
            topic.title = request.form.get("new-topic-title")
            topic.text = request.form.get("new-topic-text")

            db.commit()

            return redirect(url_for('all_topics'))
    else:
        return "You are not the author of this topic.  Edit is not allowed."