def delete_file(name, filename): """ This page will delete a file from the database and uploads folder. """ # Check if the user is logged in before allowing to delete files. error = valid_user(name) if error is None: file = Upload.query.filter_by(filename=filename).first() if file and file.userid == name: # Delete the file from the upload folder if it exists. filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename) if os.path.isfile(filepath): os.remove(filepath) # Delete the upload object from the database. fdb.session.delete(file) fdb.session.commit() flash('File was deleted successfully.') return redirect(url_for('entries', name=name)) else: error = "Specified file does not exist." # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('entries', name=session['logged_in'])) else: return redirect(url_for('login'))
def change_theme(name): """ This page will allow the user to change the appearance of their blog. """ # Check if the user is logged in before allowing to change theme. error = valid_user(name) if error is None: if request.method == 'POST': new_theme = request.form['theme'] user_instance = get_user(name) # Change the user's theme, change the theme in browser and # store the changed theme in the user database. user_instance.theme = session['theme'] = new_theme udb.session.commit() flash('Theme changed to %s.' % new_theme.lower()) return redirect(url_for('change_theme', name=name)) return render_template('theme.html', username=name, theme=session['theme']) # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('upload', name=session['logged_in'])) else: return redirect(url_for('login'))
def upload(name): """ This page allows a user to upload a text or image file. """ error = valid_user(name) if error is None: if request.method == 'POST': file = request.files['file'] if file and valid_file(file.filename): # Sanitize the filename, save the file to the uploads # folder, and add the file and owner info to the file database. filename = secure_filename(file.filename) file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) file_instance = Upload(name, filename) flash('File was uploaded successfully.') return redirect(url_for('files', name=name)) else: flash("Invalid filename or file type.") return render_template('upload.html') # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('upload', name=session['logged_in'])) else: return redirect(url_for('login'))
def delete_entry(name, id): """ This page will delete an entry from the database. """ # Check if the user is logged in before allowing to delete files. error = valid_user(name) if error is None: entry_instance = Entry.query.filter_by(id=id, userid=name).first() if entry_instance and entry_instance.userid == name: # Delete the entry from the database if it exists. edb.session.delete(entry_instance) edb.session.commit() flash('Entry was deleted successfully.') return redirect(url_for('entries', name=name)) else: error = "Specified entry does not exist." # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('entries', name=session['logged_in'])) else: return redirect(url_for('login'))
def upload(name): """ This page allows a user to upload a text or image file. """ # Refuse access if posting is disabled for the user. if "posting_enabled" in session and session['posting_enabled'] == False: error = "Access denied." display(error) if 'logged_in' in session: return redirect(url_for('entries', name=session['logged_in'])) else: return redirect(url_for('login')) # Check if the user is logged in before allowing to upload files. error = valid_user(name) if error is None: if request.method == 'POST': file = request.files['file'] if file and valid_file(file.filename): # Sanitize the filename, save the file to the uploads # folder, and add the file and owner info to the file database. old_filename = filename = secure_filename(file.filename) filetype = filename.rsplit('.', 1)[1].lower() # Prevents duplicate filenames by appending (1), (2), etc. # e.g. if two "images.jpg" are uploaded, the second one would # become "images(1).jpg". x = 0 while os.path.isfile(os.path.join(app.config['UPLOAD_FOLDER'], filename)): x += 1 filename = ("%s(%s).%s" % (old_filename.rsplit('.', 1)[0], x, filetype)) # Save the file to the uploads folder. file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) file_instance = Upload(name, filename, filetype) # Insert the upload object into the database. fdb.session.add(file_instance) fdb.session.commit() flash('File was uploaded successfully.') return redirect(url_for('entries', name=name)) else: flash("Invalid filename or file type.") return render_template('upload.html', username=name, theme=session['theme']) # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('upload', name=session['logged_in'])) else: return redirect(url_for('login'))
def files(name): """ This page presents a user's uploaded files, and allows the user to download them individually. """ error = valid_user(name) if error is None: uploads = [dict(userid=f.userid, filename=f.filename) \ for f in Upload.query.all()] return render_template('files.html', username=name, uploads=uploads) # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('files', name=session['logged_in'])) else: return redirect(url_for('login'))
def uploaded_file(name, filename): """ This page will fetch a given file from the uploads folder, provided the user has privileges to access the file. """ error = valid_user(name) if error is None: if has_file_access(session['logged_in'], filename): return send_from_directory(app.config['UPLOAD_FOLDER'], filename) else: error = "Access denied." # If an error occurs, display the error and # redirect to the appropriate page. display(error) if 'logged_in' in session: return redirect(url_for('files', name=session['logged_in'])) else: return redirect(url_for('login'))
def authenticate(self): if valid_user(): self.verify_user(valid_user()) else: self.new_user()