def is_done(quiz):
user = users.user_id()
sql = "SELECT quizzes.id FROM quizzes \
JOIN questions ON quizzes.id = questions.quiz_id \
JOIN answers ON questions.id = answers.question_id \
JOIN user_answers ON answers.id = user_answers.answer_id \
JOIN users ON user_answers.user_id = users.id \
WHERE users.id = :user AND quizzes.id = :quiz"
result = db.session.execute(sql, {"user": user, "quiz": quiz})
if result.fetchone() != None:
return True
return False
def send(content):
id = users.user_id()
if users.user_id == 0:
return False
sql = "INSERT INTO messages (user_id, thread_id, content, sent_at) " \
"VALUES (:user_id, :thread_id, :content, NOW())"
db.session.execute(sql, {
"user_id": id,
"thread_id": threads.thread_id(),
"content": content
})
db.session.commit()
return True
def profile(id):
allow = False
if users.user_id == 0:
redirect("/")
if users.is_user() and users.user_id() == id:
allow = True
elif users.is_user():
sql = "SELECT 1 FROM coaches WHERE trainer_id=:trainer_id AND coach_id=:coach_id AND visible=1"
result = db.session.execute(sql, {"trainer_id":id, "coach_id":users.user_id()})
if result.fetchone() != None:
allow = True
if not allow:
return render_template("error.html", message="Ei oikeutta nähdä sivua!")
weight_now = weights.get_last(id)
user = users.user_info(id)
bmi = (10000 * weight_now[0] / (user[2]*user[2]))
bmi_string = float("{:.2f}".format(bmi))
to_target = float("{:.2f}".format(weight_now[0] - user[1]))
return render_template("profile.html", username=user[0], weight_now=weight_now[0], weight_target=user[1],
to_target=to_target, bmi=bmi_string)
def search_posts_by_votes(query):
user_id = users.user_id()
sql = "SELECT P.content, U.username, P.sent_at, C.name, P.id, P.user_id, (SELECT COALESCE(SUM(vote),0) FROM votes V WHERE V.post_id=P.id), (SELECT COALESCE(SUM(vote),0) " \
"FROM votes VO WHERE VO.user_id=:user AND VO.post_id=P.id) FROM Posts P, Users U, Channels C WHERE U.id=P.user_id AND C.id=P.channel_id AND (P.content ILIKE :query OR C.name=:query_channel) AND P.visible=1 ORDER BY (SELECT SUM(vote) FROM votes V WHERE V.post_id=P.id) DESC"
query_channel = query.lower()
query = "%" + query + "%"
result = db.session.execute(sql, {
"user": user_id,
"query": query.lower(),
"query_channel": query_channel
})
return result.fetchall()
def get_diaries():
user_id = users.user_id()
date = request.form["diary_date"]
total = fooddiaries.get_calories_and_nutrients(user_id, date)
kcal = total[0]
fat = total[1]
carbs = total[2]
pro = total[3]
fiber = total[4]
portions = fooddiaries.get_diary_by_date(user_id, date)
calorie_goal = portions[9]
return render_template("diary_days.html", portions=portions, calorie_goal=calorie_goal, \
kcal=kcal, fat=fat, carbs=carbs, pro=pro, fiber=fiber)
def exercise(topic):
course = courses.get(topic)
if course != None:
list = exercises.get_list(course[0])
if request.method == "GET":
return render_template("exercise.html",
topic=course[1],
course_id=course[0],
count=len(list),
exercises=list)
if request.method == "POST":
previous = performances.get(course[0], users.user_id())
submissionlist = []
for key, val in request.form.items():
if val != None:
submissionlist.append(val)
else:
submissionlist.append("-wronganswer-")
print(submissionlist)
answers = exercises.get_answers(list)
correct = exercises.correct(submissionlist, answers)
print(answers)
if previous[3] <= correct:
submission = ','.join(submissionlist)
performances.update(course[0], users.user_id(), correct,
submission)
previous = performances.get(course[0], users.user_id())
return render_template("course.html",
topic=topic,
course=course,
student=True,
mchoice=0,
previous=previous,
points=correct)
else:
return render_template("error.html",
message="Kyselyä ei löytynyt!",
url="/course/" + topic)
def section(id):
if not thread_subsections.does_subsection_exist(id) or thread_subsections.is_deleted(id):
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
list = threads.get_threads_subsection(id)
title = thread_subsections.get_title(id)
thread_count = thread_subsections.get_thread_count(id)
message_count = thread_subsections.get_message_count(id)
user_id = users.user_id()
if user_id == 0:
return render_template("section.html", list = list, title = title, thread_count = thread_count, message_count = message_count)
if is_user_banned():
return redirect("/banned")
return render_template("section.html", list = list, title = title, id = id, thread_count = thread_count, message_count = message_count)
def admin_appeal_page():
if request.method == "GET":
id = users.user_id()
if id == 0 or not users.check_if_admin(id):
error_statement = "You shouldn't go there ;)"
return default_homepage_with_error(error_statement)
list = ban_appeals.get_list()
return render_template("adminappeals.html", appeals = list, admin = users.check_if_admin(id))
if request.method == "POST":
check_csrf()
banned_user = request.form.get("banned_user")
ban_appeals.solve(banned_user)
users.ban_unban(banned_user)
return redirect("/admin/appeals")
def secret_board_access(board_id):
user_id = users.user_id()
if users.user_role() == 2:
sql = "SELECT board_id, user_id FROM SecretBoardUsers WHERE board_id=:board_id"
return True
else:
sql = "SELECT board_id, user_id FROM SecretBoardUsers WHERE board_id=:board_id AND user_id=:user_id"
result = db.session.execute(sql, {
"board_id": board_id,
"user_id": user_id
})
if result.fetchone() != None:
return True
return False
def modify(id, topic, content):
owner_id = users.user_id()
if owner_id == 0:
return False
else:
sql = "UPDATE courses SET topic=:topic, content=:content, owner_id=:owner_id, modified=NOW() WHERE id=:id"
db.session.execute(sql, {
"topic": topic,
"content": content,
"owner_id": owner_id,
"id": id
})
db.session.commit()
return True
def create_categories(id):
project_information = projects.get_project(id)
getid = projects.get_userid(id)
userid1 = getid[0]
userid2 = users.user_id()
if not userid1 == userid2:
return render_template(
"error.html",
message=
"Ei oikeutta muokata osa-alueita. Vain tapahtuman järjestäjällä on oikeus muokata kategorioita."
)
else:
return render_template("createcategories.html",
project_information=project_information)
def send(content, channel_name):
user_id = users.user_id()
channel_id = channels.get_channel_id(channel_name)
if user_id == 0:
return False
sql = "INSERT INTO posts (content, channel_id, user_id, sent_at, visible) VALUES (:content, :channel_id, :user_id, NOW(), 1)"
db.session.execute(sql, {
"content": content,
"channel_id": channel_id,
"user_id": user_id
})
db.session.commit()
return True
def new_thread(title, thread_subsection_id):
user_id = users.user_id()
if user_id == 0:
return False
else:
sql = "INSERT INTO message_threads (title, user_id, thread_subsection_id, created, last_updated, deleted) VALUES (:title, :user_id, :thread_subsection_id, NOW(), NOW(), False) RETURNING id"
result = db.session.execute(
sql, {
"title": title,
"user_id": user_id,
"thread_subsection_id": thread_subsection_id
})
db.session.commit()
return result.fetchone()[0]
def search():
user_id = users.user_id()
portions = fooddiaries.get_todays_diary(user_id)
current_date = datetime.today().strftime('%Y-%m-%d')
total = fooddiaries.get_calories_and_nutrients(user_id, current_date)
kcal = total[0]
fat = total[1]
carbs = total[2]
pro = total[3]
fiber = total[4]
calorie_goal = fooddiaries.get_todays_goal(user_id)
kcal_left = calorie_goal - kcal
return render_template("food_search.html", portions=portions, calorie_goal=calorie_goal, \
kcal=kcal, fat=fat, carbs=carbs, pro=pro, fiber=fiber, kcal_left=kcal_left)
def list_participants():
if users.user_role() == 0 or users.user_role() == 1:
return render_template("error.html",
message="Ei oikeutta nähdä sivua.")
if users.user_role() == 2:
participants = lessons.list_own_participants(users.user_id(), db)
return render_template("list_participants.html",
participants=participants)
if users.user_role() == 3:
participants = lessons.list_all_participants(db)
return render_template("list_participants.html",
participants=participants)
def addmessage(baby, date, message):
user_id = users.user_id()
if user_id == 0:
return False
baby_id = baby
sql = "INSERT INTO messages (user_id, baby_id, date, content) VALUES (:user_id, :baby_id, :date, :message)"
db.session.execute(sql, {
"user_id": user_id,
"baby_id": baby_id,
"date": date,
"message": message
})
db.session.commit()
return True
def gallery():
if "user_id" in session:
if request.method == "GET":
user_id = users.user_id()
performancesList = performances.get_performances(user_id)
return render_template("gallery.html",
performancesList=performancesList)
if request.method == "POST":
performance_id = request.form["performance"]
return redirect("/gallery/" + str(performance_id))
else:
return render_template("login.html",
message="Please log in to view your gallery!")
def delete(topic):
owner_id = users.user_id()
if owner_id == 0:
return False
if topic == "":
return False
exists = get(topic)
if exists == None:
return False
else:
sql = "UPDATE courses SET visible=0 WHERE topic=:topic AND visible=1"
db.session.execute(sql, {"topic": topic})
db.session.commit()
return True
def addsolid(baby, date, amount, food):
user_id = users.user_id()
if user_id == 0:
return False
baby_id = baby
sql = "INSERT INTO solid (baby_id, date, amount_gr, food) VALUES (:baby_id, :date, :amount, :food)"
db.session.execute(sql, {
"baby_id": baby_id,
"date": date,
"amount": amount,
"food": food
})
db.session.commit()
return True
def sendmessage(topic_id):
if users.token() != request.form["csrf_token"]:
abort(403)
content = request.form["content"]
user_id = users.user_id()
if user_id == 0:
return redirect("/topic/" + str(topic_id) + "/newmessage")
sql_report = messages.send(content, topic_id, user_id)
if sql_report[0]:
return redirect('/topic/' + str(topic_id))
return render_template("newmessage.html",
t_id=topic_id,
message=sql_report[1],
additional=sql_report[2])
def thread(id):
#check if thread is private
sql = "SELECT private FROM threads WHERE id =:thread_id"
result = db.session.execute(sql, {"thread_id": id})
private = result.fetchone()[0]
session["thread"] = id
if private:
if users.check_permission_to_view_thread(users.user_id(), id):
return threads.show_thread()
else:
return redirect("/forumIndex")
else: #thread is public
return threads.show_thread()
def submiteditinfo(username, info_id):
if users.token() != request.form["csrf_token"]:
abort(403)
user_id = users.user_id()
s_username = users.username()
if user_id == 0 or s_username != username:
return render_template(
"rules.html",
message='Sinulla ei ole oikeutta muokata tämän profiilin tietoja!',
additional=error_redirect)
about = request.form["about"]
info = request.form["info"]
users.update_info(info_id, about, info)
return redirect("/profile/" + str(username))
def sendeditmessage(message_id, previous, identifier):
if users.token() != request.form["csrf_token"]:
abort(403)
content = request.form["content"]
m_user_id = messages.get_m_user_id(message_id)
user_id = users.user_id()
admin = users.admin()
if user_id != m_user_id[0] and admin == 0:
return render_template(
"rules.html",
message='Sinulla ei ole oikeutta muokata viestiä!',
additional=error_redirect)
messages.update_message(message_id, content)
return redirect('/' + str(previous) + '/' + str(identifier))
def sendinfo(username):
if users.token() != request.form["csrf_token"]:
abort(403)
user_id = users.user_id()
s_username = users.username()
if user_id == 0 or s_username != username:
return render_template(
"rules.html",
message='Sinulla ei ole oikeutta lisätä tietoa tähän profiiliin!',
additional=error_redirect)
about = request.form["about"]
info = request.form["info"]
users.add_info(user_id, about, info)
return redirect("/profile/" + str(username))
def editinfo(username, info_id):
user_id = users.user_id()
s_username = users.username()
if user_id == 0 or s_username != username:
return render_template(
"rules.html",
message='Sinulla ei ole oikeutta muokata tämän profiilin tietoja!',
additional=error_redirect)
user_info = users.get_info(info_id)
return render_template("editinfo.html",
username=username,
about=user_info[0],
info=user_info[1],
info_id=info_id)
def send_rev(content, restaurant_id, stars):
user_id = users.user_id()
if user_id == 0:
return False
sql = "INSERT INTO reviews (content, user_id, sent_at, restaurant_id, stars) VALUES (:content, :user_id, NOW(), :restaurant_id, :stars)"
db.session.execute(
sql, {
"content": content,
"user_id": user_id,
"restaurant_id": restaurant_id,
"stars": stars
})
db.session.commit()
return True
def hide(id):
allow = False
if users.is_admin():
allow = True
elif users.user_id() == get_user_id(id):
allow = True
if allow:
sql = "UPDATE messages SET visible=false WHERE id=:id"
db.session.execute(sql, {"id": id})
db.session.commit()
return True
else:
return False
def profile():
if "user_id" in session:
if request.method == "GET":
user_id = users.user_id()
username = users.username()
return render_template("profile.html", username=username)
if request.method == "POST":
checkpoint_id = request.form["checkpoint_id"]
checkpoint_name = checkpoints.get_checkpoint_name(checkpoint_id)
file = request.files["file"]
name = file.filename
if not name.endswith(".jpg"):
checkpointsList = checkpoints.get_checkpoints()
return render_template("perform.html",
message="Please submit a jpg!",
checkpointsList=checkpointsList)
data = file.read()
if len(data) > 100 * 1024:
checkpointsList = checkpoints.get_checkpoints()
return render_template("perform.html",
message="File size too large!",
checkpointsList=checkpointsList)
user_id = users.user_id()
username = users.username()
checkpoints.perform_checkpoint(data, user_id, checkpoint_id)
return render_template(
"profile.html",
username=username,
message="You successfully performed your checkpoint!")
else:
return render_template("login.html",
message="Please log in to view your profile!")
def add(workout, duration, description):
user_id = users.user_id()
if user_id == 0:
return False
sql = "INSERT INTO workouts (user_id, sent, workout, duration, description, visible) " \
"VALUES (:user_id, NOW(), :workout, :duration, :description, 1)"
db.session.execute(
sql, {
"user_id": user_id,
"workout": workout,
"duration": duration,
"description": description
})
db.session.commit()
return True
def editprivileges(id):
admin = False
if users.isAdmin(users.user_id()):
admin = True
if not admin:
return redirect("/")
if request.method == "GET":
return render_template("editprivileges.html", id=id)
if request.method == "POST":
newTeacher = request.form["newTeacher"]
newAdmin = request.form["newAdmin"]
if users.editprivileges(id, newTeacher, newAdmin):
return redirect("/profile/" + str(id))
else:
return render_template("editprivileges.html", message="Tapahtui virhe, yritä uudelleen tai peruuta")