-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
210 lines (172 loc) · 6.62 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
import sqlite3
from flask import Flask, render_template, request, url_for, flash, redirect, session
from werkzeug.exceptions import abort
from werkzeug.security import check_password_hash, generate_password_hash
# from flask_session import Session
from helpers import login_required
def get_db_connection():
conn = sqlite3.connect('database.db')
conn.row_factory = sqlite3.Row
return conn
def get_post(post_id):
conn = get_db_connection()
post = conn.execute('SELECT * FROM posts JOIN users ON posts.user = users.user_id WHERE id = ?',
(post_id,)).fetchone()
conn.close()
if post is None:
abort(404)
return post
app = Flask(__name__)
app.config['SECRET_KEY'] = '6c89336bd226723485d418d19d930ad97092448b403769bcfefc18872dcff517'
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
# Session(app)
@app.route('/')
@login_required
def index():
conn = get_db_connection()
posts = conn.execute('SELECT * FROM posts JOIN users ON posts.user = users.user_id').fetchall()
# users = conn.execute('SELECT * FROM users').fetchall()
conn.close()
return render_template("index.html", posts=posts)
@app.route('/<int:post_id>')
@login_required
def post(post_id):
post = get_post(post_id)
return render_template('post.html', post=post)
@app.route('/create', methods=('GET', 'POST'))
@login_required
def create():
if request.method == 'POST':
title = request.form['title']
content = request.form['content']
if not title:
flash('Title is required!')
elif not content:
flash('Content is required!')
else:
conn = get_db_connection()
conn.execute('INSERT INTO posts (user, title, content) VALUES (?, ?, ?)',
(session["user_id"], title, content))
conn.commit()
conn.close()
return redirect(url_for('index'))
return render_template('create.html')
@app.route('/<int:id>/edit', methods=('GET', 'POST'))
@login_required
def edit(id):
post = get_post(id)
if request.method == 'POST':
title = request.form['title']
content = request.form['content']
if not title:
flash('Title is required!')
elif not content:
flash('Content is required!')
else:
conn = get_db_connection()
conn.execute('UPDATE posts SET title = ?, content = ?'
' WHERE id = ?',
(title, content, id))
conn.commit()
conn.close()
return redirect(url_for('index'))
return render_template('edit.html', post=post)
@app.route('/<int:id>/delete', methods=('POST',))
@login_required
def delete(id):
post = get_post(id)
conn = get_db_connection()
conn.execute('DELETE FROM posts WHERE id = ?', (id,))
conn.commit()
conn.close()
flash('"{}" was successfully deleted!'.format(post['title']))
return redirect(url_for('index'))
@app.route("/register", methods=["GET", "POST"])
def register():
"""Register user"""
if request.method == "GET":
return render_template("register.html")
else:
conn = get_db_connection()
usernames = conn.execute("SELECT username FROM users").fetchall()
conn.close()
username_list = []
for i in range(len(usernames)):
username_list.append(usernames[i]["username"])
username = request.form.get("username")
password = request.form.get("password")
confirmation = request.form.get("confirmation")
if not username:
# abort(400)
flash("Username is required")
return render_template("register.html")
elif username in username_list:
# abort(400)
flash("Username is taken")
return render_template("register.html")
elif not password or not confirmation:
flash("Enter password and confirmation")
return render_template("register.html")
# abort(400)
elif password != confirmation:
flash("passwords do not match")
return render_template("register.html")
# abort(400)
else:
conn = get_db_connection()
conn.execute("INSERT INTO users (username, hash) VALUES(?, ?)", (username, generate_password_hash(password, method='pbkdf2:sha256', salt_length=8)))
user = conn.execute("SELECT user_id FROM users WHERE username=?", (username,)).fetchone()
conn.commit()
conn.close()
session["user_id"] = user["user_id"]
return redirect("/")
@app.route("/login", methods=["GET", "POST"])
def login():
"""Log user in"""
# Forget any user_id
session.clear()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
conn = get_db_connection()
usernames = conn.execute("SELECT username FROM users").fetchall()
conn.close()
username_list = []
for i in range(len(usernames)):
username_list.append(usernames[i]["username"])
# Ensure username was submitted
if not request.form.get("username"):
flash("Username is required")
return render_template("login.html")
# abort(400)
# Ensure password was submitted
elif not request.form.get("password"):
flash("Password is required")
return render_template("login.html")
elif not request.form.get("username") in username_list:
flash("Username is invalid")
return render_template("login.html")
# return flash("must provide password")
# Query database for username
conn = get_db_connection()
rows = conn.execute("SELECT * FROM users WHERE username = ?", (request.form.get("username"),)).fetchone()
conn.close()
# Ensure username exists and password is correct
if not check_password_hash(rows["hash"], request.form.get("password")):
flash("Incorrect password")
return render_template("login.html")
# return flash("invalid username and/or password")
# Remember which user has logged in
session["user_id"] = rows["user_id"]
# Redirect user to home page
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
@app.route("/logout")
def logout():
"""Log user out"""
# Forget any user_id
session.clear()
# Redirect user to login form
return redirect("/")