1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# -*- coding: utf-8 -*-
import sqlite3
#all the imports
from flask import Flask, request, session, g, redirect, url_for, \
abort, render_template, flash, _app_ctx_stack
from functools import wraps
import hashlib
from docutils import core
from docutils.writers.html4css1 import Writer
from datetime import datetime
def rstify(string):
w = Writer()
result = core.publish_parts(string, writer=w)['fragment']
return result
# configuration
app = Flask(__name__)
app.config.from_envvar('CONF')
@app.template_filter('format_date')
def format_date(datetime_string, format="%a %d %b %Y"):
if not datetime_string:
return ""
return datetime.strptime(datetime_string[:-1],
"%Y-%m-%dT%H:%M:%S").strftime(format)
def query_db(query, args=(), one=False):
cur = g.db.execute(query, args)
rv = cur.fetchone() if one else cur.fetchall()
cur.close()
return rv
@app.before_request
def before_request():
conn = sqlite3.connect(app.config['DATABASE'])
conn.row_factory = sqlite3.Row
g.db = conn
@app.teardown_appcontext
def close_db_connection(exception):
"""Closes the database again at the end of the request."""
g.db.close()
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'user_name' not in session:
return redirect(url_for('login', next=request.url))
return f(*args, **kwargs)
return decorated_function
@app.route('/')
@app.route('/news/')
@login_required
def list_news():
news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id")
return render_template("news/list.html", news=news)
@app.route('/news/add/', methods=['GET', 'POST'])
@login_required
def add_news():
if request.method == 'POST':
content = rstify(request.form['content'])
cur = g.db.execute("INSERT INTO news ('title', 'content', 'user_id') "
"VALUES (?, ?, ?)",
(request.form['title'], content,
session['user_id']))
news_id = cur.lastrowid
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
elif request.method == 'GET':
return render_template("news/add.html")
@app.route('/news/<int:news_id>/', methods=['GET', 'POST'])
@login_required
def show_news(news_id):
news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id "
"WHERE news.id = ?", (news_id,), True)
if request.method == 'GET':
comments = query_db("SELECT * FROM comments LEFT JOIN users "
"ON comments.user_id = users.id "
"WHERE comments.news_id = ?", (news_id,))
return render_template("news/show.html", news=news, comments=comments)
elif request.method == 'POST':
user_id = session['user_id']
content = rstify(request.form['content'])
g.db.execute("INSERT INTO comments ('user_id', 'content', 'news_id') "
"VALUES (?, ?, ?)", (user_id, content, news_id))
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
@app.route('/login/', methods=['GET', 'POST'])
def login():
if 'user_name' in session:
return redirect(url_for('list_news'))
error = None
if request.method == 'POST':
username = request.form['username']
password = hashlib.md5(request.form['password']).hexdigest();
user = query_db('select * from users where name = ?', (username,), True)
if user:
if user['password'] == password:
session['user_name'] = user['name']
session['user_id'] = user['id']
return redirect(url_for('list_news'))
else:
error = u'Mot de passe incorrect'
else:
error = u'Utilisateur non enregistré'
return render_template('login.html', error=error)
@app.route('/logout/')
@login_required
def logout():
session.pop('user_name', None)
session.pop('user_id', None)
return redirect(url_for('login'))
if __name__=="__main__":
app.run()
|
