1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
# -*- coding: utf-8 -*-
import sqlite3
#all the imports
from flask import Flask, request, session, g, redirect, url_for, \
abort, render_template, flash, _app_ctx_stack
from functools import wraps
import hashlib
from docutils import core
from docutils.writers.html4css1 import Writer
from datetime import datetime
def rstify(string):
w = Writer()
result = core.publish_parts(string, writer=w)['fragment']
return result
# configuration
app = Flask(__name__)
app.config.from_envvar('CONF')
@app.template_filter('format_date')
def format_date(datetime_string, format=u"%a %d %b %Y à %Hh%M".encode("utf8")):
if not datetime_string:
return ""
return datetime.strptime(datetime_string[:-1],
"%Y-%m-%dT%H:%M:%S").strftime(format).decode("utf8")
@app.template_filter('pluralize')
def pluralize(word, count, plural=None):
if count == 0:
return "Aucun {}".format(word)
elif count == 1:
return "1 {}".format(word)
elif plural:
return "{} {}".format(count, plural)
else:
return "{} {}s".format(count, word)
def query_db(query, args=(), one=False):
cur = g.db.execute(query, args)
rv = cur.fetchone() if one else cur.fetchall()
cur.close()
return rv
@app.before_request
def before_request():
conn = sqlite3.connect(app.config['DATABASE'])
conn.row_factory = sqlite3.Row
g.db = conn
@app.teardown_appcontext
def close_db_connection(exception):
"""Closes the database again at the end of the request."""
g.db.close()
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'user_name' not in session:
return redirect(url_for('login', next=request.url))
return f(*args, **kwargs)
return decorated_function
@app.route('/')
@app.route('/news/')
@login_required
def list_news():
news = query_db("SELECT news.*, users.user_name, count(comments.id) as ncomments FROM news "
"LEFT JOIN users ON news.user_id = users.id "
"LEFT JOIN comments ON news.id=comments.news_id GROUP BY news.id")
return render_template("news/list.html", news=news)
@app.route('/news/add/', methods=['GET', 'POST'])
@login_required
def add_news():
if request.method == 'POST':
content = request.form['content']
content_cache = rstify(content)
cur = g.db.execute("INSERT INTO news "
"('title', 'content', 'user_id', 'content_cache') "
"VALUES (?, ?, ?, ?)",
(request.form['title'], content,
session['user_id'], content_cache))
news_id = cur.lastrowid
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
elif request.method == 'GET':
return render_template("news/add.html")
@app.route('/news/<int:news_id>/', methods=['GET', 'POST'])
@login_required
def show_news(news_id):
news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id "
"WHERE news.id = ?", (news_id,), True)
if request.method == 'GET':
comments = query_db("SELECT * FROM comments LEFT JOIN users "
"ON comments.user_id = users.id "
"WHERE comments.news_id = ?", (news_id,))
return render_template("news/show.html", news=news, comments=comments)
elif request.method == 'POST':
user_id = session['user_id']
content = request.form['content']
content_cache = rstify(content)
g.db.execute("INSERT INTO comments "
"('user_id', 'content', 'news_id', 'content_cache') "
"VALUES (?, ?, ?, ?)", (user_id, content, news_id, content_cache))
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
@app.route('/news/<int:news_id>/edit', methods=['GET', 'POST'])
@login_required
def edit_news(news_id):
if request.method == 'GET':
news = query_db("SELECT * from news WHERE news.id = ?", (news_id,), True)
if news["user_id"] == session['user_id']:
return render_template('news/add.html', news=news)
elif request.method == 'POST':
title = request.form['title']
content = request.form['content']
content_cache = rstify(content)
g.db.execute("UPDATE news SET 'title'=?, 'content'=?, 'content_cache'=? "
"WHERE news.id =?",
(title, content, content_cache, news_id))
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
@app.route('/user/<int:user_id>/')
@login_required
def view_user(user_id):
user = query_db('SELECT * FROM users WHERE id= ?', (session['user_id'],), True)
return render_template("user/show.html", user=user)
@app.route('/user/edit/', methods=['GET', 'POST'])
@login_required
def edit_user():
if request.method == 'GET':
user = query_db('SELECT * FROM users WHERE id= ?', (session['user_id'],),
True)
user = {k: user[k] for k in user.keys() if user[k]}
return render_template("user/edit.html", user=user)
elif request.method == 'POST':
result = {}
try:
if request.form['password'] == request.form['password_confirm']:
result['password'] =hashlib.md5(request.form['password']).hexdigest()
else:
error = u"Les deux mots de passe ne coïncident pas"
return render_template("user/edit.html", user=request.form,
error=error)
except KeyError:
pass
result["notify"] = 1 if "notify" in request.form else 0
for key in ['email', 'phone', 'birthday', 'nameday', 'address_line1',
'address_line2', 'address_city_line']:
result[key] = request.form[key].encode("utf8")
set_string = ",".join("'{}'='{}'".format(key, value)
for key,value in result.iteritems())
print set_string
g.db.execute("UPDATE users SET {} where id=?".format(set_string),
(session['user_id'],))
g.db.commit()
return redirect(url_for('view_user', user_id=session['user_id']))
@app.route('/login/', methods=['GET', 'POST'])
def login():
if 'user_name' in session:
return redirect(url_for('list_news'))
error = None
if request.method == 'POST':
username = request.form['username']
password = hashlib.md5(request.form['password']).hexdigest();
user = query_db('select * from users where user_name = ?', (username,), True)
if user:
if user['password'] == password:
session['user_name'] = user['user_name']
session['user_id'] = user['id']
g.db.execute("UPDATE users SET last_seen=? WHERE id=?",
(datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"),
session['user_id']))
g.db.commit()
return redirect(url_for('list_news'))
else:
error = u'Mot de passe incorrect'
else:
error = u'Utilisateur non enregistré'
return render_template('login.html', error=error)
@app.route('/logout/')
@login_required
def logout():
session.pop('user_name', None)
session.pop('user_id', None)
return redirect(url_for('login'))
if __name__=="__main__":
app.run()
|
