API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 10th, 2018
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.34 KB | None | 0 0
raw download clone embed print report
  1. from flask import Flask, render_template, request, make_response, redirect
  2. from hashlib import md5
  3. import mysql.connector
  4.  
  5. app = Flask(__name__)
  6. database = mysql.connector.connect(
  7. host="127.0.0.1",
  8. database="test",
  9. user="lex1133",
  10. password="ghhjkl123"
  11. )
  12. query = database.cursor(buffered=True)
  13.  
  14. @app.route('/')
  15. def index():
  16.  
  17. user = request.cookies.get('username')
  18. notes = None
  19. if not (user == None):
  20. sql = "SELECT filename,displayname FROM files WHERE `user` = %s"
  21. data = (user, )
  22. query.execute(sql, data)
  23. notes = query.fetchall()
  24. return render_template("index.html", user=user, notes = notes)
  25.  
  26. @app.route('/showfile/<path>')
  27. def show_file(path):
  28. user = request.cookies.get('username')
  29. if not (path == ''):
  30. sql = "SELECT * FROM files WHERE `filename` = %s"
  31. data = (path,)
  32. query.execute(sql, data)
  33. files = query.fetchall()
  34. if not (files == None):
  35. for file in files:
  36. if (file[3] == user):
  37. with open("notes/" + file[1] + ".txt", 'r', encoding='utf-8') as f:
  38. content = f.read()
  39. return render_template("showfile.html", file=file, content=content)
  40. else:
  41. return " <a href='/'>На главную</a><br>У вас нет доступа к этому файлу"
  42. else:
  43. return "Файл не найден"
  44. else:
  45. return "Вы должны сначала авторизоваться"
  46.  
  47.  
  48. @app.route('/editfile/<path>')
  49. def edit_file(path):
  50. user = request.cookies.get('username')
  51. if not (user == ''):
  52. sql = "SELECT * FROM files WHERE `filename` = %s"
  53. data = (path,)
  54. query.execute(sql, data)
  55. files = query.fetchall()
  56. if not (files == None):
  57. access = False
  58. permission = ''
  59. file = ''
  60. for f in files:
  61. if(f[3] == user):
  62. access = True
  63. permission = f[4]
  64. file = f
  65. break
  66. if (access):
  67. if('w' in file[4]):
  68. with open("notes/" + file[1] + ".txt", 'r', encoding='utf-8') as f:
  69. content = f.read()
  70. return render_template("editfile.html", file=file, content=content)
  71. else:
  72. return "<a href='/'>На главную</a><br>У вас есть права только на чтение "
  73. else:
  74. return "<a href='/'>На главную</a><br>У вас нет доступа к этому файлу"
  75. else:
  76. return "<a href='/'>На главную</a><br>Файл не найден"
  77. else:
  78. return "<a href='/'>На главную</a><br>Вы должны сначала авторизоваться"
  79.  
  80.  
  81. @app.route('/savefile', methods=['POST'])
  82. def save_file():
  83. user = request.cookies.get('username')
  84. filename = request.form['filename']
  85. content = request.form['content']
  86. content = content.replace('\r\n', '\n')
  87. if not (user == ''):
  88. with open("notes/" + filename + ".txt", 'w', encoding='utf-8') as f:
  89. f.write(content)
  90. return redirect('/editfile/' + filename)
  91. else:
  92. return "<a href='/'>На главную</a><br>Вы должны сначала авторизоваться"
  93.  
  94.  
  95. @app.route('/sharefile/<filename>')
  96. def share_file(filename):
  97. user = request.cookies.get('username')
  98. if not (user == ''):
  99. sql = "SELECT * FROM files WHERE `filename` = %s"
  100. data = (filename,)
  101. query.execute(sql, data)
  102. files = query.fetchall()
  103. if not (files == None):
  104. access = False
  105. permission = ''
  106. file = ''
  107. for f in files:
  108. if (f[3] == user):
  109. access = True
  110. permission = f[4]
  111. file = f
  112. break
  113. if (file[3] == user):
  114. if('s' in file[4]):
  115. return render_template("sharefile.html", file=file)
  116. else:
  117. return "<a href='/'>На главную</a><br>У вас нет прав на расшаривание данного файла"
  118. else:
  119. return "<a href='/'>На главную</a><br>У вас нет доступа к этому файлу"
  120. else:
  121. return "<a href='/'>На главную</a><br>Файл не найден"
  122. else:
  123. return "<a href='/'>На главную</a><br>Вы должны сначала авторизоваться"
  124.  
  125.  
  126. @app.route('/logout', methods=['POST'])
  127. def log_out():
  128. resp = make_response(redirect('/'))
  129. resp.delete_cookie('username')
  130. return resp
  131.  
  132.  
  133. @app.route('/share', methods=['POST'])
  134. def share():
  135. user = request.cookies.get('username')
  136. filename = request.form['filename']
  137. shareduser = request.form['shareduser']
  138. permissions = ''
  139. for arg in request.form:
  140. if arg == 'read':
  141. permissions = permissions + 'r'
  142. if arg == 'write':
  143. permissions = permissions + 'w'
  144. if arg == 'share:':
  145. permissions = permissions + 's'
  146. if not (user == ''):
  147. sql = "SELECT * FROM files WHERE `filename` = %s"
  148. data = (filename,)
  149. query.execute(sql, data)
  150. files = query.fetchall()
  151. if not (files == None):
  152. file = ''
  153. for f in files:
  154. if (f[3] == user):
  155. file = f
  156. break
  157. if (file[3] == user):
  158. if('s' in file[4]):
  159. sql = "SELECT * FROM users WHERE `login` = %s"
  160. data = (shareduser,)
  161. query.execute(sql, data)
  162. cols = query.fetchone()
  163. if not (cols == None):
  164. sharedpermissions = ''
  165. for perm in permissions:
  166. if (perm in file[4]):
  167. sharedpermissions = sharedpermissions + perm
  168. else:
  169. return "<a href='/'>На главную</a><br>Вы не можете выдать пользователю права " + perm + "!";
  170. sql = "INSERT INTO files (filename, displayname, user, permissions) VALUES (%s, %s, %s, %s)"
  171. data = (file[1], file[2], shareduser, sharedpermissions)
  172. try:
  173. query.execute(sql, data)
  174. database.commit()
  175. return redirect("/")
  176. except Exception:
  177. return "<a href='/'>На главную</a><br>Чтото пошло не так!"
  178. else:
  179. return "<a href='/'>На главную</a><br>Указанный пользователь не найден!"
  180. else:
  181. return "<a href='/'>На главную</a><br>У вас нет прав на расшаривание данного файла"
  182. else:
  183. return "<a href='/'>На главную</a><br>У вас нет доступа к этому файлу"
  184. else:
  185. return "<a href='/'>На главную</a><br>Файл не найден"
  186. else:
  187. return "<a href='/'>На главную</a><br>Вы должны сначала авторизоваться"
  188.  
  189.  
  190. @app.route('/signin', methods=['POST'])
  191. def sign_in():
  192. login = request.form['login']
  193. password = request.form['password']
  194. if not (login and password):
  195. return "Не все поля заполненны!"
  196. a = md5()
  197. a.update(password.encode('utf-8'))
  198. crypted_password = a.hexdigest()
  199. sql = "SELECT COUNT(*) FROM users WHERE login = %s AND password = %s"
  200. data = (login, crypted_password)
  201. query.execute(sql, data)
  202. result = query.fetchone()
  203. if (result[0] == 1):
  204. resp = make_response(redirect('/'))
  205. resp.set_cookie('username', login)
  206. return resp
  207. else:
  208. return "Wrong password or login"
  209.  
  210. if __name__ == '__main__':
  211. app.run(debug='true')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!