Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # *-* coding:utf-8*-*
- # Laddar in alla ramverk.
- from modules.flask import Flask, render_template, redirect, url_for, request, flash
- from modules.flask_mail import Mail, Message
- from modules.passlib.hash import sha256_crypt
- from modules.functools import wraps
- from beaker.middleware import SessionMiddleware
- from werkzeug import secure_filename
- import os
- # Egna moduler
- from modules.database import *
- from modules.functions import *
- # Alternativ för cookies.
- session_opts = {
- 'session.type': 'file',
- 'session.cookie_expires': 3000,
- 'session.data_dir': './data',
- 'session.auto': True
- }
- # Konfigurerar applikationen (VIKTIGT- SE TILL SÅ ATT SECREY_KEY ÄR RANDOM VID LAUNCH)
- app = Flask(__name__)
- app.secret_key = "thisisaveryprotectedkeythatabsolutlywontchangelater"
- app.config['MAIL_SERVER']='smtp.gmail.com'
- app.config['MAIL_PORT'] = 465
- app.config['MAIL_USERNAME'] = 'oscara961337@gmail.com'
- app.config['MAIL_PASSWORD'] = 'Password123a'
- app.config['MAIL_USE_TLS'] = False
- app.config['MAIL_USE_SSL'] = True
- mail = Mail(app)
- # UPPLADDNING AV BILD -------------------------------------------------------------------------------------------------------------------------------
- ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'gif'])
- def allowed_file(filename):
- return '.' in filename and \
- filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS
- @app.route('/upload/<mode>', methods=['POST'])
- def upload_file(mode):
- user = get_user()
- userID = user["id"]
- userfolder = 'static/uploaded/' + str(userID)
- wallpaperfolder = 'static/uploaded/' + str(userID) + '/wallpaper'
- profilepicturefolder = 'static/uploaded/' + str(userID) + '/profilepicture'
- indexpicturesfolder = 'static/uploaded/startpictures'
- if not os.path.exists(userfolder):
- os.makedirs(userfolder)
- os.makedirs(wallpaperfolder)
- os.makedirs(profilepicturefolder)
- if request.method == 'POST':
- file = request.files['file']
- name, ext = os.path.splitext(file.filename)
- if file and allowed_file(file.filename):
- filename = secure_filename(file.filename)
- else:
- # Bilder har en EJ tillåten fil ändelse
- return "Haha, den filen får du inte ladda upp!"
- if mode == "artistpicture":
- # Om användaren laddar upp en bild som ska synas på deras profil
- file.save(os.path.join(userfolder + "/", filename))
- return "Bilden är uppladdad"
- elif mode == "profilepicture":
- # Om användaren laddar upp en profilbild
- if os.listdir(profilepicturefolder):
- filelist = os.listdir(profilepicturefolder)
- os.remove(os.path.join(profilepicturefolder, filelist[0]))
- file.save(os.path.join(profilepicturefolder, "profilepicture" + ext))
- return "Bilden är uppladdad"
- elif mode == "startpicture":
- # Om användaren laddar upp en bild som ska synas på startsidan
- filelist = os.listdir(indexpicturesfolder)
- for file_ in filelist:
- if file_[:1] == str(userID):
- os.remove(os.path.join(indexpicturesfolder, file_))
- file.save(os.path.join("static/uploaded/startpictures/", str(userID) + ext))
- return "Bilden är uppladdad"
- elif mode == "backgroundpicture":
- # Om användaren laddar upp en backgroundbild till deras profil sida
- if os.listdir(wallpaperfolder):
- filelist = os.listdir(wallpaperfolder)
- os.remove(os.path.join(wallpaperfolder, filelist[0]))
- file.save(os.path.join(wallpaperfolder, "wallpaper" + ext))
- return "Bilden är uppladdad"
- # ---------------------------------------------------------------------------------------------------------------------------------------------------
- def get_user():
- """
- Hämtar email & userID från sessionen.
- """
- try:
- user = {}
- session = request.environ.get("beaker.session")
- user["email"] = session["email"]
- user["id"] = session["id"]
- return user
- except:
- return None
- @app.route('/index.html')
- @app.route('/index')
- @app.route('/')
- def home():
- # Returnerar startsidan
- pictures = os.listdir("static/uploaded/startpictures/")
- links = []
- for picture in pictures:
- links.append("uploaded/startpictures/" + picture)
- print links
- return render_template("index.html", user=get_user(), pictures = links)
- @app.route('/home')
- def popup():
- # Returnerar startsidan fast visar en "toast" med information som skickas med som ett argument i länken
- message = request.args['message']
- return render_template("index.html", user=get_user(), complete = message)
- @app.route('/artists')
- def artists():
- # Returnerar en sida med en lista på artisterna
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT name, profileID FROM af5482.profiles WHERE showprofile = 1")
- cursor.execute(query)
- stored = cursor.fetchall()
- cursor.close()
- connection.close()
- return render_template("artists.html", users = stored, user=get_user())
- @app.route('/artist/<uID>')
- def anartist(uID):
- userfolder = 'static/uploaded/' + str(uID)
- wallpaperfolder = 'static/uploaded/' + str(uID) + '/wallpaper'
- profilepicturefolder = 'static/uploaded/' + str(uID) + '/profilepicture'
- indexpicturesfolder = 'static/uploaded/startpictures'
- if not os.path.exists(userfolder):
- os.makedirs(userfolder)
- os.makedirs(wallpaperfolder)
- os.makedirs(profilepicturefolder)
- # Hämtar användare ID från /uID
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT showprofile FROM af5482.profiles WHERE profileID = '%s'" % (uID))
- cursor.execute(query, (uID))
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- # Kollar så att användaren inte är "blockerad" av admin
- if stored[0] == 1:
- # Om användaren inte är blockerad hämtas profil informationen
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT backgroundpicture, profilepicture, name, yrke, abouttext, profileID FROM af5482.profiles WHERE profileID = '%s'" % (uID))
- cursor.execute(query, (uID))
- stored = cursor.fetchone()
- name = stored[2]
- cursor.close()
- connection.close()
- # GET ARTISTS PICTURES
- # GETS PROFILEPICTURE
- profilepicture = os.listdir("static/uploaded/" + str(uID) + "/profilepicture")
- if profilepicture != []:
- profilepiclink = "uploaded/" + str(uID) + "/profilepicture/" + profilepicture[0]
- else:
- profilepiclink = "bilder/example_profilepic.png"
- # GETS WALLPAPER
- wallpaper = os.listdir("static/uploaded/" + str(uID) + "/wallpaper")
- if wallpaper != []:
- wallpaperlink = "uploaded/" + str(uID) + "/wallpaper/" + wallpaper[0]
- else:
- wallpaperlink = "bilder/wallpaper_example.jpg"
- # GETS ALL THE ARTIST PICTURES TO THEIR PROFILE
- pictures = os.listdir("static/uploaded/" + str(uID) + "/")
- links = []
- for picture in pictures:
- if picture[-4:] == (".jpg" or ".gif" or "jpeg" or ".png"):
- links.append(uID + "/" + picture)
- # ADDS THE USERID TO THE PICTURE LINK
- return render_template("artistprofile.html", user=get_user(), name = name, stored = stored, pictures=links, wallpaper = wallpaperlink, profilepicture = profilepiclink)
- else:
- # Användaren blockerad, skickas till startsidan med ett popup message
- return redirect(url_for("popup", message = "The profile you tried to reach has been blocked."))
- @app.route('/about')
- def about():
- # Hämtar about informationen och returnerar about sidan.
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT aboutfrank FROM af5482.about")
- cursor.execute(query)
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- return render_template("about.html", user=get_user(), about = stored[0])
- @app.route('/contact')
- def contact():
- return render_template("contact.html", user=get_user())
- @app.route('/events')
- def events():
- return render_template("events.html", user=get_user())
- @app.route('/register')
- def reg():
- return render_template("register.html", user=get_user())
- @app.route("/login")
- def login():
- return render_template("login.html")
- @app.route('/change-password')
- def changepassword():
- return render_template("change-password.html", user=get_user())
- @app.route("/logout")
- def logout():
- session = request.environ.get("beaker.session")
- session.delete()
- return redirect(url_for("popup", message = "You've been logged out"))
- @app.route("/admin")
- def admin():
- user = get_user()
- if user == None:
- return redirect(url_for("login"))
- else:
- if user["id"] == 1:
- # Mary / ADMINISTRATOR LÄGET
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT name, profileID, showprofile FROM af5482.profiles")
- cursor.execute(query)
- stored = cursor.fetchall()
- query = ("SELECT aboutfrank FROM af5482.about")
- cursor.execute(query)
- about = cursor.fetchone()
- cursor.close()
- connection.close()
- return render_template("admin.html", user=get_user(), stored = stored, about = about[0])
- else:
- # PROFIL LÄGET DÄR DEM REDIGERAR
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT abouttext, name, yrke FROM af5482.profiles WHERE profileid = '%s'" % (user["id"]))
- cursor.execute(query, (user["id"]))
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- if stored == None:
- # Finns inget profilID, skickas till skapa profil sidan
- # Visar ett formulär där användaren kan fylla i sina uppgifter
- return render_template("profilredigering.html", user=get_user(), userexist = False)
- else:
- # Finns profilID och skickas till redigera sidan
- # Hämtar informationen från databasen och "prefyller" formuläret med informationen som redan finns
- return render_template("profilredigering.html",name = stored[1], about = stored[0], yrke = stored[2], user=get_user(), userexist = True)
- @app.route('/forgot', methods=["GET", "POST"])
- def forgot():
- if request.method == "POST":
- email = request.form["email"]
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT email FROM af5482.users WHERE email = '%s'" % (email))
- cursor.execute(query, (email))
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- if stored != None:
- # ANVÄNDAREN FANNS I DATABASEN OCH FÅR ETT NYTT LÖSENORD PÅ SIN EMAIL
- randompassword = generatepassword()
- thepassword = sha256_crypt.encrypt(randompassword)
- email = request.form["email"]
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("UPDATE af5482.users SET pwd = %s WHERE email = %s")
- cursor.execute(query, (thepassword, email))
- connection.commit()
- cursor.close()
- connection.close()
- msg = Message('FrankArt - Your new password', sender = 'FrankArt', recipients = [email])
- msg.body = "Ditt nya lösenord är: " + randompassword
- mail.send(msg)
- return redirect(url_for("popup", message = "Your new password has been sent!"))
- else:
- # EMAILEN FANNS INTE I DATABASEN
- return redirect(url_for("popup", message = "Your new password has been sent!"))
- return render_template("forgot.html", user=get_user())
- # POST METHODS
- # -----------------------------------------------------------------------------------------------------------------------------------------------------------
- @app.route('/contact-frank', methods=["POST"])
- def contactfrank():
- name = request.form["name"]
- email = request.form["email"]
- text = request.form["text"]
- msg = Message('FrankArt - Someone has contacted you', sender = 'FrankArt', recipients = ['oscarandersson1337@gmail.com'])
- msg.html = "<h1>Someone has contacted you from FrankArt!</h1> <h4>Their name: </h4> " + name + " <h4>Their message: </h4><p>" + text + "</p><p> You can reply too them by using this email: " + email
- mail.send(msg)
- @app.route('/saveaboutfrank', methods=["POST"])
- def savefranktext():
- value = 1
- about = request.form["about"]
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("UPDATE af5482.about SET aboutfrank = %s WHERE id = %s")
- cursor.execute(query, (about, value))
- connection.commit()
- cursor.close()
- connection.close()
- return redirect(url_for("admin"))
- @app.route('/updateshowedprofiles', methods=['POST'])
- def updateshowedprofiles():
- values = request.form.getlist('check')
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("UPDATE af5482.profiles SET showprofile = 1")
- cursor.execute(query)
- connection.commit()
- cursor.close()
- connection.close()
- if values == []:
- return redirect(url_for("admin"))
- else:
- for value in values:
- digit = 0
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("UPDATE af5482.profiles SET showprofile = %s WHERE profileID = %s")
- cursor.execute(query, (digit, value))
- connection.commit()
- cursor.close()
- connection.close()
- return redirect(url_for("admin"))
- @app.route('/changemypassword', methods=["POST"])
- def changethepassword():
- currentpassword = request.form["current-password"]
- newpassword = request.form["new-password"]
- repassword = request.form["re-password"]
- connection = opendatabase()
- cursor = connection.cursor()
- user = get_user()
- userid = user["id"]
- query = ("SELECT pwd FROM af5482.users WHERE userID = '%s'" % (userid))
- cursor.execute(query, (userid))
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- if sha256_crypt.verify(currentpassword, stored[0]) == True:
- if newpassword == repassword:
- encryptedpassword = sha256_crypt.encrypt(newpassword)
- user = get_user()
- userid = user["id"]
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("UPDATE af5482.users SET pwd = %s WHERE userid = %s")
- cursor.execute(query, (encryptedpassword, userid))
- connection.commit()
- cursor.close()
- connection.close()
- return redirect(url_for("popup", message = "Your password has been changed!"))
- else:
- error = "Your new password doesn't match"
- return render_template("change-password.html", user=get_user(), error = error)
- else:
- error = "Your current password doesn't match!"
- return render_template("change-password.html", user=get_user(), error = error)
- @app.route('/saveedit', methods=["POST"])
- def saveedit():
- user = get_user()
- userid = user["id"]
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT profileID FROM af5482.profiles WHERE profileID = '%s'" % (userid))
- cursor.execute(query, (userid))
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- name = request.form["name"]
- yrke = request.form["yrke"]
- about = request.form["about"]
- if stored == None:
- connection = opendatabase()
- cursor = connection.cursor()
- showprofile = 1
- cursor.execute("""INSERT INTO af5482.profiles (name, yrke, abouttext, profileid, showprofile) VALUES (%s, %s, %s, %s, %s)""" , (name, yrke, about, user["id"], showprofile))
- connection.commit()
- cursor.close()
- connection.close()
- return redirect(url_for("popup", message = "Your profile has been created!"))
- else:
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("UPDATE af5482.profiles SET name = %s, yrke = %s, abouttext = %s WHERE profileid = %s")
- cursor.execute(query, (name, yrke, about, user["id"]))
- connection.commit()
- cursor.close()
- connection.close()
- return redirect(url_for("popup", message = "Your changes has been saved!"))
- @app.route('/login_user', methods=["POST"])
- def login_user():
- connection = opendatabase()
- cursor = connection.cursor()
- email = request.form["email"]
- guesspassword = request.form["password"]
- query = ("SELECT pwd, userID, email FROM af5482.users WHERE email = '%s'" % (email))
- cursor.execute(query, (email))
- stored = cursor.fetchone()
- cursor.close()
- connection.close()
- if stored != None:
- if sha256_crypt.verify(guesspassword, stored[0]) == True:
- session = request.environ.get("beaker.session")
- session["id"] = stored[1]
- session["email"] = stored[2]
- session.save()
- return redirect(url_for("admin"))
- else:
- return render_template("login.html", error= 'Invalid Credentials. Please try again.', user=get_user())
- else:
- return render_template("login.html", error= 'Invalid Credentials. Please try again.', user=get_user())
- @app.route('/registeruser', methods=["POST"])
- def registeruser():
- # Öppnar databasen och väljer databasen logi
- email = request.form["email"]
- connection = opendatabase()
- cursor = connection.cursor()
- query = ("SELECT email FROM af5482.users")
- cursor.execute(query)
- emails = cursor.fetchall()
- error = False
- if error == False:
- for epost in emails:
- if email == epost[0]:
- error = True
- if error == False:
- # Hashar lösenordet
- password = generatepassword()
- thepassword = sha256_crypt.encrypt(password)
- # Lägger till emailadressen och lösenordet i databasen
- cursor.execute("""
- INSERT INTO af5482.users (email, pwd) VALUES (%s, %s)""" , (email, thepassword))
- connection.commit()
- cursor.close()
- connection.close()
- msg = Message('FrankArt - Registration Email', sender = 'FrankArt', recipients = [email])
- msg.body = "Hello!, You've been registered on FrankArt.se. Your credentials are the following: Email: " + email + " Password: " + password
- mail.send(msg)
- return redirect(url_for("popup", message= "The user has been registered"))
- else:
- return render_template("register.html", error = "Emailen finns redan i systemet", user=get_user())
- #Error = True
- #Alltså emailen finns i databasen
- #Return till registrering och blir error
- # -------------------------------------------------------------------------------------------------------------------------------------------------------------
- # start the server with the 'run()' method
- if __name__ == '__main__':
- app.wsgi_app = SessionMiddleware(app.wsgi_app, session_opts)
- app.run(port = 8082, debug=True, threaded = True)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement