Untitled

# *-* coding:utf-8*-*

# Laddar in alla ramverk.
from modules.flask import Flask, render_template, redirect, url_for, request, flash
from modules.flask_mail import Mail, Message
from modules.passlib.hash import sha256_crypt
from modules.functools import wraps
from beaker.middleware import SessionMiddleware
from werkzeug import secure_filename
import os

# Egna moduler
from modules.database import *
from modules.functions import *


# Alternativ för cookies.
session_opts = {
    'session.type': 'file',
    'session.cookie_expires': 3000,
    'session.data_dir': './data',
    'session.auto': True
}

# Konfigurerar applikationen (VIKTIGT- SE TILL SÅ ATT SECREY_KEY ÄR RANDOM VID LAUNCH)
app = Flask(__name__)
app.secret_key = "thisisaveryprotectedkeythatabsolutlywontchangelater"
app.config['MAIL_SERVER']='smtp.gmail.com'
app.config['MAIL_PORT'] = 465
app.config['MAIL_USERNAME'] = 'oscara961337@gmail.com'
app.config['MAIL_PASSWORD'] = 'Password123a'
app.config['MAIL_USE_TLS'] = False
app.config['MAIL_USE_SSL'] = True
mail = Mail(app)


# UPPLADDNING AV BILD -------------------------------------------------------------------------------------------------------------------------------

ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'gif'])

def allowed_file(filename):
    return '.' in filename and \
           filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS


@app.route('/upload/<mode>', methods=['POST'])
def upload_file(mode):
    user = get_user()
    userID = user["id"]
    userfolder = 'static/uploaded/' + str(userID)
    wallpaperfolder = 'static/uploaded/' + str(userID) + '/wallpaper'
    profilepicturefolder = 'static/uploaded/' + str(userID) + '/profilepicture'
    indexpicturesfolder = 'static/uploaded/startpictures'
    if not os.path.exists(userfolder):
        os.makedirs(userfolder)
        os.makedirs(wallpaperfolder)
        os.makedirs(profilepicturefolder)
    if request.method == 'POST':
        file = request.files['file']
        name, ext = os.path.splitext(file.filename)
        if file and allowed_file(file.filename):
            filename = secure_filename(file.filename)
        else:
            # Bilder har en EJ tillåten fil ändelse
            return "Haha, den filen får du inte ladda upp!"

        if mode == "artistpicture":
            # Om användaren laddar upp en bild som ska synas på deras profil
            file.save(os.path.join(userfolder + "/", filename))
            return "Bilden är uppladdad"

        elif mode == "profilepicture":
            # Om användaren laddar upp en profilbild
            if os.listdir(profilepicturefolder):
                filelist = os.listdir(profilepicturefolder)
                os.remove(os.path.join(profilepicturefolder, filelist[0]))
            file.save(os.path.join(profilepicturefolder, "profilepicture" + ext))
            return "Bilden är uppladdad"

        elif mode == "startpicture":
            # Om användaren laddar upp en bild som ska synas på startsidan
            filelist = os.listdir(indexpicturesfolder)
            for file_ in filelist:
                if file_[:1] == str(userID):
                    os.remove(os.path.join(indexpicturesfolder, file_))
            file.save(os.path.join("static/uploaded/startpictures/", str(userID) + ext))
            return "Bilden är uppladdad"

        elif mode == "backgroundpicture":
            # Om användaren laddar upp en backgroundbild till deras profil sida
            if os.listdir(wallpaperfolder):
                filelist = os.listdir(wallpaperfolder)
                os.remove(os.path.join(wallpaperfolder, filelist[0]))
            file.save(os.path.join(wallpaperfolder, "wallpaper" + ext))
            return "Bilden är uppladdad"


# ---------------------------------------------------------------------------------------------------------------------------------------------------
def get_user():
    """
    Hämtar email & userID från sessionen.
    """
    try:
        user = {}
        session = request.environ.get("beaker.session")
        user["email"] = session["email"]
        user["id"] = session["id"]
        return user
    except:
        return None

@app.route('/index.html')
@app.route('/index')
@app.route('/')
def home():
    # Returnerar startsidan
    pictures = os.listdir("static/uploaded/startpictures/")
    links = []
    for picture in pictures:
        links.append("uploaded/startpictures/" + picture)
    print links
    return render_template("index.html", user=get_user(), pictures = links)

@app.route('/home')
def popup():
    # Returnerar startsidan fast visar en "toast" med information som skickas med som ett argument i länken
    message = request.args['message']
    return render_template("index.html", user=get_user(), complete = message)


@app.route('/artists')
def artists():
    # Returnerar en sida med en lista på artisterna
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("SELECT name, profileID FROM af5482.profiles WHERE showprofile = 1")
    cursor.execute(query)
    stored = cursor.fetchall()
    cursor.close()
    connection.close()
    return render_template("artists.html", users = stored, user=get_user())

@app.route('/artist/<uID>')
def anartist(uID):
    userfolder = 'static/uploaded/' + str(uID)
    wallpaperfolder = 'static/uploaded/' + str(uID) + '/wallpaper'
    profilepicturefolder = 'static/uploaded/' + str(uID) + '/profilepicture'
    indexpicturesfolder = 'static/uploaded/startpictures'
    if not os.path.exists(userfolder):
        os.makedirs(userfolder)
        os.makedirs(wallpaperfolder)
        os.makedirs(profilepicturefolder)
    # Hämtar användare ID från /uID
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("SELECT showprofile FROM af5482.profiles WHERE profileID = '%s'" % (uID))
    cursor.execute(query, (uID))
    stored = cursor.fetchone()
    cursor.close()
    connection.close()
    # Kollar så att användaren inte är "blockerad" av admin
    if stored[0] == 1:
        # Om användaren inte är blockerad hämtas profil informationen
        connection = opendatabase()
        cursor = connection.cursor()
        query = ("SELECT backgroundpicture, profilepicture, name, yrke, abouttext, profileID FROM af5482.profiles WHERE profileID = '%s'" % (uID))
        cursor.execute(query, (uID))
        stored = cursor.fetchone()
        name = stored[2]
        cursor.close()
        connection.close()

        # GET ARTISTS PICTURES

        # GETS PROFILEPICTURE
        profilepicture = os.listdir("static/uploaded/" + str(uID) + "/profilepicture")
        if profilepicture != []:
            profilepiclink = "uploaded/" + str(uID) + "/profilepicture/" + profilepicture[0]
        else:
            profilepiclink = "bilder/example_profilepic.png"

        # GETS WALLPAPER
        wallpaper = os.listdir("static/uploaded/" + str(uID) + "/wallpaper")
        if wallpaper != []:
            wallpaperlink = "uploaded/" + str(uID) + "/wallpaper/" + wallpaper[0]
        else:
            wallpaperlink = "bilder/wallpaper_example.jpg"


        # GETS ALL THE ARTIST PICTURES TO THEIR PROFILE
        pictures = os.listdir("static/uploaded/" + str(uID) + "/")
        links = []
        for picture in pictures:
            if picture[-4:] == (".jpg" or ".gif" or "jpeg" or ".png"):
                links.append(uID + "/" + picture)


        # ADDS THE USERID TO THE PICTURE LINK

        return render_template("artistprofile.html", user=get_user(), name = name, stored = stored, pictures=links, wallpaper = wallpaperlink, profilepicture = profilepiclink)
    else:
        # Användaren blockerad, skickas till startsidan med ett popup message
        return redirect(url_for("popup", message = "The profile you tried to reach has been blocked."))


@app.route('/about')
def about():
    # Hämtar about informationen och returnerar about sidan.
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("SELECT aboutfrank FROM af5482.about")
    cursor.execute(query)
    stored = cursor.fetchone()
    cursor.close()
    connection.close()
    return render_template("about.html", user=get_user(), about = stored[0])

@app.route('/contact')
def contact():
    return render_template("contact.html", user=get_user())

@app.route('/events')
def events():
    return render_template("events.html", user=get_user())

@app.route('/register')
def reg():
    return render_template("register.html", user=get_user())

@app.route("/login")
def login():
    return render_template("login.html")

@app.route('/change-password')
def changepassword():
    return render_template("change-password.html", user=get_user())

@app.route("/logout")
def logout():
    session = request.environ.get("beaker.session")
    session.delete()
    return redirect(url_for("popup", message = "You've been logged out"))

@app.route("/admin")
def admin():
    user = get_user()
    if user == None:
        return redirect(url_for("login"))
    else:
        if user["id"] == 1:
            # Mary / ADMINISTRATOR LÄGET
            connection = opendatabase()
            cursor = connection.cursor()
            query = ("SELECT name, profileID, showprofile FROM af5482.profiles")
            cursor.execute(query)
            stored = cursor.fetchall()

            query = ("SELECT aboutfrank FROM af5482.about")
            cursor.execute(query)
            about = cursor.fetchone()
            cursor.close()
            connection.close()
            return render_template("admin.html", user=get_user(), stored = stored, about = about[0])
        else:
            # PROFIL LÄGET DÄR DEM REDIGERAR
            connection = opendatabase()
            cursor = connection.cursor()
            query = ("SELECT abouttext, name, yrke FROM af5482.profiles WHERE profileid = '%s'" % (user["id"]))
            cursor.execute(query, (user["id"]))
            stored = cursor.fetchone()
            cursor.close()
            connection.close()
            if stored == None:
                # Finns inget profilID, skickas till skapa profil sidan
                # Visar ett formulär där användaren kan fylla i sina uppgifter
                return render_template("profilredigering.html", user=get_user(), userexist = False)
            else:
                # Finns profilID och skickas till redigera sidan
                # Hämtar informationen från databasen och "prefyller" formuläret med informationen som redan finns
                return render_template("profilredigering.html",name = stored[1], about = stored[0], yrke = stored[2], user=get_user(), userexist = True)


@app.route('/forgot', methods=["GET", "POST"])
def forgot():
    if request.method == "POST":
        email = request.form["email"]
        connection = opendatabase()
        cursor = connection.cursor()
        query = ("SELECT email FROM af5482.users WHERE email = '%s'" % (email))
        cursor.execute(query, (email))
        stored = cursor.fetchone()
        cursor.close()
        connection.close()
        if stored != None:
            # ANVÄNDAREN FANNS I DATABASEN OCH FÅR ETT NYTT LÖSENORD PÅ SIN EMAIL
            randompassword = generatepassword()
            thepassword = sha256_crypt.encrypt(randompassword)
            email = request.form["email"]
            connection = opendatabase()
            cursor = connection.cursor()
            query = ("UPDATE af5482.users SET pwd = %s WHERE email = %s")
            cursor.execute(query, (thepassword, email))
            connection.commit()
            cursor.close()
            connection.close()
            msg = Message('FrankArt - Your new password', sender = 'FrankArt', recipients = [email])
            msg.body = "Ditt nya lösenord är: " + randompassword
            mail.send(msg)
            return redirect(url_for("popup", message = "Your new password has been sent!"))
        else:
            # EMAILEN FANNS INTE I DATABASEN
            return redirect(url_for("popup", message = "Your new password has been sent!"))
    return render_template("forgot.html", user=get_user())


# POST METHODS
# -----------------------------------------------------------------------------------------------------------------------------------------------------------

@app.route('/contact-frank', methods=["POST"])
def contactfrank():
    name = request.form["name"]
    email = request.form["email"]
    text = request.form["text"]
    msg = Message('FrankArt - Someone has contacted you', sender = 'FrankArt', recipients = ['oscarandersson1337@gmail.com'])
    msg.html = "<h1>Someone has contacted you from FrankArt!</h1> <h4>Their name: </h4> " + name + " <h4>Their message: </h4><p>" + text + "</p><p> You can reply too them by using this email: " + email
    mail.send(msg)

@app.route('/saveaboutfrank', methods=["POST"])
def savefranktext():
    value = 1
    about = request.form["about"]
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("UPDATE af5482.about SET aboutfrank = %s WHERE id = %s")
    cursor.execute(query, (about, value))
    connection.commit()
    cursor.close()
    connection.close()
    return redirect(url_for("admin"))


@app.route('/updateshowedprofiles', methods=['POST'])
def updateshowedprofiles():
    values = request.form.getlist('check')
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("UPDATE af5482.profiles SET showprofile = 1")
    cursor.execute(query)
    connection.commit()
    cursor.close()
    connection.close()
    if values == []:
        return redirect(url_for("admin"))
    else:
        for value in values:
            digit = 0
            connection = opendatabase()
            cursor = connection.cursor()
            query = ("UPDATE af5482.profiles SET showprofile = %s WHERE profileID = %s")
            cursor.execute(query, (digit, value))
            connection.commit()
            cursor.close()
            connection.close()
            return redirect(url_for("admin"))


@app.route('/changemypassword', methods=["POST"])
def changethepassword():
    currentpassword = request.form["current-password"]
    newpassword = request.form["new-password"]
    repassword = request.form["re-password"]
    connection = opendatabase()
    cursor = connection.cursor()
    user = get_user()
    userid = user["id"]
    query = ("SELECT pwd FROM af5482.users WHERE userID = '%s'" % (userid))
    cursor.execute(query, (userid))
    stored = cursor.fetchone()
    cursor.close()
    connection.close()
    if sha256_crypt.verify(currentpassword, stored[0]) == True:
        if newpassword == repassword:
            encryptedpassword = sha256_crypt.encrypt(newpassword)
            user = get_user()
            userid = user["id"]
            connection = opendatabase()
            cursor = connection.cursor()
            query = ("UPDATE af5482.users SET pwd = %s WHERE userid = %s")
            cursor.execute(query, (encryptedpassword, userid))
            connection.commit()
            cursor.close()
            connection.close()
            return redirect(url_for("popup", message = "Your password has been changed!"))
        else:
            error = "Your new password doesn't match"
            return render_template("change-password.html", user=get_user(), error = error)
    else:
        error = "Your current password doesn't match!"
        return render_template("change-password.html", user=get_user(), error = error)


@app.route('/saveedit', methods=["POST"])
def saveedit():
    user = get_user()
    userid = user["id"]
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("SELECT profileID FROM af5482.profiles WHERE profileID = '%s'" % (userid))
    cursor.execute(query, (userid))
    stored = cursor.fetchone()
    cursor.close()
    connection.close()
    name = request.form["name"]
    yrke = request.form["yrke"]
    about = request.form["about"]
    if stored == None:
        connection = opendatabase()
        cursor = connection.cursor()
        showprofile = 1
        cursor.execute("""INSERT INTO af5482.profiles (name, yrke, abouttext, profileid, showprofile) VALUES (%s, %s, %s, %s, %s)""" , (name, yrke, about, user["id"], showprofile))
        connection.commit()
        cursor.close()
        connection.close()
        return redirect(url_for("popup", message = "Your profile has been created!"))
    else:
        connection = opendatabase()
        cursor = connection.cursor()
        query = ("UPDATE af5482.profiles SET name = %s, yrke = %s, abouttext = %s WHERE profileid = %s")
        cursor.execute(query, (name, yrke, about, user["id"]))
        connection.commit()
        cursor.close()
        connection.close()
        return redirect(url_for("popup", message = "Your changes has been saved!"))


@app.route('/login_user', methods=["POST"])
def login_user():
    connection = opendatabase()
    cursor = connection.cursor()
    email = request.form["email"]
    guesspassword = request.form["password"]
    query = ("SELECT pwd, userID, email FROM af5482.users WHERE email = '%s'" % (email))
    cursor.execute(query, (email))
    stored = cursor.fetchone()
    cursor.close()
    connection.close()
    if stored != None:
        if sha256_crypt.verify(guesspassword, stored[0]) == True:
            session = request.environ.get("beaker.session")
            session["id"] = stored[1]
            session["email"] = stored[2]
            session.save()
            return redirect(url_for("admin"))
        else:
            return render_template("login.html", error= 'Invalid Credentials. Please try again.', user=get_user())
    else:
        return render_template("login.html", error= 'Invalid Credentials. Please try again.', user=get_user())

@app.route('/registeruser', methods=["POST"])
def registeruser():
    # Öppnar databasen och väljer databasen logi
    email = request.form["email"]
    connection = opendatabase()
    cursor = connection.cursor()
    query = ("SELECT email FROM af5482.users")
    cursor.execute(query)
    emails = cursor.fetchall()
    error = False
    if error == False:
        for epost in emails:
            if email == epost[0]:
                error = True
    if error == False:
        # Hashar lösenordet
        password = generatepassword()
        thepassword = sha256_crypt.encrypt(password)
        # Lägger till emailadressen och lösenordet i databasen
        cursor.execute("""
        INSERT INTO af5482.users (email, pwd) VALUES (%s, %s)""" , (email, thepassword))
        connection.commit()
        cursor.close()
        connection.close()
        msg = Message('FrankArt - Registration Email', sender = 'FrankArt', recipients = [email])
        msg.body = "Hello!, You've been registered on FrankArt.se. Your credentials are the following: Email: " + email + " Password: " + password
        mail.send(msg)
        return redirect(url_for("popup", message= "The user has been registered"))
    else:
        return render_template("register.html", error = "Emailen finns redan i systemet", user=get_user())
        #Error = True
        #Alltså emailen finns i databasen
        #Return till registrering och blir error


# -------------------------------------------------------------------------------------------------------------------------------------------------------------

# start the server with the 'run()' method
if __name__ == '__main__':
    app.wsgi_app = SessionMiddleware(app.wsgi_app, session_opts)
    app.run(port = 8082, debug=True, threaded = True)