2017-10-03 01:18:13 +00:00
from os import urandom as rand
2017-10-04 00:04:18 +00:00
#from flaskext.mysql import MySQL
2017-10-03 01:18:13 +00:00
import pymysql
from flask import Flask , render_template , session , redirect , url_for , request , flash
2017-10-04 00:04:18 +00:00
from passlib . context import CryptContext
2017-10-03 01:18:13 +00:00
import pprint
pp = pprint . PrettyPrinter ( indent = 4 )
2017-10-04 00:04:18 +00:00
pass_ctx = CryptContext ( [ " bcrypt_sha256 " ] )
2017-10-03 01:18:13 +00:00
app = Flask ( __name__ )
# Thank you based StackOverflow
2017-10-04 00:04:18 +00:00
# Remove Trailing and leading whitespace, strip unicode
2017-10-03 01:18:13 +00:00
def cleanup_string ( text ) :
text = text . encode ( " ascii " , " replace " ) . decode ( )
return text . strip ( )
2017-10-05 00:22:55 +00:00
def get_userdb ( ) :
global userdb
global numusers
# Counting on primary key is quickest operation
cur_num = mysql_do ( " SELECT count(`uid`) FROM `Users`; " ) [ 0 ] [ 0 ]
if numusers < cur_num :
# Update the database!
userdb = mysql_do ( " SELECT * FROM Users " )
return userdb
2017-10-04 00:04:18 +00:00
2017-10-03 01:18:13 +00:00
# Load User Table into variable
def mysql_do ( query ) :
db = pymysql . connect ( host = ' dockerdev ' , port = 3306 , user = ' root ' , passwd = ' development ' , db = ' QuoteDB ' )
cur = db . cursor ( )
cur . execute ( query )
data = cur . fetchall ( )
cur . close ( )
db . commit ( )
db . close ( )
return data
2017-10-03 22:27:51 +00:00
def app_init ( ) :
2017-10-04 00:04:18 +00:00
# Check to make sure tables are set up properly
mysql_do ( " CREATE TABLE IF NOT EXISTS Users ( uid INT NOT NULL AUTO_INCREMENT PRIMARY KEY, user VARCHAR(255) NOT NULL UNIQUE, realname VARCHAR(255) NOT NULL, password VARCHAR(255), isadmin BIT NOT NULL); " )
2017-10-04 23:32:33 +00:00
mysql_do ( " CREATE TABLE IF NOT EXISTS Quotes ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, quote VARCHAR(2048) NOT NULL, date VARCHAR(255) NOT NULL, user INT NOT NULL, context VARCHAR(8000), addedby INT NOT NULL, FOREIGN KEY (user) REFERENCES Users(uid) ); " )
2017-10-04 00:04:18 +00:00
# Generate random key for session cookies
2017-10-03 22:27:51 +00:00
app . secret_key = rand ( 24 )
2017-10-04 00:04:18 +00:00
2017-10-05 00:22:55 +00:00
# Init the counter, then run a query
global numusers
numusers = 0
get_userdb ( )
2017-10-03 22:27:51 +00:00
2017-10-03 01:18:13 +00:00
2017-10-04 00:04:18 +00:00
def do_user_login ( user , password ) :
try :
userdata = mysql_do ( " SELECT * FROM Users WHERE user= ' %s ' " % ( user ) ) [ 0 ]
except IndexError :
# Returned when no rows found - no user with that name
flash ( " Error: Incorrect Username or Password! " , " danger " )
return redirect ( url_for ( ' login ' ) )
if pass_ctx . verify ( password , userdata [ 3 ] ) :
session [ ' username ' ] = user
session [ ' uid ' ] = userdata [ 0 ]
session [ ' isAdmin ' ] = bool ( ord ( userdata [ 4 ] ) )
return redirect ( url_for ( ' index ' ) )
else :
flash ( " Error: Incorrect Username or Password! " , " danger " )
return redirect ( url_for ( ' login ' ) )
2017-10-03 01:18:13 +00:00
@app.route ( " / " )
def index ( ) :
if ' username ' in session :
return render_template ( " index.html " , user = session [ " username " ] )
return render_template ( " index.html " )
@app.route ( " /quotes " )
def quoutepage ( ) :
retdata = mysql_do ( " SELECT * FROM Quotes ORDER BY ID DESC " )
return render_template ( " quote_view.html " , data = retdata )
2017-10-04 00:04:18 +00:00
@app.route ( " /login " , methods = [ ' GET ' , ' POST ' ] )
def login ( ) :
if request . method == ' POST ' :
return do_user_login ( request . form [ ' username ' ] , request . form [ ' pw ' ] )
return render_template ( " login.html " )
2017-10-03 01:18:13 +00:00
@app.route ( " /addquote " , methods = [ ' GET ' , ' POST ' ] )
def addquote ( ) :
if request . method == " POST " :
2017-10-04 23:36:01 +00:00
try :
session [ ' username ' ]
except KeyError :
flash ( " INFO: Please login first. " , " info " )
return redirect ( url_for ( " login " ) )
2017-10-03 01:18:13 +00:00
quotein = pymysql . escape_string ( request . form [ ' quote ' ] )
contextin = pymysql . escape_string ( request . form [ ' context ' ] )
userin = pymysql . escape_string ( request . form [ ' user ' ] )
#Remove Trailing and leading whitespace, strip unicode
quotein = cleanup_string ( quotein )
contextin = cleanup_string ( contextin )
if not quotein or quotein . isspace ( ) :
flash ( " Error: You must enter a quote! " , " danger " )
return redirect ( url_for ( " addquote " ) )
# Check if the <textarea> has been tampered with...
if ( len ( quotein ) > 500 ) or ( len ( contextin ) > 500 ) :
flash ( " Error: Quote too long. Stop fucking with the code :P " , " danger " )
return redirect ( url_for ( " addquote " ) )
# This checks if the user value has been changed to a non integer
try :
userin = int ( userin )
except :
flash ( " Error: Invalid userID. Stop fucking with the code :P " , " danger " )
return redirect ( url_for ( " addquote " ) )
# Check if the value is out of range of the valid uid's
if ( userin > int ( userdb [ - 1 ] [ 0 ] ) or ( userin < = 0 ) ) :
flash ( " Error: Invalid userID. Stop fucking with the code :P " , " danger " )
return redirect ( url_for ( " addquote " ) )
if not contextin :
contextin = " NULL "
else :
contextin = " \' " + contextin + " \' "
2017-10-04 23:32:33 +00:00
sql = " INSERT INTO `Quotes` (`id`, `quote`, `date`, `user`, `context`, `addedby`) VALUES (NULL, ' %s ' , CURRENT_TIMESTAMP, %d , %s , %s ); " % ( quotein , userin , contextin , session [ ' uid ' ] )
2017-10-03 01:18:13 +00:00
print ( sql )
mysql_do ( sql )
flash ( " Success! The entry was added to the database. " , " success " )
return redirect ( url_for ( ' index ' ) )
2017-10-04 00:04:18 +00:00
# Check if the user is authenticated
try :
session [ ' username ' ]
except KeyError :
flash ( " INFO: Please login first. " , " info " )
return redirect ( url_for ( " login " ) )
2017-10-05 00:22:55 +00:00
return render_template ( " add_quote.html " , users = get_userdb ( ) )
2017-10-03 01:18:13 +00:00
@app.route ( " /logout " )
def logout ( ) :
session . pop ( ' username ' , None )
return redirect ( url_for ( ' index ' ) )
@app.context_processor
def utility_processor ( ) :
def uid_to_user ( uid ) :
for user in userdb :
if user [ 0 ] == uid :
return user [ 1 ]
return dict ( uid_to_user = uid_to_user )
if __name__ == " __main__ " :
2017-10-03 22:27:51 +00:00
app_init ( )
2017-10-03 01:18:13 +00:00
app . run ( host = " 0.0.0.0 " , debug = True )