mirror of
https://github.com/Adam-Ant/QuotesDB
synced 2024-11-05 10:56:22 +00:00
113 lines
3.6 KiB
Python
113 lines
3.6 KiB
Python
|
from os import urandom as rand
|
||
|
from flaskext.mysql import MySQL
|
||
|
import pymysql
|
||
|
from flask import Flask, render_template, session, redirect, url_for, request, flash
|
||
|
import pprint
|
||
|
|
||
|
pp = pprint.PrettyPrinter(indent=4)
|
||
|
|
||
|
app = Flask(__name__)
|
||
|
|
||
|
app.secret_key = rand(24)
|
||
|
|
||
|
# Thank you based StackOverflow
|
||
|
def cleanup_string(text):
|
||
|
text = text.encode("ascii", "replace").decode()
|
||
|
return text.strip()
|
||
|
|
||
|
# Load User Table into variable
|
||
|
def mysql_do(query):
|
||
|
db = pymysql.connect(host='dockerdev', port=3306, user='root', passwd='development', db='QuoteDB')
|
||
|
cur = db.cursor()
|
||
|
cur.execute(query)
|
||
|
data = cur.fetchall()
|
||
|
cur.close()
|
||
|
db.commit()
|
||
|
db.close()
|
||
|
return data
|
||
|
|
||
|
userdb = mysql_do("SELECT * FROM Users")
|
||
|
|
||
|
@app.route("/")
|
||
|
def index():
|
||
|
if 'username' in session:
|
||
|
return render_template("index.html", user=session["username"])
|
||
|
return render_template("index.html")
|
||
|
|
||
|
@app.route("/quotes")
|
||
|
def quoutepage():
|
||
|
retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC")
|
||
|
return render_template("quote_view.html", data=retdata)
|
||
|
|
||
|
@app.route("/addquote", methods=['GET','POST'])
|
||
|
def addquote():
|
||
|
if request.method == "POST":
|
||
|
|
||
|
quotein = pymysql.escape_string(request.form['quote'])
|
||
|
contextin = pymysql.escape_string(request.form['context'])
|
||
|
userin = pymysql.escape_string(request.form['user'])
|
||
|
|
||
|
|
||
|
#Remove Trailing and leading whitespace, strip unicode
|
||
|
quotein = cleanup_string(quotein)
|
||
|
contextin = cleanup_string(contextin)
|
||
|
|
||
|
if not quotein or quotein.isspace():
|
||
|
flash("Error: You must enter a quote!","danger")
|
||
|
return redirect(url_for("addquote"))
|
||
|
|
||
|
# Check if the <textarea> has been tampered with...
|
||
|
if (len(quotein) > 500) or (len(contextin) > 500):
|
||
|
flash("Error: Quote too long. Stop fucking with the code :P","danger")
|
||
|
return redirect(url_for("addquote"))
|
||
|
|
||
|
# This checks if the user value has been changed to a non integer
|
||
|
try:
|
||
|
userin = int(userin)
|
||
|
except:
|
||
|
flash("Error: Invalid userID. Stop fucking with the code :P","danger")
|
||
|
return redirect(url_for("addquote"))
|
||
|
|
||
|
# Check if the value is out of range of the valid uid's
|
||
|
if (userin > int(userdb[-1][0]) or (userin <= 0)):
|
||
|
flash("Error: Invalid userID. Stop fucking with the code :P","danger")
|
||
|
return redirect(url_for("addquote"))
|
||
|
|
||
|
|
||
|
if not contextin:
|
||
|
contextin = "NULL"
|
||
|
else:
|
||
|
contextin = "\'" + contextin + "\'"
|
||
|
|
||
|
|
||
|
|
||
|
sql = "INSERT INTO `Quotes` (`id`, `quote`, `date`, `user`, `context`) VALUES (NULL, '%s', CURRENT_TIMESTAMP, %d, %s);" % (quotein, userin, contextin)
|
||
|
print(sql)
|
||
|
mysql_do(sql)
|
||
|
flash("Success! The entry was added to the database.","success")
|
||
|
return redirect(url_for('index'))
|
||
|
return render_template("add_quote.html", users=userdb)
|
||
|
|
||
|
@app.route("/login", methods=['GET', 'POST'])
|
||
|
def login():
|
||
|
if request.method == 'POST':
|
||
|
session['username'] = request.form['username']
|
||
|
return redirect(url_for('index'))
|
||
|
return render_template("login.html")
|
||
|
|
||
|
@app.route("/logout")
|
||
|
def logout():
|
||
|
session.pop('username',None)
|
||
|
return redirect(url_for('index'))
|
||
|
|
||
|
@app.context_processor
|
||
|
def utility_processor():
|
||
|
def uid_to_user(uid):
|
||
|
for user in userdb:
|
||
|
if user[0] == uid:
|
||
|
return user[1]
|
||
|
return dict(uid_to_user=uid_to_user)
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
app.run(host="0.0.0.0", debug=True)
|