commit fd8e17926ecd39c49c640d7eb6ccaa5f5a4a3cac Author: Adam Dodman Date: Tue Oct 3 02:18:13 2017 +0100 Add barebones files from previous work diff --git a/default.sql b/default.sql new file mode 100644 index 0000000..e159c7c --- /dev/null +++ b/default.sql @@ -0,0 +1,16 @@ +CREATE TABLE Users ( + uid int NOT NULL AUTO_INCREMENT PRIMARY KEY, + user varchar(255) NOT NULL, + realname varchar(255) NOT NULL +); + +CREATE TABLE Quotes ( + id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, + quote VARCHAR(2048) NOT NULL, + date VARCHAR(255) NOT NULL, + user INT NOT NULL, + context VARCHAR(8000), + FOREIGN KEY (user) REFERENCES Users(uid) +); + + diff --git a/main.py b/main.py new file mode 100644 index 0000000..0efab1f --- /dev/null +++ b/main.py @@ -0,0 +1,112 @@ +from os import urandom as rand +from flaskext.mysql import MySQL +import pymysql +from flask import Flask, render_template, session, redirect, url_for, request, flash +import pprint + +pp = pprint.PrettyPrinter(indent=4) + +app = Flask(__name__) + +app.secret_key = rand(24) + +# Thank you based StackOverflow +def cleanup_string(text): + text = text.encode("ascii", "replace").decode() + return text.strip() + +# Load User Table into variable +def mysql_do(query): + db = pymysql.connect(host='dockerdev', port=3306, user='root', passwd='development', db='QuoteDB') + cur = db.cursor() + cur.execute(query) + data = cur.fetchall() + cur.close() + db.commit() + db.close() + return data + +userdb = mysql_do("SELECT * FROM Users") + +@app.route("/") +def index(): + if 'username' in session: + return render_template("index.html", user=session["username"]) + return render_template("index.html") + +@app.route("/quotes") +def quoutepage(): + retdata = mysql_do("SELECT * FROM Quotes ORDER BY ID DESC") + return render_template("quote_view.html", data=retdata) + +@app.route("/addquote", methods=['GET','POST']) +def addquote(): + if request.method == "POST": + + quotein = pymysql.escape_string(request.form['quote']) + contextin = pymysql.escape_string(request.form['context']) + userin = pymysql.escape_string(request.form['user']) + + + #Remove Trailing and leading whitespace, strip unicode + quotein = cleanup_string(quotein) + contextin = cleanup_string(contextin) + + if not quotein or quotein.isspace(): + flash("Error: You must enter a quote!","danger") + return redirect(url_for("addquote")) + + # Check if the

has been tampered with...
+        if (len(quotein) > 500) or (len(contextin) > 500):
+            flash("Error: Quote too long. Stop fucking with the code :P","danger")
+            return redirect(url_for("addquote"))
+       
+       # This checks if the user value has been changed to a non integer
+        try:
+            userin = int(userin)
+        except:
+            flash("Error: Invalid userID. Stop fucking with the code :P","danger")
+            return redirect(url_for("addquote"))
+        
+        # Check if the value is out of range of the valid uid's
+        if (userin > int(userdb[-1][0]) or (userin <= 0)):
+            flash("Error: Invalid userID. Stop fucking with the code :P","danger")
+            return redirect(url_for("addquote"))
+            
+        
+        if not contextin:
+            contextin = "NULL"
+        else:
+            contextin = "\'" + contextin + "\'"
+                
+        
+        
+        sql = "INSERT INTO `Quotes` (`id`, `quote`, `date`, `user`, `context`) VALUES (NULL, '%s', CURRENT_TIMESTAMP, %d, %s);" % (quotein, userin, contextin)
+        print(sql)
+        mysql_do(sql)
+        flash("Success! The entry was added to the database.","success")
+        return redirect(url_for('index'))
+    return render_template("add_quote.html", users=userdb)
+
+@app.route("/login", methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        session['username'] = request.form['username']
+        return redirect(url_for('index'))
+    return render_template("login.html")
+
+@app.route("/logout")
+def logout():
+    session.pop('username',None)
+    return redirect(url_for('index'))
+
+@app.context_processor
+def utility_processor():
+    def uid_to_user(uid):
+        for user in userdb:
+            if user[0] == uid:
+                return user[1]
+    return dict(uid_to_user=uid_to_user)
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", debug=True)
diff --git a/templates/add_quote.html b/templates/add_quote.html
new file mode 100644
index 0000000..aed5e29
--- /dev/null
+++ b/templates/add_quote.html
@@ -0,0 +1,28 @@
+{% extends "layout.html" %}
+{% block body %}
+<h1> Add new Quote </h1>
+<form method="post">
+  <div class="form-group">
+    <label for="quote">Quote:</label>
+    <textarea rows="3" maxlength="500" class="form-control" id="quote" name="quote" >

+ Required + +

+ Context: + +

+ User: + + User not listed? Add one here +

+ +

+ + +{% endblock %} diff --git a/templates/index.html b/templates/index.html new file mode 100644 index 0000000..b8a0b48 --- /dev/null +++ b/templates/index.html @@ -0,0 +1,8 @@ +{% extends "layout.html" %} +{% block body %} +

Clockwork Quotes Database

View Quotes

Add a Quote

+{% endblock %} diff --git a/templates/layout.html b/templates/layout.html new file mode 100644 index 0000000..a767c93 --- /dev/null +++ b/templates/layout.html @@ -0,0 +1,65 @@ + + + + + Clockwork Quote DB + + + + + + + + + {% block head %}{% endblock %} + + + + + + +

+ {% with messages = get_flashed_messages(with_categories=true) %} + {% if messages %} + {% for category, message in messages %} + {% set splitmessage = message.split(" ", 1) %} +

+ + {{ splitmessage[0] }} {{ splitmessage[1] }} +

+ {% endfor %} + {% endif %} + {% endwith %} + {% block body %}{% endblock %} + + + +

+ + + diff --git a/templates/login.html b/templates/login.html new file mode 100644 index 0000000..b6a01f0 --- /dev/null +++ b/templates/login.html @@ -0,0 +1,26 @@ +{% extends "layout.html" %} +{% block body %} + + + +{% endblock %} diff --git a/templates/quote_view.html b/templates/quote_view.html new file mode 100644 index 0000000..39c585d --- /dev/null +++ b/templates/quote_view.html @@ -0,0 +1,42 @@ +{% extends "layout.html" %} + +{% block head %} + + + + +{% endblock %} + +{% block body %} +

+ + + + + + + + + + + {% for entry in data %} + + + + + + + {% endfor %} + +

Date Added	User	Quote	Context
{{ "{:%Y/%m/%d %H:%M:%S}".format(entry[2]) }}	{{ uid_to_user(entry[3]) }}	{{ entry[1] }}	{{ entry[4] }}

+{% endblock %}