diff options
Diffstat (limited to 'apioforum/user.py')
-rw-r--r-- | apioforum/user.py | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/apioforum/user.py b/apioforum/user.py index af0539a..409cfe1 100644 --- a/apioforum/user.py +++ b/apioforum/user.py @@ -1,14 +1,16 @@ # user pages from flask import ( - Blueprint, render_template, abort, g + Blueprint, render_template, abort, g, flash, redirect, url_for, request ) +from werkzeug.security import check_password_hash, generate_password_hash from .db import get_db from .mdrender import render bp = Blueprint("user", __name__, url_prefix="/user") + @bp.route("/<username>") def view_user(username): db = get_db() @@ -23,3 +25,41 @@ def view_user(username): rendered_bio=render(user['bio'] or "hail GEORGE"), posts=posts, rendered_posts=rendered_posts) + +@bp.route("/<username>/edit", methods=["GET","POST"]) +def edit_user(username): + db = get_db() + user = db.execute("SELECT * FROM users WHERE username = ?;",(username,)).fetchone() + if user is None: + abort(404) + if username != g.user: + flash("you cannot modify other people") + return redirect(url_for("user.view_user",username=username)) + + if request.method == "POST": + err = [] + if 'do_chpass' in request.form: + if not check_password_hash(user['password'],request.form['password']): + err.append("entered password does not match current password") + else: + db.execute("update users set password = ? where username = ?", + (generate_password_hash(request.form["new_password"]), username)) + db.commit() + flash("password changed changefully") + if 'do_chbio' in request.form: + if len(request.form['bio'].strip()) == 0: + err.append("please submit nonempty bio") + elif len(request.form['bio']) > 4000: + err.append("bio is too long!!") + else: + db.execute("update users set bio = ? where username = ?", (request.form['bio'], username)) + db.commit() + flash("bio updated successfully") + + if len(err) > 0: + for e in err: + flash(e) + else: + return redirect(url_for("user.view_user",username=username)) + + return render_template("user_settings.html",user=user) |