1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
# user pages
POSTS_PER_PAGE = 28
from flask import (
Blueprint, render_template, abort, g, flash, redirect, url_for, request
)
from werkzeug.security import check_password_hash, generate_password_hash
from .db import get_db
import math
bp = Blueprint("user", __name__, url_prefix="/user")
@bp.route("/<username>")
@bp.route("/<username>/page/<int:page>")
def view_user(username, page=1):
if page < 1:
abort(400)
db = get_db()
user = db.execute("SELECT * FROM users WHERE username = ?;",(username,)).fetchone()
if user is None:
abort(404)
posts = db.execute("""
SELECT * FROM posts
JOIN public_posts ON public_posts.id = posts.id
WHERE author = ? AND deleted = 0 AND public_posts.public
ORDER BY created DESC
LIMIT ? OFFSET ?;""",(username,POSTS_PER_PAGE,(page-1)*POSTS_PER_PAGE,)).fetchall()
num_posts = db.execute("""
SELECT count(*) as count FROM posts
JOIN public_posts ON public_posts.id = posts.id
WHERE author = ? AND public_posts.public;
""",(username,)).fetchone()['count']
max_pageno = math.ceil(num_posts/POSTS_PER_PAGE)
return render_template(
"view_user.html",
user=user,
posts=posts,
page=page,
max_pageno=max_pageno,
)
@bp.route("/<username>/edit", methods=["GET","POST"])
def edit_user(username):
db = get_db()
user = db.execute("SELECT * FROM users WHERE username = ?;",(username,)).fetchone()
if user is None:
abort(404)
if username != g.user:
flash("you cannot modify other people")
return redirect(url_for("user.view_user",username=username))
if request.method == "POST":
err = []
if len(request.form['new_password']) > 0:
if not check_password_hash(user['password'],request.form['password']):
err.append("entered password does not match current password")
else:
db.execute("update users set password = ? where username = ?",
(generate_password_hash(request.form["new_password"]), username))
db.commit()
flash("password changed changefully")
if request.form['bio'] != user['bio']:
if len(request.form['bio'].strip()) == 0:
err.append("please submit nonempty bio")
elif len(request.form['bio']) > 4500:
err.append("bio is too long!!")
else:
db.execute("update users set bio = ? where username = ?", (request.form['bio'], username))
db.commit()
flash("bio updated successfully")
if len(err) > 0:
for e in err:
flash(e)
else:
return redirect(url_for("user.view_user",username=username))
return render_template("user_settings.html",user=user)
|