aboutsummaryrefslogtreecommitdiffhomepage
path: root/apioforum/user.py
blob: d6fbb60cf1f0ab42a080f398035fb4e6768a5c5b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

# user pages
POSTS_PER_PAGE = 20

from flask import (
    Blueprint, render_template, abort, g, flash, redirect, url_for, request
)

from werkzeug.security import check_password_hash, generate_password_hash
from .db import get_db
import math

bp = Blueprint("user", __name__, url_prefix="/user")
    
@bp.route("/<username>")
@bp.route("/<username>/page/<int:page>")
def view_user(username, page=1):
    if page < 1:
        abort(400)
    
    db = get_db()
    user = db.execute("SELECT * FROM users WHERE username = ?;",(username,)).fetchone()
   
    if user is None:
        abort(404)
    posts = db.execute("""
        SELECT * FROM posts
        JOIN public_posts ON public_posts.id = posts.id
        WHERE author = ? AND deleted = 0 AND public_posts.public
        ORDER BY created DESC
        LIMIT ? OFFSET ?;""",(username,POSTS_PER_PAGE,(page-1)*POSTS_PER_PAGE,)).fetchall()
    num_posts = db.execute("""
    	SELECT count(*) as count FROM posts
    	JOIN public_posts ON public_posts.id = posts.id
        WHERE author = ? AND public_posts.public;
        """,(username,)).fetchone()['count']
    max_pageno = math.ceil(num_posts/POSTS_PER_PAGE)
    return render_template(
        "view_user.html",
        user=user,
        posts=posts,
        page=page,
        max_pageno=max_pageno,
    )

@bp.route("/<username>/edit", methods=["GET","POST"])
def edit_user(username):
    db = get_db()
    user = db.execute("SELECT * FROM users WHERE username = ?;",(username,)).fetchone()
    if user is None:
        abort(404)
    if username != g.user:
        flash("you cannot modify other people")
        return redirect(url_for("user.view_user",username=username))

    if request.method == "POST":
        err = []
        if len(request.form['new_password']) > 0:
            if not check_password_hash(user['password'],request.form['password']):
                err.append("entered password does not match current password")
            else:
                db.execute("update users set password = ? where username = ?", 
                        (generate_password_hash(request.form["new_password"]), username))
                db.commit()
                flash("password changed changefully")
        if request.form['bio'] != user['bio']:
            if len(request.form['bio'].strip()) == 0:
                err.append("please submit nonempty bio")
            elif len(request.form['bio']) > 4500:
                err.append("bio is too long!!")
            else:
                db.execute("update users set bio = ? where username = ?", (request.form['bio'], username))
                db.commit()
                flash("bio updated successfully")

        if len(err) > 0:
            for e in err:
                flash(e)
        else:
            return redirect(url_for("user.view_user",username=username))
        
    return render_template("user_settings.html",user=user)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 12:32:41 +0000