marcel/rar-index-py
1
0
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

User details

Browse source 
Added a user details page and the ability to update display name and password
This commit is contained in:
Michael Rodin 2023-10-20 16:50:05 +02:00
parent 76d43d57d9
commit fd1742ec38
4 changed files with 91 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
flask/app.py
View file

@ -36,11 +36,44 @@ def homepage():
return render_template("home.html", title="Homepage",userdata=userdata,login=logged_in,archives=archives) return render_template("home.html", title="Homepage",userdata=userdata,login=logged_in,archives=archives)
@app.route('/user') @app.route('/user')
@app.route('/user/<int:userid>') @app.route('/user/<int:page_userid>', methods=['GET','POST'])
def userpage(userid:int=0): def userpage(page_userid:int=0):
logged_in,userdata=get_login_info(request.cookies.get('session')) logged_in,userdata=get_login_info(request.cookies.get('session'))
if not logged_in: if not logged_in:
return make_response(redirect('/')) return make_response(redirect('/'))
if page_userid == 0:
return make_response(redirect(f"/user/{userdata[0]}"))
page_userdata=db.get_user_info(page_userid)
# POST: Update display name or password
if request.method == 'POST':
match request.form['edit-type']:
case "password":
old_passhash=sha256(request.form['old-pass'].encode()).hexdigest()
if not old_passhash == db.get_passhash(userdata[1])[2]:
return errorpage("The old password does not match!")
new_password=request.form['new-pass']
conf_password=request.form['conf-pass']
if not new_password == conf_password:
return errorpage("The new passwords do not match!")
res,data=db.update_user_info(userdata[0],"PASSHASH",sha256(new_password.encode()).hexdigest().upper())
case "dname":
res,data=db.update_user_info(userdata[0],"DNAME",request.form['display-name'])
case _:
return make_response(redirect(f"/user/{page_userid}"))
if not res:
return errorpage("Something went wrong: " + data)
return make_response(redirect('/'))
# GET: return normal info page
return render_template("user.html", title="User Details",userdata=page_userdata,login_userid=userdata[0],userid=page_userid)
@app.route('/user/<uname>')
def user_redirect(uname:str):
userdata=db.get_user_info_from_uname(uname)
if not userdata:
return make_response(redirect(f"/user"))
return make_response(redirect(f"/user/{userdata[0]}"))
@app.route('/add', methods=['GET','POST']) @app.route('/add', methods=['GET','POST'])
def addpage(): def addpage():

15
flask/func.py
View file

@ -73,7 +73,7 @@ class db:
);""") );""")
## Gets the passhash from a specific user ## Gets the passhash from a specific user
## OUTPUT: (If user exists) int=200, passhash:str ## OUTPUT: (If user exists) int=200, ID:int, passhash:str
## (If user does not exist) int=400, Exception:str ## (If user does not exist) int=400, Exception:str
def get_passhash(self, username:str): def get_passhash(self, username:str):
self.cur.execute(f"SELECT ID,PASSHASH FROM Users WHERE UNAME='{username}'") self.cur.execute(f"SELECT ID,PASSHASH FROM Users WHERE UNAME='{username}'")
@ -107,6 +107,19 @@ class db:
self.cur.execute(f"SELECT * FROM Users WHERE ID='{userid}'") self.cur.execute(f"SELECT * FROM Users WHERE ID='{userid}'")
return self.cur.fetchone() return self.cur.fetchone()
## like above, just with uname
## OUTPUT: tuple=(ID:int,UNAME:str,DNAME:str,CREATED:int,STATE:text,PASSHASH:text)
def get_user_info_from_uname(self, uname:str):
self.cur.execute(f"SELECT * FROM Users WHERE UNAME='{uname}'")
return self.cur.fetchone()
def update_user_info(self, userid, update_type:str,value):
allowed_types={"DNAME":str,"PASSHASH":str}
if update_type.upper() not in allowed_types:
return False, "Not allowed"
self.cur.execute(f"""UPDATE Users SET {update_type}={value if allowed_types[update_type]==int else f"'{value}'"} WHERE ID={userid}""")
return True, "Updated"
## Checks information for errors and adds archive to the DB ## Checks information for errors and adds archive to the DB
## OUTPUT: (if successful) res:bool=True, ID:int ## OUTPUT: (if successful) res:bool=True, ID:int
## (if unsuccessful) res:bool=False, str ## (if unsuccessful) res:bool=False, str

9
flask/static/user.css Normal file
View file

@ -0,0 +1,9 @@
div.grid-container {
display: grid;
grid-template-columns: max-content max-content;
}
div.grid-container > * {
padding: 0.2em 0.5em;
border-bottom: lightgrey 0.1em solid;
}

33
flask/templates/user.html Normal file
View file

@ -0,0 +1,33 @@
{% extends "base.html" %}
{% block meta %}
<link rel="stylesheet" href="/static/user.css" />
{% endblock %}
{% block content %}
<div class="grid-container">
<b>Display Name: </b>
<span>
{{userdata[2]}}
{% if userdata[0] == login_userid %}
<form action="/user/{{userdata[0]}}" method="post"><input type="hidden" name="edit-type" value="dname"><input type="text" name="display-name" placeholder="Edit Display Name"> <input type="submit" value="Edit"></form>
{% endif %}
</span>
<b>Username: </b><span>{{userdata[1]}}</span>
<b>Joined: </b><span>{{userdata[3]|ctime}}</span>
<b>Status: </b><span>{% if userdata[4] %}{{userdata[4]}}{% else %}Okay{% endif %}</span>
</div>
{% if userdata[0] == login_userid %}
<br>
<form action="/user/{{userdata[0]}}" method="post">
<div class="grid-container">
<input type="hidden" name="edit-type" value="password">
<h3>Change Password:</h3><div></div>
<b>Old Password: </b><input type="password" name="old-pass" placeholder="******">
<b>New Password: </b><input type="password" name="new-pass" placeholder="********">
<b>Confirm Password: </b><input type="password" name="conf-pass" placeholder="********">
<input type="submit" value="Change Password">
</div>
</form>
{% endif %}
{% endblock %}