User details

Added a user details page and the ability to update display name and password
2023-10-20 16:50:05 +02:00 · 2023-10-20 16:50:05 +02:00 · fd1742ec38
parent 76d43d57d9
commit fd1742ec38
4 changed files with 91 additions and 3 deletions
--- a/flask/app.py
+++ b/flask/app.py
@ -36,11 +36,44 @@ def homepage():
    return render_template("home.html", title="Homepage",userdata=userdata,login=logged_in,archives=archives)

@app.route('/user')
-@app.route('/user/<int:userid>')
-def userpage(userid:int=0):
+@app.route('/user/<int:page_userid>', methods=['GET','POST'])
+def userpage(page_userid:int=0):
    logged_in,userdata=get_login_info(request.cookies.get('session'))
    if not logged_in:
        return make_response(redirect('/'))
+    if page_userid == 0:
+        return make_response(redirect(f"/user/{userdata[0]}"))
+    page_userdata=db.get_user_info(page_userid)
+    
+    # POST: Update display name or password
+    if request.method == 'POST':
+        match request.form['edit-type']:
+            case "password":
+                old_passhash=sha256(request.form['old-pass'].encode()).hexdigest()
+                if not old_passhash == db.get_passhash(userdata[1])[2]:
+                    return errorpage("The old password does not match!")
+                new_password=request.form['new-pass']
+                conf_password=request.form['conf-pass']
+                if not new_password == conf_password:
+                    return errorpage("The new passwords do not match!")
+                res,data=db.update_user_info(userdata[0],"PASSHASH",sha256(new_password.encode()).hexdigest().upper())
+            case "dname":
+                res,data=db.update_user_info(userdata[0],"DNAME",request.form['display-name'])
+            case _:
+                return make_response(redirect(f"/user/{page_userid}"))
+        if not res:
+            return errorpage("Something went wrong: " + data)
+        return make_response(redirect('/'))
+
+    # GET: return normal info page
+    return render_template("user.html", title="User Details",userdata=page_userdata,login_userid=userdata[0],userid=page_userid)
+
+@app.route('/user/<uname>')
+def user_redirect(uname:str):
+    userdata=db.get_user_info_from_uname(uname)
+    if not userdata:
+        return make_response(redirect(f"/user"))
+    return make_response(redirect(f"/user/{userdata[0]}"))

@app.route('/add', methods=['GET','POST'])
 def addpage():
--- a/flask/func.py
+++ b/flask/func.py
@ -73,7 +73,7 @@ class db:
        );""")
    
    ## Gets the passhash from a specific user
-    ## OUTPUT: (If user exists) int=200, passhash:str
+    ## OUTPUT: (If user exists) int=200, ID:int, passhash:str
    ##         (If user does not exist) int=400, Exception:str
    def get_passhash(self, username:str):
        self.cur.execute(f"SELECT ID,PASSHASH FROM Users WHERE UNAME='{username}'")
@ -107,6 +107,19 @@ class db:
        self.cur.execute(f"SELECT * FROM Users WHERE ID='{userid}'")
        return self.cur.fetchone()

+    ## like above, just with uname
+    ## OUTPUT: tuple=(ID:int,UNAME:str,DNAME:str,CREATED:int,STATE:text,PASSHASH:text)
+    def get_user_info_from_uname(self, uname:str):
+        self.cur.execute(f"SELECT * FROM Users WHERE UNAME='{uname}'")
+        return self.cur.fetchone()
+
+    def update_user_info(self, userid, update_type:str,value):
+        allowed_types={"DNAME":str,"PASSHASH":str}
+        if update_type.upper() not in allowed_types:
+            return False, "Not allowed"
+        self.cur.execute(f"""UPDATE Users SET {update_type}={value if allowed_types[update_type]==int else f"'{value}'"} WHERE ID={userid}""")
+        return True, "Updated"
+
    ## Checks information for errors and adds archive to the DB
    ## OUTPUT: (if successful) res:bool=True, ID:int
    ##         (if unsuccessful) res:bool=False, str
--- a/flask/static/user.css
+++ b/flask/static/user.css
@ -0,0 +1,9 @@
+div.grid-container {
+    display: grid;
+    grid-template-columns: max-content max-content;
+}
+
+div.grid-container > * {
+    padding: 0.2em 0.5em;
+    border-bottom: lightgrey 0.1em solid;
+}
--- a/flask/templates/user.html
+++ b/flask/templates/user.html
@ -0,0 +1,33 @@
+{% extends "base.html" %}
+
+{% block meta %}
+<link rel="stylesheet" href="/static/user.css" />
+{% endblock %}
+
+{% block content %}
+<div class="grid-container">
+    <b>Display Name: </b>
+    <span>
+        {{userdata[2]}}
+        {% if userdata[0] == login_userid %}
+        <form action="/user/{{userdata[0]}}" method="post"><input type="hidden" name="edit-type" value="dname"><input type="text" name="display-name" placeholder="Edit Display Name"> <input type="submit" value="Edit"></form>
+        {% endif %}
+    </span>
+    <b>Username: </b><span>{{userdata[1]}}</span>
+    <b>Joined: </b><span>{{userdata[3]|ctime}}</span>
+    <b>Status: </b><span>{% if userdata[4] %}{{userdata[4]}}{% else %}Okay{% endif %}</span>
+</div>
+{% if userdata[0] == login_userid %}
+<br>
+<form action="/user/{{userdata[0]}}" method="post">
+    <div class="grid-container">
+        <input type="hidden" name="edit-type" value="password">
+        <h3>Change Password:</h3><div></div>
+        <b>Old Password: </b><input type="password" name="old-pass" placeholder="******">
+        <b>New Password: </b><input type="password" name="new-pass" placeholder="********">
+        <b>Confirm Password: </b><input type="password" name="conf-pass" placeholder="********">
+        <input type="submit" value="Change Password">
+    </div>
+</form>
+{% endif %}
+{% endblock %}