diff --git a/app.py b/app.py index c1ef492..e258563 100644 --- a/app.py +++ b/app.py @@ -13,7 +13,6 @@ db = client.flask_db posts_collection = db.posts_collection users_collection = db.users_collection - #app routes @app.route('/', methods=['GET']) def index(): @@ -43,12 +42,17 @@ def post(): content = request.form['content'] image = request.files['image'] timestamp = datetime.now() + if 'user_id' not in session: + username = 'Anonymous' + else: + username = session['username'] #insert the post into MongoDB post_data = { 'board_name': board_name, 'content': content, - 'timestamp': timestamp + 'timestamp': timestamp, + 'username' : username } if image: @@ -78,28 +82,59 @@ def login_post(): user = users_collection.find_one({'username': username}) if user and check_password_hash(user['password'], password): session['user_id'] = str(user['_id']) + session['username'] = username return redirect(url_for('index')) + elif user == 'admin' and check_password_hash(user['password'], password): + session['user_id'] = str(user['_id']) + session['username'] = username + return redirect(url_for('admin')) else: return redirect(url_for('login')) @app.route('/register', methods=['GET']) def register(): - return render_template('register.html') + regalert = request.args.get('regalert', '') + return render_template('register.html', regalert=regalert) @app.route('/register', methods=['POST']) def register_post(): username = request.form['username'] password = request.form['password'] hashed_password = generate_password_hash(password, method='pbkdf2:sha256') + regalert = '' - #insert the user into MongoDB - users_collection.insert_one({ - 'username': username, - 'password': hashed_password - }) + if users_collection.find_one({'username': username}): + regalert = 'username already exists!' + return redirect(url_for('register', regalert=regalert)) + else: + # Insert the user into MongoDB + users_collection.insert_one({ + 'username': username, + 'password': hashed_password + }) return redirect(url_for('login')) +@app.route('/admin', methods=['GET']) +def admin(): + admin_user = users_collection.find_one({'username': 'admin'}) + success = request.args.get('success', '') + if admin_user or session['user_id'] != str(admin_user['_id']): + return render_template('admin.html', success=success) + else: + return url_for('index') + +@app.route('/deletepost', methods=['POST']) +def deletepost(): + admin_user = users_collection.find_one({'username': 'admin'}) + if not admin_user or session['user_id'] != str(admin_user['_id']): + return redirect(url_for('index')) + else: + post_id = request.form['post_id'] + posts_collection.delete_one({'_id': ObjectId(post_id)}) + success = 'post deleted!' + return redirect(url_for('admin', success=success)) + @app.route('/logout') def logout(): session.pop('user_id', None) diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c7735da --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +FlasK +pymongo +bson +werkzeug \ No newline at end of file diff --git a/templates/admin.html b/templates/admin.html new file mode 100644 index 0000000..8f214b2 --- /dev/null +++ b/templates/admin.html @@ -0,0 +1,21 @@ + + + + + admin panel + + + +
+

admin panel

+
+

delete post

+

{{ success }}

+
+ + +
+
+
+ + \ No newline at end of file diff --git a/templates/board.html b/templates/board.html index 15a40b8..6a9aee1 100644 --- a/templates/board.html +++ b/templates/board.html @@ -7,7 +7,13 @@ -{% block content %} +
+ logged in as {{ session.username }} + home + logout + admin +
+ {% block content %}

{{ header }}

@@ -16,14 +22,14 @@
-
+
{% for post in posts %}
{% if post.image %} Post Image {% endif %}

{{ post.content }}

- {{ post.timestamp }} + {{ post.username }} {{ post.timestamp }} {{ post._id }}
{% endfor %}
diff --git a/templates/register.html b/templates/register.html index 3d2a72d..d62d877 100644 --- a/templates/register.html +++ b/templates/register.html @@ -7,6 +7,7 @@

register

+

{{ regalert }}