implement admin functionality(panel+check on login), added requirements.txt

2024-10-14 16:57:34 +05:00 · 2024-10-14 16:57:34 +05:00 · 40cb71715b
commit 40cb71715b
parent e3a4c716d4
5 changed files with 78 additions and 11 deletions
--- a/app.py
+++ b/app.py
@ -13,7 +13,6 @@ db = client.flask_db
 posts_collection = db.posts_collection
 users_collection = db.users_collection

-
 #app routes
@app.route('/', methods=['GET'])
 def index():
@ -43,12 +42,17 @@ def post():
    content = request.form['content']
    image = request.files['image']
    timestamp = datetime.now()
+    if 'user_id' not in session:
+        username = 'Anonymous'
+    else:
+        username = session['username']

    #insert the post into MongoDB
    post_data = {
        'board_name': board_name,
        'content': content,
-        'timestamp': timestamp
+        'timestamp': timestamp,
+        'username' : username
    }

    if image:
@ -78,21 +82,32 @@ def login_post():
    user = users_collection.find_one({'username': username})
    if user and check_password_hash(user['password'], password):
        session['user_id'] = str(user['_id'])
+        session['username'] = username
        return redirect(url_for('index'))
+    elif user == 'admin' and check_password_hash(user['password'], password):
+        session['user_id'] = str(user['_id'])
+        session['username'] = username
+        return redirect(url_for('admin'))
    else:
        return redirect(url_for('login'))
    
@app.route('/register', methods=['GET'])
 def register():
-    return render_template('register.html')
+    regalert = request.args.get('regalert', '')
+    return render_template('register.html', regalert=regalert)

@app.route('/register', methods=['POST'])
 def register_post():
    username = request.form['username']
    password = request.form['password']
    hashed_password = generate_password_hash(password, method='pbkdf2:sha256')
+    regalert = ''

-    #insert the user into MongoDB
+    if users_collection.find_one({'username': username}):
+        regalert = 'username already exists!'
+        return redirect(url_for('register', regalert=regalert))
+    else:
+        # Insert the user into MongoDB
        users_collection.insert_one({
            'username': username,
            'password': hashed_password
@ -100,6 +115,26 @@ def register_post():

    return redirect(url_for('login'))

+@app.route('/admin', methods=['GET'])
+def admin():
+    admin_user = users_collection.find_one({'username': 'admin'})
+    success = request.args.get('success', '')
+    if admin_user or session['user_id'] != str(admin_user['_id']):
+        return render_template('admin.html', success=success)
+    else:
+        return url_for('index')
+
+@app.route('/deletepost', methods=['POST'])
+def deletepost():
+    admin_user = users_collection.find_one({'username': 'admin'})
+    if not admin_user or session['user_id'] != str(admin_user['_id']):
+        return redirect(url_for('index'))
+    else:
+        post_id = request.form['post_id']
+        posts_collection.delete_one({'_id': ObjectId(post_id)})
+        success = 'post deleted!'
+        return redirect(url_for('admin', success=success))
+
@app.route('/logout')
 def logout():
    session.pop('user_id', None)
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,4 @@
+FlasK
+pymongo
+bson
+werkzeug
--- a/templates/admin.html
+++ b/templates/admin.html
@ -0,0 +1,21 @@
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>admin panel</title>
+        <link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css') }}">
+    </head>
+    <body>
+        <div>
+            <h2>admin panel</h2>
+            <div>
+                <h4>delete post</h4>
+                <h4 style="color: yellow;">{{ success }}</h4>
+                <form action="{{ url_for('deletepost') }}" method="post">
+                    <input type="text" name="post_id" placeholder="post id">
+                    <button type="submit">delete</button>
+                </form>
+            </div>
+        </div>
+    </body>
+</html>
--- a/templates/board.html
+++ b/templates/board.html
@ -7,7 +7,13 @@
    <link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css') }}">
 </head>
 <body>
-{% block content %}
+    <div class="navbar">
+        <a>logged in as {{ session.username }}</a>
+        <a href="{{ url_for('index') }}">home</a>
+        <a href="{{ url_for('logout') }}">logout</a>
+        <a href="{{ url_for('admin') }}">admin</a>
+    </div>
+    {% block content %}
    <div class="link-container">
        <h2>{{ header }}</h2>
        <form action="{{ url_for('post') }}" method="post" enctype="multipart/form-data">
@ -23,7 +29,7 @@
                        <img src="{{ url_for('image', post_id=post._id) }}" alt="Post Image">
                    {% endif %}
                    <p>{{ post.content }}</p>
-                    <small>{{ post.timestamp }}</small>
+                    <small>{{ post.username }} {{ post.timestamp }} {{ post._id }}</small>
                </div>
            {% endfor %}
        </div>
--- a/templates/register.html
+++ b/templates/register.html
@ -7,6 +7,7 @@
 <body>
    <div class="link-container">
        <h1>register</h1>
+            <h4>{{ regalert }}</h4>
            <form action="{{ url_for('register_post') }}" method="post">
            <label for="username">username:</label>
            <input type="text" id="username" name="username" required>