implemented settings

2019-09-09 22:08:43 +10:00 · 2019-09-09 22:08:43 +10:00 · eb3fb77c18
parent 3a0c67fc4e
commit eb3fb77c18
3 changed files with 76 additions and 11 deletions
--- a/static/style.css
+++ b/static/style.css
@ -183,10 +183,18 @@ form .row {
 	display: inline-block;
 }

-.error {
-	background-color: #e66;
+.error, .success {
 	color: white;
 	text-align: center;
 	font-size: 1.6em;
 	padding: 10px;
 }
+.error {
+	background-color: #e66;
+}
+.error.err-small {
+	font-size: 1.0em;
+}
+.success {
+	background-color: #6e6;
+}
--- a/templates/settings.html
+++ b/templates/settings.html
@ -10,9 +10,12 @@
 	<div class="container">
 		<h1 class="thin centred">Account settings</h1>
 	</div>
+
+	{% include 'error.html' %}
+	{% include 'success.html' %}
 	
 	<div class="container">
-		<form action="/do/bot/edit" method="post" class="full-width">
+		<form method="POST" class="full-width">
 			<div class="container light">
 				<h2 class="thin centred">Login settings</h2>
 				<p class="centred">Update your email and password here.</p>
@ -32,6 +35,10 @@
 				<p class="centred">When should FediBooks send you email?</p>
 			</div>

+			<div class="error err-small">
+				Note: This feature isn't ready yet. As of now, FediBooks will not send you email.
+			</div>
+
 			<div class="row">
 				<label for="fetch-error" class="large">When my bot(s) can't get new posts</label>
 				<select name="fetch-error">
--- a/webui.py
+++ b/webui.py
@ -79,14 +79,59 @@ def show_signup_page():
 		error = session.pop('error')
 	return render_template("login.html", signup = True, error = error)

-@app.route("/settings")
+@app.route("/settings", methods=['GET', 'POST'])
 def settings():
-	return render_template("coming_soon.html")
-	dc = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
-	dc.execute("SELECT * FROM `users` WHERE id = %s", (session['user_id'],))
-	user = dc.fetchone()
-	dc.close()
-	return render_template("settings.html", user = user)
+	error = None
+	if request.method == 'GET':
+		dc = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
+		dc.execute("SELECT * FROM `users` WHERE id = %s", (session['user_id'],))
+		user = dc.fetchone()
+		dc.close()
+		if 'error' in session:
+			error = session.pop('error')
+		return render_template("settings.html", user = user, error = error, success = session.pop('success', None))
+
+	else:
+		# update settings
+		c = mysql.connection.cursor()
+
+		c.execute("SELECT COUNT(*) FROM users WHERE email = %s AND id != %s", (request.form['email'], session['user_id']))
+		if c.fetchone()[0] > 0:
+			session['error'] = "Email address already in use."
+			return redirect(url_for("settings"), 303)
+
+		for setting in [request.form['fetch-error'], request.form['submit-error'], request.form['reply-error'], request.form['generation-error']]:
+			if setting not in ['once', 'always', 'never']:
+				session['error'] = 'Invalid option "{}".'.format(setting)
+				return redirect(url_for('settings'), 303)
+
+		if request.form['password'] != '':
+			# user is updating their password
+			if len(request.form['password']) < 8:
+				session['error'] = "Password too short."
+				return redirect(url_for("settings"), 303)
+
+			pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
+			pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
+			c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id']))
+		
+		try:
+			c.execute("UPDATE users SET email = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", (
+				request.form['email'],
+				request.form['fetch-error'],
+				request.form['submit-error'],
+				request.form['generation-error'],
+				request.form['reply-error'],
+				session['user_id']
+			))
+			c.close()
+			mysql.connection.commit()
+		except:
+			session['error'] = "Encountered an error while updating the database."
+			return redirect(url_for('settings'), 303)
+
+		session['success'] = True
+		return redirect(url_for('settings'), 303)

@app.route("/bot/edit/<id>")
 def bot_edit(id):
@ -364,11 +409,16 @@ def do_signup():
 		session['error'] = "Password too short."
 		return redirect(url_for("show_signup_page"), 303)

+	c = mysql.connection.cursor()
+	c.execute("SELECT COUNT(*) FROM users WHERE email = %s", (request.form['email'],))
+	if c.fetchone()[0] > 0:
+		session['error'] = "Email address already in use."
+		return redirect(url_for("show_signup_page"), 303)
+
 	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
 	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))

 	# try to sign up
-	c = mysql.connection.cursor()
 	c.execute("INSERT INTO `users` (email, password) VALUES (%s, %s)", (request.form['email'], pw))
 	user_id = c.lastrowid
 	mysql.connection.commit()