addition of an author's blog consultation

2025-12-10 01:14:05 +01:00 · 2025-12-10 01:14:05 +01:00 · d887acd164
commit d887acd164
parent 603c19de26
5 changed files with 415 additions and 43 deletions
--- a/templates/_header.html
+++ b/templates/_header.html
@ -5,6 +5,15 @@
      <span class="menu-icon"></span>
    </button>
    <details class="dropdown">
      <summary role="button" class="secondary menu-header">Theme</summary>
      <ul>
        <li><a href="#" data-theme-switcher="auto">Auto</a></li>
        <li><a href="#" data-theme-switcher="light">Clair</a></li>
        <li><a href="#" data-theme-switcher="dark">Sombre</a></li>
      </ul>
    </details>
    <a href="/logs/">
      <button class="menu-header">
 	Mes logs <br/>
@ -19,14 +28,6 @@
      </button>
    </a>
    <details class="dropdown">
      <summary role="button" class="secondary menu-header">Theme</summary>
      <ul>
        <li><a href="#" data-theme-switcher="auto">Auto</a></li>
        <li><a href="#" data-theme-switcher="light">Clair</a></li>
        <li><a href="#" data-theme-switcher="dark">Sombre</a></li>
      </ul>
    </details>
  </nav>
 </header>
--- a/templates/index_blog.html
+++ b/templates/index_blog.html
@ -8,6 +8,12 @@
  </head>
  <body>
    {% if not(posts) %}
    <h1 style="text-align: center;"> Désolé ce blog n'existe pas encore :/ </h1>
    {% else %}
    <div class="articles">
      {% for post in posts %}
@ -30,5 +36,6 @@
      </div>
      {% endfor %}
    </div>
    {% endif %}
  </body>
 </html>
--- a/views/#blog.py#
+++ b/views/#blog.py#
@ -0,0 +1,215 @@
 # -*- coding: utf-8 -*-
 from flask import Blueprint, render_template, session, redirect, url_for, request, flash, abort, Flask
 import time
 from markupsafe import escape
 import sqlite3
 from markdown import markdown
 from tools.filesutils import getFileSizeKo
 import string
 from tools.utils import login_required
 blog = Blueprint('blog', __name__, template_folder='templates')
 app = Flask( 'pywallter' )
 app.config.from_pyfile('config.py')
 ########################### Variables Globales #################################
 extensionimg = app.config['EXT_IMG']
 DATABASE = app.config['DATABASE']
 BASE_URL= app.config['BASE_URL']
 DOSSIER_PERSO= app.config['DOSSIER_APP']+'/'
 DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/'
 ################################################################################
@blog.route('/myblog/new-article/', methods=['GET', 'POST'])
@login_required
 def new_article():
    user = '%s'% escape(session['username'])
    if request.method == 'POST':
        title = request.form['title']
        subtitle = request.form['subtitle'] 
        category = request.form['category'] 
        content = request.form['content']
        status = request.form['status']
        post_date = time.strftime("%d/%m/%Y %H:%M:%S")
        conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
        cursor = conn.cursor() # Création de l'objet "curseur"
        cursor.execute("""INSERT INTO Blog_posts(title, subtitle, category, content, creation_date, author, status) VALUES(?, ?, ?, ?, ?, ?, ?)""", (title, subtitle, category, content, post_date, user, status)) # Insérer des valeurs
        conn.commit()
        return redirect(url_for('blog.list_articles_blog'))
    else:
        return render_template('new_article_blog.html')
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
@login_required
 def edit(title):
    user='%s'% escape(session['username'])
    folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
    if request.method == 'POST' :
        title = requrest.form['title']
        subtitle = request.form['subtitle']
        category = request.form['category']
        newcontent = request.form['content']
        newstatus = request.form['status']
        updated = time.strftime("%d/%m/%Y %H:%M:%S")
        conn = sqlite3.connect(DATABASE)
        cursor = conn.cursor()
        cursor.execute("""UPDATE Blog_posts SET title, subtitle=?, category=?, last_updated=?, status=?, content=? WHERE title=? AND author=?""", (title, subtitle, category, updated, newstatus, newcontent, title, user))
        conn.commit()
        conn.close()
        return redirect(url_for('blog.list_articles_blog'))
    else:
        conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
        cursor = conn.cursor() # Création de l'objet "curseur"
        cursor.execute("""SELECT title, subtitle, category, content, status FROM Blog_posts WHERE title=? AND author=?""", (title, user))
        oldpost = cursor.fetchone()
        conn.close()
        post = dict(title=oldpost[0], subtitle=oldpost[1], categoory=oldpost[2], content=oldpost[3], status=oldpost[4])
        return render_template('edit_article.html',
                               section='Post-it',
                               oldpost=post)
@blog.route('/myblog/list-articles/', methods=['GET'])
@login_required
 def list_articles_blog():
    user = '%s'% escape(session['username'])
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, creation_date, last_updated, status FROM Blog_posts WHERE author=? """, (user,) )
    list_posts=cursor.fetchall()
    posts=list()
    nb_articles=0
    for post in list_posts:
        posts = [dict(title=post[0],
                      subtitle=post[1],
                      time=post[2],
                      last_updated=post[3],
                      status=post[4])] + posts
        nb_articles =+ 1
        return render_template('list_articles.html',
                               section="Articles",
                               list_posts=posts,
                               nb_articles=nb_articles
                               )
@blog.route('/myblog/delete/<title>')
@login_required
 def delete(title):
    title = escape(title)
    user='%s'% escape(session['username'])
    folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
    folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user))
    conn.commit()
    conn.close()
    return redirect(url_for('blog.list_articles_blog'))
@blog.route('/myblog/personnalize/', methods=['GET'])
@login_required
 def personnalize_blog():
    return render_template('personnalize_blog.html')
@blog.route('/private-blog/', methods=['GET'])
@login_required
 def view_internal():
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, content, creation_date, last_updated, author, status FROM Blog_posts WHERE status!='draft' """ )
    list_posts=cursor.fetchall()
    conn.close()
    posts=list()
    id=0
    if list_posts != None:         
        for post in list_posts:
            posts = [dict(title=post[0], subtitle=post[1], content=post[2],  creation_date=post[3], last_updated=post[4], author=post[5], status=post[6] )] + posts
    else:
        return redirect(BASE_URL, code=404)
    return render_template('index_blog.html', section='Blog', posts=posts)
@blog.route('/blog/', methods=['GET'])
 def view():
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, creation_date, author, status FROM Blog_posts WHERE status='public'""" )
    list_posts=cursor.fetchall()
    posts=list()
    id=0
    conn.close()
    if list_posts != None:         
        for post in list_posts:
            posts=[dict(title=post[0], subtitle=post[1], creation_date=post[2], author=post[3], status=post[4])] + posts
    else:
        return redirect(BASE_URL, code=404)
    return render_template('index_blog.html', section='Blog', posts=posts)
@blog.route('/blog/<author>/', methods=['GET'])
 def viewuser(author):
    author = escape(author)
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, creation_date, last_updated, author FROM Blog_posts WHERE author=? AND status='public' """, (author,))
    list_posts=cursor.fetchall()
    posts=None
    id=0
    conn.close()
    if list_posts != None:         
        posts=list()
        for post in list_posts:
            posts=[dict(title=post[0], subtitle=post[1], creation_date=post[2], author=post[3], status=post[4])] + posts
    else:
        return redirect(BASE_URL, code=404)
    return render_template('index_blog.html', section='Blog', posts=posts)
@blog.route('/blog/private/<username>/<title>', methods=['GET'])
@login_required
 def viewPrivateArticle(username, title):
    user = escape(username)
    title = escape(title)
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, content,  creation_date, last_updated, author, status FROM Blog_posts WHERE  author=? AND title=? AND status!='draft' """, (user, title))
    post = cursor.fetchone()
    conn.close()
    if post != None:
        post_info = (dict(title=post[0], subtitle=post[1], creation_date=post[3], last_updated=post[4],author=post[5]))
        content= markdown(post[2])
        return render_template('blog.html', post_info=post_info, content=content)
    else:
        return redirect(url_for('blog'), code=404);
@blog.route('/blog/public/<username>/<title>', methods=['GET'])
 def viewArticle(username, title):
    user = username
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, content,  creation_date, last_updated, author FROM Blog_posts WHERE  author=? AND title=? AND status='public' """, (user, title) )
    post = cursor.fetchone()
    conn.close()
    if post != None:
        post_info = (dict(title=post[0], subtitle=post[1], creation_date=post[3], last_updated=post[4],author=post[5]))
        content= markdown(post[2])
        return render_template('blog.html', post_info=post_info, content=content)
    else:
        return redirect(url_for('blog'), code=404);
--- a/views/#mymailbox.py#
+++ b/views/#mymailbox.py#
@ -0,0 +1,132 @@
 from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file, flash, abort, send_from_directory
 from werkzeug.utils import secure_filename
 from PIL import Image
 from markupsafe import escape
 import time
 import sqlite3
 import os
 from shutil import copy
 from socket import gethostname
 from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, login_required
 mymailbox = Blueprint('mymailbox', __name__, template_folder='templates')
 app = Flask( 'pywallter' )
 app.config.from_pyfile('config.py')
 #### Variables ####################################################################################
 DOSSIER_PERSO = app.config['DOSSIER_APP']
 extensionimg = app.config['EXT_IMG']
 DATABASE = app.config['DATABASE']
 DATAS_USER = app.config['DOSSIER_APP']
 MAIL_SERVER = app.config['MAIL_SERVER']
 XMPP_SERVER = app.config['XMPP_SERVER']
 SETUID = app.config['SETUID']
 BASE_URL = app.config['BASE_URL']
 BACKUP_TIME = app.config['BACKUP_TIME']
 ##################################################################################################
@mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] )
@login_required
 def myalias():
    hostname=gethostname()
    UTILISATEUR='%s' % escape(session['username'])
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    if request.method == 'POST' and MAIL_SERVER:
        if request.form['alias']:
            alias = request.form['alias'].lower()+'@'+hostname
        else:
            flash(u'Addresse invalide')
        if email_disp(alias):
            cursor.execute("""SELECT Mail, alias FROM users where name=?""", (UTILISATEUR,))
            tmp = cursor.fetchone()
            mail = tmp[0]
            if tmp[1]:
               alias_list = tmp[1]
               aliases = alias_list + "," +alias
            else:
               aliases = alias
            cmd = SETUID+ " set_mail_alias " + "'"+mail+"'"+" add "+"'"+alias+"'"
            res = os.system(cmd)
            if res == 0:
               cursor.execute("UPDATE users SET alias=? WHERE name=?",
                              (aliases, UTILISATEUR))
               conn.commit()
               TIME=time.strftime("%A %d %B %Y %H:%M:%S")
               IP=request.environ['REMOTE_ADDR']
               CLIENT_PLATFORM=request.headers.get('User-Agent')
               log=TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Ajout de l'alias "+ alias  + '\n'
               append_to_log(log, UTILISATEUR)
               flash(u'Votre alias a été ajouté', 'succes')
            else:
                flash(u'Adresse indisponible', 'error')
        else:
            flash(u'Adresse indisponible', 'error')
    cursor.execute("""SELECT Mail, alias FROM users WHERE name=?""",
                   (UTILISATEUR,))
    tmp = cursor.fetchone()
    mailbox = dict()
    mailbox['Mail'] = tmp[0]
    if tmp[1]:
        mailbox['alias'] = tmp[1].split(',')
    else:
        mailbox['alias'] = list()
    conn.close()
    return render_template('myalias.html',
                           section="mailbox",
                           email=mailbox['Mail'],
                           aliases=mailbox['alias'],
                           hostname=hostname,
                           MAIL_SERVER=MAIL_SERVER,
                             username=UTILISATEUR )
@mymailbox.route('/mymailbox/rmalias/<aliasrm>')
@login_required
 def remove_alias(aliasrm):
    aliasrm = escape(aliasrm)
    if MAIL_SERVER:
        UTILISATEUR='%s' % escape(session['username'])
        conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
        cursor = conn.cursor() # Création de l'objet "curseur"
        cursor.execute("""SELECT Mail, alias FROM users WHERE name=?""", (UTILISATEUR,))
        tmp = cursor.fetchone()
        mail = tmp[0]
        alias_list = tmp[1].split(',')
        aliases = ""
        for alias in alias_list:
            if alias != aliasrm:
                if aliases:
                    aliases = aliases + "," + alias
                else:
                    aliases = alias
        cmd = SETUID + " set_mail_alias " + "'"+mail+"'"+" del "+"'"+alias+"'"
        res = os.system(cmd)
        if res == 0:
            cursor.execute("UPDATE users SET alias=? WHERE name=?",
                           (aliases, UTILISATEUR))
            conn.commit()
            TIME=time.strftime("%A %d %B %Y %H:%M:%S")
            IP=request.environ['REMOTE_ADDR']
            CLIENT_PLATFORM=request.headers.get('User-Agent')
            log = TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Suppression de l'alias "+ alias  + '\n'
            append_to_log(log, UTILISATEUR)
            flash(u'Votre alias a été supprimé', 'succes')
        else:
            flash(u'Il y a eu une erreur', 'error')
    return redirect(url_for('mymailbox.myalias', _external=True))
--- a/views/blog.py
+++ b/views/blog.py
@ -49,9 +49,7 @@ def new_article():
@login_required
 def edit(title):
    user='%s'% escape(session['username'])
    folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
    if request.method == 'POST' :
        title = requrest.form['title']
        subtitle = request.form['subtitle']
@ -64,7 +62,6 @@ def edit(title):
        cursor.execute("""UPDATE Blog_posts SET title, subtitle=?, category=?, last_updated=?, status=?, content=? WHERE title=? AND author=?""", (title, subtitle, category, updated, newstatus, newcontent, title, user))
        conn.commit()
        conn.close()
        return redirect(url_for('blog.list_articles_blog'))
    else:
        conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
@ -105,6 +102,7 @@ def list_articles_blog():
@blog.route('/myblog/delete/<title>')
@login_required
 def delete(title):
    title = escape(title)
    user='%s'% escape(session['username'])
    folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
    folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
@ -131,7 +129,6 @@ def view_internal():
    conn.close()
    posts=list()
    id=0
    if list_posts != None:         
        for post in list_posts:
            posts = [dict(title=post[0], subtitle=post[1], content=post[2],  creation_date=post[3], last_updated=post[4], author=post[5], status=post[6] )] + posts
@ -144,13 +141,11 @@ def view_internal():
 def view():
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
-    cursor.execute("""SELECT title, subtitle, creation_date, author FROM Blog_posts WHERE status='public'""" )
+    cursor.execute("""SELECT title, subtitle, creation_date, author, status FROM Blog_posts WHERE status='public'""" )
    list_posts=cursor.fetchall()
    posts=list()
    id=0
    conn.close()
    print (list_posts)
    if list_posts != None:         
        for post in list_posts:
            posts=[dict(title=post[0], subtitle=post[1], creation_date=post[2], author=post[3], status=post[4])] + posts
@ -160,10 +155,33 @@ def view():
    return render_template('index_blog.html', section='Blog', posts=posts)
@blog.route('/blog/<author>/', methods=['GET'])
 def viewuser(author):
    author = escape(author)
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, creation_date, last_updated, author FROM Blog_posts WHERE author=? AND status='public' """, (author,))
    list_posts=cursor.fetchall()
    posts=None
    id=0
    conn.close()
    if list_posts != None:         
        posts=list()
        for post in list_posts:
            posts=[dict(title=post[0], subtitle=post[1], creation_date=post[2], author=post[3], status=post[4])] + posts
    else:
        return redirect(BASE_URL, code=404)
    return render_template('index_blog.html', section='Blog', posts=posts)
@blog.route('/blog/private/<username>/<title>', methods=['GET'])
@login_required
 def viewPrivateArticle(username, title):
-    user = username
+    user = escape(username)
    title = escape(title)
    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
    cursor = conn.cursor() # Création de l'objet "curseur"
    cursor.execute("""SELECT title, subtitle, content,  creation_date, last_updated, author, status FROM Blog_posts WHERE  author=? AND title=? AND status!='draft' """, (user, title))
@ -172,7 +190,6 @@ def viewPrivateArticle(username, title):
    if post != None:
        post_info = (dict(title=post[0], subtitle=post[1], creation_date=post[3], last_updated=post[4],author=post[5]))
        content= markdown(post[2])
        return render_template('blog.html', post_info=post_info, content=content)
    else:
        return redirect(url_for('blog'), code=404);