(sure wish there was a way to print this page out...)
I never looked into this page after posting it. look’s like someone fixed certain part of the code. thanks ! - k4ml.
I hate bad example and this is one of that. But I’m too lazy to rewrite this. Class should be used to represent a resource (nouns) and not action (verbs). So instead of `add`, `view`, `edit`, we should use something like `Post`, `Comment` to represent a resources request by user. By the time I wrote this, I haven’t realized this yet. Thank’s to Harry Fueck for pointing out this in his comments to my blog entry. - k4ml. Italic Text
—snip You missed the SQLdump. snap—
This code has major security issues. If you were wanting a secure authentication mechanism, this isn’t it. –sj26
#!/usr/bin/env python import web # For debugging use only web.internalerror = web.debugerror urls = ( '/', 'index', '/login', 'login', '/logout', 'logout', '/add', 'add', '/view/(\d+)', 'view', '/edit/(\d+)', 'edit', '/edit', 'edit', '/comment', 'comment', '/styles.css', 'style', '/view/styles.css', 'style', ) class index: def GET(self): post = web.query("select id, title, body, (select count(*) from comment where post_id = post.id) as total_comment from post;") web.render('index.html') class add: def GET(self): session = web.cookies() web.render('add.html') def POST(self): input = web.input() n = web.insert('post', title=input.post_title, body=input.post_body) web.redirect('./view/'+str(n)) class view: def GET(self, post_id): post = web.query("select * from post where id = $post_id", vars=locals()) comment = web.query("select * from comment where post_id = $post_id", vars=locals()) web.render('view.html') class edit: def GET(self, post_id): post = web.query("select * from post where id = $post_id", vars=locals()) web.render('edit.html') def POST(self): input = web.input() n = web.update('post', int(input.post_id), title=input.post_title, body=input.post_body) web.redirect('./view/'+str(n)) class comment: def POST(self): input = web.input() n = web.insert('comment', username=input.post_username, body=input.post_body, post_id=input.post_id) web.redirect('./view/'+input.post_id) class login: def POST(self): i = web.input() result = web.query( \ "select * \ from members \ where username = '$username' \ and password = '$password'", vars=i) \ if len(result) > 0: login = 'login success !' web.setcookie('id', result[0].id) web.setcookie('username', result[0].username) else: login = 'wrong user name or password' web.render('login.html') class logout: def GET(self): web.setcookie('id', '', 'Mon, 01-Jan-2001 00:00:00 GMT') web.setcookie('username', '', 'Mon, 01-Jan-2001 00:00:00 GMT') web.render('logout.html') class style: def GET(self): web.header("Content-Type","text/css; charset=utf-8") print open('templates/style.css').read() if __name__ == "__main__": web.db_parameters = dict(dbn='postgres', user='kamal', pw='any', db='webpy') web.run(urls, web.reloader)
abc
<html> <head> <title>blog</title> <link rel="stylesheet" type="text/css" href="styles.css" media="screen"/> </head> <body> #for row in $post <h1>$row.title</h1> <p>$row.body</p> <p> <a href="./edit/$row.id">Edit</a> <a href="./view/$row.id">Comment($row.total_comment)</a> </p> <br /> #end for </body> </html>
<html> <head> <title>blog</title> <link rel="stylesheet" type="text/css" href="styles.css" media="screen"/> </head> <body> #if $session <p> You are login as $session.username | <a href="/logout">Logout</a></p> <form action="/add" method="post"> <label for="post_title">Title</label><br /> <input id="post_title" type="text" name="post_title" /><br /> <label for="post_body">Body</label><br /> <textarea id="post_body" name="post_body" cols="100" rows="10"></textarea><br /> <input type="submit" name="post_submit" value="Post it" /> </form> #else <form action="/login" method="post"> Username : <input type="text" name="username" /> Password : <input type="password" name="password" /> <input type="submit" name="login" value="Login" /> #end if </body> </html>
<html> <head> <title>blog</title> <link rel="stylesheet" type="text/css" href="styles.css" media="screen"/> </head> <body> <form action="/edit" method="post"> <label for="post_title">Title</label><br /> <input id="post_title" type="text" name="post_title" value="$post[0].title"/><br /> <label for="post_body">Body</label><br /> <textarea id="post_body" name="post_body" cols="100" rows="10">$post[0].body</textarea><br /> <input type="hidden" name="post_id" value="$post[0].id" /> <input type="submit" name="post_submit" value="Post it" /> </form> </body> </html>
<html> <head> <title>blog</title> <link rel="stylesheet" type="text/css" href="styles.css" media="screen"/> </head> <body> #if $login <p><b>$login</b></p> <p><a href="/add">Continue</a></p> #end if </body> </html>
<html> <head> <title>blog</title> <link rel="stylesheet" type="text/css" href="./styles.css" media="screen"/> </head> <body> <h1 class="header"><a href="/">k4ml blog</a></h1> #if $post[0] <h1>$post[0].title</h1> <p>$post[0].body</p> <p> <a href="./edit/$post[0].id">Edit</a> | <a href="./view/$post[0].id">Permanent Link</a> </p> #end if <p>Comment for this post:</p> #for row in $comment <h1>$row.username</h1> <p>$row.body</p> <br /> #end for <form action="/comment" method="post"> <label for="post_username">Name</label><br /> <input id="post_username" type="text" name="post_username" /><br /> <label for="post_body">Comment</label><br /> <textarea id="post_body" name="post_body" cols="100" rows="10"></textarea><br /> <input type="hidden" name="post_id" value="$post[0].id" /> <input type="submit" name="post_submit" value="Post Comment" /> </form> </body> </html>