Fixes

spideynn · Jun 4, 2015 · b70cdd5 · b70cdd5
1 parent 336b3c0
commit b70cdd5
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 50 deletions.
diff --git a/app.py b/app.py
@@ -20,7 +20,7 @@
 cfg.load_files(["data/blazegoat_panel.conf"]) # Load the panel configuration.
 
 app.config.update(dict(
-    DATABASE=os.path.join('data/', 'blazegoat.db'),
+    DATABASE=os.path.join('data/', 'blazegoat.production.db'),
     STATIC_FOLDER='static/',
     DEBUG=cfg.debug,
     SECRET_KEY=cfg.secret_key,
@@ -175,6 +175,8 @@ def register():
             error = 'That username is reserved.'
         elif len(request.form['password']) <  8:
             error =  'Your password must be eight characters or longer.'
+        elif len(request.form['username']) > 16:
+            error = "Your username is longer than 16 characters."
         else: # Attempt to insert the user
             try:
                 db.cursor().execute('INSERT INTO users (username, email, password, rank, tempPass) VALUES (?, ?, ?, 4, 0)',
@@ -213,7 +215,6 @@ def changepass():
 def createServer():
     db = get_db()
     error = None
-    print(cfg.server_creation_locked)
     if request.method == 'GET' and cfg.server_creation_locked == True:
         flash("Server creation has been locked by the administrators.")
         return redirect(url_for("index"))
@@ -225,15 +226,16 @@ def createServer():
             db.cursor().execute('INSERT INTO servers (owner, name, jartype) VALUES (?,?,?)', [str(session['username']), request.form['servername'], str(request.form.getlist('jartype')), ])
             db.commit()
             flash('Your server has been created with the following name: ' + request.form['servername'])
-            return redirect(url_for('index'))
-    else:
-        error = "Server creation has been locked by the administrators."
+            return redirect(url_for("index"))
     return render_template('servercp/createserver.html', error=error)
 
 @app.route('/logout')
 def logout():
     session.pop('logged_in', None) # Pop the session, logging out the user.
     session.pop('username', None) # Pop the username session cookie
+    session.pop('is_admin', None) # Pop the userlevel cookies, preventing security issues.
+    session.pop('is_moderator', None)
+    session.pop('is_trusted', None)
     flash('You were logged out.')
     return redirect(url_for('index'))
 
@@ -255,12 +257,12 @@ def serverIndex(sid):
             return render_template('errors/404.html')
     return render_template('servercp/serverpanel.html', error=error, sid=sid)
 
-    if request.method == 'POST':
-        if request.form['name'] == None:
-            error = 'The server name cannot be empty.'
-        db.cursor().execute('UPDATE servers SET jartype=?, name=? WHERE sid=?', [request.form['jartype'], request.form['name'], sid])
-        db.commit()
-    return render_template('servercp/serverpanel.html', error=error, sid=sid)
+    #if request.method == 'POST':
+    #    if request.form['name'] == None:
+    #        error = 'The server name cannot be empty.'
+    #    db.cursor().execute('UPDATE servers SET jartype=?, name=? WHERE sid=?', [request.form['jartype'], request.form['name'], sid])
+    #    db.commit()
+    #return render_template('servercp/serverpanel.html', error=error, sid=sid)
 
 @app.route('/servers/id/<sid>/_<option>', methods=["GET", "POST"])
 def serverFunctions(sid, option):
@@ -292,6 +294,26 @@ def adminUsers():
         abort(403)
     abort(403)
 
+@app.route('/admin/settings/<username>/_<option>')
+def adminUsersManageRank(username, option):
+    if session.get('logged_in') == True:
+        if option=="promote":
+            db = get_db()
+            db.execute('UPDATE users SET rank=1 WHERE username=?;', (username,))
+            db.commit()
+            flash('User ' + username + ' promoted to administrator. Log out and back in for it to take effect.')
+            return redirect(url_for('adminUsers'))
+
+        if option=="demote":
+            db = get_db()
+            db.execute('UPDATE users SET rank=4 WHERE username=?;', (username,))
+            db.commit()
+            flash('User ' + username + ' demoted to normal user. Log out and back in for it to take effect.')
+            return redirect(url_for('adminUsers'))
+    if session.get('logged_in') == False or None:
+        abort(403)
+    abort(403)
+
 @app.route('/admin/settings/servers')
 def adminServers():
     if session.get('logged_in') == True:
@@ -319,21 +341,18 @@ def adminPanelSettings():
 
             cfg.load_files(["data/blazegoat_panel.conf"]) # Reload the config.
 
-            print(cfg.debug)
-            print(app.config['DEBUG'])
-
             app.config.update(dict( # Update all the config options.
                 DATABASE=os.path.join('data/', 'blazegoat.db'),
                 STATIC_FOLDER='static/',
-                DEBUG=cfg.debug,
+                DEBUG=str(request.form["debug"]),
                 SECRET_KEY=cfg.secret_key,
-                server_creation_locked=cfg.server_creation_locked
+                server_creation_locked=str(request.form["server_creation_locked"])
             ))
         except:
             flash("There was an error saving the panel settings. Check the console for an error.")
-            exc_type, exc_value, exc_traceback = sys.exc_info()
-            lines = traceback.format_exception(exc_type, exc_value, exc_traceback)
-            print ''.join('!! ' + line for line in lines)  # Log it or whatever here
+            exc_type, exc_value, exc_traceback = sys.exc_info() # Get exception info
+            lines = traceback.format_exception(exc_type, exc_value, exc_traceback) # Format traceback information
+            print(''.join('!! ' + line for line in lines)) # Print exception
             return redirect(url_for("adminPanelSettings"))
         flash('Settings saved successfully.')
         return redirect(url_for("adminPanelSettings"))

diff --git a/data/blazegoat_panel.conf b/data/blazegoat_panel.conf
@@ -2,3 +2,4 @@ port: 8080
 debug: True
 secret_key: 8v0w9e8RNWEVRW90e8rnvWER9837R
 server_creation_locked: True
+
diff --git a/templates/admincp/adminsettings.html b/templates/admincp/adminsettings.html
@@ -1,9 +1,8 @@
 {% extends "layout.html" %}
 
 {% block body %}
-<h2>Panel Settings</h2>
+<h1>Global Panel Settings</h1>
     <div class="adminpanel">
-        <h1>Global Panel Settings</h1>
         {% if error %}<p class="error"><strong>Error:</strong> {{ error }}{% endif %}
         <form action="panel" method="post">
             <dl>
@@ -20,8 +19,14 @@ <h1>Global Panel Settings</h1>
                 <dt><h3>Server Creation: </h3></dt>
                 <dd>
                     <select name="server_creation_locked">
-                        <option value="True">Locked</option>
-                        <option value="False">Unlocked</option>
+                        {% if lock_server_creation %}
+                            <option value="True">Locked</option>
+                            <option value="False">Unlocked</option>
+                        {% endif %}
+                        {% if not lock_server_creation %}
+                            <option value="False">Unlocked</option>
+                            <option value="True">Locked</option>
+                        {% endif %}
                     </select>
                 </dd>
 

diff --git a/templates/admincp/adminusers.html b/templates/admincp/adminusers.html
@@ -1,38 +1,18 @@
 {% extends "layout.html" %}
 
 {% block body %}
-<h2>Admin Servers Panel</h2>
+<h2>Admin Users Panel</h2>
 <div class="adminpanel">
-	<!-- Backup Code
-    <table style="width:100%">
-		<tr>
-			<td><b>Username:</b></td>
-			<td><b>Level:</b></td>
-			<td><b>Tools:</b></td>
-		</tr><br>
-	    <tr>
-			<td>TheElite96</td>
-			<td>Admin</td>
-			<td><a href="">Edit</a>&nbsp;|&nbsp;<a href="">Ban</a>&nbsp;|&nbsp;<a href="">Kick</a>&nbsp;|&nbsp;<a href="">Promote</a></td>
-			</tr>
-
-			<tr>
-			<td>Spideynn</td>
-			<td>Owner</td>
-			<td><a href="">Edit</a>&nbsp;|&nbsp;<a href="">Ban</a>&nbsp;|&nbsp;<a href="">Kick</a>&nbsp;|&nbsp;<a href="">Promote</a></td>
-			</tr>
-
-			<tr>
-			<td>RazerDoge</td>
-			<td>Owner</td>
-			<td><a href="">Edit</a>&nbsp;|&nbsp;<a href="">Ban</a>&nbsp;|&nbsp;<a href="">Kick</a>&nbsp;|&nbsp;<a href="">Promote</a></td>
-		</tr>
-	</table> -->
     <table>
         {% for user in users %}
             <li style="list-style-type: none">
                 <h3>{{ user.username }} | Rank: {{ user.rank }} | Email: {{ user.email }}</h3>
-                <h3><a href="">Edit</a>&nbsp;|&nbsp;<a href="">Ban</a>&nbsp;|&nbsp;<a href="">Kick</a>&nbsp;|&nbsp;<a href="">Promote</a></h3>
+                <h3><a href="">Edit</a>&nbsp;|&nbsp;<a href="">Ban</a>&nbsp;|&nbsp;<a href="">Kick</a>&nbsp;|&nbsp;
+                {% if user.rank == 4 %}
+                	<a href="{{ user.username }}/_promote">Promote</a></h3>
+                {% elif user.rank == 1 %}
+                	<a href="{{ user.username }}/_demote">Demote</a></h3>
+                {% endif %}
                 <hr />
             </li>
         {% else %}

diff --git a/templates/servercp/serverpanel.html b/templates/servercp/serverpanel.html
@@ -12,6 +12,7 @@ <h1>Server Panel - ID: {{ sid }}</h1>
         <button type="button" onclick="restartServer();">Restart</button>
         <h3 id="server-pid">PID: API is not responding.</h3>
         <hr>
+        <h3>Server Console:</h3>
         <textarea readonly style="background-color: #E6E6E6; resize: none;" rows="15"></textarea>
         <hr>
         <h2>Usage Stats</h2>
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,3 +2,4 @@ port: 8080
		debug: True
		secret_key: 8v0w9e8RNWEVRW90e8rnvWER9837R
		server_creation_locked: True