bygdis.fi

server.py (66426B)

---

 # -*- coding: utf-8 -*-
 #
 import web
 import json
 import time
 import datetime
 import re
 import base64
 import os
 import subprocess
 import urllib
 from PIL import Image
 import hashlib
 import random
 import bcrypt
 import sys
 from virtuaaliviivakoodi import virtuaaliviivakoodi
 from bs4 import BeautifulSoup
 import requests
 basedir = os.path.dirname(os.path.realpath(__file__))
 sys.path.append(basedir)
 import settings
 
 web.config.session_parameters['cookie_name'] = 'bygdis.fi'
 web.config.session_parameters['cookie_domain'] = None
 web.config.session_parameters['cookie_path'] = None
 web.config.session_parameters['timeout'] = 839808000  # in seconds
 web.config.session_parameters['ignore_expiry'] = True
 web.config.session_parameters['ignore_change_ip'] = True
 #web.config.session_parameters['secret_key'] = 'fLjUfxqXtfNoIldA0A0R'
 web.config.session_parameters['expired_message'] = 'Session expired'
 
 
 
 urls = (
     "/", "index",
     "/login?", "login",
     "/logout", "logout",
     "/addevent?", "addevent",
     "/event", "event",
     "/undo", "undo",
     "/roskis", "undo",
     "/removeevent/(\d+)", "removeevent",
     "/editevent/(\d+)", "editevent",
     "/removepost/(\d+)", "removepost",
     "/old", "old",
     "/bilder?", "bilder",
     "/upload?", "upload",
     "/bild/(.*)?", "bild",
     "/bildinfo/(.*)?", "bildinfo",
     "/om", "om",
     "/remove/(.*)?","remove",
     "/tuning?", "tuning",
     "/senaste", "senaste",
     "/admin?", "admin",
     "/boka?", "boka",
     "/fakturor?", "fakturor",
     "/dorrkoder?", "dorrkoder",
     "/nydorrkod?", "nydorrkod",
     "/dorrkoderapi?", "dorrkoderapi",
     "/kod?","kod",
     "/register?", "register",
     "/forgotpass?", "forgotpass",
     "/ny", "ny",
     "/tack", "tack",
     "/protokoll?", "protokoll",
     "/nope", "nope"
 )
 
 #from settings.py
 postadmin = settings.postadmin
 postadmin_signature = settings.postadmin_signature
 mlinvoice_db = settings.mlinvoice_db
 mlinvoice_db_user = settings.mlinvoice_db_user
 mlinvoice_db_pass = settings.mlinvoice_db_pass
 mlinvoice_login=settings.mlinvoice_login
 mlinvoice_passwd=settings.mlinvoice_passwd
 
 render = web.template.render(basedir + "/public_html/html/", base="base")
 render2 = web.template.render(basedir + "/public_html/html/", base="base2")
 render3 = web.template.render(basedir + "/public_html/html/", base="base3")
 web.config.debug = False
 app = web.application(urls, globals())
 store = web.session.DiskStore(basedir + '/sessions')
 db = web.database(dbn="sqlite", db=basedir + "/db/bygdis.db")
 db2 = web.database(dbn="mysql", db=mlinvoice_db, user=mlinvoice_db_user, pw=mlinvoice_db_pass)
 session = web.session.Session(app,store,initializer={'login': 0, 'user': '', 'backurl': '', 'bildsida': 0, 'search': ''})
 
 def logged():
     if session.login == 5:
         return True
     else:
         return False
 
 def curdate():
     today = datetime.datetime.now().date().strftime('%s')
     return today
 
 def getkalender():
     events = db.query("SELECT * FROM kalender WHERE datumtid > DATETIME('now') ORDER BY datumtid ASC")
     #events = db.select('kalender', what='id, datumtid, event', order='datumtid ASC')
     return events
 
 def getkalenderall():
     events = db.query("SELECT * FROM kalender ORDER BY datumtid ASC")
     #events = db.select('kalender', what='id, datumtid, event', order='datumtid ASC')
     return events
 
 def nyevent(id, datumtid, event, admin_visible, info):
     f = '%Y-%m-%d %H:%M:%S'
     try:
         datumtid.weekday()
         print('not datetime object make it')
     except:
         datumtid = datetime.datetime.strptime(datumtid,f)
     veckodagar = u'Måndag', u'Tisdag', u'Onsdag', u'Torsdag', u'Fredag', u'Lördag', u'Söndag'
     veckodag = datumtid.weekday()
     if id==None:
         db.insert('kalender', datumtid=datumtid, veckodag=veckodagar[veckodag], event=event, admin=admin_visible, info=info)
     else:
         db.update('kalender', where='id="'+id+'"', datumtid=datumtid, veckodag=veckodagar[veckodag], event=event, admin=admin_visible, info=info)
     print("event added to database")
     return
 
 def copyevent(id, datumtid, event, admin_visible, info):
     veckodagar = u'Måndag', u'Tisdag', u'Onsdag', u'Torsdag', u'Fredag', u'Lördag', u'Söndag'
     veckodag = datumtid.weekday()
     db.insert('kalender', datumtid=datumtid, veckodag=veckodagar[veckodag], event=event, admin=admin_visible, info=info)
     print("event added to database")
     return
 
 def getbokningar():
     bokningar = db.query("SELECT * FROM bokningar ORDER BY datumtid DESC")
     #events = db.select('kalender', what='id, datumtid, event', order='datumtid ASC')
     return bokningar
 
 def getposts():
     posts = db.query("SELECT * FROM posts ORDER BY datumtid DESC")
     #events = db.select('kalender', what='id, datumtid, event', order='datumtid ASC')
     return posts
 
 def nypost(datumtid, post):
     db.insert('posts',  datumtid=datumtid, post=post, likes=0)
     print("post added to database")
     return
 
 def getprotokoll(year):
     listmodtime = []
     for a in os.scandir(basedir + '/protokoll/' + year):
         filename = a.name
         modtime = a.stat().st_mtime
         listmodtime.append((filename, modtime))
     listmodtime.sort(key=lambda tup: tup[0])
     protokoll = []
     for a in listmodtime:
         if a[0][0] != '.':
             protokoll.append(a[0])
     return protokoll
 
 def getprotokoll_lastmodified(year):
     listmodtime = []
     for a in os.scandir(basedir + '/protokoll/' + year):
         filename = a.name
         modtime = a.stat().st_mtime
         listmodtime.append((filename, modtime))
     listmodtime.sort(key=lambda tup: tup[1])
     protokoll = []
     for a in listmodtime:
         protokoll.append(a[0])
     return protokoll
 
 def md_to_html(markdownfile):
     #make html from markdown
     pandoc_html = ['pandoc', basedir + '/'+markdownfile, '-f', 'markdown', '-t', 'html']
     #make pdf from markdown
     viewfile = subprocess.check_output(pandoc_html)
     view = viewfile.decode()
     return view
 
 def md_to_pdf(markdownfile):
     randhash = hashlib.md5(str(random.getrandbits(256)).encode('utf-8')).hexdigest()
     pandoc_pdf = ['pandoc', '--verbose', basedir + '/'+markdownfile, '-f', 'markdown', '-V', 'papersize:a4', '-V', 'geometry:margin=0.8in','-s', '-o', basedir + '/public_html/static/pdf/'+randhash+'.pdf']
     subprocess.Popen(pandoc_pdf, cwd=basedir + '/public_html/static/pdf/')
     time.sleep(3)
     raise web.seeother('/static/pdf/'+randhash+'.pdf?nocache='+randhash)
 
 def md_to_text(markdownfile):
     read_p=basedir + '/'+markdownfile
     with open(read_p, 'rU') as file:
         p_list=file.readlines()
     pr=''
     for p in p_list:
         pr=pr+p
     return pr
 
 def adduser(name, password, mail):
     password = password.encode("utf-8")
     salt = bcrypt.gensalt()
     password_hashed = bcrypt.hashpw(password, salt)
     #check user db, if empty create admin
     users = db.query("SELECT COUNT(*) AS users FROM bildadmin")[0]
     tot = int(users.users)
     print('users alltsomallt: ' + str(tot))
     if tot > 1:
         db.insert('bildadmin', name=name, displayname=name, password=password_hashed, mail=mail, subscribe='aldrig', adminlevel=3)
     else:
         db.insert('bildadmin', name=name, displayname=name, password=password_hashed, mail=mail, subscribe='aldrig', adminlevel=5)
     print("new user added")
     return
 
 def bildhistoriker():
     bildhistoriker = db.query("SELECT name, displayname, mail, password FROM bildadmin")
     return bildhistoriker
 
 def adminlevel(user):
     level = db.query("SELECT adminlevel FROM bildadmin WHERE name='"+user+"';")[0]
     #1 session logout, web.py bug
     #2 rights to see pics and comment
     #3 rights to upoload
     #5 superadmin
     session.login = int(level.adminlevel)
     return
 
 def getdisplayname(user):
     displayname = db.query("SELECT displayname FROM bildadmin WHERE name='"+user+"';")[0]
     return displayname.displayname
 
 def getkund(id):
     try:
         name = db2.query("SELECT company_name FROM mlinvoice_company WHERE id='"+str(id)+"';")[0]
     except:
         name = ''
     return name.company_name
 
 def getmaksuja(id):
     try:
         maksut = db2.query("SELECT * FROM mlinvoice_invoice_row WHERE invoice_id='"+str(id)+"';")
     except:
         maksut = ''
     return maksut
 
 def getprodukt(id):
     try:
         str(int(id))
         produkt = db2.query("SELECT * FROM mlinvoice_product WHERE id='"+str(id)+"';")[0]
         return produkt
     except:
         produkt = ''
     try:
         produkt = db2.query("SELECT * FROM mlinvoice_product WHERE product_name LIKE '%"+id[:-14]+"%';")[0]
         return produkt
     except:
         produkt = ''
     return produkt
 
 def getbilder():
     bilder = db.query("SELECT * FROM bilder ORDER BY uploaddate DESC")
     return bilder
 
 def addbild(filename, titel, namn, year, fotograf, beskrivning, uppladdare, personer):
     db.insert('bilder', filename=filename, titel=titel, uploaddate=datetime.datetime.now(), namn=namn, year=year, fotograf=fotograf, beskrivning=beskrivning, uppladdare=uppladdare, personer=personer)
 
 def addDorrkod(dorrkod, name, mail):
     db.insert('dorrkoder', dorrkod=dorrkod, name=name, mail=mail, datum=datetime.datetime.now())
 
 def dorrLogger(dorrkod):
     db.insert('dorrlogger', dorrkod=dorrkod, datum=datetime.datetime.now())
 
 def getDorrlog(limit):
     if limit == 0:
         log=db.query("SELECT * FROM dorrlogger ORDER BY datum DESC")
     else:
         log=db.query("SELECT * FROM dorrlogger ORDER BY datum DESC LIMIT "+str(limit))
     return log
 
 def getDorrkoduser(dorrkod):
     try:
         user = db.query("SELECT name FROM dorrkoder WHERE dorrkod='"+str(dorrkod)+"';")[0]
         return user.name
     except:
         user = 'unknown'
         return user
 
 def getDorrkoder():
     dorrkoder=db.query("SELECT * FROM dorrkoder ORDER BY datum DESC")
     return dorrkoder
 
 def sendmail(email, subject, msg, bilaga):
     #Send mail
     echomsg = subprocess.Popen(('echo', msg+'\n'+postadmin_signature), stdout=subprocess.PIPE)
     if bilaga != '':
         sendmsg = subprocess.check_output(('mail.mailutils', '-A', bilaga, '-a', 'From:'+postadmin, '-r', postadmin, '-s', subject, email),stdin=echomsg.stdout)
     else:
         sendmsg = subprocess.check_output(('mail.mailutils', '-r', postadmin, '-a', "Content-Type: text/plain;", '-a', 'From:'+postadmin, '-s', subject, email), stdin=echomsg.stdout)
         #sendmsg = subprocess.check_output(('mail.mailutils', '-r', postadmin, '-a', "Content-Type: text/plain; charset='utf-8'", '-a', 'From:'+postadmin, '-s', subject, email), stdin=echomsg.stdout)
     echomsg.wait()
     #subprocess.call(['echo', msg, '|', 'mail', '-r', 'rob@tarina.org','-s', subject, email])
 
 def stopflood(ip,referer):
     try:
         t = db.select('stopflood', where='ip="'+ip+'"', what='tid')[0]
     except:
         pass
     try:
         db.update('stopflood', where='ip="'+ip+'"', tid=time.time())
     except:
         db.insert('stopflood', ip=ip, tid=time.time())
     try:
         senast = time.time() - t.tid
         print(senast)
         if senast < 2:
             return web.seeother(referer)
         else:
             return
     except:
         return
 
 def stopresetpass(mail):
     try:
         t = db.select('stopresetpass', where='mail="'+mail+'"', what='tid')[0]
         print(t)
     except Exception as e:
         print(e)
     try:
         db.update('stopresetpass', where='mail="'+mail+'"', tid=time.time())
     except Exception as e:
         print(e)
         db.insert('stopresetpass', mail=mail, tid=time.time())
     try:
         senast = time.time() - t.tid
         print(senast)
         if senast < 604800:
             print('mail is in password reset spam filter')
             return True
         else:
             return False
     except Exception as e:
         print(e)
         return True
 
 class om():
     def GET(self):
         return render.om()
 
 class admin():
     form = web.form.Form(
     web.form.Textarea('post', web.form.notnull, description="", width="500px", height="200px", autocomplete="off"),
     web.form.Button('skicka'))
     def GET(self):
         print(session.login)
         if session.login == 5:
             doordebug = db.select('doordebug')[0]
             saysomething = self.form()
             anslagstavla = getposts()
             bokningar = getbokningar()
             roskis=db.select('roskis')[0]
             i = web.input(approve=None,sendrules=None,fakturera=None,doorcode=None,remove=None,emptytrash=None)
             if i.approve != None:
                 #Send mail to admin
                 bokning = db.select('bokningar', where='id="'+i.approve+'"')[0]
                 msg = "Bokning godkänd av " + bokning.namn + ' epost: ' + bokning.epost
                 sendmail(postadmin, 'Bokning godkänd!', msg, '')
                 #Send mail to user
                 msg = "Hej " + bokning.namn + " bokning " + bokning.datumtid + " godkändes, Tack!"
                 sendmail(bokning.epost, 'Bokning av Bygdegården lyckades och är godkänd', msg, '')
                 #update booking
                 db.update('bokningar', where='id="'+i.approve+'"', approved=datetime.datetime.now())
                 #add to kalender events as privat bokning
                 print(bokning.datumtid)
                 nyevent(None, bokning.datumtid, 'privat bokning', bokning.namn, 'privat bokning')
                 raise web.seeother('/admin')
             if i.sendrules != None:
                 #Send mail to admin
                 bokning = db.select('bokningar', where='id="'+i.sendrules+'"')[0]
                 msg = "Skickar regler och villkor till " + bokning.namn + ' epost: ' + bokning.epost
                 sendmail(postadmin, 'Skickar villkor och regler', msg,'')
                 #Send mail to user
                 msg = "Hej " + bokning.namn + "! Gå in här https://bygdis.fi/boka?id="+bokning.bokningshash+" och godkänn regler och villkor för din bokning, du får fakturan inom kort och en dörrkod när fakturan är betald. Tack!"
                 sendmail(bokning.epost, 'Regler och villkor för Bygdegården', msg,'')
                 #update booking
                 db.update('bokningar', where='id="'+i.sendrules+'"', approved="")
                 raise web.seeother('/admin')
             if i.fakturera != None:
                 db.update('bokningar', where='id="'+i.fakturera+'"', faktura=datetime.datetime.now())
                 raise web.seeother('/admin')
             if i.doorcode != None:
                 raise web.seeother('/admin?kakka')
             if i.remove != None:
                 db.update('bokningar', where='id="'+i.remove+'"', deleted=1)
                 raise web.seeother('/admin')
             if i.emptytrash == 'now':
                 msg = "Hej, kan vi få avfallshämtning till Påvalsbyvägen 679, 07870 Skinnarby? ingen brådska, bara så fort som möjligt, tack! ;)"
                 sendmail('asiakaspalvelu@rosknroll.fi', 'Roskistömning till Påvalsbyvägen 679', msg,'')
                 db.update('roskis',  where='id=1',datum=datetime.datetime.now())
                 raise web.seeother('/admin')
             log = getDorrlog(10)
             return render2.admin(anslagstavla,saysomething,bokningar,doordebug,str,log,getDorrkoduser,roskis)
         else:
             raise web.seeother('/login')
     def POST(self):
         if session.login == 5:
             i = web.input(post=None,approve=None,sendrules=None,fakturera=None,doorcode=None,remove=None)
             saysomething = self.form()
             if i.post != None:
                 print('ADDDDDDDDDDDDDING TO database post ' + i.post)
                 now = datetime.datetime.now()
                 print('ADDDDDDDDDDDDDING TO database date' + str(now))
                 nypost(now, i.post)
             raise web.seeother('/admin')
         else:
             raise web.seeother('/login')
 
 class boka():
     produkter = []
     p = db2.select('mlinvoice_product')
     for i in p:
         if i.product_name != None and i.deleted == 0:
             produkter.append(i.product_name+' | '+str(round(i.unit_price,2))+' €')
     form = web.form.Form(
     web.form.Textbox('year', web.form.notnull, web.form.regexp('\d+', 'yyyy'), description="år:"),
     web.form.Textbox('day', web.form.notnull, web.form.regexp('\d+', 'dd'), description="dag:", autofocus="autofocus"),
     web.form.Textbox('month', web.form.notnull, web.form.regexp('\d+', 'MM'), description="månad:"),
     web.form.Dropdown('boka', produkter, web.form.notnull, description="hyr"),
     web.form.Textarea('event', web.form.notnull, description="beskrivning och uppskattat antal gäster:"),
     web.form.Textbox('namn', web.form.notnull, description="namn:"),
     web.form.Textbox('epost', web.form.notnull, description="e-post:"),
     web.form.Textbox('telefon', web.form.regexp('\d+', 'nummer tack'), description="telefon:"),
     web.form.Radio('villkor', [u'Nej', u'Ja'], web.form.notnull, description="Jag har läst och godkänner alla ovannämnda regler och villkor."),
     web.form.Radio('privat', [u'Privat', u'Offentligt'], web.form.notnull, description="I hurudant syfte?:"),
     web.form.Button('Skicka'))
     def GET(self):
         i = web.input(id=None, cp=None, pdf=None, kod=None)
         form_boka = self.form()
         if i.id==None:
             now = datetime.datetime.now()
             form_boka.fill(year=now.year, month=now.month, day=now.day)
             if i.kod=='jep':
                 form_boka.fill(year=now.year, month=now.month, day=now.day ,boka='Dörrkod / Ovikoodi | 10.00 €', privat='Privat', event='Dörrkod för användning av Bygdegården i privat syfte.') 
         else:
             event = db.select('bokningar', where='bokningshash="'+i.id+'"')[0]
             now=datetime.datetime.strptime(event.datumtid, '%Y-%m-%d %H:%M:%S')
             form_boka.fill(year=now.year, month=now.month, day=now.day, boka=event.boka, event=event.event, namn=event.namn, epost=event.epost, telefon=event.telefon, villkor=event.villkor, privat=event.privat)
         regler = md_to_html('protokoll/dokument/hyreskontrakt_regler_och_villkor.md')
         if i.pdf != None:
             md_to_pdf('protokoll/dokument/hyreskontrakt_regler_och_villkor.md')
         return render.boka(form_boka, regler)
     def POST(self):
         form_boka = self.form()
         if not form_boka.validates():
             return render.nope()
             #regler = md_to_html('protokoll/dokument/hyreskontrakt_regler_och_villkor.md')
             #return render.boka(form_boka,regler)
         else:
             i = web.input(id=None, copyevent=None)
             try:
                 year = int(i.year)
                 month = int(i.month)
                 day = int(i.day)
                 datum = datetime.datetime(year, month, day)
             except ValueError:
                 return render.nope()
             if i.id == None:
                 bokningshash = hashlib.md5(str(random.getrandbits(256)).encode('utf-8')).hexdigest()
                 db.insert('bokningar', datumtid=datetime.datetime(year, month, day), boka=i.boka, event=i.event, namn=i.namn, epost=i.epost, telefon=i.telefon, villkor=i.villkor, privat=i.privat, bokningshash=bokningshash)
             else:
                 db.update('bokningar', where='bokningshash="'+i.id+'"', datumtid=datetime.datetime(year, month, day), boka=i.boka, event=i.event, namn=i.namn, epost=i.epost, telefon=i.telefon, villkor=i.villkor, privat=i.privat, approved='')
             if i.villkor=='Ja':
                 #Send mail to admin
                 msg = "Ny bokning! " + i.namn + ' epost: ' + i.epost
                 sendmail(postadmin, 'Ny bokning!', msg,'')
                 #Send mail to user
                 rules_and_regulations = md_to_text('protokoll/dokument/hyreskontrakt_regler_och_villkor.md')
                 msg = "Hej " + i.namn + "! Tack för att du valde Bygdegården. Vi kontaktar dej som snarast om din boknings förfrågan och du får faktura per epost och en dörrkod när fakturan är betald. Tack! Här under är regler och villkor vilka du har läst och godkänner då du hyr hos oss. \n\n" + rules_and_regulations
                 sendmail(i.epost, 'Regler och villkor för Bygdegården', msg,'')
             raise web.seeother('/tack') 
 
 class tack():
     def GET(self):
         return render.tack()
 
 class fakturor():
     def GET(self):
         if session.login == 5:
             viewfile = ''
             i = web.input(radera=None,uppdatera=None,fakturera=None,add=None,faktura=None,yes=None,epost=None, kund=None, produkt=None)
             #
             # MLINVOICE COpy Faktura och Lägg till kund och vara i fakturan
             #
             #curl -b -X https://bygdis.fi/static/mlinvoice/login.php -i -b ~/cookies.txt -c ~/cookies.txt -d 'backlink=0&csrf=pcCFor0ic9KfoQ4jWQ3s&login=???&passwd=????&logon=Kirjaudu'
             #
             #get session and login to mlinvoice with csrf lol
             url='https://bygdis.fi/static/mlinvoice/login.php'
             r = ['curl','-b','X', url , '-i', '-b', basedir+'/sessions/cookies.txt', '-c',basedir+'/sessions/cookies.txt', '-d', 'backlink=0&csrf=&login='+mlinvoice_login+'&passwd='+mlinvoice_passwd+'&logon=Kirjaudu']
             view_csrf = subprocess.check_output(r)
             view = view_csrf.decode()
             soup = BeautifulSoup(view, "html.parser")
             csrf = soup.find(id="csrf")['value']
             login_mlinvoice = ['curl','-b','X', url , '-i', '-b', basedir+'/sessions/cookies.txt', '-c',basedir+'/sessions/cookies.txt', '-d', 'backlink=0&csrf='+csrf+'&login='+mlinvoice_login+'&passwd='+mlinvoice_passwd+'&logon=Kirjaudu']
             subprocess.check_output(login_mlinvoice)
             #yes
             #
             if i.add == 'faktura' and i.epost != None and i.kund != None and i.produkt != None:
                 url='https://bygdis.fi/static/mlinvoice/copy_invoice.php'
                 copy_mlinvoice = ['curl','-b','X', url , '-i', '-b', basedir+'/sessions/cookies.txt', '-c',basedir+'/sessions/cookies.txt', '-d', 'id=40']
                 viewfile = subprocess.check_output(copy_mlinvoice)
                 print(viewfile)
                 #
                 # GET LATEST INVOICE NR and ref
                 #
                 senaste = db2.query("SELECT * FROM mlinvoice_invoice ORDER BY id DESC LIMIT 1;")[0]
                 print(senaste)
                 url='https://bygdis.fi/static/mlinvoice/json.php'
                 get_nr_mlinvoice = ['curl','-b','X', url , '-b', basedir+'/sessions/cookies.txt', '-c',basedir+'/sessions/cookies.txt', '-d', 'func=get_invoice_defaults']
                 next_invoice=subprocess.check_output(get_nr_mlinvoice)
                 #print(next_invoice['invoice_no']
                 invoice = json.loads(next_invoice.decode())
                 #print(invoice)
                 #print(invoice['invoice_no'])
                 #
                 #KOLLA OM KUNDUPPGIFTER FINNS (lägg till annors)
                 try:
                     payer = db2.select('mlinvoice_company', where='email="'+str(i.epost)+'"')[0]
                 except:
                     db2.insert('mlinvoice_company', email=i.epost, company_name=i.kund)
                     payer = db2.select('mlinvoice_company', where='email="'+str(i.epost)+'"')[0]
                     #payer = db2.query("SELECT * FROM mlinvoice_company ORDER BY id DESC LIMIT 1;")[0]
                 #LÄGG TILL VAROR
                 #
                 produkt=getprodukt(i.produkt)
                 pris=produkt.unit_price
                 db2.insert('mlinvoice_invoice_row', invoice_id=senaste.id, product_id=produkt.id, pcs=1.00, price=float(pris))
                 #
                 db2.update('mlinvoice_invoice',where='id="'+str(senaste.id)+'"', invoice_no=invoice['invoice_no'], ref_number=invoice['ref_no'], company_id=payer.id, state_id=2)
                 #
                 #### Skicka epost
                 #
                 url='https://bygdis.fi/static/mlinvoice/invoice.php'
                 open_mlinvoice = ['curl','-b','X', url , '-i', '-b', basedir+'/sessions/cookies.txt', '-c',basedir+'/sessions/cookies.txt', '-d', 'id='+str(senaste.id)+'&template=15']
                 pdf_file = subprocess.check_output(open_mlinvoice)
                 pdfhash = hashlib.md5(str(random.getrandbits(256)).encode('utf-8')).hexdigest()
                 bilaga=basedir+'/public_html/static/pdf/'+pdfhash+'.pdf'
                 with open(bilaga,'wb') as binary_file:
                     binary_file.write(pdf_file)
                 #
                 #Laga epost faktura me virtuellstreckod
                 #
                 base_company=db2.select('mlinvoice_base', where='id="'+str(2)+'"' )[0]
                 faktura = db2.query("SELECT * FROM mlinvoice_invoice WHERE id='"+str(senaste.id)+"' ;")[0]
                 msg='Hej '
                 if faktura.deleted == 0:
                     if faktura.company_id:
                         msg+=getkund(faktura.company_id)+', här är fakturan\n\n'
                     msg+='nr:'+str(faktura.invoice_no)+'\n'
                     msg+='ref:'+str(faktura.ref_number)+'\n'
                     msg+='datum:'+str(faktura.invoice_date)+'\n'
                     msg+='sista betalningsdag:'+str(faktura.due_date)+'\n'
                     tot = 0
                     for p in getmaksuja(faktura.id):
                         if p.deleted != 1:
                             tot = tot + p.price
                             if p.product_id:
                                 msg+=getprodukt(p.product_id).product_name+' '
                             else:
                                 msg+=p.description+' '
                             msg+=str(round(p.price,2))+' € \n'
                     msg+='totalt: '+str(round(tot,2))+' € \n'
                 due_date=datetime.datetime.strptime(str(faktura.due_date), '%Y%m%d')
                 vs = virtuaaliviivakoodi(base_company.bank_iban,faktura.ref_number,due_date=due_date,euro_amount=float(tot))
                 msg += ' \nVirtuell streckkod: '+vs
                 sendmail(i.epost, 'Faktura', msg, bilaga)
             if i.fakturera != None:
                 db.update('bokningar', where='id="'+i.fakturera+'"', faktura=datetime.datetime.now())
                 raise web.seeother('/admin?fakturera='+i.fakturera)
             if i.faktura != None:
                 url='https://bygdis.fi/static/mlinvoice/invoice.php'
                 open_mlinvoice = ['curl','-b','X', url , '-i', '-b', basedir+'/sessions/cookies.txt', '-c',basedir+'/sessions/cookies.txt', '-d', 'id='+i.faktura+'&template=15']
                 pdf_file = subprocess.check_output(open_mlinvoice)
                 pdfhash = hashlib.md5(str(random.getrandbits(256)).encode('utf-8')).hexdigest()
                 bilaga=basedir+'/public_html/static/pdf/'+pdfhash+'.pdf'
                 with open(bilaga,'wb') as binary_file:
                     binary_file.write(pdf_file)
                 raise web.seeother('/static/pdf/'+pdfhash+'.pdf')
             alla_fakturor = db2.query("SELECT * FROM mlinvoice_invoice ORDER BY id DESC;")
             return render.fakturor(alla_fakturor,getkund,getmaksuja,round,getprodukt)
         else:
             web.seeother('/')
 
 class event():
     def GET(self):
         if session.login == 5:
             upcomingevents = getkalender()
             return render2.event(upcomingevents)
         else:
             raise web.seeother('/login')
 
 class addevent():
     form = web.form.Form(
     web.form.Textbox('year', web.form.notnull, web.form.regexp('\d+', 'yyyy'), description="år:"),
     web.form.Textbox('day', web.form.notnull, web.form.regexp('\d+', 'dd'), description="dag:", autofocus="autofocus"),
     web.form.Textbox('month', web.form.notnull, web.form.regexp('\d+', 'MMM'), description="månad:"),
     web.form.Textbox('tid', web.form.notnull, web.form.regexp('^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$', 'Skriv tiden såhär 07:20'), description="klockslag:"),
     web.form.Dropdown('upprepa', [u'Nej', u'Varje vecka', u'Varannan vecka', u'Varje månad'], web.form.notnull, description="återkommande"),
     web.form.Textbox('antal', web.form.regexp('\d+', 'nummer tack'), description="hur många gånger:"),
     web.form.Textarea('event', description="beskrivning:"),
     web.form.Textarea('info', description="mer info:"),
     web.form.Textarea('admin', description="synligt för admin:"),
     web.form.Button('skicka'))
     def GET(self):
         i = web.input(id=None, cp=None)
         if session.login == 5:
             kalender = self.form()
             if i.id==None:
                 now = datetime.datetime.now()
                 kalender.fill(year=now.year, month=now.month, day=now.day, tid=str(now.hour).zfill(2) + ':00', antal='1')
             else:
                 event = db.select('kalender', where='id="'+i.id+'"')[0]
                 now=datetime.datetime.strptime(event.datumtid, '%Y-%m-%d %H:%M:%S')
                 kalender.fill(year=now.year, month=now.month, day=now.day, tid=str(now.hour).zfill(2) + ':00', antal='1', event=event.event, admin=event.admin, info=event.info)
             return render.addevent(kalender)
         else:
             raise web.seeother('/login')
     def POST(self):
         if session.login == 5:
             kalender = self.form()
             if not kalender.validates():
                 return render.addevent(kalender)
             else:
                 i = web.input(id=None, copyevent=None)
                 try:
                     tidh = int(i.tid[:2])
                     tidm = int(i.tid[-2:])
                     year = int(i.year)
                     month = int(i.month)
                     day = int(i.day)
                     antal = int(i.antal)
                     datum = datetime.datetime(year, month, day, tidh, tidm)
                 except ValueError:
                     return render.nope()
                 manydatum = []
                 dayz = 0
                 c = 0
                 if 'Varje v' in i.upprepa:
                     dayz = 7
                 if 'Varannan' in i.upprepa:
                     dayz = 14
                 if 'Varje m' in i.upprepa:
                     dayz = 28
                 if 'Nej' in i.upprepa:
                     antal = 1
                 for a in range(0, antal):
                     manydatum.append(datum + datetime.timedelta(days=c))
                     c = c + dayz
                 for d in manydatum:
                     if copyevent != None:
                         copyevent(i.id, d, i.event, i.admin, i.info)
                     else:
                         nyevent(i.id, d, i.event, i.admin, i.info)
                 return web.seeother('/event')
         else:
             raise web.seeother('/login')
 
 class removeevent():
     def GET(self, id):
         if session.login == 5:
             e = db.select('kalender', where='id="'+str(id)+'"')[0]
             db.insert('kalroskis', datumtid=e.datumtid, event=e.event, admin=e.admin, info=e.info)
             db.delete('kalender', where="id=" + id)
             raise web.seeother('/event')
         else:
             raise web.seeother('/login')
 
 class undo():
     def GET(self):
         if session.login == 5:
             e = db.query("SELECT * FROM kalroskis ORDER BY id DESC LIMIT 1;")[0]
             db.insert('kalender', datumtid=e.datumtid, event=e.event, admin=e.admin, info=e.info)
             e = db.query("DELETE FROM kalroskis ORDER BY id DESC LIMIT 1;")
             raise web.seeother('/event')
         else:
             raise web.seeother('/login')
 
 class editevent():
     def POST(self):
         s = web.input().signal
         print(s)
         if session.login == 5:
             return
         else:
             return
 
 class removepost():
     def POST(self, id):
         if session.login == 5:
             db.delete('posts', where="id=" + id)
             raise web.seeother('/admin')
         else:
             raise web.seeother('/login')
 
 class login():
     form = web.form.Form(
     web.form.Textbox('user', web.form.notnull, description="namn eller e-post:"),
     web.form.Password('password', web.form.notnull, description="lösenord:"),
     web.form.Button('Logga in'))
     def GET(self):
         fejl = ''
         resetpasslink = False
         i = web.input(error=None)
         if i.error == 'fejl':
             fejl = 'fejl lösenord! / Väärä salasana'
             resetpasslink = True
         if i.error == 'tom':
             fejl = 'hmm.. he funkka inga! / Ei toimi'
         if session.login < 3:
             loginform = self.form()
             return render.login(loginform, fejl, resetpasslink)
         if session.login == 3:
             return web.seeother('/')
         if session.login == 5:
             raise web.seeother('/admin')
     def POST(self):
         referer = web.ctx.env.get('HTTP_REFERER','https://bygdis.fi')
         ip = web.ctx['ip']
         stopflood(ip, referer)
         loginform = self.form()
         i = web.input()
         if i.user == '' or i.password == '':
             raise web.seeother('/login?error=tom')
         bildadmin = []
         bildadmins = bildhistoriker()
         for p in bildadmins:
             if p.name.lower() == i.user.lower() or p.mail.lower() == i.user.lower():
                 try:
                     encodepass = p.password.encode("utf-8")
                 except:
                     encodepass = p.password
                 if bcrypt.checkpw(i.password.encode('utf-8'), encodepass):
                     session.user = p.name
                     adminlevel(p.name)
                     print('BACKURL: '+session.backurl)
                     if session.login == 5:
                         raise web.seeother('/admin')
                     if session.backurl != '':
                         backurl = session.backurl
                         session.backurl = ''
                         raise web.seeother(backurl)
                     else:
                         if i.user == "byyssare":
                             raise web.seeother('/register')
                         raise web.seeother('/')
         else:
             return web.seeother('/login?error=fejl')
 
 class forgotpass():
     form = web.form.Form(
     web.form.Textbox('mail', web.form.notnull, description="e-post:"),
     web.form.Button('Skicka nytt lösenord / Lähetä uusi salasana'))
     def GET(self):
         fejl = ''
         i = web.input(error=None)
         if i.error == 'fejl':
             fejl = 'hittar inga e-post / ei löydy email'
         elif i.error == 'done':
             fejl = 'ditt lösenord e uppdaterat å skickat till din e-post / salasanasi on vaihdettu ja lähetetty mailiisi'
         elif i.error == 'nej':
             fejl = 'nej hörru dedär gaar inga / ei käy'
         elif i.error == 'stopresetpass':
             fejl = 'Nytt lösenord ha skickats åt dej! int ha du väl nu igen tappat bort ditt lösen? hmm.. om de e problematiskt ta kontakt med '+postadmin+' / sama på finska'
         if session.login < 3:
             loginform = self.form()
             return render.forgotpass(loginform, fejl)
         if session.login == 3:
             return web.seeother('/bilder')
         if session.login == 5:
             raise web.seeother('/admin')
     def POST(self):
         referer = web.ctx.env.get('HTTP_REFERER','https://bygdis.fi')
         ip = web.ctx['ip']
         stopflood(ip, referer)
         sendpassform = self.form()
         if not sendpassform.validates():
             return render.login(sendpassform, '')
         else:
             i = web.input()
             bildadmin = []
             bildadmins = bildhistoriker()
             if i.mail.lower() == 'byyssare':
                 raise web.seeother('/forgotpass?error=nej')
             for p in bildadmins:
                 if p.mail.lower() == i.mail.lower():
                     passfilter = stopresetpass(i.mail.lower())
                     if passfilter == True:
                         raise web.seeother('/forgotpass?error=stopresetpass')
                     unencrypted_password = ('%06x' % random.randrange(16**6))
                     password = unencrypted_password.encode("utf-8")
                     salt = bcrypt.gensalt()
                     password_hashed = bcrypt.hashpw(password, salt)
                     db.update('bildadmin', where='name="'+p.name+'"', password=password_hashed)
                     print("lösenordet uppdaterat!")
                     msg = "Ditt nya lösenord till bygdis.fi e: " + unencrypted_password + ' , om du vill ändra lösenordet ti någå ana som du minns så tryck på namne ditt högst op på ruutån efter du loggat in.'
                     sendmail(p.mail, 'Nytt lösenord till byyns fotoalbum', msg,'')
                     raise web.seeother('/forgotpass?error=done')
             raise web.seeother('/forgotpass?error=fejl')
 
 class register():
     form = web.form.Form(
     web.form.Textbox('user', description="användarnamn:"),
     web.form.Password('password', description="lösenord:"),
     web.form.Textbox('mail', description="e-post:"),
     web.form.Button('Skapa konto'))
     def GET(self):
         registerform = self.form()
         w = web.input()
         formfail = ''
         n = ''
         m = ''
         try:
             if w.fail == 'namn':
                 formfail = 'du måst hiitt opa eitt namn åt te!'
             if w.namn:
                 n = w.namn
             if w.epost:
                 m = w.epost
             elif w.epost == '':
                 formfail = 'tu måst lägg din epost address tär i ruuton, he e nu bara så...'
             if w.fail == 'notmail':
                 formfail = 'jusså, tetär e no inga nån mejl adress.'
             elif w.fail == 'nametaken':
                 formfail = 'Nån anan ha tagi de namme, hitt opa någå ana!'
             elif w.fail == 'mailtaken':
                 formfail = 'tu ha redan laga ett användarnamn me tetta epost konto!'
             elif w.fail == 'kortlosen':
                 print('kakkaka')
                 formfail = 'he va no för uuslit lösenord, minst 5 bokstäver'
         except:
             pass
         #check user db, if empty create admin
         users = db.query("SELECT COUNT(*) AS users FROM bildadmin")[0]
         totusers = int(users.users)
         registerform.fill(user=urllib.parse.unquote_plus(n), mail=urllib.parse.unquote_plus(m))
         if session.login > 1:
             return render.register(registerform, formfail, totusers)
         else:
             raise web.seeother('/')
     def POST(self):
         if session.login > 1:
             registerform = self.form()
             i = web.input()
             r = '&namn=' + i.user + '&epost=' + i.mail
             urllib.parse.quote_plus(r)
             if i.user == '':
                 raise web.seeother('/register?fail=namn'+r)
             if '@' not in i.mail:
                 raise web.seeother('/register?fail=notmail'+r)
             if len(i.password) < 5:
                 raise web.seeother('/register?fail=kortlosen'+r)
             bildadmins = db.select('bildadmin', what='name, mail')
             for p in bildadmins:
                 if p.name.lower() == i.user.lower():
                     raise web.seeother('/register?fail=nametaken' +r)
                 if p.mail.lower() == i.mail.lower():
                     raise web.seeother('/register?fail=mailtaken' +r)
             adduser(i.user, i.password, i.mail.lower())
             #Send mail to Madbaker
             msg = "Wowowowoweeewaaa! Ny användare på bygdis.fi! " + i.user + ' ' + i.mail
             sendmail(postadmin, 'Wowowoweewaaa!', msg,'')
             #Send mail to new user
             msg = "Gratulis " + i.user + ", du har nu ett konto opa bygdis.fi! Logga in med användarnamn å lösenord på sidan https://bygdis.fi/login"
             sendmail(i.mail, 'Byyns eji fotoalbum', msg,'')
             session.login = 3
             session.user = i.user
             return web.seeother('/ny')
 
 class nydorrkod():
     form = web.form.Form(
     web.form.Textbox('namn', description="användarnamn:"),
     web.form.Textbox('mail', description="e-post:"),
     web.form.Textbox('dorrkod', description="Dörrkod:"),
     web.form.Button('Skapa ny Dörrkod'))
     def GET(self):
         registerform = self.form()
         w = web.input()
         formfail = ''
         n = ''
         m = ''
         try:
             if w.fail == 'namn':
                 formfail = 'du måst hiitt opa eitt namn åt te!'
             if w.fail == 'notmail':
                 formfail = 'jusså, tetär e no inga nån mejl adress.'
             if w.fail == 'kod':
                 formfail = 'koden måst vara 4 siffror!'
         except:
             pass
         if session.login == 5:
             return render.nydorrkod(registerform, formfail)
         else:
             raise web.seeother('/')
     def POST(self):
         if session.login == 5:
             registerform = self.form()
             i = web.input(namn=None, mail=None, dorrkod=None, bokning=None)
             if i.namn == '':
                 raise web.seeother('/nydorrkod?fail=namn')
             if '@' not in i.mail:
                 raise web.seeother('/nydorrkod?fail=notmail')
             if i.dorrkod == None or i.dorrkod == '':
                 dorrkod = random.randint(1111,9999)
             elif isinstance(int(i.dorrkod), int) and len(i.dorrkod) == 4:
                 dorrkod = str(i.dorrkod)
             else:
                 raise web.seeother('/nydorrkod?fail=kod')
             addDorrkod(dorrkod, i.namn, i.mail.lower())
             #Send mail to Madbaker
             msg = "Wowowowoweeewaaa! Ny dörrkod! " + i.namn + ' ' + i.mail + ' ' + str(dorrkod)
             sendmail(postadmin, 'Wowowoweewaaa!', msg,'')
             #Send mail to new user
             msg = "Gratulis " + i.namn + ", du har en dörrkod till Bygdegården: \n\n" + str(dorrkod)
             sendmail(i.mail, 'Dörrkod till Bygdegården', msg,'')
             if i.bokning != None:
                 db.update('bokningar', where='id="'+i.bokning+'"', doorcode=datetime.datetime.now())
             return web.seeother('/dorrkoder')
 
 class dorrkoder():
     def GET(self):
         if session.login == 5:
             dorrkoder = getDorrkoder()
             log = getDorrlog(0)
             i = web.input(radera=None,uppdatera=None,fakturera=None,emptytrash=None)
             if i.radera != None:
                 db.delete('dorrkoder', where='id="'+i.radera+'"')
                 raise web.seeother('/dorrkoder')
             print(dorrkoder)
             return render.dorrkoder(dorrkoder,log,getDorrkoduser)
         else:
             web.seeother('/')
 
 class dorrkoderapi():
     def GET(self): 
         global basedir
         f = open(basedir+"/apikey", "r")
         apikey = f.readline().strip()
         i = web.input(apikey=None,logger=None,doorstate=None,debug=None)
         if i.apikey == apikey:
             if i.logger != None:
                 if len(i.logger) == 4:
                     if getDorrkoduser(i.logger) != '':
                         print('logging dorrkod!')
                         dorrLogger(i.logger)
                         print(i.logger)
                         print(i.doorstate)
                         print(i.debug)
             if i.doorstate != None:
                 print('yes, bygdis is online')
                 id=1
                 db.update('doordebug', where='id="'+str(id)+'"', doorstate=i.doorstate, debug=i.debug, datum=datetime.datetime.now())
             else:
                 dorrkoder = getDorrkoder()
                 #encoding = response.info().get_content_charset('utf8')
                 #apireq = data['icestats']['source'][1][i.req]
                 p = []
                 for i in dorrkoder:
                     p.append(i.dorrkod)
                     #print(i)
                 return json.dumps(p) 
 
 class ny():
     def GET(self):
         if session.login > 2:
             backurl = ''
             if session.backurl != '':
                 backurl = session.backurl
                 session.backurl = ''
             return render.ny(session.user, backurl)
 
 class tuning():
     form = web.form.Form(
     web.form.Textbox('user', description="synligt namn:"),
     web.form.Password('password', description="lösenord:"),
     web.form.Password('newpassword', description="nytt lösen (ifall du vill byta):"),
     web.form.Password('newpassword2', description="nytt lösen igen:"),
     web.form.Textbox('mail', description="epost:"), 
     web.form.Radio('subscribe', ['dagligen', 'aldrig'], description="Få epost brejv ifall de hänt någå"),
     web.form.Button('Spara'))
     def GET(self):
         if session.login > 2:
             print('asdfasdfasdf')
             user = db.select('bildadmin', where='name="'+session.user+'"')[0]
             tuningform = self.form()
             w = web.input(namn=None,epost=None,fail=None,upd=None)
             print('asdfasdfasdfkdakkakka')
             formfail = ''
             if w.fail == 'wrongpass':
                 formfail = formfail + 'fel lösenord'
             if w.fail == 'nopass':
                 formfail = formfail + 'Du måst skriv in ditt lösenord!'
             if w.namn == '':
                 formfail = formfail + 'du måst hiitt opa eitt namn åt te!'
             if w.epost == '':
                 formfail = formfail + 'tu måst lägg din epost address tär i ruuton, he e nu bara så...'
             elif w.fail == 'notmail':
                 formfail = formfail + 'jusså, tetär e no inga nån mejl adress.'
             if w.fail == 'nametaken':
                 formfail = formfail + 'Nån anan ha tagi de namme, hitt opa någå ana!'
             if w.fail == 'mailtaken':
                 formfail = formfail + 'He finns eitt konto me te epost adressn!'
             if w.fail == 'kortlosen':
                 formfail = formfail + 'he va no för uuslit lösenord, minst 5 bokstäver'
             if w.fail == 'newpass':
                 formfail = formfail + 'nya lösenordet stämmer inte överens med varann, pröva pånytt!'
             if w.upd == 'yes':
                 formfail = 'Yes, ditt konto e tuunat!'
             tuningform.fill(user=user.displayname, mail=user.mail, subscribe=user.subscribe)
             return render.tuning(tuningform, formfail, user.name)
         else:
             return web.seeother('/register')
     def POST(self):
         if session.login > 1:
             tuningform = self.form()
             i = web.input()
             if i.password == '':
                 raise web.seeother('/tuning?fail=nopass')
             bildadmins = bildhistoriker()
             for p in bildadmins:
                 print(p)
                 if p.name == session.user:
                     if bcrypt.checkpw(i.password.encode('utf-8'), p.password):
                         #check if display name taken
                         b_displayname = bildhistoriker()
                         for a in b_displayname:
                             if i.user in a.displayname and a.name != session.user:
                                 raise web.seeother('/tuning?fail=nametaken')
                             if i.mail in a.mail and i.mail != p.mail:
                                 raise web.seeother('/tuning?fail=mailtaken')
                         if i.newpassword != '':
                             if i.newpassword != i.newpassword2:
                                 raise web.seeother('/tuning?fail=newpass')
                             if len(i.newpassword) < 5:
                                 raise web.seeother('/tuning?fail=kortlosen')
                             else:
                                 #update with password change
                                 password = i.newpassword.encode("utf-8")
                                 salt = bcrypt.gensalt()
                                 password_hashed = bcrypt.hashpw(password, salt)
                                 db.update('bildadmin', where='name="'+session.user+'"', displayname=i.user, password=password_hashed, mail=i.mail.lower(), subscribe=i.subscribe)
                                 return web.seeother('/tuning?upd=yes')
                         if '@' not in i.mail:
                             raise web.seeother('/tuning?fail=notmail')
                         #update without passwordchange
                         db.update('bildadmin', where='name="'+session.user+'"', displayname=i.user, mail=i.mail.lower(), subscribe=i.subscribe)
                         return web.seeother('/tuning?upd=yes')
                     else:
                         raise web.seeother('/tuning?fail=wrongpass')
 
 class bilder():
     def GET(self):
         bildpersida = 100
         i = web.input()
         try:
             bilder_totalt = db.query("SELECT COUNT(*) AS bilder FROM bilder")[0]
             tot = int(bilder_totalt.bilder)
             print('bilder alltsomallt: ' + str(tot))
         except:
             print("inga bilder")
             tot = 0
         print('session search: ' + session.search)
         try:
             if i.search == '':
                 session.search = ''
                 session.bildsida = 0
             elif i.search != "":
                 session.search = urllib.parse.unquote_plus(i.search)
                 session.bildsida = 0
         except:
             pass
         if session.search != '':
             search_result = []
             tot = 0
             b1, b2, b3, b4, b5, = 0,0,0,0,0
             try:
                 search_result.append(db.query("SELECT * FROM bilder WHERE personer LIKE '%"+session.search+"%';"))
                 tot = db.query("SELECT Count(*) AS bilder FROM bilder WHERE personer LIKE '%"+session.search+"%';")[0]
                 b1 = tot.bilder
             except:
                 pass
             try:
                 search_result.append(db.query("SELECT * FROM bilder WHERE fotograf LIKE '%"+session.search+"%';"))
                 tot = db.query("SELECT Count(*) AS bilder FROM bilder WHERE fotograf LIKE '%"+session.search+"%';")[0]
                 b2 = tot.bilder
             except:
                 pass
             try:
                 search_result.append(db.query("SELECT * FROM bilder WHERE plats LIKE '%"+session.search+"%';"))
                 tot = db.query("SELECT Count(*) AS bilder FROM bilder WHERE plats LIKE '%"+session.search+"%';")[0]
                 b3 = tot.bilder
             except:
                 pass
             try:
                 search_result.append(db.query("SELECT * FROM bilder WHERE titel LIKE '%"+session.search+"%';"))
                 tot = db.query("SELECT Count(*) AS bilder FROM bilder WHERE titel LIKE '%"+session.search+"%';")[0]
                 b4 = tot.bilder
             except:
                 pass
             try:
                 search_result.append(db.query("SELECT * FROM bilder WHERE year LIKE '%"+session.search+"%';"))
                 tot = db.query("SELECT Count(*) AS bilder FROM bilder WHERE year LIKE '%"+session.search+"%';")[0]
                 b5 = tot.bilder
             except:
                 pass
             tot = b1 + b2 + b3 + b4 + b5
             try:
                 print(search_result)
                 print('sökta bilder: ' + str(tot))
             except:
                 pass
         try:
             if i.page == "next":
                 if session.bildsida < tot:
                     session.bildsida += bildpersida
             if i.page == "back":
                 if session.bildsida > bildpersida:
                     session.bildsida -= bildpersida
                 else:
                     session.bildsida = 0
         except:
             pass
         if session.login > 1:
             limit = session.bildsida + bildpersida
             offset = session.bildsida
             print(session.bildsida)
             if session.search == '':
                 bilder = db.query("SELECT * FROM bilder ORDER BY uploaddate DESC LIMIT " + str(limit) + " OFFSET " + str(offset))
             else:
                 bilder = search_result
             if session.login > 3:
                 try:
                     if i.delete != '':
                         return web.seeother('/remove/' + i.delete)
                 except:
                     pass
                 rights = 'admin'
             elif session.login > 2:
                 rights = 'mod'
             elif session.login > 1:
                 rights = 'byyssare'
 
             return render.bilder(bilder, rights, session.user, tot, limit, bildpersida, session.search, db, str, print)
         else:
             return web.seeother('/login')
 
 class remove():
     def GET(self, imghash):
         if session.login > 1:
             referer = web.ctx.env.get('HTTP_REFERER', 'none')
             i = web.input(sure=None)
             if i.sure == 'yes':
                 db.delete('bilder', where='filename="' + imghash + '"')
                 db.delete('allaversioner', where='filename="' + imghash + '"')
                 db.delete('likes', where='bild="' + imghash + '"')
                 db.delete('hates', where='bild="' + imghash + '"')
                 db.delete('bildkommentar', where='filename="' + imghash + '"')
                 return web.seeother('/bilder')
             return render.remove(imghash, referer)
 
 class upload():
     def GET(self):
         if session.login == 2:
             session.backurl = '/upload'
             return web.seeother('register')
         elif session.login > 2:
             return render.upload()
         else:
             return web.seeother('/login')
     def POST(self):
         if session.login > 2:
             i = web.input(imgfile={},edit=None)
             for p in i:
                 print(p)
             if i.edit != None:
                 imgname=i.edit
                 if '.jpg' in i.edit:
                     imghash=i.edit.replace('.jpg','')
                 elif '.jpeg' in i.edit:
                     imghash=i.edit.replace('.jpeg','')
             else:
                 imghash = hashlib.md5(str(random.getrandbits(256)).encode('utf-8')).hexdigest()
                 imgname = imghash + '.jpeg'
             if i.imgfile != {}:
                 print(i.imgfile.filename)
                 if i.imgfile.filename == '':
                     print('hmmm... no image to upload')
                     raise web.seeother('/upload?fail=noimg')
                 print('YEAH, Upload image!')
 
                 ##---------- UPLOAD IMAGE ----------
 
                 imgdir = basedir + '/public_html/static/bilder/'
                 imgpath=i.imgfile.filename.replace('\\','/') # replaces the windows-style slashes with linux ones.
                 #filename=filepath.split('/')[-1] # splits the and chooses the last part (the filename with extension)
 
                 #imgname = str(len(os.listdir(imgdir))).zfill(3) + '.jpeg'
                 fout = open(imgdir +'/'+ imgname,'wb') # creates the file where the uploaded file should be stored
                 fout.write(i.imgfile.file.read()) # writes the uploaded file to the newly created file.
                 fout.close() # closes the file, upload complete.
 
                 ##---------- OPEN FILE & CHEKC IF JPEG --------
                 image = Image.open(imgdir +'/'+ imgname)
                 if image.format != 'JPEG':
                     os.remove(imgdir +'/'+ imgname)
                     raise web.seeother('/upload?fail=notjpeg')
 
                 ##---------- RESIZE IMAGE -----------
                 image.thumbnail((900,900), Image.ANTIALIAS)
                 image.save(imgdir + '/web/' + imgname)
                 image.thumbnail((300,300), Image.ANTIALIAS)
                 image.save(imgdir + '/thumb/' + imgname)
                 if i.edit != None:
                     db.insert('bilder', filename=imghash, uploaddate=datetime.datetime.now(), uppladdare=session.user, lastmod=datetime.datetime.now(), moddedby=session.user)
                 raise web.seeother('/bildinfo/' + imghash)
             else:
                 return render.upload()
         else:
             session.backurl = '/upload'
             return render.register()
 
 class bildinfo():
     form = web.form.Form(
     web.form.Textbox('titel', web.form.notnull, description="Bild titel:"),
     web.form.Textbox('year', web.form.notnull, description="År:"),
     web.form.Textbox('fotograf', web.form.notnull, description="Fotograf:"),
     web.form.Textbox('plats', web.form.notnull, description="Plats:"),
     web.form.Textarea('beskrivning', web.form.notnull, description="Beskrivning:"),
     web.form.Textarea('personer', web.form.notnull, description="Personer fr.v. (lägg ett komma mellan varje typ):"),
     web.form.Button('Spara'))
     def GET(self, imghash):
         if session.login > 2:
             infoform = self.form()
             v = web.input()
             if v:
                 oldinfo = db.select('allaversioner', where="id='" + v.id +"'", what='titel, year, fotograf, beskrivning, personer, moddedby, lastmod, plats')
             else:
                 oldinfo = db.select('bilder', where="filename='" + imghash +"'", what='titel, year, fotograf, beskrivning, personer, moddedby, lastmod, plats')
             oldinfo = oldinfo[0]
             allaversioner = db.select('allaversioner', where="filename='" + imghash +"'", what='id, moddedby, lastmod', order='id DESC')
             infoform.fill(titel=oldinfo.titel, year=oldinfo.year, fotograf=oldinfo.fotograf, plats=oldinfo.plats, beskrivning=oldinfo.beskrivning, personer=oldinfo.personer)
 
             return render.bildinfo(infoform, imghash, oldinfo.moddedby, oldinfo.lastmod, allaversioner)
         else:
             session.backurl = '/bildinfo/' + imghash
             return web.seeother("/register")
     def POST(self, imghash):
         ip = web.ctx['ip']
         referer = web.ctx.env.get('HTTP_REFERER','https://bygdis.fi')
         stopflood(ip, referer)
         if session.login > 2:
             i = web.input()
             db.update('bilder', where="filename='" + imghash +"'", titel=i.titel, year=i.year, fotograf=i.fotograf, plats=i.plats, beskrivning=i.beskrivning, personer=i.personer, lastmod=datetime.datetime.now(), moddedby=session.user)
             db.insert('allaversioner', filename=imghash, titel=i.titel, year=i.year, fotograf=i.fotograf, plats=i.plats, beskrivning=i.beskrivning, personer=i.personer, lastmod=datetime.datetime.now(), moddedby=session.user)
             return web.seeother('/bildinfo/' + imghash)
 
 class bild():
     form = web.form.Form(
     web.form.Textarea('kommentar', web.form.notnull, description=""),
     web.form.Button('kommentera'))
     def GET(self, imghash):
         i = web.input(unlike=None, like=None, hate=None, unhate=None)
         kform = self.form()
         if session.login > 1:
             l = db.query("SELECT * FROM likes WHERE bild='"+imghash+"' AND user='"+session.user+"';")
             h = db.query("SELECT * FROM hates WHERE bild='"+imghash+"' AND user='"+session.user+"';") 
             if l:
                 user_likes = True
             else:
                 user_likes = False
             if h:
                 user_hates = True
             else:
                 user_hates = False
             try:
                 if i.delete != '':
                     allow_del = db.select('bildkommentar', where="id='"+i.delete+"'", what='user')[0]
                     print(allow_del)
                     if allow_del.user == session.user:
                         db.delete('bildkommentar', where='id="' + i.delete + '"')
             except:
                 print('something wrong with input in class bild, så att du veit')
             if i.like != None and user_likes == False:
                 db.insert('likes', user=session.user, bild=imghash, datum=datetime.datetime.now())
                 user_likes = True
             elif i.unlike != None and user_likes == True:
                 db.query("DELETE FROM likes WHERE bild='"+imghash+"' AND user='"+session.user+"';")
                 user_likes = False
             if i.hate != None and user_hates == False:
                 db.insert('hates', user=session.user, bild=imghash, datum=datetime.datetime.now())
                 user_hates = True
             elif i.unhate != None and user_hates == True:
                 db.query("DELETE FROM hates WHERE bild='"+imghash+"' AND user='"+session.user+"';")
                 user_hates = False
             likes = db.query("SELECT Count(*) AS likes FROM likes WHERE bild='"+imghash+"';")[0]
             hates = db.query("SELECT Count(*) AS hates FROM hates WHERE bild='"+imghash+"';")[0]
             b = db.select('bilder', where="filename='" + imghash +"'", what='titel, year, fotograf, plats, beskrivning, personer, moddedby, lastmod, uppladdare')[0]
             text = db.select('allaversioner', where="filename='" + imghash +"'", what='moddedby')
             comments = db.select('bildkommentar', where="filename='" + imghash +"'", what='id, user, comment, upvotes, datumtid', order='datumtid DESC')
             try:
                 personer = b.personer.replace(', ', ',').split(',')
             except:
                 personer = ''
             back_next = db.query('SELECT prev, next from (SELECT id, LAG(filename) OVER (ORDER BY id) AS next, filename, LEAD(filename) OVER (ORDER BY id) AS prev FROM bilder) AS t WHERE filename="'+imghash+'";')[0]
             print(back_next)
             return render.bild(b, imghash, personer, kform, comments, session.user, user_likes, likes, user_hates, hates, back_next, text, getdisplayname)
         else:
             session.backurl="/bild/"+imghash
             raise web.seeother("/login")
     def POST(self, imghash):
         ip = web.ctx['ip']
         referer = web.ctx.env.get('HTTP_REFERER','https://bygdis.fi')
         stopflood(ip, referer)
         komm = self.form()
         if session.login > 1:
             i = web.input()
             if i.kommentar != '':
                 db.insert('bildkommentar', filename=imghash, user=session.user, comment=i.kommentar, datumtid=datetime.datetime.now())
             raise web.seeother("/bild/"+imghash+"#comments")
 
 class senaste():
     def GET(self):
         if session.login > 1:
             comments = db.select('bildkommentar', what='id, filename, user, comment, upvotes, datumtid', order='datumtid DESC')
             b = db.select('bilder', what='filename, titel, year, fotograf, plats, beskrivning, personer, moddedby, lastmod, uppladdare, uploaddate', order='lastmod DESC')
             binfo = db.select('allaversioner', what='filename, titel, year, fotograf, plats, beskrivning, personer, moddedby, lastmod, uppladdare, uploaddate', order='lastmod DESC')
             return render.senaste(b, comments, binfo, getdisplayname)
 
 class logout():
     def GET(self):
         session.login = 1
         session.backurl = ''
         session.user = ''
         session.bildsida = 0
         print(session.login)
         raise web.seeother('/')
 
 class index():
     def GET(self):
         upcomingevents = getkalender()
         if session.login > 1:
             displayname = db.query("SELECT displayname FROM bildadmin WHERE name='"+session.user+"';")[0]
         else:
             displayname = ''
         return render2.index(upcomingevents, displayname)
 
 class old():
     def GET(self):
         oldevents = getkalenderall()
         return render2.old(oldevents)
 
 class nope():
     def GET(self):
         #print curdate()
         return render.nope()
 
 class protokoll():
     form = web.form.Form(
     web.form.Textarea('protokoll', web.form.notnull, description=""),
     web.form.Button('spara'))
     def GET(self):
         if session.login == 5:
             protokoll_edit = self.form()
             webdata = web.input(year=None, nr=0, cp=None, rm=None, pdf=None)
             view = ''
             years = os.listdir(basedir + '/protokoll/')
             years.remove('.gitignore')
             years.sort()
             if webdata.year:
                 protokoll = getprotokoll(webdata.year)
                 if webdata.cp == "protokoll":
                     print('copy protokoll')
                     os.system("cp "+basedir + '/protokoll/' + webdata.year + '/' + protokoll[int(webdata.nr)] +' '+basedir+'/protokoll/'+webdata.year+'/0'+str(len(protokoll))+'.md')
                     protokoll = getprotokoll(webdata.year)
                 if webdata.rm == "protokoll":
                     print('remove protokoll')
                     os.system("rm "+basedir + '/protokoll/' + webdata.year + '/' + protokoll[int(webdata.nr)])
                     raise web.seeother('/protokoll?year='+webdata.year)
             else:
                 protokoll = []
             if len(protokoll) > 0:
                 #make html from markdown
                 pandoc_html = ['pandoc', basedir + '/protokoll/' + webdata.year + '/' + protokoll[int(webdata.nr)], '-f', 'markdown', '-t', 'html']
                 #make pdf from markdown
                 viewfile = subprocess.check_output(pandoc_html)
                 view = viewfile.decode()
                 if webdata.pdf == "protokoll":
                     randhash = hashlib.md5(str(random.getrandbits(256)).encode('utf-8')).hexdigest()
                     pandoc_pdf = ['pandoc', '--verbose', basedir + '/protokoll/' + webdata.year + '/' + protokoll[int(webdata.nr)], '-f', 'markdown', '-V', 'papersize:a4', '-V', 'geometry:margin=0.8in','-s', '-o', basedir + '/public_html/static/pdf/'+randhash+'.pdf']
                     process=subprocess.Popen(pandoc_pdf, cwd=basedir + '/public_html/static/pdf/')
                     process.wait()
                     raise web.seeother('/static/pdf/'+randhash+'.pdf?nocache='+randhash)
                 #read protokoll
                 read_p=basedir + '/protokoll/' + webdata.year + '/' + protokoll[int(webdata.nr)]
                 with open(read_p, 'r') as file:
                     p_list=file.readlines()
                 pr=''
                 for p in p_list:
                     pr=pr+p
                 protokoll_edit.fill(protokoll=pr)
             return render3.protokoll(webdata.year, years, protokoll, view, protokoll_edit, webdata.nr)
         else:
             raise web.seeother('/login')
     def POST(self):
         if session.login == 5:
             i = web.input(year=None, nr=0, cp=None)
             protokoll = []
             if i.year != None:
                 protokoll = getprotokoll(i.year)
             write_p=basedir + '/protokoll/' + i.year + '/' + protokoll[int(i.nr)]
             if i.protokoll:
                 with open(write_p, 'w') as file:
                     file.write(i.protokoll)
             print('ADDDDDDDDDDDDDING TO database post ' + i.protokoll)
             raise web.seeother('/protokoll?year='+str(i.year)+'&nr='+str(i.nr))
         else:
             raise web.seeother('/login')
 
 
 class protokollredirect():
     def GET(self):
         raise web.seeother('/protokoll/')
 
 application = app.wsgifunc()