Weasyl · charmander · Apr 17, 2020 · Feb 17, 2020
diff --git a/weasyl/controllers/admin.py b/weasyl/controllers/admin.py
@@ -75,8 +75,7 @@ def site_update_put_(request):
 
 @admin_only
 def admincontrol_manageuser_get_(request):
-    form = request.web_input(name="")
-    otherid = profile.resolve(None, None, form.name)
+    otherid = profile.resolve(None, None, request.params.get('name', ''))
 
     if not otherid:
         raise WeasylError("userRecordMissing")
@@ -92,32 +91,28 @@ def admincontrol_manageuser_get_(request):
 @admin_only
 @token_checked
 def admincontrol_manageuser_post_(request):
-    form = request.web_input(ch_username="", ch_full_name="", ch_catchphrase="", ch_email="",
-                             ch_birthday="", ch_gender="", ch_country="", remove_social=[])
-    userid = d.get_int(form.userid)
+    userid = d.get_int(request.params.get('userid', ''))
 
     if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
         raise WeasylError('InsufficientPermissions')
 
     profile.do_manage(request.userid, userid,
-                      username=form.username.strip() if form.ch_username else None,
-                      full_name=form.full_name.strip() if form.ch_full_name else None,
-                      catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
-                      birthday=form.birthday if form.ch_birthday else None,
-                      gender=form.gender if form.ch_gender else None,
-                      country=form.country if form.ch_country else None,
-                      remove_social=form.remove_social,
-                      permission_tag='permission-tag' in form)
+                      username=request.params.get('username', '').strip() if 'ch_username' in request.params else None,
+                      full_name=request.params.get('full_name', '').strip() if 'ch_full_name' in request.params else None,
+                      catchphrase=request.params.get('catchphrase', '').strip() if 'ch_catchphrase' in request.params else None,
+                      birthday=request.params.get('birthday', '') if 'ch_birthday' in request.params else None,
+                      gender=request.params.get('gender', '') if 'ch_gender' in request.params else None,
+                      country=request.params.get('country', '') if 'ch_country' in request.params else None,
+                      remove_social=request.params.getall('remove_social'),
+                      permission_tag='permission-tag' in request.params)
     raise HTTPSeeOther(location="/admincontrol")
 
 
 @admin_only
 @token_checked
 def admincontrol_acctverifylink_(request):
-    form = request.web_input(username="", email="")
-
     token = login.get_account_verification_token(
-        username=form.username, email=form.email)
+        username=request.params.get('username', ''), email=request.params.get('email', ''))
 
     if token:
         return Response(d.webpage(request.userid, "admincontrol/acctverifylink.html", [token]))
@@ -174,17 +169,28 @@ def admincontrol_finduser_get_(request):
 @admin_only
 @token_checked
 def admincontrol_finduser_post_(request):
-    form = request.web_input(userid="", username="", email="", excludebanned="", excludesuspended="", excludeactive="",
-                             dateafter="", datebefore="", row_offset=0, ipaddr="")
-
+    row_offset = int(request.params.get('row_offset', 0))
     # Redirect negative row offsets (PSQL errors on negative offset values)
-    if int(form.row_offset) < 0:
+    if row_offset < 0:
         raise HTTPSeeOther("/admincontrol/finduser")
 
+    form = {
+        'targetid': request.params.get('targetid', ''),
+        'username': request.params.get('username', '').strip(),
+        'email': request.params.get('email', '').strip(),
+        'excludebanned': request.params.get('excludebanned', ''),
+        'excludesuspended': request.params.get('excludesuspended', ''),
+        'excludeactive': request.params.get('excludeactive', ''),
+        'dateafter': request.params.get('dateafter', ''),
+        'datebefore': request.params.get('datebefore', ''),
+        'ipaddr': request.params.get('ipaddr', ''),
+        'row_offset': row_offset,
+    }
+
     return Response(d.webpage(request.userid, "admincontrol/finduser.html", [
         # Search results
-        moderation.finduser(request.userid, form),
+        moderation.finduser(**form),
         # Pass the form and row offset in to enable pagination
         form,
-        int(form.row_offset)
+        row_offset
     ], title="Search Users: Results"))
diff --git a/weasyl/moderation.py b/weasyl/moderation.py
@@ -287,13 +287,14 @@ def get_suspension(userid):
                             user=userid).first()
 
 
-def finduser(userid, form):
-    form.userid = d.get_int(form.userid)
+def finduser(targetid, username, email, dateafter, datebefore, excludesuspended, excludebanned, excludeactive, ipaddr,
+             row_offset):
+    targetid = d.get_int(targetid)
 
     # If we don't have any of these variables, nothing will be displayed. So fast-return an empty list.
-    if not form.userid and not form.username and not form.email and not form.dateafter \
-            and not form.datebefore and not form.excludesuspended and not form.excludebanned \
-            and not form.excludeactive and not form.ipaddr:
+    if not targetid and not username and not email and not dateafter \
+            and not datebefore and not excludesuspended and not excludebanned \
+            and not excludeactive and not ipaddr:
         return []
 
     lo = d.meta.tables['login']
@@ -341,53 +342,48 @@ def finduser(userid, form):
     # Is there a better way to only select unique accounts, when _also_ joining sessions? This _does_ work, though.
     q = q.distinct(lo.c.login_name)
 
-    if form.userid:
-        q = q.where(lo.c.userid == form.userid)
-    elif form.username:
-        q = q.where(lo.c.login_name.op('~')(form.username))
-    elif form.email:
+    if targetid:
+        q = q.where(lo.c.userid == targetid)
+    elif username:
+        q = q.where(lo.c.login_name.op('~')(username))
+    elif email:
         q = q.where(d.sa.or_(
-            lo.c.email.op('~')(form.email),
-            lo.c.email.op('ilike')('%%%s%%' % form.email),
+            lo.c.email.op('~')(email),
+            lo.c.email.op('ilike')('%%%s%%' % email),
         ))
 
     # Filter for banned and/or suspended accounts
-    if form.excludeactive == "on":
+    if excludeactive == "on":
         q = q.where(is_banned | is_suspended)
-    if form.excludebanned == "on":
+    if excludebanned == "on":
         q = q.where(~is_banned)
-    if form.excludesuspended == "on":
+    if excludesuspended == "on":
         q = q.where(~is_suspended)
 
     # Filter for IP address
-    if form.ipaddr:
+    if ipaddr:
         q = q.where(d.sa.or_(
-            lo.c.ip_address_at_signup.op('ilike')('%s%%' % form.ipaddr),
-            sess.c.ip_address.op('ilike')('%s%%' % form.ipaddr)
+            lo.c.ip_address_at_signup.op('ilike')('%s%%' % ipaddr),
+            sess.c.ip_address.op('ilike')('%s%%' % ipaddr)
         ))
 
     # Filter for date-time
-    if form.dateafter and form.datebefore:
-        q = q.where(d.sa.between(pr.c.created_at, arrow.get(form.dateafter).datetime, arrow.get(form.datebefore).datetime))
-    elif form.dateafter:
-        q = q.where(pr.c.created_at >= arrow.get(form.dateafter).datetime)
-    elif form.datebefore:
-        q = q.where(pr.c.created_at <= arrow.get(form.datebefore).datetime)
+    if dateafter and datebefore:
+        q = q.where(d.sa.between(pr.c.created_at, arrow.get(dateafter).datetime, arrow.get(datebefore).datetime))
+    elif dateafter:
+        q = q.where(pr.c.created_at >= arrow.get(dateafter).datetime)
+    elif datebefore:
+        q = q.where(pr.c.created_at <= arrow.get(datebefore).datetime)
 
     # Apply any row offset
-    if form.row_offset:
-        q = q.offset(form.row_offset)
+    if row_offset:
+        q = q.offset(row_offset)
 
     q = q.limit(250).order_by(lo.c.login_name.asc())
     db = d.connect()
     return db.execute(q)
 
 
-# form
-#   mode        reason
-#   userid      release
-#   username
-
 _mode_to_action_map = {
     'b': 'ban',
     's': 'suspend',

diff --git a/weasyl/templates/admincontrol/finduser.html b/weasyl/templates/admincontrol/finduser.html
@@ -10,7 +10,7 @@ <h3>Search Criteria</h3>
         $:{CSRF()}
 
         <label for="adminsearchid">UserID:</label>
-        <input type="text" class="input" name="userid" id="adminsearchid" />
+        <input type="text" class="input" name="targetid" id="adminsearchid" />
 
         <label for="adminsearchuser">Username:</label>
         <input type="text" class="input" name="username" id="adminsearchuser" />
@@ -94,15 +94,15 @@ <h3>Search Results - ${query.rowcount} Accounts Found</h3>
       </table>
       <form action="/admincontrol/finduser" method="post">
         $:{CSRF()}
-        <input type="hidden" name="userid" value="${form.userid if form.userid != 0 else None}" />
-        <input type="hidden" name="username" value="${form.username}" />
-        <input type="hidden" name="email" value="${form.email}" />
-        <input type="hidden" name="excludebanned" ${'value=on' if form.excludebanned == "on" else ''} />
-        <input type="hidden" name="excludesuspended" ${'value=on' if form.excludesuspended == "on" else ''} />
-        <input type="hidden" name="excludeactive" ${'value=on' if form.excludeactive == "on" else ''} />
-        <input type="hidden" name="dateafter" value="${form.dateafter}" />
-        <input type="hidden" name="datebefore" value="${form.datebefore}" />
-        <input type="hidden" name="ipaddr" value="${form.ipaddr}" />
+        <input type="hidden" name="targetid" value="${form['targetid'] if form['targetid'] != 0 else None}" />
+        <input type="hidden" name="username" value="${form['username']}" />
+        <input type="hidden" name="email" value="${form['email']}" />
+        <input type="hidden" name="excludebanned" ${'value=on' if form['excludebanned'] == "on" else ''} />
+        <input type="hidden" name="excludesuspended" ${'value=on' if form['excludesuspended'] == "on" else ''} />
+        <input type="hidden" name="excludeactive" ${'value=on' if form['excludeactive'] == "on" else ''} />
+        <input type="hidden" name="dateafter" value="${form['dateafter']}" />
+        <input type="hidden" name="datebefore" value="${form['datebefore']}" />
+        <input type="hidden" name="ipaddr" value="${form['ipaddr']}" />
         <div class="clear">
           $if row_offset > 0:
             <button class="button" name="row_offset" value=${row_offset - 250}>Previous 250</button>