Use Flask sessions to keep track of whether a user is logged in, and what their current role is.

by

Background
Trees and hedges are a key part of many suburban homeowners’ gardens, but can be a common
source of conflict between neighbours: from leaves dropping over fences, to damage caused by roots,
to blocked views, it seems like neighbours are forever fighting about trees. One group of avid home
gardeners started a thread on popular forum site Reddit to discuss these issues, in the hope of
helping tree-loving homeowners resolve disputes without the use of a chainsaw. However, Reddit
didn’t reach as wide of an audience as they were hoping for. The group would like to start their own
simple forum or “message board” where anyone can sign up, post messages to the community, and
reply to messages posted by others. Your goal is to implement this message board: a very simplified
version of sites like Reddit (https://www.reddit.com) or Stack Overflow (https://stackoverflow.com)
designed specifically to facilitate discussion around tree-related issues.

• User Roles:
o Define three roles: Member, Moderator, and Admin (administrator).
• Session Handling and Access Control:
o Use Flask sessions to keep track of whether a user is logged in, and what their current role is.
o Implement a system to limit access to certain pages or features based on the user’s role.

• Responsive Design:
o The web app should adapt to different screen sizes.
o Use Bootstrap to create a responsive UI.
• Theming:
o Style your web app to match the tree theme.
o Choose an appropriate name for your app (e.g. “Tree Talk”).

Home page
• Requirements:
o Include the name of the message board.
o Provide links for login and registration.

Registration
• New Member Registration:
o Allow new members to register and create their own account.
o New users should always be registered as a member: people should not be able to register
themselves as a moderator or admin.
• Required Details:
o Collect username, email, password, first name, last name, date of birth, and location (users
can choose how to represent their location: for example, they may enter “USA”,
“Chicago”, “Kuala Lumpur, Malaysia”, “UK”, “Singapore”, etc).
o All fields should be required.
o Date should be in Day/Month/Year format.
• Username and Password:
o Ensure usernames are unique (i.e. no two accounts can have the same username).
o Passwords should be at least 8 characters long with a mix of character types. Make these
constraints clear to users during registration.
o Do not store users’ passwords directly in the database. Instead, hash passwords using the
flask_hashing library with a salt value, and store those hashes.
• Default Settings:
o Set each new member’s role to “member” and their status to “active”.

ROLE-SPECIFIC FUNCTIONS
Login: Use password hashing and salting. Create one login form for all
users (i.e. members, moderators, and admins should all log in
using the same form, without having to specify their role).
Member ✔
Moderator ✔
Admin user ✔

Logout
Member ✔
Moderator ✔
Admin user ✔

View messages, post new messages, and post replies to existing
messages on the message board.
Member ✔
Moderator ✔
Admin user ✔

Delete own messages and own replies
Members should not be able to delete messages or replies posted
by other users, with one exception: when a member deletes one of
their own messages, the whole “thread” should be deleted (a
“thread” includes the original message, and all replies: including
replies from other users). To prevent accidental deletion, some
kind of confirmation should be required when deleting messages.
Member ✔
Moderator ✔
Admin user ✔

View and edit own profile details (email, first name, last name,
date of birth, and location).
Member ✔
Moderator ✔
Admin user ✔

View, replace, and remove own profile image
Member ✔
Moderator ✔
Admin user ✔

Change own password
Make sure the same password constraints you apply to new
passwords during registration are also applied here, and that the
new password is not the same as the current password.
Member ✔
Moderator ✔
Admin user ✔

Moderate messages and replies: delete any specific message
thread or individual reply, posted by any user (including members,
moderators, or admins). Like when members delete messages,
some kind of confirmation should be necessary when deleting.
Moderator ✔
Admin user ✔

View and search the list of all users and view user profile details
Username, first name, and last name should all be searchable.
Admin user ✔

Change user status (active/inactive)
Admin user ✔

Change user role: set any user to be a member, moderator, or
admin (e.g. promote an existing member to be a moderator)
Admin user ✔

• Database and Table Creation
o Create your own scriipt to set up the database and tables based on the ERD (Entity
Relationship Diagram) in Figure 1.

• Database Population
o Create your own scriipt to populate the database with initial test data.
o Store salted password hashes in the database, not actual passwords.
o Include at least 20 members, 5 moderators, and 2 administrators.
o Add at least 20 messages and 10 replies in total. You may use generative AI to create
messages. This is the only allowed use of generative AI in this assignment. You may not use
generative AI to create the database scriipt itself: only to create realistic example messages
and replies to include in your scriipt.

• File Inclusion
o You must include both the database creation scriipt and the database population scriipt in
your GitHub repository and on PythonAnywhere.

Tip: To generate hashed passwords for your database population scriipt, use the supplied
password_hash_generator.py file. You will need to install the flask_hashing library using pip.
Make sure you follow all instructions given in the scriipt, and ensure each user has a unique password.
The password_hash field in the users table is the right size to store the default type of hash produced by
the flask_hashing library: SHA-256, encoded in hexadecimal (64 characters, representing 32 bytes).
Note: This database design assumes that each user’s profile image will be stored as a static file, and the
profile_image column of the users table will contain the filename. Images themselves are not stored in
the database. We chose this approach because it simplifies the deployment of your app to PythonAnywhere.

2. GITHUB REPOSITORY
• Create a new private repository named “Tree_Message_Board”.
o Add a README file with detailed instructions on how to deploy and use your web app,
including any setup or configuration steps required.
o Ensure your repository has a .gitignore file to exclude the virtual environment.
• Include the following in your repository:
o All Python, HTML, image files, and any other necessary files for the web app.
o A requirements.txt file listing all required pip packages.
o Two MySQL scriipts: one for database creation and one for record population.

Last Completed Projects

topic title academic level Writer delivered