{title}

from flask import Flask, request, render_template, session, redirect import os import markdown import bleach import re from werkzeug.security import generate_password_hash, check_password_hash import secrets from flask import make_response, jsonify import time from datetime import datetime START_TIME = time.time() # Active sessions will be stored as { session_id: last_activity_timestamp } ACTIVE_SESSIONS = {} if not os.path.exists("posts"): os.mkdir("posts") if not os.path.exists("users"): os.mkdir("users") id = max([int(f) for f in os.listdir("posts/") if f.isdigit()] + [-1]) + 1 app = Flask(__name__) app.config.update( SESSION_COOKIE_NAME="potato_session", SESSION_COOKIE_HTTPONLY=True, # cannot be accessed by JS SESSION_COOKIE_SECURE=True, # set True if using HTTPS SESSION_COOKIE_SAMESITE="Lax", # protects against CSRF PERMANENT_SESSION_LIFETIME=60*60*24*7 # 7 days ) from werkzeug.middleware.proxy_fix import ProxyFix app.wsgi_app = ProxyFix(app.wsgi_app, x_for=2, x_proto=1, x_host=1, x_port=1) app.secret_key = os.environ.get("POTATO_SECRET_KEY") or secrets.token_hex(64) @app.before_request def track_activity(): # Use the session cookie itself or the username as a key user = session.get("user") or request.remote_addr ACTIVE_SESSIONS[user] = time.time() # Optional: Clean up sessions older than 15 minutes to keep count accurate cutoff = time.time() - (15 * 60) expired = [k for k, v in ACTIVE_SESSIONS.items() if v < cutoff] for k in expired: del ACTIVE_SESSIONS[k] VGA_PALETTE = [ "#000000", "#0000AA", "#00AA00", "#00AAAA", "#AA0000", "#AA00AA", "#AA5500", "#AAAAAA", "#555555", "#5555FF", "#55FF55", "#55FFFF", "#FF5555", "#FF55FF", "#FFFF55", "#FFFFFF" ] # Add this near the top with other os.mkdir calls if not os.path.exists("bans"): os.mkdir("bans") @app.before_request def check_banned(): ip = request.remote_addr if os.path.exists(f"bans/{ip}"): return "Your IP address is banned.", 403 def is_admin(): return session.get("user") == "owner" def link_pings(content): # Matches @ followed by alphanumeric characters return re.sub(r'@(\w+)', r'@\1', content) def render_pixel_art(username, size=32): path = f"users/{username}.pxl" pixels = bytes([77] * 128) if os.path.exists(path): with open(path, "rb") as f: pixels = f.read() grid_html = f'

' for byte in pixels: p1, p2 = (byte >> 4) & 0x0F, byte & 0x0F grid_html += f'

' grid_html += f'

' grid_html += '

' return grid_html def process_custom_syntax(content): content = re.sub(r"!audio\[(.*?)\]", r'

', content) content = re.sub(r"!video\[(.*?)\]", r'

', content) def yt_embed(match): link = match.group(1).strip() if "youtube.com/watch" in link or "youtu.be" in link: if "v=" in link: vid = link.split("v=")[1].split("&")[0] elif "youtu.be" in link: vid = link.split("/")[-1] else: vid = link else: vid = link return f'' content = re.sub(r"!yt\[(.*?)\]", yt_embed, content) return content def link_hashtags(content): return re.sub(r"#(\w+)", r"#\1", content) def sanitize_html(html): allowed_tags = bleach.sanitizer.ALLOWED_TAGS.union({ "p","br","hr","h1","h2","h3","h4","h5","h6", "ul","ol","li","strong","em","code","pre","blockquote", "audio","video","iframe","a","img", "span" }) # We allow the 'style' attribute globally for specific tags allowed_attrs = { "audio": ["src", "controls"], "video": ["src", "controls"], "iframe": ["src", "width", "height", "frameborder", "allowfullscreen"], "a": ["href"], "img": ["src", "class", "alt"], "span": ["style"] # This allows inline CSS like color } # Use bleach.clean without the 'styles' keyword to avoid the TypeError cleaned = bleach.clean( html, tags=allowed_tags, attributes=allowed_attrs, strip=True ) # Existing YouTube security filter cleaned = re.sub( r']+src="(?!https://www\.youtube\.com/embed/)[^"]*"[^>]*>', "", cleaned ) return cleaned def render_post_html(pid, author, content): avatar = render_pixel_art(author, size=24) # Small version for posts content = process_custom_syntax(content) content = link_hashtags(content) content = link_pings(content) html = markdown.markdown(content, extensions=["extra","sane_lists"], output_format="html5") html = sanitize_html(html) # --- LIKES LOGIC --- likes_file = f"posts/{pid}.likes" liked_users = set() if os.path.exists(likes_file): with open(likes_file, "r") as f: liked_users = set(line.strip() for line in f.readlines()) user = session.get("user") likes = len(liked_users) # FIX: Swapped 'btn-light border' for 'btn-outline-primary' to follow theme colors if user in liked_users: like_btn = f"❤️ Unlike" else: like_btn = f"👍 Like" return f'''

{avatar}@{author}

{html}

{likes} Likes

{like_btn} View Replies

''' def render_reply_html(pid, rid, author, content): avatar = render_pixel_art(author, size=24) content = process_custom_syntax(content) content = link_hashtags(content) html = markdown.markdown(content, extensions=["extra","sane_lists"], output_format="html5") html = sanitize_html(html) likes_file = f"posts/{pid}.replies/{rid}.likes" liked_users = set() if os.path.exists(likes_file): with open(likes_file, "r") as f: liked_users = set(line.strip() for line in f.readlines()) user = session.get("user") likes = len(liked_users) if user in liked_users: like_link = f"Remove Like" else: like_link = f"Like" return f"

{avatar}{author}: {html}
Likes: {likes} {like_link}

" @app.route("/") def homepage(): per_page = request.args.get('per_page', default=10, type=int) page = request.args.get('page', default=1, type=int) order = request.args.get('order', default='recent') # Get sort order all_post_ids = [int(f) for f in os.listdir("posts/") if f.isdigit()] # Pre-calculate likes if sorting by likes post_data = [] for pid in all_post_ids: likes_file = f"posts/{pid}.likes" count = 0 if os.path.exists(likes_file): with open(likes_file, "r") as f: count = len(f.readlines()) post_data.append({'id': pid, 'likes': count}) # Sort logic if order == 'likes': # Sort by likes descending, then by ID descending as a tie-breaker post_data.sort(key=lambda x: (x['likes'], x['id']), reverse=True) else: # Default: Sort by ID descending post_data.sort(key=lambda x: x['id'], reverse=True) sorted_ids = [p['id'] for p in post_data] total_posts = len(sorted_ids) # Handle Pinned Post (stays at the top regardless of sort) pinned_html = "" if os.path.exists("posts/pinned"): try: with open("posts/pinned", "r") as f: pinned_id = f.read().strip() if pinned_id.isdigit() and os.path.exists(f"posts/{pinned_id}"): if int(pinned_id) in sorted_ids: sorted_ids.remove(int(pinned_id)) with open(f"posts/{pinned_id}", "r") as f: raw = f.read() author, content = raw.split("|", 1) if "|" in raw else ("unknown", raw) pinned_html = f'''

📌 PINNED POST

{render_post_html(pinned_id, author, content)}

''' except Exception: pass # Pagination start_index = (page - 1) * per_page end_index = start_index + per_page page_post_ids = sorted_ids[start_index:end_index] posts = [] for pid in page_post_ids: try: with open(f"posts/{pid}", "r") as post: raw = post.read() author, content = raw.split("|", 1) if "|" in raw else ("unknown", raw) posts.append(render_post_html(pid, author, content)) except (FileNotFoundError, ValueError): continue user = session.get("user") posts_html = "".join([f'

{p}

' for p in posts]) # Sort Navigation UI sort_nav = f'''

Sort by: Recent | Most Liked

''' # Pagination UI prev_btn = f'

' if page > 1 else '' next_btn = f'

' if end_index < total_posts else '' pagination_html = f''' ''' search_bar = ''' ''' return render_ui_template("Feed", f"{search_bar}{sort_nav}{pinned_html}{posts_html}{pagination_html}", user) def render_ui_template(title, body_content, user): # Retrieve theme colors from cookies, falling back to defaults theme = { "bg": request.cookies.get("theme_bg", "#f8f9fa"), "card": request.cookies.get("theme_card", "#ffffff"), "text": request.cookies.get("theme_text", "#212529"), "primary": request.cookies.get("theme_primary", "#007bff"), "nav": request.cookies.get("theme_nav", "#ffffff") } auth_links = "" if user: # Inbox Notification Logic unread_total, _ = get_unread_count(user) badge = f' {unread_total}' if unread_total > 0 else "" # Admin Link for owner if user == "owner": auth_links += f'Admin' auth_links += f'Inbox{badge}' auth_links += f'Settings' # User branding auth_links += f''' ''' auth_links += 'Logout' else: auth_links += 'Settings' auth_links += 'Login' auth_links += 'Register' return f''' {title} - PotatoNetwork

Create Post

{body_content}

''' @app.route("/hashtag/") def hashtag_page(tag): order = request.args.get('order', default='recent') user = session.get("user") all_posts = [f for f in os.listdir("posts/") if f.isdigit()] matched_posts = [] for p in all_posts: with open(f"posts/{p}", "r") as f: raw = f.read() author, content = raw.split("|", 1) if "|" in raw else ("unknown", raw) if f"#{tag}" in content: # Count likes for sorting likes_file = f"posts/{p}.likes" like_count = 0 if os.path.exists(likes_file): with open(likes_file, "r") as f: like_count = len(f.readlines()) matched_posts.append({'id': p, 'author': author, 'content': content, 'likes': like_count}) # Sort matching posts if order == 'likes': matched_posts.sort(key=lambda x: (x['likes'], int(x['id'])), reverse=True) else: matched_posts.sort(key=lambda x: int(x['id']), reverse=True) posts_html = "" for p in matched_posts: posts_html += f'

{render_post_html(p["id"], p["author"], p["content"])}

' sort_nav = f'''

Sort by: Recent | Most Liked

''' body = f"

Posts tagged with #{tag}

{sort_nav}{posts_html}" return render_ui_template(f"#{tag}", body, user) @app.route("/user/") def user_page(username): order = request.args.get('order', default='recent') # user = session.get("user") # Gather only posts belonging to this specific user all_posts = [f for f in os.listdir("posts/") if f.isdigit()] user_posts = [] for p in all_posts: with open(f"posts/{p}", "r") as f: raw = f.read() if raw.startswith(username + "|"): _, content = raw.split("|", 1) # Count likes for sorting likes_file = f"posts/{p}.likes" like_count = 0 if os.path.exists(likes_file): with open(likes_file, "r") as f: like_count = len(f.readlines()) user_posts.append({ 'id': p, 'author': username, 'content': content, 'likes': like_count }) # Sort the user's posts if order == 'likes': user_posts.sort(key=lambda x: (x['likes'], int(x['id'])), reverse=True) else: user_posts.sort(key=lambda x: int(x['id']), reverse=True) posts_html = "" for p in user_posts: posts_html += f'

{render_post_html(p["id"], p["author"], p["content"])}

' # Bio logic bio = "" bio_path = f"users/{username}.bio" if os.path.exists(bio_path): with open(bio_path) as f: bio = f.read() bio_html = f"

{bio}

" if bio else "" # Action buttons logic message_button = "" if user and user != username: message_button += f"Message" elif user == username: message_button += f"Edit Bio - " message_button += f"Edit Avatar" # Sorting UI sort_nav = f'''

Sort posts by: Recent | Most Liked

''' body = f"""

Profile: {render_pixel_art(username, size=64)}@{username}

{message_button}

{bio_html}

{sort_nav} {posts_html} """ return render_ui_template(f"@{username}", body, user) @app.route("/register", methods=["GET","POST"]) def register(): if request.method == "POST": username = request.form.get("username", "").strip() password = request.form.get("password", "").strip() if not username.isalnum(): return "No special chars in usernames", 400 for i in ["admin","owner"]: if i in username.lower(): return "No impersonation", 400 if not username or not password: return "Missing fields", 400 if not username.isalnum(): return "Invalid username", 400 path = f"users/{username}" if os.path.exists(path): return "User exists", 400 with open(path, "w") as f: f.write(generate_password_hash(password)) # Log the registration IP with open(f"users/{username}.ip", "w") as f: f.write(request.remote_addr) session.permanent = True session["user"] = username return redirect("/welcome") body = '''

Join PotatoNetwork

Already have an account? Login

''' return render_ui_template("Register", body, None) @app.route("/login", methods=["GET","POST"]) def login(): if request.method == "POST": username = request.form.get("username", "").strip() password = request.form.get("password", "").strip() if not username.isalnum(): return "Stop hacking", 400 path = f"users/{username}" if not os.path.exists(path): return "Invalid credentials", 400 with open(path, "r") as f: stored = f.read() if not check_password_hash(stored, password): return "Invalid credentials", 400 # Update the last known IP with open(f"users/{username}.ip", "w") as f: f.write(request.remote_addr) session.permanent = True session["user"] = username return redirect("/") body = '''

Login to PotatoNetwork

New here? Register

''' return render_ui_template("Login", body, None) @app.route("/logout") def logout(): session.pop("user",None) return redirect("/") @app.route("/post/new", methods=["GET", "POST"]) def new_post(): global id user = session.get("user") if not user: return redirect("/login") if request.method == "POST": content = request.form.get("content", "").strip() if not content: return "Content required", 400 if len(content) > 2048: return "Too long, max 2048 chars", 400 with open(f"posts/{id}", "w") as post: post.write(f"{user}|{content}") id += 1 pings = re.findall(r'@(\w+)', content) for tagged_user in set(pings): if os.path.exists(f"users/{tagged_user}") and tagged_user != user: add_notification(tagged_user, user, id, type="ping") # Using a themed redirect message return render_ui_template("Success", 'Post created! Go back to feed', user) # The HTML content for the 'New Post' page body = f'''

Create a New Post

Tips:

You can use hashtags like #potatoes to categorize your post.
You can embed images with ![alt text](url).
You can embed YouTube videos with !yt[url].
See the full markdown format docs here.

''' return render_ui_template("New Post", body, user) @app.route("/post/view") def view_post(): pid = request.args.get('id', default="", type=str) order = request.args.get('order', 'recent') if not pid.isdigit(): return "Invalid ID", 400 try: with open(f"posts/{pid}", "r") as post: raw = post.read() author, content = raw.split("|", 1) if "|" in raw else ("unknown", raw) main_post_html = f'

{render_post_html(pid, author, content)}

' # Replies Logic reply_folder = f"posts/{pid}.replies" replies = [] if os.path.exists(reply_folder): for r in os.listdir(reply_folder): if not r.isdigit(): continue with open(f"{reply_folder}/{r}", "r") as f: r_raw = f.read() r_author, r_content = r_raw.split("|", 1) if "|" in r_raw else ("unknown", r_raw) # Count likes for reply l_file = f"{reply_folder}/{r}.likes" r_likes = len(open(l_file).readlines()) if os.path.exists(l_file) else 0 replies.append((int(r), r_likes, r_author, r_content)) replies.sort(key=lambda x: x[1] if order == 'likes' else x[0], reverse=True) replies_html = "" for r_id, _, r_auth, r_cont in replies: replies_html += f'

{render_reply_html(pid, r_id, r_auth, r_cont)}

' sort_nav = f'''

Replies

Sort: Recent | Likes

''' add_reply_btn = f'

Add a Reply

' return render_ui_template("View Post", f"{main_post_html}{sort_nav}{replies_html}{add_reply_btn}", session.get("user")) except FileNotFoundError: return "Post not found", 404 @app.route("/post/like/") def like_post(pid): user = session.get("user") if not user: return redirect("/login") likes_file = f"posts/{pid}.likes" liked_users = set() if os.path.exists(likes_file): with open(likes_file, "r") as f: liked_users = set(line.strip() for line in f.readlines()) if user in liked_users: return redirect(f"/post/view?id={pid}") liked_users.add(user) with open(likes_file, "w") as f: for u in liked_users: f.write(u + "\n") return redirect(f"/post/view?id={pid}") @app.route("/post/like//reply/") def like_reply(pid, rid): user = session.get("user") if not user: return redirect("/login") likes_file = f"posts/{pid}.replies/{rid}.likes" liked_users = set() if os.path.exists(likes_file): with open(likes_file, "r") as f: liked_users = set(line.strip() for line in f.readlines()) if user in liked_users: return redirect(f"/post/view?id={pid}") liked_users.add(user) with open(likes_file, "w") as f: for u in liked_users: f.write(u + "\n") return redirect(f"/post/view?id={pid}") @app.route("/post/unlike/") def unlike_post(pid): user = session.get("user") if not user: return redirect("/login") likes_file = f"posts/{pid}.likes" if os.path.exists(likes_file): with open(likes_file,"r") as f: liked_users = set(line.strip() for line in f.readlines()) liked_users.discard(user) with open(likes_file,"w") as f: for u in liked_users: f.write(u+"\n") return redirect(f"/post/view?id={pid}") @app.route("/post/unlike//reply/") def unlike_reply(pid,rid): user = session.get("user") if not user: return redirect("/login") likes_file = f"posts/{pid}.replies/{rid}.likes" if os.path.exists(likes_file): with open(likes_file,"r") as f: liked_users = set(line.strip() for line in f.readlines()) liked_users.discard(user) with open(likes_file,"w") as f: for u in liked_users: f.write(u+"\n") return redirect(f"/post/view?id={pid}") @app.route("/post/reply/", methods=["GET","POST"]) def reply_post(pid): user = session.get("user") if not user: return redirect("/login") # Get original post author to notify them post_path = f"posts/{pid}" if not os.path.exists(post_path): return "Post not found", 404 with open(post_path, "r") as f: raw = f.read() original_author = raw.split("|", 1)[0] if "|" in raw else "unknown" reply_folder = f"posts/{pid}.replies" if not os.path.exists(reply_folder): os.mkdir(reply_folder) if request.method == "POST": content = request.form.get("content", "").strip() if not content: return "Content required", 400 if len(content) > 512: return "Too long, max 512 chars", 400 existing = [int(f) for f in os.listdir(reply_folder) if f.isdigit()] or [-1] rid = max(existing) + 1 with open(f"{reply_folder}/{rid}", "w") as f: f.write(f"{user}|{content}") # --- Notification Logic --- # 1. Notify original author (if it's not a self-reply) if original_author != user: add_notification(original_author, user, pid, type="reply") # 2. Notify anyone pinged in the reply pings = re.findall(r'@(\w+)', content) for tagged_user in set(pings): # Don't notify the original author twice if they were also pinged if os.path.exists(f"users/{tagged_user}") and tagged_user != user and tagged_user != original_author: add_notification(tagged_user, user, pid, type="ping") return redirect(f"/post/view?id={pid}") body = f'''

Replying to Post #{pid}

''' return render_ui_template("Add Reply", body, user) @app.route("/legal") def legal_page(): user = session.get("user") body = '''

Terms of Service

Effective Date: April 2026

1. Content Governance

PotatoNetwork operates under a principle of minimal interference. We do not enforce platform-specific conduct codes or community guidelines beyond the requirements of applicable law. We reserve the right to remove content only in the following circumstances:

Content that is deemed illegal under governing jurisdictions.
Automated accounts (bots) or coordinated spam activity.

2. Reporting and Compliance

Users who encounter technical vulnerabilities (bugs) or content that violates legal statutes are encouraged to report such findings immediately to the administration via: gamer@denaro.work.gd.

Privacy Policy

1. Data Collection and Retention

Our infrastructure is designed to be privacy-first. We do not engage in the sale, trade, or transfer of user data to third-party entities. The only data retained on our servers consists of the content explicitly provided by the user (posts and replies), hashed authentication credentials and user IP addresses.

2. Cookie Disclosure

PotatoNetwork utilizes cookies exclusively for functional session management. These "session cookies" are necessary to maintain your authenticated state. No tracking, profiling, or advertising cookies are deployed by this platform.

3. User Sovereignty

By using this platform, you acknowledge that your public posts are stored on our servers for the purpose of display within the network. Beyond this functional requirement, no background data harvesting or behavioral analysis is performed.

Back to Feed

''' return render_ui_template("Legal Information", body, user) @app.route("/edit_bio", methods=["GET", "POST"]) def edit_bio(): user = session.get("user") if not user: return redirect("/login") bio_path = f"users/{user}.bio" if request.method == "POST": bio = request.form.get("bio", "").strip() with open(bio_path, "w") as f: f.write(bio) return redirect(f"/user/{user}") current_bio = "" if os.path.exists(bio_path): with open(bio_path) as f: current_bio = f.read() body = f'''

Edit Bio

''' return render_ui_template("Edit Bio", body, user) @app.route("/dm/", methods=["GET", "POST"]) def dm(username): user = session.get("user") if not user: return redirect("/login") folder = dm_folder(user, username) os.makedirs(folder, exist_ok=True) # NEW: Mark chat as read for the current user import time with open(f"{folder}/{user}.lastseen", "w") as f: f.write(str(time.time())) if request.method == "POST": msg = request.form.get("message", "").strip() if msg: ids = [int(f) for f in os.listdir(folder) if f.isdigit()] or [-1] mid = max(ids) + 1 with open(f"{folder}/{mid}", "w") as f: f.write(f"{user}|{msg}") return redirect(f"/dm/{username}") messages = [] m_ids = sorted([int(f) for f in os.listdir(folder) if f.isdigit()]) for mid in m_ids: with open(f"{folder}/{mid}", "r") as f: raw = f.read() if "|" in raw: sender, text = raw.split("|", 1) messages.append((sender, text)) msg_html = "" for sender, text in messages: align = "end" if sender == user else "start" bg = "primary text-white" if sender == user else "secondary text-white" msg_html += f'''

@{sender} {sanitize_html(markdown.markdown(text))}

''' body = f'''

{render_pixel_art(username, 30)}

Chat with @{username}

{msg_html}

← Back to Inbox

''' return render_ui_template(f"Chat with @{username}", body, user) def dm_folder(u1, u2): return f"dms/{'__'.join(sorted([u1, u2]))}" @app.route("/inbox") def inbox(): user = session.get("user") if not user: return redirect("/login") _, unread_chats = get_unread_count(user) chats = [] notifications = [] if os.path.exists("dms"): for folder in os.listdir("dms"): # Split the folder name into the two participants parts = folder.split("__") if len(parts) != 2: continue # Check for EXACT match in the list of participants if user in parts: # Identify the other participant (the one who isn't 'user') other = parts[1] if parts[0] == user else parts[0] if other == "system": notifications.append(other) else: chats.append(other) def render_links(chat_list, is_system=False): html = "" for u in chat_list: is_unread = u in unread_chats weight = "fw-bold" if is_unread else "" label = "Notifications" if is_system else f"Chat with @{u}" badge = 'NEW' if is_unread else "" html += f'{label}{badge}' return html body = f'''

Notifications

{render_links(notifications, True) or "

No new notifications.

Messages

{render_links(chats) or "

No messages yet.

''' return render_ui_template("Inbox", body, user) @app.route("/settings", methods=["GET", "POST"]) def settings(): user = session.get("user") if request.method == "POST": resp = make_response(redirect("/settings")) # Handle Quick presets preset = request.form.get("preset") if preset == "dark": colors = {"bg": "#121212", "card": "#1e1e1e", "text": "#ffffff", "primary": "#00a8ff", "nav": "#1e1e1e"} elif preset == "light": colors = {"bg": "#f8f9fa", "card": "#ffffff", "text": "#212529", "primary": "#007bff", "nav": "#ffffff"} else: # Handle precise color selection colors = { "bg": request.form.get("theme_bg"), "card": request.form.get("theme_card"), "text": request.form.get("theme_text"), "primary": request.form.get("theme_primary"), "nav": request.form.get("theme_nav") } for key, val in colors.items(): resp.set_cookie(f"theme_{key}", val, max_age=31536000) # Save for 1 year return resp # Current values for the form inputs theme = { "bg": request.cookies.get("theme_bg", "#f8f9fa"), "card": request.cookies.get("theme_card", "#ffffff"), "text": request.cookies.get("theme_text", "#212529"), "primary": request.cookies.get("theme_primary", "#007bff"), "nav": request.cookies.get("theme_nav", "#ffffff") } body = f'''

Quick Presets

Custom Branding

''' return render_ui_template("Settings", body, user) @app.route("/edit_avatar", methods=["GET", "POST"]) def edit_avatar(): user = session.get("user") if not user: return redirect("/login") if request.method == "POST": data = request.json.get("pixels") # List of 256 integers (0-15) if len(data) == 256: binary_data = bytearray() for i in range(0, 256, 2): # Pack two 4-bit pixels into one 8-bit byte byte = (data[i] << 4) | data[i+1] binary_data.append(byte) with open(f"users/{user}.pxl", "wb") as f: f.write(binary_data) return jsonify({"status": "success"}) # Load existing pixels for the editor path = f"users/{user}.pxl" current_pixels = [7] * 256 if os.path.exists(path): with open(path, "rb") as f: raw = f.read() current_pixels = [] for b in raw: current_pixels.extend([(b >> 4) & 0x0F, b & 0x0F]) palette_html = "".join([f'

' for i, c in enumerate(VGA_PALETTE)]) body = f'''

Avatar Designer (16x16)

{palette_html}

''' return render_ui_template("Edit Avatar", body, user) @app.route("/admin") def admin_panel(): if not is_admin(): return "Unauthorized", 403 # User Management all_users = [f for f in os.listdir("users") if not f.endswith((".bio", ".pxl", ".ip"))] user_mgmt = "" for u in all_users: ip_path = f"users/{u}.ip" last_ip = open(ip_path).read() if os.path.exists(ip_path) else "Unknown" is_banned = os.path.exists(f"bans/{last_ip}") if last_ip != "Unknown" else False ban_btn = f'Ban IP' if not is_banned else 'Banned' user_mgmt += f''' {render_pixel_art(u, 20)} @{u} {last_ip} {ban_btn} Del ''' # Post Management all_posts = sorted([int(f) for f in os.listdir("posts/") if f.isdigit()], reverse=True) post_mgmt = "" for pid in all_posts[:20]: # Show last 20 post_mgmt += f'''

#{pid}

Pin Del

''' body = f'''

User & IP Management

{user_mgmt}

User	Last IP	Actions

Post Moderation

{post_mgmt}

Clear Pinned Post

''' return render_ui_template("Admin Panel", body, "owner") @app.route("/admin/ban/") def admin_ban(username): if not is_admin(): return "Unauthorized", 403 ip_path = f"users/{username}.ip" if os.path.exists(ip_path): with open(ip_path, "r") as f: ip = f.read().strip() with open(f"bans/{ip}", "w") as f: f.write(f"Banned user: {username}") return redirect("/admin") @app.route("/admin/pin/") def admin_pin(pid): if not is_admin(): return "Unauthorized", 403 with open("posts/pinned", "w") as f: f.write(str(pid)) return redirect("/") @app.route("/admin/unpin") def admin_unpin(): if not is_admin(): return "Unauthorized", 403 if os.path.exists("posts/pinned"): os.remove("posts/pinned") return redirect("/") @app.route("/admin/del_post/") def admin_del_post(pid): if not is_admin(): return "Unauthorized", 403 if os.path.exists(f"posts/{pid}"): os.remove(f"posts/{pid}") return redirect("/admin") import time def get_unread_count(user): if not os.path.exists("dms"): return 0, [] total_unread = 0 unread_chats = [] for folder_name in os.listdir("dms"): # FIX: Split the folder and check for exact username matches only parts = folder_name.split("__") if len(parts) != 2: continue if user in parts: # This checks for exact equality (e.g., 'thing' == 'thing2' is False) path = f"dms/{folder_name}" other_user = parts[1] if parts[0] == user else parts[0] last_seen = 0 last_seen_path = f"{path}/{user}.lastseen" if os.path.exists(last_seen_path): with open(last_seen_path, "r") as f: try: last_seen = float(f.read()) except: last_seen = 0 chat_has_unread = False for f in os.listdir(path): if f.isdigit(): mtime = os.path.getmtime(f"{path}/{f}") if mtime > last_seen: with open(f"{path}/{f}", "r") as msg_file: content = msg_file.read() # Ensure we don't count our own sent messages as unread if not content.startswith(f"{user}|"): total_unread += 1 chat_has_unread = True if chat_has_unread: unread_chats.append(other_user) return total_unread, unread_chats @app.route("/welcome") def welcome_tutorial(): user = session.get("user") if not user: return redirect("/login") body = f'''

Welcome to PotatoNetwork, @{user}!

Here’s a quick guide to get you started:

Customize: To edit your bio and avatar, head over to your user page.
Chat: To message someone, simply visit their profile page and click the "Message" button.
Discuss: You can join the conversation by replying to posts using the "View Replies" link.
Tag: You can tag your posts with #hashtags to make them discoverable.

Got it, take me to the feed!

''' return render_ui_template("Getting Started", body, user) def add_notification(target_user, trigger_user, post_id, type="reply"): # We use a special 'system' folder so it appears in the inbox logic folder = dm_folder("system", target_user) os.makedirs(folder, exist_ok=True) ids = [int(f) for f in os.listdir(folder) if f.isdigit()] or [-1] mid = max(ids) + 1 msg = f"replied to your post #{post_id}" if type == "reply" else f"mentioned you in post #{post_id-1}" with open(f"{folder}/{mid}", "w") as f: f.write(f"{trigger_user}|{msg}") @app.route("/search") def search(): query = request.args.get('q', '').strip().lower() user = session.get("user") if not query: return redirect("/") # Remove the first character if it is @ or # if query.startswith(('@', '#')): query = query[1:] all_post_ids = [f for f in os.listdir("posts/") if f.isdigit()] all_users = [f for f in os.listdir("users") if not f.endswith((".bio", ".pxl", ".ip"))] results = [] found_hashtags = set() found_users = [] # Search for matching users for u in all_users: if query in u.lower(): found_users.append(u) # Search posts and hashtags for pid in all_post_ids: try: with open(f"posts/{pid}", "r") as f: raw = f.read() author, content = raw.split("|", 1) if "|" in raw else ("unknown", raw) # Search content and author if query in content.lower() or query in author.lower(): results.append(render_post_html(pid, author, content)) # Extract hashtags for partial matching tags = re.findall(r"#(\w+)", content) for t in tags: if query in t.lower(): found_hashtags.add(t) except Exception: continue # UI for matching Users user_html = "" if found_users: user_links = "".join([ f'' f'{render_pixel_art(u, 24)} @{u}' for u in sorted(found_users) ]) user_html = f'

Users:

{user_links}

' # UI for matching hashtags hashtag_html = "" if found_hashtags: hashtag_links = " ".join([f'#{t}' for t in sorted(found_hashtags)]) hashtag_html = f'

Related Hashtags:

{hashtag_links}

' # UI for matching posts posts_html = "".join([f'

{p}

' for p in results]) if not results and not found_hashtags and not found_users: body = f'

No results found for "{query}"

Back Home

' else: body = f'

Search results for "{query}"

{user_html}{hashtag_html}{"

Posts:

" if results else ""}{posts_html}' return render_ui_template("Search Results", body, user) @app.route("/stats") def stats_page(): user = session.get("user") # 1. Count Posts post_count = len([f for f in os.listdir("posts/") if f.isdigit()]) # 2. Count Users (ignoring metadata files) user_count = len([f for f in os.listdir("users") if not f.endswith((".bio", ".pxl", ".ip"))]) # 3. Active Sessions (from our global dict) active_count = len(ACTIVE_SESSIONS) # 4. Calculate Uptime uptime_seconds = int(time.time() - START_TIME) days, rem = divmod(uptime_seconds, 86400) hours, rem = divmod(rem, 3600) minutes, seconds = divmod(rem, 60) uptime_string = f"{days}d {hours}h {minutes}m {seconds}s" body = f'''

Total Posts

{post_count}

Registered Users

{user_count}

Active Sessions (15m)

{active_count}

Server Uptime

{uptime_string}

Statistics are not updated in real-time.

''' return render_ui_template("Network Statistics", body, user) if __name__=='__main__': app.run(host='0.0.0.0', port=5000, debug=True)