def _handle_avatar_update(user, avatar_form):
    if avatar_form.validate_on_submit():
        _file = request.files['avatar']
        coordinates = (avatar_form.x1.data, avatar_form.y1.data,
                       avatar_form.x2.data, avatar_form.y2.data)
        prefix = time.time()
        _file.filename = "%s_avatar.png" % prefix
        container = "user_%s" % user.id
        uploader.upload_file(_file,
                             container=container,
                             coordinates=coordinates)
        # Delete previous avatar from storage
        if user.info.get('avatar'):
            uploader.delete_file(user.info['avatar'], container)
        upload_method = current_app.config.get('UPLOAD_METHOD')
        avatar_url = get_avatar_url(upload_method,
                                    _file.filename, container)
        user.info['avatar'] = _file.filename
        user.info['container'] = container
        user.info['avatar_url'] = avatar_url
        user_repo.update(user)
        cached_users.delete_user_summary(user.name)
        flash(gettext('Your avatar has been updated! It may \
                      take some minutes to refresh...'), 'success')
        return True
    else:
        flash("You have to provide an image file to update your avatar", "error")
        return False

    def set(self, user, update_repo=True):
        """Set a Gravatar for a user.

        Parameters
        ----------
        user : User
            The PyBossa user.
        update_repo : bool, optional
            True to save changes, False otherwise (the default is True).
        """
        url = self._get_url(user)

        now = time.time()
        filename = secure_filename('{0}_avatar.png'.format(now))
        container = 'user_{0}'.format(user.id)

        self._download(filename, container, url)

        if not user.info:  # pragma: no cover
            user.info = dict()

        user.info['avatar'] = filename
        user.info['container'] = container

        if update_repo:
            user_repo.update(user)
            cached_users.delete_user_summary(user.name)

def update_profile():
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    form = UpdateProfileForm(obj=current_user)
    form.set_locales(current_app.config["LOCALES"])
    form.populate_obj(current_user)
    if request.method == "GET":
        title_msg = "Update your profile: %s" % current_user.fullname
        return render_template("account/update.html", title=title_msg, form=form)
    else:
        form = UpdateProfileForm(request.form)
        form.set_locales(current_app.config["LOCALES"])
        if form.validate():
            new_profile = model.User(
                id=form.id.data,
                fullname=form.fullname.data,
                name=form.name.data,
                email_addr=form.email_addr.data,
                locale=form.locale.data,
                ckan_api=form.ckan_api.data,
            )
            db.session.query(model.User).filter(model.User.id == current_user.id).first()
            db.session.merge(new_profile)
            db.session.commit()
            cached_users.delete_user_summary(current_user.name)
            flash(gettext("Your profile has been updated!"), "success")
            return redirect(url_for(".profile"))
        else:
            flash(gettext("Please correct the errors"), "error")
            title_msg = "Update your profile: %s" % current_user.fullname
            return render_template("/account/update.html", form=form, title=title_msg)

def _handle_external_services_update(user, update_form):
    del update_form.locale
    del update_form.email_addr
    del update_form.fullname
    del update_form.name
    if update_form.validate():
        user.ckan_api = update_form.ckan_api.data or None
        user_repo.update(user)
        cached_users.delete_user_summary(user.name)
        flash(gettext('Your profile has been updated!'), 'success')
    else:
        flash(gettext('Please correct the errors'), 'error')

def _handle_profile_update(user, update_form):
    acc_conf_dis = current_app.config.get('ACCOUNT_CONFIRMATION_DISABLED')
    if update_form.validate_on_submit():
        user.id = update_form.id.data
        user.fullname = update_form.fullname.data
        user.name = update_form.name.data
        account, domain = update_form.email_addr.data.split('@')
        if (user.email_addr != update_form.email_addr.data and
                acc_conf_dis is False and
                domain not in current_app.config.get('SPAM')):
            user.valid_email = False
            user.newsletter_prompted = False
            account = dict(fullname=update_form.fullname.data,
                           name=update_form.name.data,
                           email_addr=update_form.email_addr.data)
            confirm_url = get_email_confirmation_url(account)
            subject = ('You have updated your email in %s! Verify it'
                       % current_app.config.get('BRAND'))
            msg = dict(subject=subject,
                       recipients=[update_form.email_addr.data],
                       body=render_template(
                           '/account/email/validate_email.md',
                           user=account, confirm_url=confirm_url))
            msg['html'] = markdown(msg['body'])
            mail_queue.enqueue(send_mail, msg)
            user.confirmation_email_sent = True
            fls = gettext('An email has been sent to verify your \
                          new email: %s. Once you verify it, it will \
                          be updated.' % account['email_addr'])
            flash(fls, 'info')
            return True
        if acc_conf_dis is False and domain in current_app.config.get('SPAM'):
            fls = gettext('Use a valid email account')
            flash(fls, 'info')
            return False
        if acc_conf_dis:
            user.email_addr = update_form.email_addr.data
        user.privacy_mode = fuzzyboolean(update_form.privacy_mode.data)
        user.restrict = fuzzyboolean(update_form.restrict.data)
        user.locale = update_form.locale.data
        user.subscribed = fuzzyboolean(update_form.subscribed.data)
        user_repo.update(user)
        cached_users.delete_user_summary(user.name)
        flash(gettext('Your profile has been updated!'), 'success')
        return True
    else:
        flash(gettext('Please correct the errors'), 'error')
        return False

def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    ensure_authorized_to('update', user)
    user.api_key = model.make_uuid()
    user_repo.update(user)
    cached_users.delete_user_summary(user.name)
    msg = gettext('New API-KEY generated')
    flash(msg, 'success')
    return redirect(url_for('account.profile', name=name))

def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    user = User.query.filter_by(name=name).first()
    if not user:
        return abort(404)
    require.user.update(user)
    title = ("User: %s · Settings"
             "- Reset API KEY") % current_user.fullname
    user.api_key = model.make_uuid()
    db.session.commit()
    cached_users.delete_user_summary(user.name)
    msg = gettext('New API-KEY generated')
    flash(msg, 'success')
    return redirect(url_for('account.profile', name=name))

def reset_api_key(name):
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    if request.method == 'POST':
        user = user_repo.get_by_name(name)
        if not user:
            return abort(404)
        ensure_authorized_to('update', user)
        user.api_key = model.make_uuid()
        user_repo.update(user)
        cached_users.delete_user_summary(user.name)
        msg = gettext('New API-KEY generated')
        flash(msg, 'success')
        return redirect_content_type(url_for('account.profile', name=name))
    else:
        csrf = dict(form=dict(csrf=generate_csrf()))
        return jsonify(csrf)

def reset_api_key():
    """
    Reset API-KEY for user.

    Returns a Jinja2 template.

    """
    if current_user.is_authenticated():
        title = ("User: %s · Settings" "- Reset API KEY") % current_user.fullname
        if request.method == "GET":
            return render_template("account/reset-api-key.html", title=title)
        else:
            user = db.session.query(model.User).get(current_user.id)
            user.api_key = model.make_uuid()
            db.session.commit()
            cached_users.delete_user_summary(user.name)
            msg = gettext("New API-KEY generated")
            flash(msg, "success")
            return redirect(url_for("account.settings"))
    else:
        return abort(403)

def _handle_avatar_update(user, avatar_form):
    if avatar_form.validate_on_submit():
        _file = request.files['avatar']
        coordinates = (avatar_form.x1.data, avatar_form.y1.data,
                       avatar_form.x2.data, avatar_form.y2.data)
        prefix = time.time()
        _file.filename = "%s_avatar.png" % prefix
        container = "user_%s" % user.id
        uploader.upload_file(_file,
                             container=container,
                             coordinates=coordinates)
        # Delete previous avatar from storage
        if user.info.get('avatar'):
            uploader.delete_file(user.info['avatar'], container)
        user.info = {'avatar': _file.filename,
                             'container': container}
        user_repo.update(user)
        cached_users.delete_user_summary(user.name)
        flash(gettext('Your avatar has been updated! It may \
                      take some minutes to refresh...'), 'success')
    else:
        flash("You have to provide an image file to update your avatar", "error")

def update_profile():
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    form = UpdateProfileForm(obj=current_user)
    form.set_locales(current_app.config['LOCALES'])
    form.populate_obj(current_user)
    if request.method == 'GET':
        title_msg = "Update your profile: %s" % current_user.fullname
        return render_template('account/update.html',
                               title=title_msg,
                               form=form)
    else:
        form = UpdateProfileForm(request.form)
        form.set_locales(current_app.config['LOCALES'])
        if form.validate():
            new_profile = model.User(id=form.id.data,
                                     fullname=form.fullname.data,
                                     name=form.name.data,
                                     email_addr=form.email_addr.data,
                                     locale=form.locale.data,
                                     ckan_api=form.ckan_api.data,
                                     privacy_mode=form.privacy_mode.data)
            db.session.query(model.User)\
              .filter(model.User.id == current_user.id)\
              .first()
            db.session.merge(new_profile)
            db.session.commit()
            cached_users.delete_user_summary(current_user.name)
            flash(gettext('Your profile has been updated!'), 'success')
            return redirect(url_for('.profile'))
        else:
            flash(gettext('Please correct the errors'), 'error')
            title_msg = 'Update your profile: %s' % current_user.fullname
            return render_template('/account/update.html', form=form,
                                   title=title_msg)

def home():
    """ Render home page with the cached apps and users"""
    d = {'featured': cached_apps.get_featured_front_page(),
         'top_apps': cached_apps.get_top(),
         'top_users': None,
         'categories': None,
         'apps': None,
         'n_apps_per_category': None}

    if app.config['ENFORCE_PRIVACY'] and current_user.is_authenticated():
        if current_user.admin:
            d['top_users'] = cached_users.get_top()
    if not app.config['ENFORCE_PRIVACY']:
        d['top_users'] = cached_users.get_top()
    # @FC
    categories = cached_cat.get_all()
    n_apps_per_category = dict()
    apps = dict()
    for c in categories:
        n_apps_per_category[c.short_name] = cached_apps.n_count(c.short_name)
        apps[c.short_name],count = cached_apps.get(c.short_name,1,1)
    d['categories'] = categories
    d['n_apps_per_category'] = n_apps_per_category
    d['apps'] = apps
    # Current user Survey System
    if current_user.is_authenticated():
        sql = text('''SELECT COUNT(task_run.id) AS task_run FROM task_run WHERE :cur_user_id=task_run.user_id''')
        results = db.engine.execute(sql,cur_user_id=current_user.id)
        for row in results:
            num_run_task=row.task_run
    if current_user.is_authenticated() and current_user.survey_check!= "None" and current_user.survey_check == "2":
        if num_run_task>=30:
			d['survey_three'] = True
			new_profile = model.User(id=current_user.id, survey_check="3")
			db.session.query(model.User).filter(model.User.id == current_user.id).first()
			db.session.merge(new_profile)
			db.session.commit()
			cached_users.delete_user_summary(current_user.name)
    elif current_user.is_authenticated() and current_user.survey_check!= "None" and current_user.survey_check == "1":
        if num_run_task>=1:
			d['survey_two'] = True
			new_profile = model.User(id=current_user.id, survey_check="2")
			db.session.query(model.User).filter(model.User.id == current_user.id).first()
			db.session.merge(new_profile)
			db.session.commit()
			cached_users.delete_user_summary(current_user.name)
    elif current_user.is_authenticated() and current_user.survey_check!= "None" and current_user.survey_check == "0":
        d['survey_one'] = True
        new_profile = model.User(id=current_user.id, survey_check="1")
        db.session.query(model.User).filter(model.User.id == current_user.id).first()
        db.session.merge(new_profile)
        db.session.commit()
        cached_users.delete_user_summary(current_user.name)
    else:
        d['survey_one'] = False
	# @FC
    return render_template('/home/index.html', **d)

def update_profile(name):
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    user = User.query.filter_by(name=name).first()
    if not user:
        return abort(404)
    require.user.update(user)
    show_passwd_form = True
    if user.twitter_user_id or user.google_user_id or user.facebook_user_id:
        show_passwd_form = False
    usr = cached_users.get_user_summary(name)
    # Extend the values
    current_user.rank = usr.get('rank')
    current_user.score = usr.get('score')
    # Title page
    title_msg = "Update your profile: %s" % current_user.fullname
    # Creation of forms
    update_form = UpdateProfileForm(obj=user)
    update_form.set_locales(current_app.config['LOCALES'])
    avatar_form = AvatarUploadForm()
    password_form = ChangePasswordForm()
    external_form = update_form


    if request.method == 'GET':
        return render_template('account/update.html',
                               title=title_msg,
                               user=usr,
                               form=update_form,
                               upload_form=avatar_form,
                               password_form=password_form,
                               external_form=external_form,
                               show_passwd_form=show_passwd_form)
    else:
        # Update user avatar
        if request.form.get('btn') == 'Upload':
            avatar_form = AvatarUploadForm()
            if avatar_form.validate_on_submit():
                file = request.files['avatar']
                coordinates = (avatar_form.x1.data, avatar_form.y1.data,
                               avatar_form.x2.data, avatar_form.y2.data)
                prefix = time.time()
                file.filename = "%s_avatar.png" % prefix
                container = "user_%s" % current_user.id
                uploader.upload_file(file,
                                     container=container,
                                     coordinates=coordinates)
                # Delete previous avatar from storage
                if current_user.info.get('avatar'):
                    uploader.delete_file(current_user.info['avatar'], container)
                current_user.info = {'avatar': file.filename,
                                     'container': container}
                db.session.commit()
                cached_users.delete_user_summary(current_user.name)
                flash(gettext('Your avatar has been updated! It may \
                              take some minutes to refresh...'), 'success')
                return redirect(url_for('.update_profile', name=current_user.name))
            else:
                flash("You have to provide an image file to update your avatar",
                      "error")
                return render_template('/account/update.html',
                                       form=update_form,
                                       upload_form=avatar_form,
                                       password_form=password_form,
                                       external_form=external_form,
                                       title=title_msg,
                                       show_passwd_form=show_passwd_form)
        # Update user profile
        elif request.form.get('btn') == 'Profile':
            update_form = UpdateProfileForm()
            update_form.set_locales(current_app.config['LOCALES'])
            if update_form.validate():
                current_user.id = update_form.id.data
                current_user.fullname = update_form.fullname.data
                current_user.name = update_form.name.data
                current_user.email_addr = update_form.email_addr.data
                current_user.privacy_mode = update_form.privacy_mode.data
                current_user.locale = update_form.locale.data
                db.session.commit()
                cached_users.delete_user_summary(current_user.name)
                flash(gettext('Your profile has been updated!'), 'success')
                return redirect(url_for('.update_profile', name=current_user.name))
            else:
                flash(gettext('Please correct the errors'), 'error')
                title_msg = 'Update your profile: %s' % current_user.fullname
                return render_template('/account/update.html',
                                       form=update_form,
                                       upload_form=avatar_form,
                                       password_form=password_form,
                                       external_form=external_form,
                                       title=title_msg,
                                       show_passwd_form=show_passwd_form)

        # Update user password
        elif request.form.get('btn') == 'Password':
            # Update the data because passing it in the constructor does not work
#.........这里部分代码省略.........

def update_profile(name):
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    user = user_repo.get_by_name(name)
    if not user:
        return abort(404)
    ensure_authorized_to('update', user)
    show_passwd_form = True
    if user.twitter_user_id or user.google_user_id or user.facebook_user_id or user.wechat_user_id or user.weibo_user_id:
        show_passwd_form = False
    usr = cached_users.get_user_summary(name)
    # Extend the values
    user.rank = usr.get('rank')
    user.score = usr.get('score')
    btn = request.body.get('btn', 'None').capitalize()
    if btn != 'Profile':
        update_form = UpdateProfileForm(formdata=None, obj=user)
    else:
        update_form = UpdateProfileForm(obj=user)
    update_form.set_locales(current_app.config['LOCALES'])
    avatar_form = AvatarUploadForm()
    password_form = ChangePasswordForm()

    title_msg = "Update your profile: %s" % user.fullname

    if request.method == 'POST':
        # Update user avatar
        succeed = False
        btn = request.body.get('btn', 'None').capitalize()
        if btn == 'Upload':
            succeed = _handle_avatar_update(user, avatar_form)
        # Update user profile
        elif btn == 'Profile':
            succeed = _handle_profile_update(user, update_form)
        # Update user password
        elif btn == 'Password':
            succeed = _handle_password_update(user, password_form)
        # Update user external services
        elif btn == 'External':
            succeed = _handle_external_services_update(user, update_form)
        # Otherwise return 415
        else:
            return abort(415)
        if succeed:
            cached_users.delete_user_summary(user.name)
            return redirect_content_type(url_for('.update_profile',
                                                 name=user.name),
                                         status=SUCCESS)
        else:
            data = dict(template='/account/update.html',
                        form=update_form,
                        upload_form=avatar_form,
                        password_form=password_form,
                        title=title_msg,
                        show_passwd_form=show_passwd_form)
            return handle_content_type(data)

    data = dict(template='/account/update.html',
                form=update_form,
                upload_form=avatar_form,
                password_form=password_form,
                title=title_msg,
                show_passwd_form=show_passwd_form)
    return handle_content_type(data)

def update_profile():
    """
    Update user's profile.

    Returns Jinja2 template.

    """
    form = UpdateProfileForm()
    upload_form = AvatarUploadForm()
    if request.method == 'GET':
        form = UpdateProfileForm(obj=current_user)
        form.set_locales(current_app.config['LOCALES'])
        form.populate_obj(current_user)

        title_msg = "Update your profile: %s" % current_user.fullname
        return render_template('account/update.html',
                               title=title_msg,
                               form=form,
                               upload_form=upload_form)
    else:
        form = UpdateProfileForm(request.form)
        upload_form = AvatarUploadForm(request.form)
        form.set_locales(current_app.config['LOCALES'])
        if request.form['btn'] == 'Upload':
            avatar = request.files['avatar']
            extension = avatar.filename.rsplit(".")[1]
            coordinates = (upload_form.x1.data, upload_form.y1.data,
                           upload_form.x2.data, upload_form.y2.data)
            prefix = time.time()
            avatar.filename = "%s_avatar.%s" % (prefix, extension)
            container = "user_%s" % current_user.id
            uploader.upload_file(avatar,
                                 container=container,
                                 coordinates=coordinates)
            # Delete previous avatar from storage
            if 'avatar' in current_user.info:
              uploader.delete_file(current_user.info['avatar'], container)
            current_user.info = {'avatar': avatar.filename,
                                 'container': container}
            db.session.commit()
            cached_users.delete_user_summary(current_user.name)
            flash(gettext('Your avatar has been updated! It may \
                          take some minutes to refresh...'), 'success')
            return redirect(url_for('.profile'))
        else:
            if form.validate():
                current_user.id = form.id.data
                current_user.fullname = form.fullname.data
                current_user.name = form.name.data
                current_user.email_addr = form.email_addr.data
                current_user.ckan_api = form.ckan_api.data
                current_user.privacy_mode = form.privacy_mode.data
                db.session.commit()
                cached_users.delete_user_summary(current_user.name)
                flash(gettext('Your profile has been updated!'), 'success')
                return redirect(url_for('.profile'))
            else:
                flash(gettext('Please correct the errors'), 'error')
                title_msg = 'Update your profile: %s' % current_user.fullname
                return render_template('/account/update.html', form=form,
                                       upload_form=upload_form,
                                       title=title_msg)

def delete_user(name, confirmed):
    """
    Deletes a user on pybossa
    - Only admins will be able to delete other users.
    - Does not let delete admin users.
        Admin users will have to remove the user from the admin lists before they can delete then
    - Marks all the task_runs of the specific user as anonymous
    - Changes the ownership of all the projects owned by the user to the current_user
    TODO: Clean this feature up and push this feature to pybossa core
    """

    """
    Get the user object and contributed projects object from cache to enable
    global helper functions to render it in a uniform way.
    But Obtain the results from the non-memoized functions to get the latest state
    """
    target_user = cached_users.get_user_summary(name)
    if current_user.admin and target_user != None and current_user.id != target_user['id'] :

        user_page_redirect = request.args.get('user_page_redirect')
        if not user_page_redirect:
            user_page_redirect = 1

        if confirmed == "unconfirmed":
            published_projects = cached_users.published_projects(target_user['id'])
            draft_projects = cached_users.draft_projects(target_user['id'])
            owned_projects = published_projects + draft_projects

            return render_template('geotagx/users/delete_confirmation.html', \
                                                        target_user = target_user,
                                                        owned_projects = owned_projects,
                                                        user_page_redirect=user_page_redirect
                                                        )
        elif confirmed == "confirmed":
            """
                Retrieval of the User object necessary as the target_user object
                obtained from `cached_users.get_user_summary` doesnot expose
                the `admin` check that is necessary to prevent the user from
                deleting other admin users, and also the SQLAlchemy `delete`
                function
            """
            user_object = User.query.filter_by(id=target_user['id']).first()
            if user_object.admin:
                # It is not allowed to delete other admin users
                abort(404)

            """
                Mark all task runs by the user as anonymous
                Mark the user_ip field in the task_run by the username instead
                to retain user identity for analytics
            """
            task_runs = TaskRun.query.filter_by(user_id=target_user['id']).all()
            for task_run in task_runs:
                task_run.user_id = None
                task_run.user_ip = "deleted_user_"+target_user['name']
                db.session.commit()

            """
                Change the ownership of all projects owned by the target user
                to that of the current user
            """
            projects = Project.query.filter_by(owner_id=target_user['id']).all()
            for project in projects:
                project.owner_id = current_user.id
                db.session.commit()
                """
                    Clean cached data about the project
                """
                cached_projects.clean_project(project.id)

            """
                Delete the user from the database
            """
            db.session.delete(user_object)
            db.session.commit()

            """
                Clean user data from the cache
                Force Update current_user's data in the cache
            """
            cached_users.delete_user_summary(target_user['id'])
            cached_users.delete_user_summary(current_user.id)

            flash("User <strong>"+target_user['name']+"</strong> has been successfully deleted, and all the projects owned by the user have been transferred to you.", 'success')
            return redirect(url_for('geotagx-admin.manage_users', page=user_page_redirect))
        else:
            abort(404)
    else:
        abort(404)