Beispiel #1
0
 def install(self, rq, *args):
     setup_all()
     registerForm = "display:none;";
     registerSuccess = "display:none;";
     try:
         admin = members.get_by(is_admin=1)
         if admin != None: raise forbiddenException()
     except exceptions.OperationalError as e:
         if rq.q.has_key('username'):
             if rq.q.getfirst('email') == None:
                 email = ""
             else: email = rq.q.getfirst('email').decode('utf8')
             if rq.q.getfirst('phone') == None:
                 phone = ""
             else: phone = rq.q.getfirst('phone').decode('utf8')
             create_all()
             members(username = rq.q.getfirst('username').decode('utf8'),
             password = hashlib.sha256(rq.q.getfirst('password').decode('utf8')).hexdigest().decode('utf8'),
             email = rq.q.getfirst('email').decode('utf8'),
             phone = rq.q.getfirst('phone').decode('utf8'),
             is_admin = 1,
             is_banned = 0
             )
             session.commit()
             registerSuccess = "";
         else:
             registerForm = "";
     return {
     'script':rq.script,
     'registerForm':registerForm,
     'registerSuccess':registerSuccess
     }
Beispiel #2
0
 def install(self, rq, *args):
     setup_all()
     registerForm = "display:none;"
     registerSuccess = "display:none;"
     try:
         admin = members.get_by(is_admin=1)
         if admin != None: raise forbiddenException()
     except exceptions.OperationalError as e:
         if rq.q.has_key('username'):
             if rq.q.getfirst('email') == None:
                 email = ""
             else:
                 email = rq.q.getfirst('email').decode('utf8')
             if rq.q.getfirst('phone') == None:
                 phone = ""
             else:
                 phone = rq.q.getfirst('phone').decode('utf8')
             create_all()
             members(username=rq.q.getfirst('username').decode('utf8'),
                     password=hashlib.sha256(
                         rq.q.getfirst('password').decode(
                             'utf8')).hexdigest().decode('utf8'),
                     email=rq.q.getfirst('email').decode('utf8'),
                     phone=rq.q.getfirst('phone').decode('utf8'),
                     is_admin=1,
                     is_banned=0)
             session.commit()
             registerSuccess = ""
         else:
             registerForm = ""
     return {
         'script': rq.script,
         'registerForm': registerForm,
         'registerSuccess': registerSuccess
     }
Beispiel #3
0
 def members(self, rq, *args):
     returnUrl = urllib.quote(rq.script.decode("utf8")+u'/members/'+u'/'.join(args).decode("utf8")+u'?'+rq.qs.decode("utf8"))
     if not userLoggedin(rq) and returnUrl != u"/?": raise redirectException(rq.script+"/session/?returnUrl=%s" %returnUrl)
     elif not userLoggedin(rq): raise redirectException(rq.script+"/session/")
     if not userLoggedisAdmin(rq): raise forbiddenException()
     membersScript = viewMainMembersPage(rq.script)
     if rq.q.has_key("view"):
         if escape(rq.q.getfirst("view","")) == "add":
             membersScript = viewAddMember(rq.script)
         elif escape(rq.q.getfirst("view","")) == "edit":
             member = members.get_by(id = int(escape(rq.q.getfirst("id",""))))
             if member == None: raise fileNotFoundException()
             membersScript = viewEditMember(id = member.id, script_s = rq.script)
         elif escape(rq.q.getfirst("view","")) == "member":
             member = members.get_by(id = int(rq.q.getfirst("id","")))
             if member == None: raise fileNotFoundException()
             membersScript = viewMember(member.id)
         elif escape(rq.q.getfirst("view","")) == "search":
             membersScript = processMemberResults(term = escape(rq.q.getfirst("term","").decode("utf8")), script_s = rq.script)
         elif escape(rq.q.getfirst("view","")) == "deleted":
             membersScript += "\n$('#deleted').show()"
     elif rq.q.has_key("process"):
         if escape(rq.q.getfirst("process")) == "add":
             new_member = members(
             username = escape(rq.q.getfirst("username","").decode("utf8")),
             password = hashlib.sha256(escape(rq.q.getfirst("password").decode('utf8'))).hexdigest(),
             email = escape(rq.q.getfirst("email","").decode("utf8")),
             phone = escape(rq.q.getfirst("phone","").decode("utf8")),
             is_admin = int(escape(rq.q.getfirst("is_admin","").decode("utf8")))
             )
             session.commit()
             membersScript = "window.location.replace('%(script)s/page/members/?view=member&id=%(id)s');" %{'script':rq.script, 'id':new_member.id}
         elif escape(rq.q.getfirst("process","")) == "edit":
             member = members.get_by(id = int(escape(rq.q.getfirst("id",""))))
             if member == None: raise fileNotFoundException()
             member.username = escape(rq.q.getfirst("username","").decode("utf8"))
             if rq.q.getfirst("password") == None or rq.q.getfirst("password") == "": pass
             else: member.password = hashlib.sha256(escape(rq.q.getfirst("password").decode('utf8'))).hexdigest()
             member.email = escape(rq.q.getfirst("email","").decode("utf8"))
             member.phone = escape(rq.q.getfirst("phone","").decode("utf8"))
             member.is_admin = int(escape(rq.q.getfirst("is_admin","")))
             member.is_banned = int(escape(rq.q.getfirst("is_banned","")))
             member.ban_reason = escape(rq.q.getfirst("ban_reason","").decode("utf8"))
             session.commit()
             membersScript = "window.location.replace('%(script)s/page/members/?view=member&id=%(id)s');" %{'script':rq.script, 'id':member.id}
         elif escape(rq.q.getfirst("process","")) == "delete":
             member = members.get_by(id = int(escape(rq.q.getfirst("id",""))))
             if member == None: raise fileNotFoundException()
             membersScript = viewDeletedMember(id = member.id, script_s = rq.script)
     return {'membersScript':membersScript, 'script':rq.script}
Beispiel #4
0
 def members(self, rq, *args):
     returnUrl = urllib.quote(
         rq.script.decode("utf8") + u'/members/' +
         u'/'.join(args).decode("utf8") + u'?' + rq.qs.decode("utf8"))
     if not userLoggedin(rq) and returnUrl != u"/?":
         raise redirectException(rq.script +
                                 "/session/?returnUrl=%s" % returnUrl)
     elif not userLoggedin(rq):
         raise redirectException(rq.script + "/session/")
     if not userLoggedisAdmin(rq): raise forbiddenException()
     membersScript = viewMainMembersPage(rq.script)
     if rq.q.has_key("view"):
         if escape(rq.q.getfirst("view", "")) == "add":
             membersScript = viewAddMember(rq.script)
         elif escape(rq.q.getfirst("view", "")) == "edit":
             member = members.get_by(
                 id=int(escape(rq.q.getfirst("id", ""))))
             if member == None: raise fileNotFoundException()
             membersScript = viewEditMember(id=member.id,
                                            script_s=rq.script)
         elif escape(rq.q.getfirst("view", "")) == "member":
             member = members.get_by(id=int(rq.q.getfirst("id", "")))
             if member == None: raise fileNotFoundException()
             membersScript = viewMember(member.id)
         elif escape(rq.q.getfirst("view", "")) == "search":
             membersScript = processMemberResults(term=escape(
                 rq.q.getfirst("term", "").decode("utf8")),
                                                  script_s=rq.script)
         elif escape(rq.q.getfirst("view", "")) == "deleted":
             membersScript += "\n$('#deleted').show()"
     elif rq.q.has_key("process"):
         if escape(rq.q.getfirst("process")) == "add":
             new_member = members(
                 username=escape(
                     rq.q.getfirst("username", "").decode("utf8")),
                 password=hashlib.sha256(
                     escape(rq.q.getfirst("password").decode(
                         'utf8'))).hexdigest(),
                 email=escape(rq.q.getfirst("email", "").decode("utf8")),
                 phone=escape(rq.q.getfirst("phone", "").decode("utf8")),
                 is_admin=int(
                     escape(rq.q.getfirst("is_admin", "").decode("utf8"))))
             session.commit()
             membersScript = "window.location.replace('%(script)s/page/members/?view=member&id=%(id)s');" % {
                 'script': rq.script,
                 'id': new_member.id
             }
         elif escape(rq.q.getfirst("process", "")) == "edit":
             member = members.get_by(
                 id=int(escape(rq.q.getfirst("id", ""))))
             if member == None: raise fileNotFoundException()
             member.username = escape(
                 rq.q.getfirst("username", "").decode("utf8"))
             if rq.q.getfirst("password") == None or rq.q.getfirst(
                     "password") == "":
                 pass
             else:
                 member.password = hashlib.sha256(
                     escape(rq.q.getfirst("password").decode(
                         'utf8'))).hexdigest()
             member.email = escape(
                 rq.q.getfirst("email", "").decode("utf8"))
             member.phone = escape(
                 rq.q.getfirst("phone", "").decode("utf8"))
             member.is_admin = int(escape(rq.q.getfirst("is_admin", "")))
             member.is_banned = int(escape(rq.q.getfirst("is_banned", "")))
             member.ban_reason = escape(
                 rq.q.getfirst("ban_reason", "").decode("utf8"))
             session.commit()
             membersScript = "window.location.replace('%(script)s/page/members/?view=member&id=%(id)s');" % {
                 'script': rq.script,
                 'id': member.id
             }
         elif escape(rq.q.getfirst("process", "")) == "delete":
             member = members.get_by(
                 id=int(escape(rq.q.getfirst("id", ""))))
             if member == None: raise fileNotFoundException()
             membersScript = viewDeletedMember(id=member.id,
                                               script_s=rq.script)
     return {'membersScript': membersScript, 'script': rq.script}