def auth(*args, **kwargs): info = get_session() setattr(request, 'logged_in', False) setattr(request, 'admin', None) setattr(request, 'station', None) setattr(request, 'player', None) setattr(request, 'user', None) setattr(request, 'session', info) if not info: return func(*args, **kwargs) if not info.user: return func(*args, **kwargs) request.user = info.user request.admin = isinstance(request.user, Admin) request.station = isinstance(request.user, Station) request.player = isinstance(request.user, Player) request.logged_in = True if request.station: info.ttl = 5 * 24 * 60 * 60 info.update_expires() set_cookie(info) # force Players to read the eula if they haven't already if 'eula' not in request.path and request.player and not ( request.user.liability and request.user.safety): # for i in ('liability', 'safety'): # response.set_cookie(i+'_read', '', path='/') redirect('/eula', 303) func_dict = func(*args, **kwargs) if func_dict and isinstance(func_dict, dict): if '/tag/' not in request.path: func_dict['user'] = request.user return func_dict
def auth(*args, **kwargs): info = get_session() setattr(request, 'logged_in', False) setattr(request, 'admin', None) setattr(request, 'station', None) setattr(request, 'player', None) setattr(request, 'user', None) setattr(request, 'session', info) if not info: return func(*args, **kwargs) if not info.user: return func(*args, **kwargs) request.user = info.user request.admin = isinstance(request.user, Admin) request.station = isinstance(request.user, Station) request.player = isinstance(request.user, Player) request.logged_in = True if request.station: info.ttl = 5*24*60*60 info.update_expires() set_cookie(info) # force Players to read the eula if they haven't already if 'eula' not in request.path and request.player and not (request.user.liability and request.user.safety): # for i in ('liability', 'safety'): # response.set_cookie(i+'_read', '', path='/') redirect('/eula', 303) func_dict = func(*args, **kwargs) if func_dict and isinstance(func_dict, dict): if '/tag/' not in request.path: func_dict['user'] = request.user return func_dict
def do_login(): usern = request.params['username'] passw = request.params['password'] user = Account.from_username(usern) if not user: seterr('/login','nouser') if not user.verify_pass(passw): seterr('/login','nouser') sess = get_session() # protect against session fixation sess.destroySelf() sess = get_session() sess.user = user if isinstance(user, Station): sess.ttl = +(5*24*60*60) sess.update_expires() set_cookie(sess) loc = request.environ.get('HTTP_REFERER', '/index') if loc == '/': loc = '/index' response.set_header('Location', loc) response.status = 303 return None
if not question.check(answer): seterr('/register','badanswer') user = (Account.from_username(username) or Player.from_student_num(studentn) or Account.from_email(email) or Player.from_twitter(twitter) or Player.from_cell(cell)) if user: seterr('/register','userexists') u = None try: u = Player(name=name,username=username,hashed_pass=password,language=language,student_num=studentn, email=email,twitter=twitter,cell=cell,liability=True,safety=True) except dberrors.DuplicateEntryError, e: seterr('/register', 'userexists') if hasattr(request, 'station') and not request.station and not request.admin: sess = get_session() sess.user = u set_cookie(sess) # only obliterate the form data when player is successfully created request.session.data = None redirect('/thanks',303) # end of non-auth pages @route('/thanks') @mview('thanks') @allow_auth @lang @require_auth def view_thanks(): return dict() @route('/forgot_password',method='GET') @mview('forgotpass')