def cred_needs_updated(ccnum, cvv, salt):
"""
Determines if the credit card number and CVV for this user's credit card should be re-encrypted
"""
accid = find_accid() # gets an ID
updated = True # used to determine if the credit card number and CVV needs to be re-encrypted
# Prepare SELECT statement
prep_select = "SELECT DISTINCT credCardNum, cvv, salt, updated FROM donations NATURAL JOIN accounts NATURAL JOIN salt WHERE accId = %s AND credCardNum IS NOT NULL AND cvv IS NOT NULL"
# A tuple should always be used for binding placeholders (%s)
cursor.execute(
prep_select, (accid,) # you write (value,) when searching for one value
)
results = cursor.fetchall() # returns a list of tuples
if results:
(enc_ccnum, enc_cvv, str_salt, update) = results[0] # unpacks the tuple
# Converts the value of str_salt back to bytes
salt = eval(str_salt)
# Checks if the data that was entered should be re-encrypted
if update == "Y":
if enc.verify_hash(enc_ccnum, ccnum, salt) and enc.verify_hash(
enc_cvv, cvv, salt
):
updated = False
if updated:
update_cred(ccnum, cvv, salt)
def select_account():
"""
Checks if an account that was entered contains any new data
"""
errors = 0
# Determines if the same password or email was re-entered
enc_repeat = False
try:
enc_values = find_encdata() # returns a tuple
(enc_psw, enc_email) = enc_values # unpacks the tuple
salt = eval(
find_salt() # converts the salt that is returned from find_salt() back to bytes
)
# Checks if the user decided to reuse a password or email address
if enc.verify_hash(enc_psw, psw1, salt) or enc.verify_hash(
enc_email, email, salt
):
enc_repeat = True
# Prepare SELECT statement
prep_select = "SELECT * FROM accounts WHERE uname = %s AND fname = %s AND lname = %s AND age = %s AND addr = %s AND city = %s AND state = %s AND zipCode = %s AND poliAffil = %s"
values = (
uname,
fname,
lname,
age,
addr,
cty,
st,
zipcode,
polaffil,
)
# A tuple should always be used when binding placeholders (%s)
cursor.execute(prep_select, values)
result = cursor.fetchall() # returns a list of tuples
if not result or not enc_repeat:
update_account()
elif enc_repeat:
errors += 1
errmsgs.append(
" <p>A new password and/or email should be entered</p>"
)
else:
errors += 1
errmsgs.append(" <p>New information needs to be entered</p>")
except mysql.Error as e:
errors += 1
msg = " <p>" + str(e) + "</p>"
errmsgs.append(msg)
return errors
def verify_creditcard(ccnum, cvv):
"""
Checks if a similar credit card has been used by a previous user
"""
errors = 0 # keeps track of all the errors that have been found
accid = find_accid() # gets an ID
try:
# Prepare SELECT statement
# Note: MySQL uses "!=" and "<>" as not equal operators
prep_select = "SELECT DISTINCT credCardNum, cvv, salt FROM donations NATURAL JOIN accounts NATURAL JOIN salt WHERE accId != %s AND credCardNum IS NOT NULL AND cvv IS NOT NULL"
# A tuple should always be used for binding placeholders (%s)
cursor.execute(
prep_select, (accid,) # you write (value,) when searching for one value
)
results = cursor.fetchall() # returns a list of tuples
if results:
# Loops thru the tuples in the list
for i in range(len(results)):
# Unpacks a tuple in the list
(enc_ccnum, enc_cvv, str_salt) = results[i]
# Converts the value of str_salt back to bytes
salt = eval(str_salt)
# Checks if the data that was entered is used by another user
if enc.verify_hash(enc_ccnum, ccnum, salt) and enc.verify_hash(
enc_cvv, cvv, salt
):
errors += 1
errmsgs.append(
' <div class="center">\n\t\t <p>This credit card contains information that is too similar to another user\'s credit card information</p>\n\t\t </div>'
)
break
# Determines if cred_needs_updated() should be called
if errors == 0:
cred_needs_updated(ccnum, cvv, salt)
except Exception as e:
errors += 1
msg = " <p>" + str(e) + "</p>"
errmsgs.append(msg)
return errors
def new_psw(uname, psw):
"""
Checks if a new password was entered
"""
errors = 0
# Prepare SELECT statement
prep_select = "SELECT pwd FROM accounts WHERE uname = %s"
cursor.execute(prep_select, (uname, ))
results = cursor.fetchall() # returns a list of tuples
if results:
(enc_psw, ) = results[0]
salt = eval(get_salt()) # converts the salt value back to bytes
if enc.verify_hash(enc_psw, psw, salt):
errors += 1
errmsgs.append(
" <p>This password has already been used</p>")
else:
errors += 1
errmsgs.append(" <p>Account was not found</p>")
return errors
def select_account(uname, psw):
"""
Verifies the username and password that was entered using a prepare statement
"""
errors = 0 # keeps track of all the errors that have occurred
# Prepare SELECT statement
prep_select = "SELECT pwd FROM accounts WHERE uname = %s"
# A tuple should always be used for binding placeholders (%s)
cursor.execute(
prep_select, (uname,) # you write (value,) when searching for one value
)
# Gets all the rows from the results
result = cursor.fetchall() # returns a list of tuples
# Checks if no matches were found
if not result:
errors += 1
errmsgs.append(" <p>The username that was entered doesn't exist</p>")
else:
# Converts the string value that is returned in find_salt() back to bytes
salt = eval(find_salt())
(hashed_psw,) = result[0] # unpacks the tuple
# Checks if the password that was entered is incorrect
if not enc.verify_hash(hashed_psw, psw, salt):
errors += 1
errmsgs.append(
" <p>The password that was entered is not correct</p>"
)
return errors
def verify_bitcoin(bitcoin):
"""
Checks if the bitcoin address that was entered has been used before
"""
errors = 0 # keeps track of all the errors that have been found
accid = find_accid() # gets an ID
try:
# Prepare SELECT statement
# Note: MySQL uses "!=" and "<>" as not equal operators
prep_select = "SELECT DISTINCT bitcoin, salt FROM donations NATURAL JOIN accounts NATURAL JOIN salt WHERE accId != %s"
# A tuple should always be used when binding placeholders (%s)
cursor.execute(
prep_select, (accid,) # you use (value,) when searching for a single value
)
results = cursor.fetchall() # returns a list of tuples
if results:
# Loops thru the tuples in the list
for i in range(len(results)):
(enc_bitcoin, str_salt) = results[i] # unpacks a tuple in the list
# Converts the value of str_salt back to bytes
salt = eval(str_salt)
# Checks if the data that was entered is used by another user
if enc.verify_hash(enc_bitcoin, bitcoin, salt):
errors += 1
errmsgs.append(
' <div class="center">\n\t\t <p>This Bitcoin address is too similar to another user\'s Bitcoin address</p>\n\t\t </div>'
)
break
except mysql.Error as e:
errors += 1
msg = " <p>" + str(e) + "</p>"
errmsgs.append(msg)
return errors
def verify_account(uname, psw):
"""
Verifies that an account exists by searching for it in the database
"""
global errmsgs
errors = 0
# Prepare SELECT statement
prep_select = "SELECT pwd FROM accounts WHERE uname = %s"
# A tuple should always be used for binding placeholders (%s)
cursor.execute(
prep_select,
(uname, ) # you write (var,) when searching for one value
)
# Gets all the rows from the results
result = cursor.fetchall() # returns a list of tuples
# Checks if no matches were found
if not result:
errors += 1
errmsgs.append(
" <p>The username that was entered doesn't exist, please consider creating an account</p>"
)
else:
# Converts the string value that is returned in find_salt() back to binary
salt = eval(find_salt())
(hashed_psw, ) = result[0] # unpacks the tuple
if not enc.verify_hash(hashed_psw, psw, salt):
errors += 1
msg = " <p>The password that was entered is not correct for the username that was entered</p>"
errmsgs.append(msg)
return errors