Beispiel #1
0
    def do_GET(self):
        global sessionID
        self.headerFinished = False
        self.send_response(200)

        #return favicon.ico
        if self.path.startswith("/favicon.ico"):
            self.send_header('Content-type', 'image/x-icon')

            try: 
                f = open("favicon.ico", "rb")
                self.write(f.read())
            except:
                pass
            return

        #Parse query
        if '?' in self.path:
            qs = self.path[self.path.find('?')+1:]
            query = cgi.parse_qs(qs, keep_blank_values = True)
        else:
            query = None

        #Check Authentication
        if not self.isAuthenticated():
            return

        #The following code should only be executed when the user has passed authentication!

        #Check api
        if not self.initApi():
            return
                
        #Handel called URL

        #Return requested image
        if self.path.startswith("/getimage"):
            params = self.path.split("-")
            imageHash = params[1].split(".")[0]
            
            ret = getPages.getImage(imageHash)
            if not ret:
                return

            mimeType, image = ret
            
            self.send_header('Content-type', mimeType)
            self.write(image)
            return
        else:
            #Header for text
            self.send_header('Content-type', 'text/html')

        #Return requestet page
        if self.path.startswith("/inbox") or self.path == "/":
            self.write(getPages.inbox())

        elif self.path.startswith("/outbox"):
            self.write(getPages.outbox())

        elif self.path.startswith("/composer"):
            self.write(getPages.composeMsg())

        elif self.path.startswith("/subscriptions"):
            self.write(getPages.subscriptions())

        elif self.path.startswith("/addressbook"):
            self.write(getPages.addressBook())

        elif self.path.startswith("/chans"):
            self.write(getPages.chans())

        elif self.path.startswith("/identities"):
            self.write(getPages.identities())

        elif self.path.startswith("/status"):
            self.write(getPages.connectionStatus())

        elif self.path.startswith("/logout"):
            sessionID = None
            self.write(password.enterHTML())

        elif self.path.startswith("/markread"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.markRead(msgid)

        elif self.path.startswith("/markunread"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.markUnread(msgid)

        elif self.path.startswith("/delmsg"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.delMsg(msgid)

        elif self.path.startswith("/delsentmsg"):
            try:
                msgid = query["msgid"][0]
            except:
                return

            getPages.delSentMsg(msgid)

        else:
            html = HTMLPage()
            html.addLine("<h1>Page not found!</h1>", False)
            self.write(html.getPage())
Beispiel #2
0
    def do_POST(self):
        global sessionID
        self.headerFinished = False
        self.send_response(200)

        #Parse query
        try:
            ctype, pdict = cgi.parse_header(self.headers.getheader('content-type'))
            if ctype == 'multipart/form-data':
                query = cgi.parse_multipart(self.rfile, pdict)
            else:
                query = None
        except:
            query = None

        #Session Management
        authenticated = False

        #Check password
        if self.path.startswith("/pwd"):
            try:
                pwd = query.get("pwd")[0]
            except:
                pwd = None

            if password.isCorrect(pwd):
                sessionID = urandom(16).encode('base64').strip()
                self.send_header("Set-Cookie", "bitweb_sessionID=\"" + sessionID + "\"; Max-Age=2592000; Version=\"1\"; Secure; Port; HttpOnly")
                authenticated = True
                #Redirect to inbox
                self.path = "/inbox"
                sleep(1) #To slow down brutforce
            else:
                self.send_header('Content-type', 'text/html')
                self.write(password.enterHTML(True))
                sleep(1) #To slow down brutforce
                return

        #Set password
        if self.path.startswith("/setpwd") and not password.isSet():
            try:
                pwd = query["pwd"][0]
                password.set(pwd)
                authenticated = True
            except:
                authenticated = False

        #Check Authentication
        if (not authenticated) and (not self.isAuthenticated()) :
            return

        #End of session management. 
        #The following code should only be executed when the user has passed authentication!

        #Check api
        if not self.initApi():
            return

        #Header for text
        self.send_header('Content-type', 'text/html')
                
        #Handel called URL
        if self.path.startswith("/inbox") or self.path == "/":
            self.write(getPages.inbox())

        elif self.path.startswith("/composer"):
            toAddress = False
            replyTo = False
            try:
                if query.has_key("to"):
                    toAddress = query["to"][0]
                if query.has_key("replyto"):
                    replyTo = query["replyto"][0]
            except:
                pass
                
            self.write(getPages.composeMsg(replyTo, toAddress))

        elif self.path.startswith("/sendmsg"):
            try:
                if query.has_key("to"):
                    toAddress = query["to"][0]
                else:
                    #There is no reciever for broadcast messages
                    toAddress = ""
                fromAddress = query["from"][0]
                subject = query["subject"][0]
                text = query["text"][0]
                if query["broadcast"][0] == "true":
                    broadcast = True
                else:
                    broadcast = False
            except:
                page = HTMLPage()
                page.addLine("<h1>Error while parsing message.")
                page.addLine("Message NOT send!</h1>")
                self.write(page.getPage())
                return

            self.write(getPages.sendMsg(toAddress, fromAddress, subject, text, broadcast))

        elif self.path.startswith("/unsubscribe"):
            try:
                addr = query["addr"][0]
                getPages.unsubscribe(addr)
            except:
                pass

            self.write(getPages.subscriptions())

        elif self.path.startswith("/subscribe"):
            try:
                addr = query["addr"][0]
                label = query["label"][0]
                getPages.subscribe(addr, label)
            except:
                pass

            self.write(getPages.subscriptions())

        elif self.path.startswith("/addaddressbookentry"):
            try:
                addr = query["addr"][0]
                label = query["label"][0]
                getPages.addAddressBookEntry(addr, label)
            except:
                pass

            self.write(getPages.addressBook())

        elif self.path.startswith("/deladdressbookentry"):
            try:
                addr = query["addr"][0]
                getPages.delAddressBookEntry(addr)
            except:
                pass

            self.write(getPages.addressBook())

        elif self.path.startswith("/createchan"):
            try:
                pw = query["pw"][0]
                getPages.createChan(pw)
            except:
                pass
            
            self.write(getPages.chans())

        elif self.path.startswith("/joinchan"):
            try:
                pw = query["pw"][0]
                addr = query["addr"][0]
                getPages.joinChan(pw, addr)
            except:
                pass
            
            self.write(getPages.chans())

        elif self.path.startswith("/leavechan"):
            try:
                addr = query["addr"][0]
                getPages.leaveChan(addr)
            except:
                pass
            
            self.write(getPages.chans())

        elif self.path.startswith("/addrandomaddress"):
            try:
                label = query["label"][0]
                getPages.genRandomAddress(label)
            except:
                pass

            self.write(getPages.identities())

        elif self.path.startswith("/deladdress"):
            try:
                addr = query["addr"][0]
                getPages.delAddress(addr)
            except:
                pass

            self.write(getPages.identities())

        else:
            html = HTMLPage()
            html.addLine("<h1>Page not found!</h1>", False)
            self.write(html.getPage())