def changepw(request, userid):
if request.method == 'POST':
try:
clamuser = CLAMUsers.objects.get(pk=int(userid))
except:
return HttpResponseNotFound("No such user",
content_type="text/plain")
if ((pwhash(clamuser.username, request.POST['pw'].encode('utf-8'))
== clamuser.password) or
(hashlib.md5(request.POST['pw'].encode('utf-8')).hexdigest()
== settings.MASTER_PASSWORD)):
clamuser.password = pwhash(clamuser.username,
request.POST['newpw'].encode('utf-8'))
clamuser.save()
#send_mail('Webservice account on ' + settings.DOMAIN , 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had its password changed to: ' + request.POST['newpw'] + ".\n\n(this is an automated message)", settings.FROMMAIL, [clamuser.mail] , fail_silently=False)
return HttpResponse("Password changed", content_type="text/plain")
else:
return HttpResponseForbidden("Current password is invalid",
content_type="text/plain")
else:
try:
user = CLAMUsers.objects.get(pk=int(userid))
except:
return HttpResponseNotFound("No such user")
c = RequestContext(request)
c.update(csrf(request))
return render(request, 'changepw.html', {'userid': userid})
def changepw(request, userid):
if request.method == 'POST':
try:
clamuser = CLAMUsers.objects.get(pk=int(userid))
except:
return HttpResponseNotFound("No such user", content_type="text/plain")
if ((pwhash(clamuser.username,request.POST['pw']) == clamuser.password) or (hashlib.md5(request.POST['pw']).hexdigest() == settings.MASTER_PASSWORD)):
clamuser.password=pwhash(clamuser.username,request.POST['newpw'])
clamuser.save()
#send_mail('Webservice account on ' + settings.DOMAIN , 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had its password changed to: ' + request.POST['newpw'] + ".\n\n(this is an automated message)", settings.FROMMAIL, [clamuser.mail] , fail_silently=False)
return HttpResponse("Password changed", content_type="text/plain")
else:
return HttpResponseForbidden("Current password is invalid", content_type="text/plain")
else:
try:
user = CLAMUsers.objects.get(pk=int(userid))
except:
return HttpResponseNotFound("No such user")
c = RequestContext(request)
c.update(csrf(request))
return render_to_response('changepw.html',{'userid': userid},context_instance=c)
def resetpw(request):
if request.method == 'POST' and 'mail' in request.POST:
found = False
for clamuser in CLAMUsers.objects.filter(mail=request.POST['mail']):
found = True
length = 10
chars = string.ascii_letters + string.digits + '!@#$%^&*()'
random.seed = (os.urandom(1024))
newpassword= ''.join(random.choice(chars) for i in range(length))
clamuser.password = pwhash(clamuser.username,newpassword)
clamuser.save()
send_mail('Webservice account on ' + settings.DOMAIN , 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had a password reset.\n\nUsername: '******'\nPassword: '******'\n\nImportant: Please change this password immediately to one of your own choosing using ' + settings.BASEURL + 'changepw/' + str(clamuser.pk)+ '\n\nIf you did not request this, please notify us immediately by replying to this message.\n\n(this is an automated message)', settings.FROMMAIL, [clamuser.mail] , fail_silently=False)
send_mail('[' + settings.DOMAIN + '] Password reset for ' + clamuser.username , 'User ' + clamuser.username + ' (' + clamuser.fullname + ') forgot his credentials and executed a reset from IP ' + request.META.get('REMOTE_ADDR') + '. This is an automated notification and no further action is required.', settings.FROMMAIL, [ x[1] for x in settings.ADMINS ] , fail_silently=False)
if found:
return HttpResponse("Done, please check your mail and follow the instructions...", content_type="text/plain")
else:
return HttpResponseForbidden("No such user exists", content_type="text/plain")
else:
c = RequestContext(request)
c.update(csrf(request))
return render_to_response('resetpw.html',context_instance=c)
def resetpw(request):
if request.method == 'POST' and 'mail' in request.POST:
found = False
for clamuser in CLAMUsers.objects.filter(mail=request.POST['mail']):
found = True
length = 10
chars = string.ascii_letters + string.digits + '!@#$%^&*()'
random.seed = (os.urandom(1024))
newpassword = ''.join(random.choice(chars) for i in range(length))
clamuser.password = pwhash(clamuser.username, newpassword)
clamuser.save()
send_mail(
'Webservice account on ' + settings.DOMAIN,
'Dear ' + clamuser.fullname +
'\n\nYour webservice account on ' + settings.DOMAIN +
' has had a password reset.\n\nUsername: '******'\nPassword: '******'\n\nImportant: Please change this password immediately to one of your own choosing using '
+ settings.BASEURL + 'changepw/' + str(clamuser.pk) +
'\n\nIf you did not request this, please notify us immediately by replying to this message.\n\n(this is an automated message)',
settings.FROMMAIL, [clamuser.mail],
fail_silently=False)
send_mail(
'[' + settings.DOMAIN + '] Password reset for ' +
clamuser.username,
'User ' + clamuser.username + ' (' + clamuser.fullname +
') forgot his credentials and executed a reset from IP ' +
request.META.get('REMOTE_ADDR') +
'. This is an automated notification and no further action is required.',
settings.FROMMAIL, [x[1] for x in settings.ADMINS],
fail_silently=False)
if found:
return HttpResponse(
"Done, please check your mail and follow the instructions...",
content_type="text/plain")
else:
return HttpResponseForbidden("No such user exists",
content_type="text/plain")
else:
return render(request, 'resetpw.html')