def get_user_data_by_email():
user_email = request.args.get("user_email")
email = request.args.get("email")
time_stamp = request.args.get("time")
blob = user_email + email
if check_hash(blob, email, request.args.get("hash"), time_stamp):
return json.dumps({
'success':
False,
'message':
'You are trying to hack a user. You should be ashamed of yourself!'
})
token = database_helper.get_token(email)
if token is None:
return json.dumps({
'success': False,
'message': 'User is not logged in'
})
else:
data = database_helper.get_user(user_email)
tok = database_helper.get_token(user_email)
if data is not None:
if user_email != email:
# If the user is not checking his own page, we update the looked-at-user's view count
da = database_helper.get_user(email)
database_helper.updateViews(user_email, da[3])
if tok is not None and tok in wslist:
# here we send the user's view count (which could be the sender himself if he just started his home page)
d = database_helper.getViews(user_email)
send_message(
wslist[tok],
json.dumps({
'messageType': 'views',
'message': [d[0], d[1]]
}))
retData = {
'firstname': data[0],
'familyname': data[1],
'email': data[2],
'gender': data[3],
'city': data[4],
'country': data[5]
}
return json.dumps({
'success': True,
'message': 'Data retrieval successful',
"data": retData
})
else:
return json.dumps({
'success': False,
'message': 'The user does not exist'
})
def get_user_data_by_token():
token = request.args.get("token")
time_stamp = request.args.get("time")
email = database_helper.get_email(token)
if check_hash("", email, request.args.get("hash"), time_stamp):
return json.dumps({
'success':
False,
'message':
'You are trying to hack a user. You should be ashamed of yourself!'
})
if email is None:
return json.dumps({
'success': False,
'message': 'User is not logged in'
})
else:
data = database_helper.get_user(email)
retData = {
'firstname': data[0],
'familyname': data[1],
'email': data[2],
'gender': data[3],
'city': data[4],
'country': data[5]
}
return json.dumps({
'success': True,
'message': 'Data retrieval successful',
"data": retData
})
def change_password():
token = request.json['token']
oldpassword = request.json['oldpassword']
newpassword = request.json['newpassword']
try:
email = database_helper.get_email_by_token(token)
except:
return json.dumps({
'success': False,
'message': "Token does not exist",
'data': ""
})
user = database_helper.get_user(email)
if user[0]['password'] == oldpassword:
result = database_helper.change_password(email, newpassword)
if result:
return json.dumps({
'success': result,
'message': "Password successfully changed",
'data': ""
})
else:
return json.dumps({
'success': result,
'message': "Password change failed",
'data': ""
})
else:
return json.dumps({
'success': False,
'message': "Old passwords do not match",
'data': ""
})
def sign_in():
#print "SOMEONE JUST SIGNED IN"
email = request.form['emailLog']
password = request.form['passwordLog']
data_user = database_helper.get_user(email)
if data_user == None:
return json.dumps({'success': False, 'message': "User doesn't exist."})
if bcrypt.check_password_hash(data_user[1],password):
token = create_token()
if database_helper.get_logged_in_by_mail(email):
if email in sockets:
# Removing the other token if the user signs in again
try:
ws = sockets[str(email)]
ws.send(json.dumps({'success': False, 'message': "You've been logged out !"}))
except WebSocketError as err:
repr(err)
print("WebSocketError !")
#The socket is closed already
del sockets[str(email)]
except Exception, err:
print err
database_helper.remove_logged_in_by_mail(email)
database_helper.add_logged_in(token, email)
return json.dumps({'success': True, 'message': "Login successful!", 'token': token, 'email': email})
def signUp():
email = request.form['email']
password = request.form['password']
firstname = request.form['firstname']
familyname = request.form['familyname']
gender = request.form['gender']
city = request.form['city']
country = request.form['country']
if len(email) != 0 and len(firstname) != 0 and len(familyname) != 0 and len(gender) != 0 and len(city) != 0 and \
len(country) != 0:
print "form exist"
if len(password) < 7:
return jsonify(success=False, message="Password is too short")
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
return jsonify(success=False, message="Email is invalid")
if database_helper.get_user(email):
return jsonify(success=False, message="Email already exists")
else:
pw_hash = bcrypt.generate_password_hash(password)
#print "pw: ", password, "pw_hash: ", pw_hash
database_helper.signup_user(email, pw_hash, firstname, familyname, gender, city, country)
return jsonify(success=True, message="User signed up successfully")
return jsonify(success=False, message="Formdata are not complete")
def sign_up():
user = {
'email': request.headers.get('email'),
'password': request.headers.get('password'),
'firstname': request.headers.get('firstname'),
'familyname': request.headers.get('familyname'),
'gender': request.headers.get('gender'),
'city': request.headers.get('city'),
'country': request.headers.get('country'),
}
# Validate sign up form
if not db.validate_user(user):
return json.dumps({
'success': False,
'message': "Form data missing or incorrect type."
})
# Check if email is taken
if db.get_user(user['email']):
return json.dumps({
'success': False,
'message': "User already exists."
})
encrypted_password = sha256_crypt.encrypt(unicode(user['password']))
db.add_user(user['email'], encrypted_password, user['firstname'],
user['familyname'], user['gender'], user['city'],
user['country'])
return json.dumps({
'success': True,
'message': "Successfully created a new user."
})
def get_user_data_by_email(token, email):
if email is None:
return json.dumps({"success": False, "message": "You are not signed in."})
data = database_helper.get_user(email)
if data is None:
return json.dumps({"success": False, "message": "No such user."})
return json.dumps({"success": True, "message": "User data retrieved..", "data": data})
def post_message():
data = request.get_json()
token = request.headers.get("token")
fromemail = database_helper.get_loggedinuser(token)['email']
if database_helper.get_user(fromemail) != None:
if data['toemail'] == None:
data['toemail'] = fromemail
if database_helper.get_user(data['toemail']) != None:
database_helper.save_message(data['message'], fromemail,
data['toemail'])
return {"success": True, "msg": "Message posted"}
else:
return jsonify({
"success": False,
"msg": "Recipient user doesn't exist"
})
else:
return jsonify({"success": False, "msg": "User is not signed in"})
def get_user_data_by_email():
email = request.json['email']
user = database_helper.get_user(email)
if len(user) != 0:
user = user[0]
del user['password']
return json.dumps({'success':True, 'message':"You successfully found a user", 'data':user})
else:
return json.dumps({'success':False, 'message':"The user does not exist", 'data':""})
def getUserDataByToken():
token = request.form['token']
email = database_helper.get_email(token)
email = email[0]
if database_helper.get_loggedInUsers(email):
user = database_helper.get_user(email)
if user is None:
return jsonify(success=False, message="User not signed in!")
else:
return jsonify(success=True, message="User data retrieved.", data=user)
def init():
doc = request.args.get('doc')
signed_in = current_user.is_authenticated()
if signed_in:
admin = database_helper.is_admin(current_user.id)
else:
admin = False
if doc is None:
url_auth = make_authorization_url()
return render_template("index.html",
URL_AUTH=url_auth,
SIGNED_IN=signed_in,
ADMIN=admin)
if doc == "home":
admin = database_helper.get_user('*****@*****.**')
if admin is not None:
admin_id = admin.id
else:
admin_id = "0"
return render_template("home.html", ADMIN_ID=admin_id)
id_arg = request.args.get('id')
try:
id_arg = int(id_arg)
except:
pass
if doc == "profile":
if signed_in:
own = ((id_arg == 'signedIn') or (id_arg == current_user.id))
else:
own = False
return render_template("profile.html",
SIGNED_IN=signed_in,
OWN_PROFILE=own)
elif doc == "review":
if signed_in:
own = database_helper.is_own_review(current_user.id, id_arg)
else:
own = False
return render_template("review.html",
SIGNED_IN=signed_in,
OWN_REVIEW=own,
ADMIN=admin)
elif doc == "title":
return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin)
elif doc == "author":
return render_template("author.html", ADMIN=admin)
else:
abort(404)
def get_user_data_by_email(email):
try:
params = request.args;
header = request.headers
token = header["token"]
except KeyError as e:
response = jsonify({"success": False, "message": "Missing data."})
return response
return database_helper.get_user(email)
def get_user_data_by_token():
try:
header = request.headers
token = header["token"]
email = loggedInUsers[token]
except KeyError as e:
response = jsonify({"success": False, "message": "Missing data."})
return response
return database_helper.get_user(email)
def getUserDataByEmail():
token = request.form['token']
email = request.form['email']
checkuser = database_helper.get_email(token)
checklogin = database_helper.get_loggedInUsers(checkuser[0])
if checklogin:
user = database_helper.get_user(email)
if not user:
return jsonify(success=False, message="User not signed in!")
else:
return jsonify(success=True, message="User data retrieved.", data=user)
def get_user_messages_by_email(token, email, hashvalue):
# Create empty dictionary for storing return data
data = {}
# Check if user with given email exists
dataset = database_helper.get_user(email)
if (dataset == None):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'No user with email ' + email
# return the dataset as json data
return json.dumps(data)
# Create empty list for storing messages dictionaries
messages = []
# Check if user is logged in
if (is_logged_in(token) == True):
# Get user
logged_in_user = get_user_by_token(token)
privatekey = logged_in_user['privatekey']
# Compare hash values
if (hashvalue != hash_data(privatekey + token)):
data['success'] = False
data['message'] = 'Error in hash value'
return json.dumps(data)
# Get Messages for searched user and append them to messages dict
result = database_helper.get_messages(email)
count = 0
for element in result:
message = {}
message['sender_email'] = element[1]
message['receiver_email'] = element[2]
message['message'] = element[3]
message['messageid'] = "getusermessagesbyemail" + str(count)
messages.append(message)
count = count + 1
# Pass success data to dictionary
data['success'] = True
data['message'] = 'Successfully retrieved messages'
data['data'] = messages
else:
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Not able to get messages'
# return the dataset as json data
return json.dumps(data)
def change_password():
data = request.get_json()
token = request.headers.get("token")
if database_helper.get_loggedinuser(token) != None:
email = database_helper.get_loggedinuser(token)['email']
if database_helper.get_user(email)['password'] == data['oldpassword']:
database_helper.change_password(email, data['newpassword'])
return jsonify({"success": True, "msg": "Password changed"})
else:
return jsonify({"success": False, "msg": "Wrong password"})
else:
return jsonify({"success": False, "msg": "User is not signed in"})
def get_user_data_by_email(email):
token = request.headers.get("token")
if database_helper.get_loggedinuser(token) != None:
if database_helper.get_user(email) != None:
data = database_helper.get_user(email)
result = {
"email": data['email'],
"firstname": data['firstname'],
"familyname": data['familyname'],
"gender": data['gender'],
"city": data['city'],
"country": data['country']
}
return {
"success": True,
"msg": "User data retrieved",
"data": result
}
else:
return jsonify({"success": False, "msg": "User doesn't exist"})
else:
return jsonify({"success": False, "msg": "User is not signed in"})
def get_user_data(email):
# Get user data from database
result = database_helper.get_user(email)
if (result == None):
return None
user = {}
user['email'] = result[1]
user['firstname'] = result[3]
user['familyname'] = result[4]
user['gender'] = result[5]
user['city'] = result[6]
user['country'] = result[7]
return user
def login():
error = request.args.get('error, ''')
if error:
return "Error:" + error
state = request.args.get('state', '')
if not database_helper.is_valid_state(state):
abort(401)
database_helper.delete_state(state)
code = request.args.get('code', '')
id_token, access_token = get_tokens(code)
email = id_token['email']
user = database_helper.get_user(email)
if user is None:
database_helper.add_user(email)
user = database_helper.get_user(email)
login_user(user)
return redirect("/#/profile/signedIn")
else:
login_user(user)
return redirect("/")
def get_user_messages_by_email():
token = request.json['token']
toemail = request.json['email']
try:
fromemail = database_helper.get_email_by_token(token)
except:
return json.dumps({'success':False, 'message':"Token does not exist", 'data':""})
user = database_helper.get_user(toemail)
if len(user) == 0:
return json.dumps({'success':False, 'message':"Recipient does not exist", 'data':""})
messages = database_helper.get_messages(toemail)
return json.dumps({'success':True, 'message':"", 'data':messages})
def login():
error = request.args.get('error, ' '')
if error:
return "Error:" + error
state = request.args.get('state', '')
if not database_helper.is_valid_state(state):
abort(401)
database_helper.delete_state(state)
code = request.args.get('code', '')
id_token, access_token = get_tokens(code)
email = id_token['email']
user = database_helper.get_user(email)
if user is None:
database_helper.add_user(email)
user = database_helper.get_user(email)
login_user(user)
return redirect("/#/profile/signedIn")
else:
login_user(user)
return redirect("/")
def get_user_data(email):
userInfo = database_helper.get_user(email)
if userInfo is None:
return json.dumps({"success": False, "message": "No such user."})
else:
user = [
userInfo[0], userInfo[2], userInfo[3], userInfo[4], userInfo[5],
userInfo[6]
]
return json.dumps({
"success": True,
"message": "User data retrieved.",
"data": user
})
def getUserDataByToken():
token = request.form['token']
token = verify_token(token)
print "token i getuserfan: ", token
email = database_helper.get_email(token)
email = email[0]
print "EMAIL 0: ", email
if database_helper.get_loggedInUsers(email):
user = database_helper.get_user(email)
if user is None:
return jsonify(success=False, message="User not signed in!")
else:
return jsonify(success=True, message="User data retrieved.", data=user)
def sign_in():
email = request.json['email']
password = request.json['password']
user = database_helper.get_user(email)
if len(user) == 0:
return json.dumps({
'success': False,
'message': "User not found",
'data': ""
})
elif password != user[0]['password']:
return json.dumps({
'success': False,
'message': "Wrong password",
'data': ""
})
else:
token = generate_token()
if database_helper.is_logged_in(email):
ws = ws_dic[email]
ws.send("Log out command!")
ws.close()
print "before delete:"
print ws_dic
del ws_dic[email]
print "after delete"
print ws_dic
database_helper.update_token(email, token)
return json.dumps({
'success': True,
'message':
"You successfully signed in (and your other logged in session was logged out)",
'data': token
})
else:
res = database_helper.save_token(email, token)
if res:
return json.dumps({
'success': True,
'message': "You successfully signed in",
'data': token
})
else:
return json.dumps({
'success': False,
'message': "Sign in was unsuccessful",
'data': ""
})
def change_password():
token = request.headers.get('token')
old_password = request.headers.get('oldPassword')
new_password = request.headers.get('newPassword')
email = db.get_email_by_token(token)
user = db.get_user(email)
# Compare encrypted password
if not sha256_crypt.verify(str(old_password), user['password']):
return json.dumps({'success': False, 'message': "Wrong password."})
encrypted_password = sha256_crypt.encrypt(unicode(new_password))
db.set_password(email, encrypted_password)
return json.dumps({'success': True, 'message': "Password changed."})
def sign_up(): email = request.form['email'] firstname = request.form['firstname'] familyname = request.form['familyname'] gender = request.form['gender'] city = request.form['city'] country = request.form['country'] password = request.form['password'] # does the user already exist? if database_helper.get_user(email) is None: result = database_helper.add_user(email, firstname, familyname, country, city, gender, password) return jsonify(success = True, message = "User successfully added") else: return jsonify(success = False, message = "A user with the same email already exists")
def get_user_data_by_token():
token = request.json['token']
try:
email = database_helper.get_email_by_token(token)
except:
return json.dumps({'success':False, 'message':"Token does not exist", 'data':""})
user = database_helper.get_user(email)
if len(user) != 0:
user = user[0]
del user['password']
return json.dumps({'success':True, 'message':"", 'data':user})
else:
return json.dumps({'success':False, 'message':"User does not exist", 'data':""})
def sign_up(): email = request.form['email'] firstname = request.form['firstname'] familyname = request.form['familyname'] gender = request.form['gender'] city = request.form['city'] country = request.form['country'] password = request.form['password'] # does the user already exist? if database_helper.get_user(email) is None: result = database_helper.add_user(email, firstname, familyname, country, city, gender, password) return jsonify(success = True, message = "User successfully added") else: return jsonify(success = False, message = "A user with the same email already exists")
def sign_in(email, password):
token = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for _ in range(40))
print password
m = hashlib.md5()
m.update(password)
print m.hexdigest()
pwd = m.hexdigest()
result = database_helper.get_user(email, pwd, token)
jsonfile = json.dumps({
"success": True,
"Message": "Log in",
"data": token
})
return jsonfile
def sign_in():
email = request.json['email']
password = request.json['password']
user = database_helper.get_user(email)
if len(user) == 0:
return json.dumps({'success':False, 'message':"User not found", 'data':""})
elif password != user[0]['password']:
return json.dumps({'success':False, 'message':"Wrong password", 'data':""})
else:
token = generate_token()
res = database_helper.save_token(email, token)
if res:
return json.dumps({'success':True, 'message':"You successfully signed in", 'data':token})
else:
return json.dumps({'success':False, 'message':"Sign in was unsuccessful", 'data':""})
def init():
doc = request.args.get('doc')
signed_in = current_user.is_authenticated()
if signed_in:
admin = database_helper.is_admin(current_user.id)
else:
admin = False
if doc is None:
url_auth = make_authorization_url()
return render_template("index.html", URL_AUTH=url_auth, SIGNED_IN=signed_in, ADMIN=admin)
if doc == "home":
admin = database_helper.get_user('*****@*****.**')
if admin is not None:
admin_id = admin.id
else:
admin_id = "0"
return render_template("home.html", ADMIN_ID=admin_id)
id_arg = request.args.get('id')
try:
id_arg = int(id_arg)
except:
pass
if doc == "profile":
if signed_in:
own = ((id_arg == 'signedIn') or (id_arg == current_user.id))
else:
own = False
return render_template("profile.html", SIGNED_IN=signed_in, OWN_PROFILE=own)
elif doc == "review":
if signed_in:
own = database_helper.is_own_review(current_user.id, id_arg)
else:
own = False
return render_template("review.html", SIGNED_IN=signed_in, OWN_REVIEW=own, ADMIN=admin)
elif doc == "title":
return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin)
elif doc == "author":
return render_template("author.html", ADMIN=admin)
else:
abort(404)
def sign_up():
# Get data from form
email = request.json['email']
password = request.json['password']
firstname = request.json['firstname']
familyname = request.json['familyname']
gender = request.json['gender']
city = request.json['city']
country = request.json['country']
# Create empty dictionary for storing return data
data = {}
# Validation: Check if password is long enough
if (len(password) < password_length):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Password must have at least ' + str(password_length) + ' characters.'
# return the dataset as json data
return json.dumps(data)
# Validation: Check if user is already registered
dataset = database_helper.get_user(email)
if (dataset != None):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'User is already registered.'
# return the dataset as json data
return json.dumps(data)
# Get hashed password and salt
hashed_password_and_salt = hash_password_with_random_salt(password)
salt = hashed_password_and_salt['salt']
hashed_password = hashed_password_and_salt['hashed_password']
# Add User to the database
database_helper.add_user( \
email, hashed_password, firstname, familyname, gender, city, country, salt )
# Pass success data to dictionary
data['success'] = True
data['message'] = 'Successfully signed up'
# return the dataset as json data
return json.dumps(data)
def post_message():
token = request.json['token']
toemail = request.json['email']
message = request.json['message']
if toemail == "":
toemail = database_helper.get_email_by_token(token)
user = database_helper.get_user(toemail)
if len(user) == 0:
return json.dumps({
'success': False,
'message': "Recipient does not exist (postmessage)",
'data': ""
})
try:
fromemail = database_helper.get_email_by_token(token)
except:
return json.dumps({
'success': False,
'message': "Token does not exist",
'data': ""
})
result = database_helper.store_message(toemail, fromemail, message)
if result:
try:
ws_dic[toemail].send(
str(len(ws_dic.keys())) + ":" +
str(database_helper.number_of_messages(toemail)) + ":" +
str(database_helper.registered_users()))
except:
pass
return json.dumps({
'success': result,
'message': "You succesfully posted a message",
'data': message
})
else:
return json.dumps({
'success': result,
'message': "Your message was not posted",
'data': ""
})
def sign_in():
data = request.get_json()
user = database_helper.get_user(data['email'])
if user != None:
if user['password'] == data['password']:
characters = "abcdefghiklmnopqrstuvwwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
token = ""
for i in range(36):
token += characters[rd.randint(0, 61)]
database_helper.save_token(data['email'], token)
return jsonify({
"success": True,
"msg": "Successfully signed in",
"data": token
})
else:
return jsonify({"success": False, "msg": "Wrong password"})
else:
return jsonify({"success": False, "msg": "User doesn't exist"})
def sign_in():
email = request.form['email']
password = request.form['password']
user = database_helper.get_user(email)
if user == None:
return json.dumps({
'success': False,
'message': 'This user does not exist'
})
elif bcrypt.check_password_hash(user[1], password):
token = ''.join(random.SystemRandom().choice(string.ascii_uppercase +
string.digits)
for _ in range(30))
if database_helper.get_logged_in_user(token):
return json.dumps({
'success': False,
'message': 'Already logged in'
})
elif database_helper.get_logged_in_user_by_email(email):
# remove other token if signed in again
if email in active_sockets:
try:
ws = active_sockets[email]
ws.send(
json.dumps({
'success': False,
'message': 'You have been logged out'
}))
except WebSocketError as e:
repr(e)
print "WebSocketError on logout"
# websocket already closed
del active_sockets[email]
database_helper.remove_logged_in_user_by_email(email)
# add token to database
database_helper.add_logged_in_user(email, token)
return json.dumps({
'success': True,
'message': 'you have logged in',
'data': token
})
else:
return json.dumps({'success': False, 'message': 'Wrong password'})
def get_user_data_by_email():
token = request.form['token'] # token of the user retrieving the data
email = request.form['email']
# TODO: check if token is valid!!!
user = database_helper.get_user(email)
if user is None:
return jsonify(success = False, message = "Can't find user data")
u = {}
u['email'] = user[0]
u['firstname'] = user[1]
u['familyname'] = user[2]
u['country'] = user[3]
u['city'] = user[4]
u['gender'] = user[5]
return jsonify(success = True, message = "User data successfully returned", data = u)
def get_user_data_by_token():
token = request.form["token"]
email = database_helper.get_email_from_token(token)
if email is None:
return jsonify(success = False, message = "Can't find email matching token")
user = database_helper.get_user(email[0])
if user is None:
return jsonify(success = False, message = "Can't find user data")
u = {}
u['email'] = user[0]
u['firstname'] = user[1]
u['familyname'] = user[2]
u['country'] = user[3]
u['city'] = user[4]
u['gender'] = user[5]
return jsonify(success = True, message = "User data successfully returned", data = u)
def post_message():
token = request.json['token']
toemail = request.json['email']
message = request.json['message']
user = database_helper.get_user(toemail)
if len(user) == 0:
return json.dumps({'success':False, 'message':"Recipient does not exist", 'data':""})
try:
fromemail = database_helper.get_email_by_token(token)
except:
return json.dumps({'success':False, 'message':"Token does not exist", 'data':""})
result = database_helper.store_message(toemail, fromemail, message)
if result:
return json.dumps({'success':result, 'message':"You succesfully posted a message", 'data':message})
else:
return json.dumps({'success':result, 'message':"Your message was not posted", 'data':""})
def get_user_data_by_token():
token = request.headers.get('token')
email = db.get_email_by_token(token)
user = db.filter_user(db.get_user(email))
if not user:
return json.dumps({'success': False, 'message': "No such user."})
# Add additional statistics
messages = db.get_user_messages(email)
user["message_count"] = len(messages)
page_views = db.get_page_views(email)
user["page_views"] = len(page_views)
return json.dumps({
'success': True,
'message': "User data retrieved.",
'data': user
})
def get_user_data_by_token():
token = request.form["token"]
email = database_helper.get_email_from_token(token)
if email is None:
return jsonify(success = False, message = "Can't find email matching token")
user = database_helper.get_user(email[0])
if user is None:
return jsonify(success = False, message = "Can't find user data")
u = {}
u['email'] = user[0]
u['firstname'] = user[1]
u['familyname'] = user[2]
u['country'] = user[3]
u['city'] = user[4]
u['gender'] = user[5]
return jsonify(success = True, message = "User data successfully returned", data = u)
def change_password():
email = request.form['email']
pwd = request.form['pwd']
chgpwd = request.form['chgPwd']
timestamp = request.form['timestamp']
#Secure way to transmission of data
if check_tok_post('changepassword', request):
if not database_helper.get_logged_in_by_mail(email):
return json.dumps({'success': False, 'message': "You are not logged in."})
else:
if len(chgpwd) < 6:
return json.dumps({"success": False, "message": "Error: password must be at least 6 characters long"})
current_password = database_helper.get_user(email)[1]
if bcrypt.check_password_hash(current_password, pwd):
database_helper.modify_pwd(email, current_password, bcrypt.generate_password_hash(chgpwd))
return json.dumps({"success": True, "message": "Password changed."})
return json.dumps({"success": False, "message": "Error : invalid inputs."})
return json.dumps({"success": False, "message": "Error request."})
def get_user_data_by_email():
token = request.headers.get('token')
email = request.headers.get('email')
user = db.filter_user(db.get_user(email))
if not user:
return json.dumps({'success': False, 'message': "No such user."})
# Update page views if user is visiting another user's profile
visitorEmail = db.get_email_by_token(token)
if email != visitorEmail:
db.add_page_view(email, visitorEmail)
page_views = db.get_page_views(email)
owner_token = db.get_token_by_email(email)
sockets.update_page_views(owner_token, len(page_views))
return json.dumps({
'success': True,
'message': "User data retrieved.",
'data': user
})
def get_user_data_by_email():
token = request.form['token'] # token of the user retrieving the data
email = request.form['email']
# Check if online
if database_helper.is_user_online(token) != True:
return jsonify(success = False, message = "You are not logged in")
user = database_helper.get_user(email)
if user is None:
return jsonify(success = False, message = "Can't find user data")
u = {}
u['email'] = user[0]
u['firstname'] = user[1]
u['familyname'] = user[2]
u['country'] = user[3]
u['city'] = user[4]
u['gender'] = user[5]
return jsonify(success = True, message = "User data successfully returned", data = u)
def change_password():
clientEmail = request.form['clientEmail']
old_password = request.form['old_password']
new_password = request.form['new_password']
if len(new_password) < 5:
return json.dumps({
"success":
False,
"message":
"The password has to be 5 characters or more."
})
if verifyTokenPOST('changepassword', request):
current_password = database_helper.get_user(clientEmail)[1]
if bcrypt.check_password_hash(current_password, old_password):
database_helper.set_password(
clientEmail, bcrypt.generate_password_hash(new_password))
return json.dumps({
"success": True,
"message": "Password changed."
})
return json.dumps({"success": False, "message": "Wrong password."})
return json.dumps({"success": False, "message": "You are not signed in."})
def get_user_messages_by_email(email):
token = request.headers.get("token")
if database_helper.get_loggedinuser(token) != None:
if database_helper.get_user(email) != None:
messages = database_helper.get_usermessages(email)
if messages != None:
result = [message for message in messages]
return jsonify({
"success": True,
"msg": "User messages retrieved",
"data": result
})
else:
return jsonify({
"success": True,
"msg": "User messages retrieved",
"data": None
})
else:
return jsonify({"success": False, "msg": "User doesn't exist"})
else:
return jsonify({"success": False, "msg": "User is not signed in"})
def post_message():
# Get data from form
token = request.json['token']
receiver_email = request.json['receiverEmail']
message = request.json['message']
hashvalue = request.json['hashvalue']
# Create empty dictionary for storing return data
data = {}
# Check if user with given email exists
dataset = database_helper.get_user(receiver_email)
if (dataset == None):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'No user with email ' + receiver_email
# return the dataset as json data
return json.dumps(data)
# Check if user is logged in
if (is_logged_in(token) == True):
# Get user
logged_in_user = get_user_by_token(token)
sender_email = logged_in_user['email']
privatekey = logged_in_user['privatekey']
# Compare hash values
if (hashvalue != hash_data(privatekey + token + message + receiver_email)):
data['success'] = False
data['message'] = 'Error in hash value'
return json.dumps(data)
# Save message to database
database_helper.post_message(sender_email, receiver_email, message)
# Pass success data to dictionary
data['success'] = True
data['message'] = 'Successfully posted message'
# chartjs: Send Update to User
if is_logged_in_by_email(receiver_email):
user = get_user_by_email(receiver_email)
if ('websocket' in user):
# Form Data Object
chartjs = {}
chartjs['success'] = True
chartjs['message'] = 'MessageCountChanged'
chartjs['data'] = database_helper.get_message_count(receiver_email)
# Get Websocket and sent data
websocket = user['websocket']
if websocket is not None:
websocket.send(json.dumps(chartjs))
# if user is not logged in
else:
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Not able to post message'
# return the dataset as json data
return json.dumps(data)
def sign_in():
# Get email and password from form
email = request.json['email']
password = request.json['password']
# Create empty dictionary for storing return data
data = {}
# Get user from database
dataset = database_helper.get_user(email)
# Check if database call was successfull
if (dataset != None):
salt = dataset[8]
# Prepend the salt to password
salted_password = salt + password
# Hash the salted password
hashed_password = hash_password(salted_password)
# Check if password from form is same as in database
if (hashed_password == dataset[2]):
# Create a private key
private_key = base64.b64encode(os.urandom(128))
private_key = salt.decode("utf-8")
# Check if user is already logged in:
if (is_logged_in_by_email(email) == True):
# Append new token to existing user object
increase_session_count(email)
# Get existing token
token = get_user_by_email(email)['token']
else:
# Create session token
token = token_generator()
# Create new user object and add it to the list of logged in users
logged_in_users.append({'email':email,'token':token,'sessions':1,'privatekey':private_key})
# Pass success data to dictionary
data['success'] = True
data['message'] = 'Successfully signed in'
data['data'] = token
data['privatekey'] = private_key
# chartjs: Update Statistics about online users
count = len(logged_in_users)
for logged_in_user in logged_in_users:
if ('websocket' in logged_in_user):
# Form Data Object
chartjs = {}
chartjs['success'] = True
chartjs['message'] = "OnlineCountChanged"
chartjs['data'] = count
# Get Websocket and sent data
websocket = logged_in_user['websocket']
if websocket is not None:
websocket.send(json.dumps(chartjs))
else:
# In case password is not the same provide error information
data['success'] = False
data['message'] = 'Wrong username or password'
else:
# In case user can't be fetched from database provide error information
data['success'] = False
data['message'] = 'Wrong username or password'
# return the dataset as json data
return json.dumps(data)
def change_password():
# Get data from form
token = request.json['token']
hashvalue = request.json['hashvalue']
old_password = request.json['oldPassword']
new_password = request.json['newPassword']
repeatNewPsw = request.json['repeatNewPsw']
# Create empty dictionary for storing return data
data = {}
# Validation: Check if password is long enough
if (len(new_password) < password_length):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Password must have at least ' + str(password_length) + ' characters.'
# return the dataset as json data
return json.dumps(data)
# Check if user is logged in
if (is_logged_in(token) == True):
# Get user
logged_in_user = get_user_by_token(token)
email = logged_in_user['email']
privatekey = logged_in_user['privatekey']
# Compare hash values
if (hashvalue != hash_data(privatekey + token + old_password + new_password + repeatNewPsw)):
data['success'] = False
data['message'] = 'Error in hash value'
return json.dumps(data)
# Get current password and salt from database
result = database_helper.get_user(email)
db_password = result[2]
salt = result[8]
# Hash old password
old_password = hash_password(salt + old_password)
# Validate user input with database data
if (db_password != old_password):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Old password is not correct'
# return the dataset as json data
return json.dumps(data)
# Change password
new_password = hash_password(salt + new_password)
database_helper.change_password(email, new_password)
# Pass success data to dictionary
data['success'] = True
data['message'] = 'Successfully updated password'
else:
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Not able to update password'
# return the dataset as json data
return json.dumps(data)
