Ejemplo n.º 1
0
def registerUser(req, uname, pwd, email, fname, mname, lname):
    a = doSql()
    b = cgi.escape(uname)
    c = cgi.escape(email)
    d = cgi.escape(fname)
    e = cgi.escape(mname)
    g = cgi.escape(lname)
    salt = form.generateSalt()
    hashPass = form.encryptPass(salt, pwd)
    # stored proc for this. update user accounts with new parent account.
    f = a.execqry(
        "SELECT addparent('"
        + b
        + "','"
        + salt
        + "','"
        + hashPass
        + "','"
        + d
        + "','"
        + e
        + "','"
        + g
        + "','"
        + c
        + "')",
        True,
    )[0][0]
    return f
Ejemplo n.º 2
0
def changepassword(req, oldpass, newpass):
    session = Session.Session(req)
    a = doSql()
    x = a.execqry("select getsalt('" + session["id"] + "')", False)[0][0]
    oldsalt = str(x)
    newsalt = form.generateSalt()
    oldhash = form.encryptPass(oldsalt, oldpass)
    newhash = form.encryptPass(newsalt, newpass)
    f = a.execqry(
        "SELECT change_password('" + session["id"] + "','" + oldhash + "','" + newhash + "','" + newsalt + "')", True
    )[0][0]
    if f == "true":
        return "success"
    else:
        return "invalid password"
Ejemplo n.º 3
0
def resetpassword(req, username):
    session = Session.Session(req)
    a = doSql()
    randPassword = os.urandom(5)
    newsalt = form.generateSalt()
    newhash = form.encryptPass(newsalt, randPassword)
    f = a.execqry("SELECT resetpass('" + username + "','" + newsalt + "','" + newhash + "')", True)[0][0]
    if f == "true":
        i = a.execqry("select getid('" + username + "')", False)[0][0]
        e = a.execqry("select getemail('" + str(i) + "')", False)[0][0]
        useremail = str(e)
        form.sendemail(
            from_addr="*****@*****.**",
            to_addr_list=[useremail],
            cc_addr_list=[useremail],
            subject="Password Reset",
            message="Your new password is " + randPassword,
            login="******",
            password="******",
        )
        return "sucess"
    else:
        return "user does not exist"