def POST(self):
i = web.input()
user_form = self.form()
if not user_form.validates():
return render.admin(model.get_all_users(),user_form)
if 'uid' in i:
model.del_user(i.cin, i.uid)
elif 'username' in i:
uname, pwd, email = i.username.strip().lower(), i.password.strip(), i.email.strip()
pwd = bcrypt.hashpw(pwd, bcrypt.gensalt(BCRYPT_WLOAD))
model.add_user(i.cin, uname,pwd, email)
return render.admin(model.get_all_users(), user_form)
def POST(self):
i = web.input()
form = self.form()
if not form.validates() or i.username in [u.username for u in model.get_all_users()]:
return render.register(form,model.get_all_users())
else:
cin, uname, pwd, email = i.cin, i.username.strip().lower(), i.password.strip(), i.email.strip()
#register parsing here
pwd = bcrypt.hashpw(pwd, bcrypt.gensalt(BCRYPT_WLOAD))
model.add_user(cin, uname,pwd, email)
session.logged_in = True
session.username = uname
session.cin = cin
raise web.seeother('/')
def POST(self):
"""
Compares given CIN, username and password to db entry
"""
i = web.input()
form = self.form()
logger.debug('Logged_in: %s', session.logged_in)
output=[]
if ospath.exists('banned_ip.chess'):
with open('banned_ip.chess','r') as bfd:
for line in bfd:
if web.ctx['ip'] in line:
t = line[line.find('|')+2:-1].strip()
d = datetime.strptime(t,self.time_format)
dc = datetime.utcnow()
if d + self.bannedtimer <= dc:
return "<h1>Too many failed login attempts.</h1><br /><h2>Please try again at a later time</h2>"
else:
output.append(line)
with open('banned_ip.chess','w') as bfd:
f.writelines(output)
if not form.validates():
return render.login(form, users=model.get_all_users())
else:
try:
u = model.get_user_by_name(i.cin, i.username.strip().lower())[0]
except IndexError:
return render.login(form,"User does not exist! If you need an account, please contact your local admin.", users=model.get_all_users())
check = True if bcrypt.hashpw(i.password, u.password) == u.password else False
#Check is user authentication was a great success
if check:
session.logged_in = True
session.username = i.username
session.cin = int(i.cin)
session.priv = u.privilege
raise web.seeother('/')
else:
try:
session['loginfails'] += 1
except KeyError:
session['loginfails'] = 0
if session['loginfails'] > MAX_LOGIN_ATTEMPTS:
ip = web.ctx['ip']
logger.warning('IP %s has attempted too many unsuccessfull logins', ip)
session['loginfails']=0
with open('banned_ip.chess','a') as bfd:
bfd.write("%s | %s"%(web.ctx['ip'],datetime.utcnow()))
return render.login(form,"login failed!", users=model.get_all_users())
def GET(self):
page = 1 if not web.input().get('page') else web.input().get('page')
user = self.getcurrentuser()
if user.passwd == "qq" or user.passwd == "douban":
raise web.seeother('/my')
#fen ye
if user.level == 3:
page = int(page)
perpage = 20
offset = (page - 1) * perpage
users = model.get_all_users(offset=offset, limit=perpage)
users_count = model.get_user_num()
pages = users_count.count / perpage
if users_count.count % perpage > 0:
pages += 1
if page > pages:
raise web.seeother('/admin')
else:
users = None
pages = 0
return jjenv.get_template('admin.html').render(
nickname=session.username,
title="Admin",
current='admin',
user=user,
users=users,
pages=pages)
def GET(self):
page = 1 if not web.input().get('page') else web.input().get('page')
user = self.getcurrentuser()
if user.passwd == "qq" or user.passwd == "douban":
raise web.seeother('/my')
#fen ye
if user.level == 3:
page = int(page)
perpage = 20
offset = (page - 1) * perpage
users = model.get_all_users(offset=offset,limit=perpage)
users_count = model.get_user_num()
pages = users_count.count / perpage
if users_count.count % perpage > 0:
pages += 1
if page > pages:
raise web.seeother('/admin')
else:
users = None
pages = 0
return jjenv.get_template('admin.html').render(nickname=session.username,title="Admin", current='admin', user=user, users=users, pages = pages)
def see_all_users():
if request.method == 'GET':
content = model.get_all_users()
content_len = len(content)
print(content)
return render_template('users.html',
content=content,
content_len=content_len)
else:
if 'username' not in session:
flash('You must be logged in to follow users')
return redirect('/login')
else:
user_to_follow = request.form['follow']
username = session['username']
user_to_follow_object = model.set_user_object_from_pk(
user_to_follow)
user_to_follow_username = user_to_follow_object.username
if user_to_follow_username == username:
flash(f'You can\'t follow yourself!')
return redirect('/users')
elif model.test_followed_object(username, user_to_follow_username):
flash(f'You are already following that user!')
return redirect('/users')
else:
try:
model.follow_user(username, user_to_follow_username)
flash(f'You are now following {user_to_follow_username}!')
return redirect('/users')
except:
flash('Something went wrong, try again')
return redirect('/users')
def GET(self):
ret_users = []
users = model.get_all_users()
for user in users:
ret_users.append({
"fname": user['fname'],
"lname": user['lname'],
"address1": user['address1'],
"address2": user['address2'],
"city": user['city'],
"state": user['state'],
"zipcode": user['zipcode'],
"country": user['country'],
"registerDate": str(user['registerDate'])
})
accept_header = web.ctx.env.get("HTTP_ACCEPT")
if "text/html" in accept_header:
# Show an HTML tabl
return render.admin()
elif "application/json" in accept_header:
# Return a JSON tring
return json.dumps(ret_users)
else:
# Return a 406 Not Acceptable because the client is
# requesting data be returned in a media type that we
# don't support
web.ctx.status = '406 Not Acceptable'
return
def GET(self):
logger.debug('Logged_in: %s', session.logged_in)
if logged_in():
web.seeother('/')
else:
form = self.form()
return render.login(form,users=model.get_all_users())
def POST(self):
if not check_priv_lvl(2):
raise web.notfound("You don't have the right privilege level to access this")
i = web.input(cin=None)
user_form = self.form()
client_form = self.cin_form()
if 'uid' in i:
logger.info("Deleting user")
model.del_user(i.cin, i.uid)
logger.debug('User Deleted: %d',i.uid)
elif 'new_client' in i:
if client_form.validates():
logger.info("Adding new client")
model.add_client(i.new_client, i.client_name)
logger.debug('Client Added: %d|%s',i.new_client, i.client_name)
elif 'username' in i:
logger.info("Adding user")
if not user_form.validates():
return render.admin(model.get_all_users() if session.cin==0 else model.get_user_by_cin(session.cin), user_form, client_form)
uname, pwd, email = i.username.strip().lower(), i.password.strip(), i.email.strip()
pwd = bcrypt.hashpw(pwd, bcrypt.gensalt(BCRYPT_WLOAD))
cin = i.cin if i.cin else session.cin
ret = model.add_user(cin, uname,pwd, email, i.privilege)
#Checks if CIN exists and if CIN/Username combination exists
if ret == 0:
raise web.notfound("No client exists with this CIN")
elif ret == -1:
raise web.notfound("Username exists with identical CIN")
logger.debug('User added %s', uname)
raise web.seeother('/admin')
def GET(self):
ret_users = []
users = model.get_all_users()
for user in users:
ret_users.append({
"fname": user['fname'],
"lname": user['lname'],
"address1": user['address1'],
"address2": user['address2'],
"city": user['city'],
"state": user['state'],
"zipcode": user['zipcode'],
"country": user['country'],
"registerDate": str(user['registerDate'])
})
accept_header = web.ctx.env.get("HTTP_ACCEPT")
if "text/html" in accept_header:
# Show an HTML tabl
return render.admin()
elif "application/json" in accept_header:
# Return a JSON tring
return json.dumps(ret_users)
else:
# Return a 406 Not Acceptable because the client is
# requesting data be returned in a media type that we
# don't support
web.ctx.status = '406 Not Acceptable'
return
def POST(self):
op,p1,p2 = web.input().get('op'), web.input().get('p1'), web.input().get('p2')
user = self.getcurrentuser()
if user.level == 3:
page = 1
perpage = 20
offset = (page - 1) * perpage
users = model.get_all_users(offset=offset,limit=perpage)
users_count = model.get_user_num()
pages = users_count.count / perpage
if users_count.count % perpage > 0:
pages += 1
else:
users = None
pages = 0
if op is not None and p1 is not None and p2 is not None: #修改密码
if user.passwd != hashlib.md5(op).hexdigest():
tips = "原密码错误!"
elif p1 != p2:
tips = "两次密码不一致!"
else:
tips = "修改成功!"
passwd = hashlib.md5(p1).hexdigest()
model.update_user_passwd(user.k_id,passwd)
return jjenv.get_template('admin.html').render(nickname=session.username,title="Admin",current='admin',user=user,users=users,chpwdtips=tips,pages = pages)
else:
return self.GET()
def GET(self):
if not logged_in():
raise web.seeother('/login')
if not check_priv_lvl(2):
raise web.notfound("You don't have the right privilege level to access this")
users = model.get_user_by_cin(session.cin)
client_form = self.cin_form()
user_form = self.form()
return render.admin(model.get_all_users() if session.cin==0 else users, user_form, client_form)
def invite_to_circlet():
if 'user_id' not in session or 'circlet' not in session:
return "you need to be logged in and creating a circlet to invite users"
all_users = get_all_users()
all_other_users = []
for user in all_users:
if user.user_id != int(session['user_id']):
all_other_users.append(user)
return render_template('invite_to_circlet.html', users=all_other_users)
def GET(self):
user = self.getcurrentuser()
users = model.get_all_users(
) if user.level == 3 else None #是管理员就得到用户列表
return jjenv.get_template('admin.html').render(
nickname=session.username,
title="Admin",
current='admin',
user=user,
users=users)
def POST(self):
"""
Compares given CIN, username and password to db entry
TODO: Rewrite me: I need to get rid of authenticate_user as
it seems to be just doubling my code
"""
i = web.input()
form = self.form()
if not form.validates():
return render.login(form, users=model.get_all_users())
else:
try:
u = model.get_user_by_name(i.cin, i.username.strip().lower())[0]
except IndexError:
return render.login(form,"User does not exist! Need an account? <a href='/register'>Register Here</a>", users=model.get_all_users())
check = True if bcrypt.hashpw(i.password, u.password) == u.password else False
print bcrypt.hashpw(i.password, u.password)
if check:
session.logged_in = True
session.username = i.username
session.cin = i.cin
raise web.seeother('/admin')
else:
return render.login(form,"login failed!", users=model.get_all_users())
def get(self):
models = model.get_devices()
prefs = model.get_preferences()
usrrpt = model.get_user_report_counts()
users = model.get_all_users()
curusr = model.get_user_by_uname(self.current_user)
for post in models:
post['m_count'] = model.get_devices_counts_byname(post['m_device'])
post['m_detail'] = {'version':""}
mdtop = model.get_roms_by_devicesname(post['m_device'],5)
for itm in mdtop:
post['m_detail'] = itm
break
netpref=config.netpref
netpref['diskuseage'] = utils.run('df -h')
self.render("publish_index.html", models=models, prefs=prefs, netpref=netpref, usrrpt=usrrpt,users=users,curusr=curusr, strtime=utils.strtime, getStatuStr=config.getStatuStr, accessAdmin = self.accessAdmin())
def POST(self):
op,p1,p2 = web.input().get('op'), web.input().get('p1'), web.input().get('p2')
user = self.getcurrentuser()
users = model.get_all_users() if user.level == 3 else None
if op is not None and p1 is not None and p2 is not None: #修改密码
if user.passwd != hashlib.md5(op).hexdigest():
tips = "原密码错误!"
elif p1 != p2:
tips = "两次密码不一致!"
else:
tips = "修改成功!"
passwd = hashlib.md5(p1).hexdigest()
model.update_user_passwd(user.k_id,passwd)
return jjenv.get_template('admin.html').render(nickname=session.username,title="Admin",current='admin',user=user,users=users,chpwdtips=tips)
else:
return self.GET()
def get(self,modname):
a = self.get_argument("a","")
f = self.get_argument('f','')
if (a=='del'):
fname = "static/downloads/" + modname + '/'+ f
utils.run('rm -f '+ fname)
self.logW("删除文件:%s:%s"%(modname, fname))
f1 = str(utils.run('ls -l '+ "static/downloads/" + modname))
filelist = []
f2 = f1.split('\\n')
if(len(f2)<2): return
for finfo in f2[1:-1]:
f3 = {}
f3['info'] = finfo
f3['filename'] = finfo.split(' ')[-1]
filelist.append(f3)
users = model.get_all_users()
self.render("publish_romlistfiles.html", netpref=config.netpref, name=modname, filelist=filelist,users=users, ptitle ="统一管理上传的文件", strdate=utils.strtime, getStatuStr=config.getStatuStr)
def POST(self):
op, p1, p2 = web.input().get('op'), web.input().get(
'p1'), web.input().get('p2')
user = self.getcurrentuser()
users = model.get_all_users() if user.level == 3 else None
if op is not None and p1 is not None and p2 is not None: #修改密码
if user.passwd != hashlib.md5(op).hexdigest():
tips = "原密码错误!"
elif p1 != p2:
tips = "两次密码不一致!"
else:
tips = "修改成功!"
passwd = hashlib.md5(p1).hexdigest()
model.update_user_passwd(user.k_id, passwd)
return jjenv.get_template('admin.html').render(
nickname=session.username,
title="Admin",
current='admin',
user=user,
users=users,
chpwdtips=tips)
else:
return self.GET()
def POST(self):
op, p1, p2 = web.input().get('op'), web.input().get(
'p1'), web.input().get('p2')
user = self.getcurrentuser()
if user.level == 3:
page = 1
perpage = 20
offset = (page - 1) * perpage
users = model.get_all_users(offset=offset, limit=perpage)
users_count = model.get_user_num()
pages = users_count.count / perpage
if users_count.count % perpage > 0:
pages += 1
else:
users = None
pages = 0
if op is not None and p1 is not None and p2 is not None: #修改密码
if user.passwd != hashlib.md5(op).hexdigest():
tips = "原密码错误!"
elif p1 != p2:
tips = "两次密码不一致!"
else:
tips = "修改成功!"
passwd = hashlib.md5(p1).hexdigest()
model.update_user_passwd(user.k_id, passwd, user.name)
return jjenv.get_template('admin.html').render(
nickname=session.username,
title="Admin",
current='admin',
user=user,
users=users,
chpwdtips=tips,
pages=pages)
else:
return self.GET()
def GET(self):
user = self.getcurrentuser()
users = model.get_all_users() if user.level == 3 else None #是管理员就得到用户列表
return jjenv.get_template('admin.html').render(nickname=session.username,title="Admin", current='admin', user=user, users=users)
def show_all_users():
model.connect_to_db()
users = model.get_all_users()
return render_template("all_user.html", users=users)
def getusers():
return dumps({"users": get_all_users()})
def GET(self):
form = self.form()
return render.register(form,model.get_all_users())
def get(self,modname):
romlists = model.get_roms_by_devicesname(modname,-1)
users = model.get_all_users()
self.render("publish_romlist.html", netpref=config.netpref, name=modname, roms=romlists,users=users, ptitle ="已经发布的更新列表", strdate=utils.strtime, getStatuStr=config.getStatuStr)
def GET(self):
if logged_in():
web.seeother('/')
else:
form = self.form()
return render.login(form,users=model.get_all_users())
def GET(self):
users = model.get_all_users()
user_form = self.form()
return render.admin(users, user_form)
def all_users():
model.conn_db()
list_of_users = model.get_all_users()
html = render_template("all_users.html",list_of_users=list_of_users)
return html
def index():
return render_template('index.html', user_list=get_all_users())
def get_more_users(offset):
user_list = model.get_all_users(int(offset))
return render_template("more_users.html", users=user_list)
def get_users():
user_list = model.get_all_users(0)
return render_template("user_list.html", users=user_list)
def user_list():
all_users=model.get_all_users()
return render_template('user_list.html', all_users=all_users)
