def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from modules.dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
thecookie['userid'] = encodestring(newconfig['username'], password)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'], msg, config['email_subject'],
config['adminmail'], html=False)
return action, newconfig, thecookie.output()
def createuser(userdir, realname, username, email, password, adminlev):
"""Create a new user."""
from time import time
from modules.dataenc import pass_enc
from modules.configobj import ConfigObj
user = ConfigObj(userdir+'default.ini')
user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !!
user['username'] = username
user['realname'] = realname
user['email'] = email
user['admin'] = adminlev
user['password'] = pass_enc(password, timestamp=True, daynumber=True)
user['created'] = str(time())
user.write()
def createuser(userdir, realname, username, email, password, adminlev):
"""Create a new user."""
from time import time
from modules.dataenc import pass_enc
from modules.configobj import ConfigObj
user = ConfigObj(userdir + 'default.ini')
user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !!
user['username'] = username
user['realname'] = realname
user['email'] = email
user['admin'] = adminlev
user['password'] = pass_enc(password, timestamp=True, daynumber=True)
user['created'] = str(time())
user.write()
def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from modules.dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
pwd_hash = pwd_context.hash(password, salt="")
newconfig[entry] = pass_enc(pwd_hash,
timestamp=True,
daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
pwd_hash = pwd_context.hash(password, salt="")
thecookie['userid'] = encodestring(newconfig['username'], pwd_hash)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(
maxage
): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'],
msg,
config['email_subject'],
config['adminmail'],
html=False)
return action, newconfig, thecookie.output()
def doedituser(theform, userdir, thisscript, userconfig, action, newcookie):
"""Receives form submissions from the 'edit user' page."""
# parameters to get :
# username, realname, email, adminlev, pass1, pass2
username = theform.getfirst('username') # the user we are editing
loginname = theform.getfirst('loginname') # the new user name (won't usually change I guess)
realname = theform.getfirst('realname')
email = theform.getfirst('email')
adminlev = theform.getfirst('adminlev')
pass1 = theform.getfirst('pass1')
pass2 = theform.getfirst('pass2')
maxage = theform.getfirst('maxage')
editable = theform.getfirst('editable')
maxadminlev = min(int(userconfig['admin']), MAXADMINLEV)
# check all the account values
# this could be turned into a generic 'account checker' function if we wanted.
email = validemail(email)
if not email:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Email Address Appears to Be Invalid.')
if not loginname:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Login Name.')
for char in loginname.lower():
if not char in validchars:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Contains Invalid Characters')
if not realname:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'You Must Supply a Real Name')
if (pass1 or pass2) and not (pass1 and pass2):
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'To Change the Password - Enter it Twice')
if pass1 != pass2:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Two Passwords Are Different')
if pass1 and len(pass1) < 5:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Password Must Be at Least Five Characters')
if not adminlev.isdigit():
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'The Admin Level Must Be a Number')
if int(adminlev) > maxadminlev:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Admin Level is Higher than the Max (%s).' % maxadminlev)
if not maxage.isdigit():
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be a Number')
if int(maxage) and int(maxage) < MINMAXAGE:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Cookie "max-age" Must Be Greater Than %s' % MINMAXAGE)
if editable:
editable = 'Yes'
else:
editable = 'No'
# let's just check if the username has changed
thisuser = ConfigObj(userdir+username+'.ini')
if loginname != username:
pendinglist = ConfigObj(userdir + 'temp.ini').get('pending', [])
if os.path.isfile(userdir+loginname+'.ini') or loginname in pendinglist or loginname.lower() in RESERVEDNAMES:
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Login Name Chosen Already Exists')
thisuser.filename = userdir+loginname+'.ini' # change to new name
os.remove(userdir+username+'.ini') # free up the old name
if pass1:
from dataenc import pass_enc
thisuser['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
#
thisuser['realname'] = realname
thisuser['email'] = email
thisuser['admin'] = adminlev
thisuser['max-age'] = maxage
thisuser['editable'] = editable
thisuser.write()
# edituser(theform, userdir, thisscript, userconfig, action, newcookie, '')
edituser(theform, userdir, thisscript, userconfig, action, newcookie, 'Changes Made Successfully', True)
