def loginphrase2username_password(request):
"""convert login phrase to username/password pair"""
phrase = request.POST.get("loginphrase","")
username = get_username_from_loginphrase(phrase)
password = get_password_from_loginphrase(phrase)
clone = request.POST.copy()
clone["username"] = username
clone["password"] = password
return clone
def delete_confirm(request):
"""
confirm a delete request
"""
if not valid_token(request):
return token_splash_page(request)
if request.POST.has_key('yes'):
login_phrase = request.POST.get("password","")
password = get_password_from_loginphrase(login_phrase)
if request.user.check_password(password):
template_path = 'registration/delete_confirm.html'
template_vars = {}
template_vars['title'] = _('Profile Deleted')
user = request.user
auth_logout(request)
user.prj_delete()
return render_to_response(template_path, template_vars,
context_instance=RequestContext(request))
else:
return delete(request, password_error=_("Wrong password."))
else:
return redirect('/')
def new_login(request):
"""
Careful - this function does not use django's login/logout functions
intelligently. Bugs are likely to arise from here.
"""
if not valid_token(request):
return token_splash_page(request)
if match(settings.ID_REGEX, request.user.username):
# the user already has the new passphrase. Don't let him change it.
return HttpResponseRedirect(reverse('user.views.profileForwarding'))
template_path = 'registration/new_login.html'
template_vars = {}
template_vars['title'] = _('IMPORTANT')
# Restore the user's session. If he tries to visit any other page,
# he will remain logged out.
if "savedSession" in request.session:
for key, value in request.session["savedSession"].items():
request.session[key] = value
if SESSION_KEY in request.session:
request.user = User.objects.get(id=request.session[SESSION_KEY])
del request.session["savedSession"]
user = request.user
# Don't let people visit this page without logging in.
# Copied from django.contrib.auth.decorators.user_passes_test
if not user.is_authenticated():
login_url = None
path = request.build_absolute_uri()
# If the login url is the same scheme and net location then just
# use the path as the "next" url.
login_scheme, login_netloc = urlparse.urlparse(login_url or
settings.LOGIN_URL)[:2]
current_scheme, current_netloc = urlparse.urlparse(path)[:2]
if ((not login_scheme or login_scheme == current_scheme) and
(not login_netloc or login_netloc == current_netloc)):
path = request.get_full_path()
return redirect_to_login(path, login_url, REDIRECT_FIELD_NAME)
user_profile = user.get_profile()
if request.method == "POST":
loginphrase_entered = request.POST.get("loginphrase","").upper()
loginphrase = request.session.get("temploginphrase","")
if loginphrase_entered == loginphrase:
# The user received the passphrase and has hopefully written it
# down. Because now we are changing his credentials.
user.username = user_profile.id
password = get_password_from_loginphrase(loginphrase)
encrypt_unencrypted_profile(user_profile, password)
user.email = user_profile.get_anonymous_email()
user.set_password(password)
user.save()
populate_session(request, password)
return HttpResponseRedirect(
reverse('user.views.profileForwarding')
)
loginphrase = user_profile.generateNewLoginPhrase()
template_vars['loginphrase'] = loginphrase
request.session['temploginphrase'] = loginphrase
# Delete the user's session: Stop the user from going to his profile pages
# before he has entered the passphrase.
saved_session = {}
for key, value in request.session._session.items():
saved_session[key] = value
auth_logout(request)
request.session["savedSession"] = saved_session
template_vars['savedSession'] = saved_session
return render_to_response(template_path, template_vars,
context_instance=RequestContext(request))
def edit(request, clicked):
"""edit profile"""
if not valid_token(request):
return token_splash_page(request)
template_vars = {}
if request.method == "POST":
loginphrase = request.POST.get("password","")
password = get_password_from_loginphrase(loginphrase)
if request.user.check_password(password):
if edit_captcha_ok(request):
validation_errors = contactinfo_errors(request) or \
aboutme_errors(request) or \
location_errors(request) or \
language_errors(request) or \
email_errors(request) or None
if validation_errors:
validation_errors = ([contactinfo_errors(request)] + \
[aboutme_errors(request)] + \
[location_errors(request)] + \
[language_errors(request)] + \
[email_errors(request)])
for val_error in validation_errors:
if val_error is not None:
template_vars[val_error[-1]] = val_error[2]
else:
save_edited_info(request)
# Get the newly encrypted data into the session again
populate_session(request, password)
return HttpResponseRedirect(
reverse('user.views.profile_forwarding')
)
else:
template_vars["captchaerror"] = True
template_vars["captcha"] = CaptchaTestForm(request.POST)
else:
template_vars["passworderror"] = __("Wrong passphrase.")
else:
if edit_needs_captcha(request):
template_vars["captcha"] = CaptchaTestForm()
template_vars['contact_info'] = request.POST.get("contact_info", False)
template_vars['about_me'] = request.POST.get("about_me", False)
template_vars['email'] = request.POST.get("email", False)
template_vars['user'] = request.user
profile_ = request.user.get_profile()
restore_profile_from_session(request, profile_)
template_vars['profile'] = profile_
for num, lang in enumerate(profile_.get_langs_spoken()):
template_vars['lang_'+str(num)] = \
request.POST.get("lang_" + str(num), lang)
template_vars['use_maps_single'] = True
template_vars['cityDict'] = {
'latitude' : request.POST.get("latitude", profile_.latitude),
'longitude' : request.POST.get("longitude", profile_.longitude),
}
template_vars["clicked"] = clicked
template_vars['title'] = __('Edit the information about you')
template_path = "user/edit_profile.html"
return render_to_response(template_path, template_vars,
context_instance=RequestContext(request))
def new_user(request, should_validate):
"""new user"""
template_vars = {}
email = request.POST.get('email',"")
allow_email = request.POST.get('allow_email', False)
# This test will only work for users that registered in the pre-encrypted
# time and have not logged in yet. The other users will have their emails
# encrypted and we can not test anymore if their email is registered or not.
if is_inactive_user(email):
if should_validate:
failed_field, _, message = \
validate_registration(request)
if failed_field:
template_vars['error_message'] = \
__('There was an error with field: ') \
+ failed_field + ' -- ' + message
template_path = 'registration/register.html'
set_register_vars(request, template_vars)
return (template_path, template_vars, None)
# VALIDATION PASSED
# at this point we know we are going to register a user, unless the
# passphrase miraculously is the same as the one given to somebody
# else.
uid = generate_unused_dbkey()
username = uid
template_path = 'registration/register_submit.html'
loginphrase = request.session.get("loginphrase","")
password = get_password_from_loginphrase (loginphrase)
if not password:
raise Http404
# Do not let people have the same passphrase!
try:
User.objects.get(password = password_hash(password))
# If we get to here, the password already exists.
# Abort the registration.
raise Http404
except ObjectDoesNotExist:
pass
overwrite_inactive_user = False
# True In case the email was registered before, but not activated.
try:
test_user = User.objects.get(email=email)
if not test_user.is_active:
# The email has been registered before, but has not been
# activated - thus it can be registered again.
overwrite_inactive_user = True
raise ObjectDoesNotExist
except ObjectDoesNotExist:
if overwrite_inactive_user:
user = User.objects.get(email=email)
old_profile = user.get_profile()
old_profile.delete()
user.delete()
# note that the token used to register that email cannot
# be used again.
user = User.objects.create_user(username, uid+"@fo.wl", password)
user.is_active = True
user.save()
# Need to translate the id to an integer due to django restrictions.
# For example A A 1234 -> 65 65 1234
id_int = integer_id(uid)
# Now let's get our hands dirty with some direct SQL querying...
cursor = connection.cursor()
cursor.execute(
"UPDATE auth_user SET id = %(id)s WHERE username = "******"'%(username)s'" % { "id":id_int, "username":username }
)
# Removing the timestamps..
cursor.execute(
"UPDATE auth_user SET last_login = '******' WHERE username = "******"'%(username)s'" % { "username":username }
)
cursor.execute(
"UPDATE auth_user SET date_joined = '" \
+ settings.MISC_LAST_LOGIN + "' WHERE username = "******"'%(username)s'" % { "username":username })
# Data modifying operation - commit required
transaction.commit_unless_managed()
# Reload the user object
user = User.objects.get(username=username)
# Now make sure that if the profile creation fails, we don't have
# dead users in our database. try->except
try:
lang_0 = request.POST['lang_0']
lang_1 = request.POST['lang_1']
lang_2 = request.POST['lang_2']
lang_3 = request.POST['lang_3']
lang_4 = request.POST['lang_4']
lang_5 = request.POST['lang_5']
languages = [lang_0, lang_1, lang_2, lang_3, lang_4, lang_5]
longitude = as_float(request.POST['longitude'])
latitude = as_float(request.POST['latitude'])
fudged_latitude, fudged_longitude = \
randomize_location(latitude, longitude)
about_me = request.POST['about_me'].strip()
contact_info = request.POST['contact_info'].strip()
display_language = get_language()
user_profile = Profile()
user_profile.init(
user, email, fudged_longitude, fudged_latitude,
languages, about_me, contact_info, display_language,
allow_email, passphrase=password)
template_vars['user'] = user
template_vars['profile'] = user_profile
template_vars['title'] = __('Thanks for joining')
template_vars['useremail'] = email
template_vars['forceLoginLink'] = True
template_vars['domain'] = settings.DOMAIN
# no reason to return Profile actually, it's never used.
return (template_path, template_vars, user_profile)
except Exception:
user = User.objects.get(username=username)
user.delete()
raise
else:
# do not tell user that the email is already registered
template_path = 'registration/register_submit.html'
template_vars['title'] = __('Thanks for joining')
template_vars['useremail'] = email
template_vars['forceLoginLink'] = True
template_vars['domain'] = settings.DOMAIN
return (template_path, template_vars, None)
