def changepw(request, userid): if request.method == 'POST': try: clamuser = CLAMUsers.objects.get(pk=int(userid)) except: return HttpResponseNotFound("No such user", content_type="text/plain") if ((pwhash(clamuser.username, request.POST['pw'].encode('utf-8')) == clamuser.password) or (hashlib.md5(request.POST['pw'].encode('utf-8')).hexdigest() == settings.MASTER_PASSWORD)): clamuser.password = pwhash(clamuser.username, request.POST['newpw'].encode('utf-8')) clamuser.save() #send_mail('Webservice account on ' + settings.DOMAIN , 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had its password changed to: ' + request.POST['newpw'] + ".\n\n(this is an automated message)", settings.FROMMAIL, [clamuser.mail] , fail_silently=False) return HttpResponse("Password changed", content_type="text/plain") else: return HttpResponseForbidden("Current password is invalid", content_type="text/plain") else: try: user = CLAMUsers.objects.get(pk=int(userid)) except: return HttpResponseNotFound("No such user") c = RequestContext(request) c.update(csrf(request)) return render(request, 'changepw.html', {'userid': userid})
def changepw(request, userid): if request.method == 'POST': try: clamuser = CLAMUsers.objects.get(pk=int(userid)) except: return HttpResponseNotFound("No such user", content_type="text/plain") if ((pwhash(clamuser.username,request.POST['pw']) == clamuser.password) or (hashlib.md5(request.POST['pw']).hexdigest() == settings.MASTER_PASSWORD)): clamuser.password=pwhash(clamuser.username,request.POST['newpw']) clamuser.save() #send_mail('Webservice account on ' + settings.DOMAIN , 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had its password changed to: ' + request.POST['newpw'] + ".\n\n(this is an automated message)", settings.FROMMAIL, [clamuser.mail] , fail_silently=False) return HttpResponse("Password changed", content_type="text/plain") else: return HttpResponseForbidden("Current password is invalid", content_type="text/plain") else: try: user = CLAMUsers.objects.get(pk=int(userid)) except: return HttpResponseNotFound("No such user") c = RequestContext(request) c.update(csrf(request)) return render_to_response('changepw.html',{'userid': userid},context_instance=c)
def resetpw(request): if request.method == 'POST' and 'mail' in request.POST: found = False for clamuser in CLAMUsers.objects.filter(mail=request.POST['mail']): found = True length = 10 chars = string.ascii_letters + string.digits + '!@#$%^&*()' random.seed = (os.urandom(1024)) newpassword= ''.join(random.choice(chars) for i in range(length)) clamuser.password = pwhash(clamuser.username,newpassword) clamuser.save() send_mail('Webservice account on ' + settings.DOMAIN , 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had a password reset.\n\nUsername: '******'\nPassword: '******'\n\nImportant: Please change this password immediately to one of your own choosing using ' + settings.BASEURL + 'changepw/' + str(clamuser.pk)+ '\n\nIf you did not request this, please notify us immediately by replying to this message.\n\n(this is an automated message)', settings.FROMMAIL, [clamuser.mail] , fail_silently=False) send_mail('[' + settings.DOMAIN + '] Password reset for ' + clamuser.username , 'User ' + clamuser.username + ' (' + clamuser.fullname + ') forgot his credentials and executed a reset from IP ' + request.META.get('REMOTE_ADDR') + '. This is an automated notification and no further action is required.', settings.FROMMAIL, [ x[1] for x in settings.ADMINS ] , fail_silently=False) if found: return HttpResponse("Done, please check your mail and follow the instructions...", content_type="text/plain") else: return HttpResponseForbidden("No such user exists", content_type="text/plain") else: c = RequestContext(request) c.update(csrf(request)) return render_to_response('resetpw.html',context_instance=c)
def resetpw(request): if request.method == 'POST' and 'mail' in request.POST: found = False for clamuser in CLAMUsers.objects.filter(mail=request.POST['mail']): found = True length = 10 chars = string.ascii_letters + string.digits + '!@#$%^&*()' random.seed = (os.urandom(1024)) newpassword = ''.join(random.choice(chars) for i in range(length)) clamuser.password = pwhash(clamuser.username, newpassword) clamuser.save() send_mail( 'Webservice account on ' + settings.DOMAIN, 'Dear ' + clamuser.fullname + '\n\nYour webservice account on ' + settings.DOMAIN + ' has had a password reset.\n\nUsername: '******'\nPassword: '******'\n\nImportant: Please change this password immediately to one of your own choosing using ' + settings.BASEURL + 'changepw/' + str(clamuser.pk) + '\n\nIf you did not request this, please notify us immediately by replying to this message.\n\n(this is an automated message)', settings.FROMMAIL, [clamuser.mail], fail_silently=False) send_mail( '[' + settings.DOMAIN + '] Password reset for ' + clamuser.username, 'User ' + clamuser.username + ' (' + clamuser.fullname + ') forgot his credentials and executed a reset from IP ' + request.META.get('REMOTE_ADDR') + '. This is an automated notification and no further action is required.', settings.FROMMAIL, [x[1] for x in settings.ADMINS], fail_silently=False) if found: return HttpResponse( "Done, please check your mail and follow the instructions...", content_type="text/plain") else: return HttpResponseForbidden("No such user exists", content_type="text/plain") else: return render(request, 'resetpw.html')