def login_captcha(request, tmpl='login_captcha.html'): captcha_error = None if request.method == 'POST': captcha_response = captcha.submit( request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), settings.CMBARTER_RECAPTCHA_PIVATE_KEY, request.META['REMOTE_ADDR']) captcha_error = captcha_response.error_code if captcha_response.is_valid: auth = request.session.get('auth') if auth: nonce, encrypted, trader_id, ts, username = auth auth_is_valid = cipher.decrypt( b64decode(encrypted)) == b64decode(nonce) else: username = u'' auth_is_valid = False if auth_is_valid: # a successful login del request.session['auth'] db.report_login_captcha_success(trader_id) request.session['trader_id'] = trader_id request.session['ts'] = ts if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) return HttpResponseRedirect( reverse('profiles-check-email', args=[trader_id])) else: # an incorrect login return HttpResponseRedirect( "%s?%s" % (reverse(login), urlencode({'username': username}))) # Render everything adding CSRF protection. c = {'settings': settings, 'captcha_error': captcha_error} c.update(csrf(request)) return render_to_response(tmpl, c)
def login_captcha(request, tmpl='login_captcha.html'): captcha_error = None if request.method == 'POST': captcha_response = captcha.submit( request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), settings.RECAPTCHA_PIVATE_KEY, request.META['REMOTE_ADDR']) captcha_error = captcha_response.error_code if captcha_response.is_valid: if request.session.get('auth_is_valid'): # a successful login trader_id = request.session['auth_trader_id'] del request.session['auth_username'] del request.session['auth_is_valid'] del request.session['auth_trader_id'] db.report_login_captcha_success(trader_id) request.session['trader_id'] = trader_id request.session['garbage'] = GARBAGE if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) return HttpResponseRedirect(reverse( 'profiles-check-email', args=[trader_id])) else: # an incorrect login return HttpResponseRedirect("%s?%s" % ( reverse(login), urlencode({'username': request.session.get('auth_username', u'') }))) # Render everything adding CSRF protection. c = {'settings': settings, 'captcha_error': captcha_error } c.update(csrf(request)) return render_to_response(tmpl, c)
def signup(request, tmpl='signup.html'): captcha_error = None if request.method == 'POST': if settings.CMBARTER_SHOW_CAPTCHA_ON_SIGNUP: captcha_response = captcha.submit( request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), settings.CMBARTER_RECAPTCHA_PIVATE_KEY, request.META['REMOTE_ADDR']) captcha_error = captcha_response.error_code captcha_passed = captcha_response.is_valid else: captcha_passed = True form = forms.SignupForm(request.POST) if captcha_passed and form.is_valid(): username = form.cleaned_data['username'] password_salt = utils.generate_password_salt( settings.CMBARTER_PASSWORD_HASHING_METHOD) password_hash = utils.calc_crypt_hash( password_salt, form.cleaned_data['password']) if settings.CMBARTER_REGISTRATION_SECRET: registration_key = keygen.Keygen( settings.CMBARTER_REGISTRATION_SECRET).validate( form.cleaned_data['registration_key']) else: registration_key = None while 1: # Generate a new trader ID and try to register it. trader_id = utils.vh_compute(random.randrange(1, 100000000)) error = db.insert_trader(trader_id, username, get_language(), password_hash, password_salt, registration_key) if 3 == error: # The registration key is invalid. form.invalid_regkey = True break elif 2 == error: # The username is taken. form.username_taken = True break elif 1 == error: # Probably the ID is taken -- keep trying. continue else: # Successfunl registration -- log the user in, add # the IP to the whitelist, and redirect the user # to copmlete his profile. request.session['trader_id'] = trader_id request.session['ts'] = time.time() if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) return HttpResponseRedirect( reverse(create_profile, args=[trader_id])) else: form = forms.SignupForm() # Render everything adding CSRF protection. c = {'settings': settings, 'form': form, 'captcha_error': captcha_error} c.update(csrf(request)) return render_to_response(tmpl, c)
def signup(request, tmpl='signup.html'): captcha_error = None if request.method == 'POST': if settings.CMBARTER_SHOW_CAPTCHA_ON_SIGNUP: captcha_response = captcha.submit( request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), settings.RECAPTCHA_PIVATE_KEY, request.META['REMOTE_ADDR']) captcha_error = captcha_response.error_code captcha_passed = captcha_response.is_valid else: captcha_passed = True form = forms.SignupForm(request.POST) if captcha_passed and form.is_valid(): username = form.cleaned_data['username'] password_salt = utils.generate_password_salt() password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password']) if settings.CMBARTER_REGISTRATION_KEY_IS_REQUIRED: registration_key = keygen.Keygen( settings.SECRET_KEY, settings.CMBARTER_REGISTRATION_KEY_PREFIX ).validate(form.cleaned_data['registration_key']) else: registration_key = None while 1: # Generate a new trader ID and try to register it. trader_id = utils.vh_compute(random.randrange(1, 100000000)) error = db.insert_trader(trader_id, username, get_language(), password_hash, password_salt, registration_key) if 3==error: # The registration key is invalid. form.invalid_regkey = True break elif 2==error: # The username is taken. form.username_taken = True break elif 1==error: # Probably the ID is taken -- keep trying. continue else: # Successfunl registration -- log the user in, add # the IP to the whitelist, and redirect the user # to copmlete his profile. request.session['trader_id'] = trader_id if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) return HttpResponseRedirect(reverse( create_profile, args=[trader_id])) else: form = forms.SignupForm() # Render everything adding CSRF protection. c = {'settings': settings, 'form': form, 'captcha_error': captcha_error } c.update(csrf(request)) return render_to_response(tmpl, c)