def init_user_session(form={}): '''Initiates a session using the cookie session module. If a form is passed in it trys to log the user in. The function will return a session dictionary and a user dictionary. If the current session has no user information associated with it the user dictionary will be empty. Note this function prints the header information, if you need to set custom cookies then you cannot currently use this function.''' cookie = Cookie.SimpleCookie() cookieHdr = os.environ.get("HTTP_COOKIE", "") #get the cookie from the enviroment cookie.load(cookieHdr) #load it into a Cookie class user_id = verify_login(form, cookie) #only actually gives you a user_id if you are logging in c, ses_dict = cookie_session.init_session(cookie, user_id) #initializes the session returns the session dictionary and the cookie to push to browser logger.writeln('ses_dict: ', ses_dict) cookie_session.print_header(c) #print the header if user_id == ses_dict['usr_id']: #means you are logging in with good credentials logger.writeln('logging in') update_last_login_time(user_id) #so update the time user_id = ses_dict['usr_id'] #if you are logged in gives you the current user_id logger.writeln('user_id: ', user_id) user_dict = get_user_byid(user_id) #get the user dictionary logger.writeln('user_dict: ', user_dict) return ses_dict, user_dict
def verify_login(form, cookie): '''This function takes a form (ie the return value of cgi.FieldStorage()) or an empty dictionary. If the dictionary is empty it simply returns None. If there is no user by the name passed in it returns None. If the passwords do not match it returns None. If the username is valid and the password validates then it returns the user_id.''' usr_id = None #set a default value for the user_id if cookie_session.verify_session(): # check to see if there is a valid session. you cannot # log in with out one. if form.has_key('email') and form.has_key('passwd'): # see if the correct form info got # passed to the server logger.writeln('about to try and log in') try: email = templater.validators.Email(resolve_domain=True, not_empty=True).to_python(form["email"].value) except templater.formencode.Invalid, e: logger.writeln("email did not pass validation: ") c, ses_dict = cookie_session.init_session(cookie, None) cookie_session.print_header(c) templater.print_error("email: "+str(e)) sys.exit() passwd = form['passwd'].value #get the password logger.writeln(' email:', email) valid, user_dict = verify_passwd(email, passwd) #verify the password and get the #user_dict as well logger.writeln(' valid:', valid) if valid: usr_id = user_dict['usr_id'] #if it is valid grab the user_id from the user_dict else: logger.writeln("Password or email not correct") c, ses_dict = cookie_session.init_session(cookie, None) cookie_session.print_header(c) templater.print_error("Password or email not correct") sys.exit(0) elif form.has_key('email') or form.has_key('passwd'): logger.writeln("All of the fields were not filled out.") c, ses_dict = cookie_session.init_session(cookie, None) cookie_session.print_header(c) templater.print_error("All fields must be filled out.") sys.exit(0)