def UserLogin(request): if request.method == "POST": from main.models import User # Find if User already exists newUser = User() oldUser = User.objects.filter(facebook_id=request.POST["id"]) if len(oldUser) > 0: newUser.id = oldUser[0].id newUser.token = oldUser[0].token else: import string, random chars = string.ascii_uppercase + string.digits + string.ascii_lowercase newUser.token = "".join(random.choice(chars) for x in range(40)) # Update user data if "name" in request.POST: newUser.name = request.POST["name"] if "first_name" in request.POST: newUser.first_name = request.POST["first_name"] if "last_name" in request.POST: newUser.last_name = request.POST["last_name"] if "username" in request.POST: newUser.username = request.POST["username"] if "email" in request.POST: newUser.email = request.POST["email"] if "gender" in request.POST: newUser.gender = request.POST["gender"] # if 'birthday' in request.POST: # user.birthday = request.POST['birthday'] newUser.avatar = "http://graph.facebook.com/" + request.POST["id"] + "/picture" newUser.facebook_id = request.POST["id"] newUser.save() context = {"token": newUser.token} else: context = {"token": "Forbidden"} return render_to_response("login.html", context, context_instance=RequestContext(request))
def UserLogin(request): if request.method == 'POST': from main.models import User # Find if User already exists newUser = User() oldUser = User.objects.filter(facebook_id=request.POST['id']) if len(oldUser) > 0: newUser.id = oldUser[0].id newUser.token = oldUser[0].token else: import string, random chars = string.ascii_uppercase + string.digits + string.ascii_lowercase newUser.token = ''.join(random.choice(chars) for x in range(40)) # Update user data if 'name' in request.POST: newUser.name = request.POST['name'] if 'first_name' in request.POST: newUser.first_name = request.POST['first_name'] if 'last_name' in request.POST: newUser.last_name = request.POST['last_name'] if 'username' in request.POST: newUser.username = request.POST['username'] if 'email' in request.POST: newUser.email = request.POST['email'] if 'gender' in request.POST: newUser.gender = request.POST['gender'] #if 'birthday' in request.POST: # user.birthday = request.POST['birthday'] newUser.avatar = 'http://graph.facebook.com/' + request.POST['id'] + '/picture' newUser.facebook_id = request.POST['id'] newUser.save() context = { 'token': newUser.token } else: context = { 'token': 'Forbidden' } return render_to_response('login.html', context, context_instance=RequestContext(request))
def process_request(self, request): try: # Set the facebook message to empty. This message can be used to dispaly info from the middleware on a Web page. request.facebook_message = None # Don't bother trying FB Connect login if the user is already logged in if not request.user.is_authenticated(): # FB Connect will set a cookie with a key == FB App API Key if the user has been authenticated if API_KEY in request.COOKIES: fb = Facebook(API_KEY, API_SECRET) if(fb.validate_cookie_signature(request.COOKIES)): # If session hasn't expired if(datetime.fromtimestamp(float(request.COOKIES[API_KEY+'_expires'])) > datetime.now()): # Try to get Django account corresponding to friend # Authenticate then login (or display disabled error message) user = authenticate(facebook_id=request.COOKIES[API_KEY + '_user']) logging.info(user) if user is not None: if user.is_active: login(request, user) self.facebook_user_is_authenticated = True else: request.facebook_message = ACCOUNT_DISABLED_ERROR self.delete_fb_cookies = True else: django_user = User.get_by_key_name("userfb%s" % request.COOKIES[API_KEY + '_user']) if not django_user: # There is no Django account for this Facebook user. # Create one, then log the user in. fb.session_key = request.COOKIES[API_KEY + '_session_key'] user_info_response = fb.users.getInfo([request.COOKIES[API_KEY + '_user']], ['first_name', 'last_name']) # Create user user = User(key_name="userfb%s" % request.COOKIES[API_KEY + '_user'], username = "******" % (user_info_response[0]['first_name'], user_info_response[0]['last_name']), email= '*****@*****.**' % request.COOKIES[API_KEY + '_user']) user.set_password(md5.new(request.COOKIES[API_KEY + '_user'] + settings.SECRET_KEY).hexdigest()) user.is_active = True user.facebook_id = int(request.COOKIES[API_KEY + '_user']) user.put() # Authenticate and log in (or display disabled error message) user = authenticate(username='******' % request.COOKIES[API_KEY + '_user'], password=md5.new(request.COOKIES[API_KEY + '_user'] + settings.SECRET_KEY).hexdigest()) logging.info("ROUND2") if user is not None: if user.is_active: login(request, user) self.facebook_user_is_authenticated = True else: request.facebook_message = ACCOUNT_DISABLED_ERROR self.delete_fb_cookies = True else: request.facebook_message = ACCOUNT_PROBLEM_ERROR self.delete_fb_cookies = True else: request.facebook_message = ACCOUNT_PROBLEM_ERROR self.delete_fb_cookies = True # Cookie session expired else: logout(request) self.delete_fb_cookies = True # Cookie values don't match hash else: logout(request) self.delete_fb_cookies = True # Logged in else: # If FB Connect user if API_KEY in request.COOKIES: # IP hash cookie set if 'fb_ip' in request.COOKIES: try: real_ip = request.META['HTTP_X_FORWARDED_FOR'] except KeyError: real_ip = request.META['REMOTE_ADDR'] # If IP hash cookie is NOT correct if request.COOKIES['fb_ip'] != md5.new(real_ip + API_SECRET + settings.SECRET_KEY).hexdigest(): logout(request) self.delete_fb_cookies = True # FB Connect user without hash cookie set else: logout(request) self.delete_fb_cookies = True # Something else happened. Make sure user doesn't have site access until problem is fixed. except: request.facebook_message = PROBLEM_ERROR logout(request) self.delete_fb_cookies = True