def __init__(self, uid): (myconnection, mycursor) = database_connect() get_user_details = "select username from logged_in_users where(Login_UID=?)" mycursor.execute(get_user_details, (uid, )) try: username, = mycursor.fetchone() mycursor.close() myconnection.close() self.username = username.decode() except TypeError: #if user actually not logged in, destroy their login cookie #internal libs from functions import load_cookies, sendto #external libs from os import environ COOKIES = load_cookies() COOKIES["Login_UID"]["expires"] = -1 print(COOKIES) sendto(environ["HTTP_REFERER"], message="Error with login cookie") quit()
#get post data POST=cgi.FieldStorage() oldpwd=POST["oldpwd"].value newpwd1=POST["newpwd1"].value newpwd2=POST["newpwd2"].value #get old password from database myconnection,mycursor=database_connect() getoldpassword="******" mycursor.execute(getoldpassword,(user.username,) ) (hashedword,)=mycursor.fetchone() hashedword=hashedword.decode() #check old password if not verify_password(oldpwd,hashedword): sendto(environ["HTTP_REFERER"],message="wrong original password") quit() #check passwords match if newpwd1 != newpwd2: sendto(environ["HTTP_REFERER"],message="passwords don't match") quit() #generate new password newhashword=bcrypt.hashpw(newpwd1.encode(),bcrypt.gensalt()) #push to database change_password="******" mycursor.execute(change_password,(newhashword,user.username) ) myconnection.commit()
#!/usr/bin/python3.5 #mark an order fulfilled #internal libs from functions import is_admin,sendto from database_connection import database_connect #external libs import cgi from os import environ #check admin if not is_admin(): sendto("/",message="access denied") quit() #page vars GET=cgi.FieldStorage() orderno=GET["ordernumber"].value #update database myconnection,mycursor=database_connect() set_fulfilled="update orders set fulfilled=1 where orderno=?" mycursor.execute(set_fulfilled,(orderno,)) myconnection.commit() mycursor.close() myconnection.close() sendto(environ["HTTP_REFERER"])
#delete an item from the menu #external functions import cgi, os #internal functions from functions import is_admin, sendto from database_connection import database_connect #http vars GET = cgi.FieldStorage() menunumber = GET["menunumber"].value #check user is administrator if not is_admin(): sendto("/", message="Permission denied") quit() #sql connection myconnection, mycursor = database_connect() #delete picture from storage getpic = "select picture from food where (menunumber=?)" mycursor.execute(getpic, (menunumber, )) filename, = mycursor.fetchone() try: filename = filename.decode() os.remove("food_images/" + filename) except FileNotFoundError: pass
#!/usr/bin/python3.5 #replace the image of a food #internal libs from database_connection import database_connect from functions import is_admin,sendto #external libs import cgi from os import environ #check user is admin if not is_admin(): sendto("/",message="Access denied") quit() #page variables POST=cgi.FieldStorage() menunumber=POST["menunumber"].value filename=POST["picture"].filename #update database update_picture="update food set picture=? where (menunumber=?)" myconnection,mycursor=database_connect() mycursor.execute(update_picture, (filename,menunumber) ) #update file try: outfile=open("food_images/"+filename,"wb+") outfile.write(POST["picture"].value) myconnection.commit()
#page vars GET = cgi.FieldStorage() COOKIES = load_cookies() #ensure user is logged in if COOKIES["Login_UID"].get: user = User(COOKIES["Login_UID"].value) #check for outstanding orders myconnection, mycursor = database_connect() check_orders = "select count(orderno) from valid_orders where (fulfilled=0 and username=?)" mycursor.execute(check_orders, (user.username, )) order_count, = mycursor.fetchone() if order_count > 0: sendto( environ["HTTP_REFERER"], message="You may not delete payment information with outstanding orders" ) elif GET["field"].value == "payinfo": del_pay_info = "delete from payinfo where username = ?" mycursor.execute(del_pay_info, (user.username, )) myconnection.commit() sendto(environ["HTTP_REFERER"]) elif GET["field"].value == "address": del_address = "delete from address where username = ?" mycursor.execute(del_address, (user.username, )) myconnection.commit() sendto(environ["HTTP_REFERER"]) mycursor.close()
#initialise POST and cookies POST = cgi.FieldStorage() COOKIES = load_cookies() #ensure user is logged in if COOKIES.get("Login_UID"): user = User(COOKIES["Login_UID"].value) #get info to insert into database username = user.username line1 = POST["line1"].value town = POST["town"].value eircode = POST["eircode"].value #add line2 to info if not null try: line2 = POST["line2"].value except KeyError: line2 = "" #open connection to database and prepare statement myconnection, mycursor = database_connect() add_pay_info = "insert into address (username,line1,line2,town,eircode) values(?,?,?,?,?)" mycursor.execute(add_pay_info, (username, line1, line2, town, eircode)) myconnection.commit() mycursor.close() myconnection.close() sendto(environ["HTTP_REFERER"])
#!/usr/bin/python3.5 #cancel an order #internal libs from functions import sendto, load_cookies from database_connection import database_connect from classes import User #external libs import cgi from os import environ #pagevars GET = cgi.FieldStorage() COOKIES = load_cookies() #check user is logged in if COOKIES.get("Login_UID"): user = User(COOKIES["Login_UID"].value) myconnection, mycursor = database_connect() cancel_order = "delete from orders where (orderno=? and username=? and fulfilled=0)" mycursor.execute(cancel_order, (GET["ordernumber"].value, user.username)) myconnection.commit() sendto(environ["HTTP_REFERER"], message="Order has been canceled")
from functions import load_cookies, sendto #external libs from os import environ import mysql.connector #page vars SESSION = session_start() COOKIES = load_cookies() lastpage = environ["HTTP_REFERER"] #ensure user is logged in if COOKIES.get("Login_UID"): user = User(COOKIES["Login_UID"].value) else: sendto(lastpage, message="please login before ordering") quit() #ensure user has a card and address try: CreditCard(user.username) Address(user.username) except TypeError: sendto( lastpage, message="Only users with a registered credit card and address may order" ) quit() #get item ids and prices myconnection, mycursor = database_connect()
#external functions import cgi, bcrypt from mysql.connector import errors #useful variables COOKIES = load_cookies() POST = cgi.FieldStorage() #get username and password from post request try: username = POST["username"].value password1 = POST["password1"].value password2 = POST["password2"].value except KeyError: #ensure correct post data sendto("/cgi-bin/register.py", message="Username or password blank") quit() #check passwords match if password1 != password2: sendto("/cgi-bin/register.py", message="Passwords do not match") quit() #encrypt the password hashword = bcrypt.hashpw(password1.encode(), bcrypt.gensalt()) #add user to database myconnection, mycursor = database_connect() try: addnewuser = "******"
#!/usr/bin/python3.5 #allow the user to logout #external libraries from os import environ #internal libraries from database_connection import database_connect from functions import sendto, load_cookies COOKIES = load_cookies() if not COOKIES.get("Login_UID"): sendto("/", message="Not signed in") else: myconnection, mycursor = database_connect() logout = ("delete from logged_in_users where(Login_UID=?)") mycursor.execute(logout, (COOKIES["Login_UID"].value, )) myconnection.commit() COOKIES["Login_UID"]["expires"] = -1 print(COOKIES) sendto(environ["HTTP_REFERER"]) mycursor.close() myconnection.close()
#!/usr/bin/python3.5 #add an item to the menu #internal functions from functions import is_admin, sendto from database_connection import database_connect #external functions import cgi #ensure admin if not is_admin(): sendto("/", message="Access denied") quit() #useful variables POST = cgi.FieldStorage() name = POST["name"].value description = POST["description"].value price = float(POST["price"].value) filename = POST["picture"].filename #add picture to storage outfile = open("food_images/" + filename, "wb+") outfile.write(POST["picture"].value) outfile.close() #add entry to database myconnection, mycursor = database_connect() putfood = "insert into food(name,description,price,picture) values(?,?,?,?)" mycursor.execute(putfood, (name, description, price, filename))