def retrieve_user_data(self):
db = DBHandler()
db.connect()
query = "SELECT userid, email, signup_date, permissions FROM GetPermissions"
cursor = db.executeQuery(query, ())
tupls = cursor.fetchall()
return tupls
def getAllPosts(self):
db = DBHandler()
db.connect()
query = "SELECT * FROM Posts ORDER BY date DESC;"
cursor = db.executeQuery(query, ())
tupls = cursor.fetchall()
return tupls
def getUserPosts(self, userid):
db = DBHandler()
db.connect()
query = "SELECT * FROM Posts WHERE userid = %s ORDER BY date DESC;"
cursor = db.executeQuery(query, userid)
tupls = cursor.fetchall()
return tupls
def delete_user(self, userid):
db = DBHandler()
db.connect()
query = "DELETE FROM Users WHERE userid = %s;"
db.executeUpdate(query, (str(userid)))
db.disconnect()
if(str(userid) == str(session['userid'])):
return "deleted_logout"
return "deleted"
def makePost(self, request):
db = DBHandler()
db.connect()
title = request.args.get('title', 0, type=str)
text = request.args.get('text', 0, type=str)
query = "INSERT INTO Posts (userid, title, text) values (%s, %s, %s);"
db.executeUpdate(query, (session['userid'], title, text))
db.disconnect()
return "valid_post"
def update_admin(self, userid, isadmin):
db = DBHandler()
db.connect()
query = ""
isadmin = isadmin == "admin"
if (isadmin):
query = "DELETE FROM Permissions WHERE userid = %s and permission = 'admin';"
else:
query = "INSERT INTO Permissions (userid, permission) VALUES (%s, 'admin');"
db.executeUpdate(query, (str(userid)))
db.disconnect()
return True
def check_permissions(self, permission_reqs, userid):
db = DBHandler()
db.connect()
query = "SELECT userid, permission FROM Permissions WHERE userid = %s;"
cursor = db.executeQuery(query, (str(userid)))
tupls = cursor.fetchall()
match = False
for (userid, permission) in tupls:
if permission in permission_reqs:
match = True
db.disconnect()
return match
def login_js(self, request):
formEmail = request.args.get('returnEmail', 0, type=str)
formPassword = request.args.get('returnPassword', 0, type=str)
password = ""
db = DBHandler()
db.connect()
query = (
"SELECT userid, email, password, salt, signup_date FROM Users WHERE email = %s;"
)
cursor = db.executeQuery(query, (formEmail))
tupl = cursor.fetchone()
db.disconnect()
if not (tupl == None):
userid = tupl[0]
email = tupl[1]
password = tupl[2]
salt = tupl[3]
signupdate = tupl[4]
formPassword = hashlib.sha256(formPassword + salt).hexdigest()
if (password == formPassword):
perms = CheckPermissions()
isadmin = perms.check_permissions("admin", userid)
user = User()
user.create_user(userid, email, isadmin, signupdate)
session['userid'] = user.get_userid()
session['email'] = user.get_email()
session['signupdate'] = user.get_signupdate()
return True
else:
time.sleep(0.4)
return False
return False
def check(self, request):
db = DBHandler()
db.connect()
email = request.args.get('returnEmail', 0, type=str)
pw1 = request.args.get('returnPassword', 0, type=str)
pw2 = request.args.get('confirmPassword', 0, type=str)
query = ("SELECT email, password FROM Users " + \
"WHERE email = %s;")
cursor = db.executeQuery(query, (email))
tupl = cursor.fetchone()
if (tupl != None) and (tupl[0] == email):
db.disconnect()
return "email_registered"
elif not pw1 == pw2:
db.disconnect()
return "pw_match"
else:
salt = hashlib.sha256(urandom(256)).hexdigest()
pw = hashlib.sha256(pw1 + salt).hexdigest()
query = "INSERT INTO Users (email, password, salt) values(%s, %s, %s);"
db.resetUsersIncrement()
db.executeUpdate(query, (email, pw, salt))
query = "SELECT userid, email, signup_date FROM Users WHERE email = %s;"
cursor = db.executeQuery(query, (email))
tupl = cursor.fetchone()
userid = tupl[0]
email = tupl[1]
signupdate = tupl[2]
perms = CheckPermissions()
isadmin = perms.check_permissions("admin", userid)
user = User()
user.create_user(userid, email, isadmin, signupdate)
session['userid'] = user.get_userid()
session['email'] = user.get_email()
session['signupdate'] = user.get_signupdate()
return "valid_register"
def update_email(self, request):
db = DBHandler()
db.connect()
email1 = request.args.get('returnEmail', 0, type=str)
email2 = request.args.get('returnConfEmail', 0, type=str)
pw = request.args.get('returnPassword', 0, type=str)
query = ("SELECT password, salt FROM Users " + \
"WHERE email = %s;")
cursor = db.executeQuery(query, session['email'])
tupl = cursor.fetchone()
pw_retr = tupl[0]
salt = tupl[1]
pw = hashlib.sha256(pw + salt).hexdigest()
query = ("SELECT email FROM Users " + \
"WHERE email = %s;")
cursor = db.executeQuery(query, email1)
tupl = cursor.fetchone()
if email1 != email2:
db.disconnect()
return "email_nomatch"
elif pw != pw_retr:
db.disconnect()
return "password_fail"
elif tupl != None:
db.disconnect()
return "email_used"
else:
query = "UPDATE Users SET email=%s WHERE email=%s;"
db.executeUpdate(query, (email1, session['email']))
session['email'] = email1
db.disconnect()
return "valid_update"
def update_password(self, request):
db = DBHandler()
db.connect()
pw1 = request.args.get('pw1', 0, type=str)
pw2 = request.args.get('pw2', 0, type=str)
pwConf = request.args.get('returnPassword', 0, type=str)
query = ("SELECT password, salt FROM Users " + \
"WHERE email = %s")
cursor = db.executeQuery(query, (session['email']))
tupl = cursor.fetchone()
pw_retr = tupl[0]
salt = tupl[1]
pwConf = hashlib.sha256(pwConf + salt).hexdigest()
if pw1 != pw2:
db.disconnect()
return "password_nomatch"
elif pwConf != pw_retr:
db.disconnect()
return "password_fail"
else:
query = "UPDATE Users SET password=%s WHERE email=%s;"
db.executeUpdate(query, (hashlib.sha256(pw1 + salt).hexdigest(), session['email']))
db.disconnect()
return "valid_update"