def main():
form = cgi.FieldStorage()
if 'Mail' in form and testMail(form['Mail'].value):
# get the user information according to the mail address
user = ""
userid = 0
finger = ""
try:
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo
where EMail = '%s';""" %
form['Mail'].value)
result = cursor.fetchone()
cursor.close()
if not result:
raise Exception('E-mail address error!')
user = result[1]
userid = int(result[0])
finger = result[2]
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page='/findout.html'
)
return
finally:
def main():
form = cgi.FieldStorage()
cookie = Cookie.SimpleCookie()
cookie.load(os.environ.get('HTTP_COOKIE'))
if cookie.get('userid') == "":
my_cgifunc.output_error(message="user error, please login in again.",
back_page="index.py")
return
if 'old_password' in form and \
'new_password' in form and \
'password_again' in form and \
form['new_password'].value == form['password_again'].value:
try:
# get password from database and check the identity
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo where UserID = %d;""" %
int(cookie['userid'].value))
result = cursor.fetchone()
salt = result[5]
old_password = sha.new(form['old_password'].value + salt).hexdigest()
new_password = sha.new(form['new_password'].value + salt).hexdigest()
if result and result[2] == old_password:
cursor.execute("""update UserInfo set Password = '******'
where UserID = %d;""" % (
new_password, int(cookie['userid'].value)))
cursor.execute("""update Cache set Password = '******'
where UserID = %d;""" % (
new_password, int(cookie['userid'].value)))
mysql_connect.commit()
print my_cgifunc.content_type()
print my_cgifunc.html_header("Reset success")
print "<h1>Reset user(%s) password successful!</h1>" % \
cookie['user'].value
print """<FORM METHOD=GET ACTION=showPage.py>
<INPUT TYPE=SUBMIT VALUE="Back">
</FORM>"""
print my_cgifunc.html_tail()
else:
if not result:
raise Exception("fetch user information from database error!")
elif result[2] != old_password:
raise Exception("old password is not right!")
else:
raise Exception("something error")
except Exception, e:
my_cgifunc.output_error(message = repr(e),
back_page="/reset_password.html")
finally:
def main():
form = cgi.FieldStorage()
cookie = Cookie.SimpleCookie()
cookie.load(os.environ.get('HTTP_COOKIE'))
if cookie.get('userid') == "":
my_cgifunc.output_error(
message="user error, please login in",
back_page="index.py"
)
return
if 'mail' in form and \
'password' in form and \
testMail(form['mail'].value):
try:
# get password from database and check the identity
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo
where UserID = %d;""" %
int(cookie['userid'].value))
result = cursor.fetchone()
if result:
password = sha.new(form['password'].value+result[5]).hexdigest()
if password != result[2]:
raise Exception("Password is not right")
cursor.execute("""select * from UserInfo
where EMail = '%s';""" %
form['mail'].value)
if cursor.fetchone():
raise Exception("This E-mail address has been used, \
please use another one")
cursor.execute("""update UserInfo set EMail = '%s'
where UserID = %d;""" %
(form['mail'].value, int(result[0])))
cursor.execute("""update Cache set EMail = '%s'
where UserID = %d;""" %
(form['mail'].value, int(result[0])))
mysql_connect.commit()
cursor.close()
else:
raise Exception("connect to database error")
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page="/reset_mail.html"
)
return
finally:
def main():
form = cgi.FieldStorage()
if 'new_password' in form and \
'password_again' in form and \
form['new_password'].value == form['password_again'].value:
try:
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo
where UserID = %d;""" % int(form['UserID'].value))
result = cursor.fetchone()
if not result:
raise Exception("Connect to database error!")
if result[2] == form['Finger'].value:
salt = result[5]
password = sha.new(form['new_password'].value+salt).hexdigest()
cursor.execute("""update UserInfo set Password = '******'
where UserID = %d;""" % (
password,
int(form['UserID'].value)
)
)
cursor.execute("""update Cache set Password = '******'
where UserID = %d;""" % (
password,
int(form['UserID'].value)
)
)
else:
raise Exception("Findger is not right, contact the admin!")
cursor.close()
mysql_connect.commit()
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset password success')
print """<H1>Reset password ok</h1>
<form method=get action=/index.html>
<input type=submit value="首页">
</form>
"""
print my_cgifunc.html_tail()
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page="/index.html"
)
finally:
def main():
form = cgi.FieldStorage()
if 'userid' in form and 'finger' in form:
try:
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
# check the finger
cursor = mysql_connect.cursor()
cursor.execute("""select * from UserInfo
where UserID = %d;""" % int(form['userid'].value))
result = cursor.fetchone()
cursor.close()
if not result or result[2] != form['finger'].value:
raise Exception
except Exception, e:
my_cgifunc.output_error(
message="link error, please contact the admin again",
back_page="/index.html"
)
return
finally:
cursor.execute("""update Cache set Password = '******'
where UserID = %d;""" % (
new_password, int(cookie['userid'].value)))
mysql_connect.commit()
print my_cgifunc.content_type()
print my_cgifunc.html_header("Reset success")
print "<h1>Reset user(%s) password successful!</h1>" % \
cookie['user'].value
print """<FORM METHOD=GET ACTION=showPage.py>
<INPUT TYPE=SUBMIT VALUE="Back">
</FORM>"""
print my_cgifunc.html_tail()
else:
if not result:
raise Exception("fetch user information from database error!")
elif result[2] != old_password:
raise Exception("old password is not right!")
else:
raise Exception("something error")
except Exception, e:
my_cgifunc.output_error(message = repr(e),
back_page="/reset_password.html")
finally:
mysql_connect.close()
else:
my_cgifunc.output_error(message="password information error!",
back_page="/reset_password.html")
if __name__ == '__main__':
main()
where UserID = %d;""" %
(form['mail'].value, int(result[0])))
mysql_connect.commit()
cursor.close()
else:
raise Exception("connect to database error")
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page="/reset_mail.html"
)
return
finally:
mysql_connect.close()
print cookie
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset email')
print "<h1>Reset User:%s 's e-mail successful</h1>" % cookie['user'].value
print "<form method=get action=showPage.py>"
print '<input type=submit value="Back">'
print "</form>"
print my_cgifunc.html_tail()
else:
my_cgifunc.output_error(
message="form data is not right!",
back_page="/reset_mail.html"
)
if __name__ == '__main__':
main()
)
return
finally:
mysql_connect.close()
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset password')
print """
<FORM METHOD=POST ACTION=reset_withoutpass.py>
<INPUT TYPE=HIDDEN VALUE="%s" NAME="UserID">
<INPUT TYPE=HIDDEN VALUE="%s" NAME="Finger">
<B>输入新密码:</B>
<INPUT TYPE=PASSWORD NAME="new_password">
<br/>
<B>再次输入新密码:</B>
<INPUT TYPE=PASSWORD NAME="password_again">
<br/>
<INPUT TYPE=SUBMIT VALUE="提交">
<INPUT TYPE=RESET VALUE="重置">
</FORM>
""" % (form['userid'].value, form['finger'].value)
print my_cgifunc.html_tail()
else:
my_cgifunc.output_error(
message="link error, please contact the admin again",
back_page="/index.html"
)
if __name__ == '__main__':
main()
int(form['UserID'].value)
)
)
else:
raise Exception("Findger is not right, contact the admin!")
cursor.close()
mysql_connect.commit()
print my_cgifunc.content_type()
print my_cgifunc.html_header('Reset password success')
print """<H1>Reset password ok</h1>
<form method=get action=/index.html>
<input type=submit value="首页">
</form>
"""
print my_cgifunc.html_tail()
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page="/index.html"
)
finally:
mysql_connect.close()
else:
my_cgifunc.output_error(
message="the new password is not right!",
back_page="/index.html"
)
if __name__ == '__main__':
main()
def main():
#get the form data and get cookies
form = cgi.FieldStorage()
if "UserName" not in form or "UserPassword" not in form:
# The UserName or UserPassword is not finished.
# Output an error html and a button back to login html
my_cgifunc.output_error(message='UserName or UserPassword is empty',
back_page='back_to_login.py')
else:
# fetch password from database, check the sercurity
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
try:
# find user profile in Cache
command = """select * from Cache
where UserName = '******' or EMail = '%s';""" % (
form['UserName'].value, form['UserName'].value)
cursor.execute(command)
result = cursor.fetchone()
# find user profile in UserInfo
if not result:
command = """select * from UserInfo
where UserName = '******' or EMail = '%s';""" % (
form['UserName'].value, form['UserName'].value)
cursor.execute(command)
result = cursor.fetchone()
hit_cache = 0
else:
hit_cache = 1
cursor.close()
if not result:
raise Exception('UserName wrong!')
password = sha.new(form['UserPassword'].value + result[5])
if result[2] == password.hexdigest():
# The UserName and UserPassword is matched
# set the cookie and return the personal page
cookie = Cookie.SimpleCookie()
cookie['sid'] = result[4]
cookie['sid']['expires'] = 30 * 24 * 60 * 60
cookie['user'] = result[1]
cookie['userid'] = str(result[0])
# Update cache, use LRU(Least Recent Use) algorithm
cursor = mysql_connect.cursor()
if hit_cache:
#Update cache
cursor.execute("""update Cache set UpdateTime = '%s'
where UserID = %d""" % (
datetime.datetime.today(), int(result[0])))
mysql_connect.commit()
else:
#Insert into cache
cursor.execute("""select COUNT(*) from Cache""")
cache_count = int(cursor.fetchone()[0])
if cache_count == my_conf.Cache_size:
# delete one row
cursor.execute("""select UserID from Cache
where UpdateTime = (
select MIN(UpdateTime) from Cache);""")
del_id = int(cursor.fetchall()[0][0])
cursor.execute("""delete from Cache
where UserID = %d""" % del_id)
cursor.execute("""insert into Cache (
UserID, UserName, Password, EMail, SessionID,
Salt, UpdateTime
) values (
%d, '%s', '%s', '%s', '%s', '%s', '%s'
)""" % (
int(result[0]), result[1], result[2], result[3],
result[4], result[5], datetime.datetime.today()
)
)
mysql_connect.commit()
print cookie
print 'Location: index.py'
print
else:
raise Exception('UserPassword wrong!')
except Exception, e:
my_cgifunc.output_error(message=repr(e),
back_page='back_to_login.py'
)
finally:
""" % (
user,
os.environ.get('SERVER_NAME'),
os.environ.get('SERVER_PORT'),
userid,
finger,
my_conf.AdminEMail,
my_conf.AdminName
)
if send_mail(tolist, subject, content):
print my_cgifunc.content_type()
print my_cgifunc.html_header('Success')
print """已发送找回密码的邮件到您的邮箱,请尽快查收"""
print """<form method=get action=/index.html>
<input type=submit value="首页">
</form>"""
print my_cgifunc.html_tail()
else:
my_cgifunc.output_error(
message="Send mail failed!",
back_page="/findout.html"
)
else:
my_cgifunc.output_error(
message="Mail information is not right!",
back_page="/findout.html"
)
if __name__ == '__main__':
main()
def main():
form = cgi.FieldStorage()
# check the form data
if 'UserName' in form and \
'UserPassword' in form and \
'PasswordAgain' in form and \
'EMail' in form and \
testUserName(form['UserName'].value) and \
form['UserPassword'].value == form['PasswordAgain'].value and \
testPassword(form['UserPassword'].value) and \
testMail(form['EMail'].value):
try:
# insert data into the database
mysql_connect = MySQLdb.connect(host=my_conf.mysql_server,
user=my_conf.mysql_user,
passwd=my_conf.mysql_password,
db=my_conf.mysql_database)
cursor = mysql_connect.cursor()
# check the username and email
command = """select * from UserInfo
where UserName = '******' or EMail = '%s';""" % (
form['UserName'].value,
form['EMail'].value
)
cursor.execute(command)
result = cursor.fetchall()
# 'nobody' is not available
if not result and not form['UserName'].value == 'nobody':
sid = gen_sid(form['UserName'].value)
cursor.execute('select NextID from SysInfo')
userid = int(cursor.fetchone()[0])
salt = sha.new(str(random.random())).hexdigest()[0:my_conf.Salt_length]
password = sha.new(form['UserPassword'].value + salt)
# insert user information into database
ins_command = """insert into UserInfo
(UserID, UserName, Password, EMail, SessionID, Salt) values
(%d, '%s', '%s', '%s', '%s', '%s')""" % (
userid,
form['UserName'].value,
password.hexdigest(),
form['EMail'].value,
sid,
salt
)
ins_command2 = """insert into UserPath
(UserID) values (%d)""" % userid
# update system's information
upd_command1 = """update SysInfo set UserCount = UserCount + 1"""
upd_command2 = """update SysInfo set NextID = NextID + 1"""
try:
cursor.execute(ins_command)
cursor.execute(ins_command2)
cursor.execute(upd_command1)
cursor.execute(upd_command2)
mysql_connect.commit()
except Exception, e:
mysql_connect.rollback()
my_cgifunc.output_error(
message=repr(e),
back_page='back_to_register.py'
)
return
# set cookie
cookie = Cookie.SimpleCookie()
cookie['sid'] = sid
cookie['sid']['expires'] = 30 * 24 * 60 * 60
cookie['user'] = form['UserName'].value
cookie['userid'] = userid
print cookie
print 'Location: index.py'
print
else:
# username or email had been used
my_cgifunc.output_error(
message='username or email is unavailable',
back_page='back_to_register.py'
)
return
# set cookie
cookie = Cookie.SimpleCookie()
cookie['sid'] = sid
cookie['sid']['expires'] = 30 * 24 * 60 * 60
cookie['user'] = form['UserName'].value
cookie['userid'] = userid
print cookie
print 'Location: index.py'
print
else:
# username or email had been used
my_cgifunc.output_error(
message='username or email is unavailable',
back_page='back_to_register.py'
)
except Exception, e:
my_cgifunc.output_error(
message=repr(e),
back_page='back_to_register.py'
)
finally:
mysql_connect.close()
else:
my_cgifunc.output_error(message='register information is not right',
back_page='back_to_register.py'
)
if __name__ == '__main__':
main()