def student_logout(self):
request = self.request
# headers = forget(request)
url = request.route_url('home')
response = HTTPFound(location=url)
response.delete_cookie('student_login')
return response
def oauth(request):
oaserver = request.env.auth.oauth
oauth_url = request.route_url('auth.oauth')
oauth_path = request.route_path('auth.oauth')
def cookie_name(state):
return 'ngw-oastate-' + state
if 'error' in request.params:
raise AuthorizationException()
elif 'code' in request.params and 'state' in request.params:
# Extract data from state named cookie
state = request.params['state']
try:
data = json.loads(request.cookies[cookie_name(state)])
except ValueError:
raise AuthorizationException("State cookie parse error")
tresp = oaserver.grant_type_authorization_code(
request.params['code'], oauth_url)
if data['merge'] == '1' and request.user.keyname != 'guest':
user = oaserver.access_token_to_user(tresp.access_token, merge_user=request.user)
else:
user = oaserver.access_token_to_user(tresp.access_token)
if user is None:
raise InvalidTokenException()
DBSession.flush()
headers = remember(request, (user.id, tresp))
event = OnUserLogin(user, request, data['next_url'])
zope.event.notify(event)
response = HTTPFound(location=event.next_url, headers=headers)
response.delete_cookie(cookie_name(state), path=oauth_path)
return response
else:
data = dict(
next_url=request.params.get('next', request.application_url),
merge=request.params.get('merge', '0')
)
alphabet = string.ascii_letters + string.digits
state = ''.join(secrets.choice(alphabet) for i in range(16))
ac_url = oaserver.authorization_code_url(oauth_url, state=state)
response = HTTPFound(location=ac_url)
# Store data in state named cookie
response.set_cookie(
cookie_name(state), value=json.dumps(data),
path=oauth_path, max_age=600, httponly=True)
return response
def student_profile(self):
student_login = self.request.cookies.get('student_login')
student = DBSession.query(Student).filter_by(login=student_login).first()
if not student:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('student_login')
return response
return dict(student=student)
def logout_view(request):
"""
The logout view
"""
loc = request.route_url('index')
headers = forget(request)
response = HTTPFound(location=loc, headers=headers)
response.delete_cookie("remember_me")
return response
def landlord_address_edit(self):
landlord_login = self.request.cookies.get('landlord_login')
landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first()
if not landlord:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('landlord_login')
return response
id = self.request.matchdict.get('uid')
address = DBSession.query(LandlordAddress).join(Landlord)\
.filter(Landlord.login == landlord_login)\
.filter(LandlordAddress.uid == id).first()
if not address:
return HTTPFound(self.request.route_url('landlord_profile'))
address_form = self.address_form
if 'submit' in self.request.params:
controls = self.request.POST.items()
try:
appstruct = address_form.validate(controls)
except deform.ValidationFailure as e:
return dict(landlord=landlord, form=e.render())
# Change the content and redirect to the view
address.address = appstruct['address']
address.number_of_seats = appstruct['number_of_seats']
address.has_dinner = appstruct['has_dinner']
address.has_language_cources = appstruct['has_language_cources']
address.has_transfer = appstruct['has_transfer']
address.additional = appstruct['has_transfer']
address.price = appstruct['price']
address.special_price = appstruct['special_price']
address.special_price_min_num = appstruct['special_price_min_num']
try:
DBSession.flush()
except IntegrityError as e:
log.exception(e)
return Response('Address with this data is already exists.')
url = self.request.route_url('landlord_profile')
return HTTPFound(url)
form = self.address_form.render(dict(
uid = address.uid,
address = address.address,
number_of_seats = address.number_of_seats,
has_dinner = address.has_dinner,
has_language_cources = address.has_language_cources,
has_transfer = address.has_transfer,
additional = address.additional,
price = address.price,
special_price = address.special_price,
special_price_min_num = address.special_price_min_num,
)
)
return dict(address=address, form=form)
def landlord_delete(self):
landlord_login = self.request.cookies.get('landlord_login')
landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first()
if not landlord:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('landlord_login')
return response
try:
DBSession.delete(landlord)
except SQLAlchemyError:
return HTTPFound(self.request.route_url('landlord_profile'))
return HTTPFound(self.request.route_url('home'))
def student_delete(self):
student_login = self.request.cookies.get('student_login')
student = DBSession.query(Student).filter_by(login=student_login).first()
if not student:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('student_login')
return response
try:
DBSession.delete(student)
except SQLAlchemyError:
return HTTPFound(self.request.route_url('student_profile'))
return HTTPFound(self.request.route_url('home'))
def do_logout(self, request, location):
""" do the logout """
# convenient method to set Cache-Control and Expires headers
request.response.cache_expires = 0
headers = forget(request)
response = HTTPFound(location=location, headers=headers)
response.delete_cookie('cis_account', path="/")
response.cache_control = 'no-cache'
request.session.pop_flash('token')
return response
def landlord_address_new(self):
landlord_login = self.request.cookies.get('landlord_login')
landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first()
if not landlord:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('landlord_login')
return response
form = self.address_form.render()
if 'submit' in self.request.params:
controls = self.request.POST.items()
try:
appstruct = self.address_form.validate(controls)
except deform.ValidationFailure as e:
# Form is NOT valid
return dict(form=e.render())
# Add a new customer to the database
new_address = appstruct['address']
new_number_of_seats = appstruct['number_of_seats']
new_has_dinner = appstruct['has_dinner']
new_has_language_cources = appstruct['has_language_cources']
new_has_transfer = appstruct['has_transfer']
new_additional = appstruct['has_transfer']
new_price = appstruct['price']
new_special_price = appstruct['special_price']
new_special_price_min_num = appstruct['special_price_min_num']
try:
DBSession.add(LandlordAddress(
landlord_id = landlord.uid,
address = new_address,
number_of_seats = new_number_of_seats,
has_dinner = new_has_dinner,
has_language_cources = new_has_language_cources,
has_transfer = new_has_transfer,
additional = new_additional,
price = new_price,
special_price = new_special_price,
special_price_min_num = new_special_price_min_num,
))
DBSession.flush()
except IntegrityError as e:
log.exception(e)
return Response('LandLord Address with this address is already exists.')
except SQLAlchemyError as e:
log.exception(e)
return Response('SQL Error')
url = self.request.route_url('landlord_profile')
return HTTPFound(url)
return dict(form=form)
def change_profile(request, profile):
"""
Sets a cookie for the given profile and deletes any location set in the
cookies.
Returns a response which directs to the map view.
"""
response = HTTPFound(location=request.route_url('map_view'))
response.set_cookie('_PROFILE_', profile, timedelta(days=90))
if '_LOCATION_' in request.cookies:
response.delete_cookie('_LOCATION_')
return response
def logout(self, request):
request_cookie = request.cookies.get('signed')
if not request_cookie:
return {}
cookie = signed_deserialize(request_cookie, SECRET)
cookie_csrf = cookie.get('csrf')
if request.method == 'POST':
csrf = request.POST.get('csrf')
if csrf == cookie_csrf:
response = HTTPFound(request.route_url('admin.index'))
response.delete_cookie('signed')
return response
return dict(csrf=cookie_csrf)
def change_profile(request, profile):
"""
Sets a cookie for the given profile and deletes any location set in the
cookies.
Returns a response which directs to the map view.
"""
response = HTTPFound(location=request.route_url('map_view'))
response.set_cookie('_PROFILE_', profile, timedelta(days=90))
if '_LOCATION_' in request.cookies:
response.delete_cookie('_LOCATION_')
return response
def landlord_profile(self):
landlord_login = self.request.cookies.get('landlord_login')
landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first()
if not landlord:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('landlord_login')
return response
orders = DBSession.query(Order).join(LandlordAddress).join(Landlord)\
.filter(Landlord.login == landlord_login)
pending_orders = orders.filter(Order.status == 0)
return dict(
landlord=landlord,
orders=orders,
pending_orders=pending_orders,
)
def landlord_address_delete(self):
landlord_login = self.request.cookies.get('landlord_login')
landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first()
if not landlord:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('landlord_login')
return response
id = self.request.matchdict.get('uid')
address = DBSession.query(LandlordAddress).join(Landlord)\
.filter(Landlord.login == landlord_login)\
.filter(LandlordAddress.uid == id).first()
if not address:
return HTTPFound(self.request.route_url('landlord_profile'))
try:
DBSession.delete(address)
except SQLAlchemyError:
return HTTPFound(self.request.route_url('landlord_profile'))
return HTTPFound(self.request.route_url('landlord_profile'))
def landlord_edit(self):
landlord_login = self.request.cookies.get('landlord_login')
landlord = DBSession.query(Landlord).filter_by(login=landlord_login).first()
if not landlord:
response = HTTPFound(self.request.route_url('home'))
response.delete_cookie('landlord_login')
return response
landlord_form = self.landlord_form
if 'submit' in self.request.params:
controls = self.request.POST.items()
try:
appstruct = landlord_form.validate(controls)
except deform.ValidationFailure as e:
return dict(landlord=landlord, form=e.render())
# Change the content and redirect to the view
landlord.login = appstruct['login']
landlord.email = appstruct['email']
landlord.full_name = appstruct['full_name']
landlord.phone_number = appstruct['phone']
try:
DBSession.flush()
except IntegrityError as e:
log.exception(e)
return Response('LandLord with this email or login is already exists.')
url = self.request.route_url('landlord_profile')
return HTTPFound(url)
form = self.landlord_form.render(dict(
uid=landlord.uid,
login = landlord.login,
email = landlord.email,
full_name = landlord.full_name,
phone = landlord.phone_number,
)
)
return dict(landlord=landlord, form=form)
def log_out(request):
if "cherubplay" in request.cookies:
request.login_store.delete("session:" + request.cookies["cherubplay"])
response = HTTPFound(request.route_path("home"))
response.delete_cookie("cherubplay")
return response
def confirm(request):
if not 'order' in request.cookies:
return {'error': True, 'community': Settings.Community}
order = json.loads(request.cookies['order'])
try:
steamid = order['steamid']
email = order['email']
promocode = order['promocode']
server = order['server']
item = order['item']
promo = None
except:
return {'error': True, 'community': Settings.Community}
server = Settings.Session.query(Server).filter(Server.id == order['server']).scalar()
item = Settings.Session.query(Item).filter(Item.id == order['item']).scalar()
if not server or not item or not re.match(r'[^@]+@[^@]+\.[^@]+', email):
return {'error': True, 'community': Settings.Community}
promotions = []
price = item.price
for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 1 and '%' not in promo.promotion.value and time.time() < promo.promotion.expires]:
try:
price = price - float(promotion.value)
promotions.append(promotion)
except:
continue
for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 1 and '%' in promo.promotion.value and time.time() < promo.promotion.expires]:
try:
price = price - (price * (float(promotion.value.replace('%', '')) / 100))
promotions.append(promotion)
except:
continue;
if price < 0:
price = 0
try:
commid = SteamIDToCommunityID(steamid)
except SteamFormatException:
return {'error': True, 'community': Settings.Community}
if promocode != '':
print "Code: %s" % promocode
for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 2 and time.time() < promo.promotion.expires]:
if promotion.code == promocode:
promo = promotion
if '%' in promo.value:
try:
price = price - (price * (float(promo.value.replace('%', '')) / 100))
promotions.append(promo)
except:
pass
else:
try:
price = price - float(promo.value)
promotions.append(promo)
except:
pass
break
if price < 0:
price = 0
if 'checkout' in request.params:
txn = Transaction(item.id, server.id, round(price,2), steamid, email, time.time())
Settings.Session.add(txn)
Settings.Session.flush()
Settings.Session.refresh(txn)
payment = paypalrestsdk.Payment({
"intent": "sale",
"payer": {"payment_method": "paypal"},
"redirect_urls": {
"return_url": request.route_url('paypal/execute', txn=txn.txn_id),
"cancel_url": request.route_url('paypal/cancel', txn=txn.txn_id)},
"transactions": [{
"item_list": {
"items": [{
"name": item.name,
"sku": item.id,
"price": round(price,2) if round(price,2) % 1 != 0 else int(round(price,2)),
"currency": "USD",
"quantity": 1 }]},
"amount": {
"total": round(price,2) if round(price,2) % 1 != 0 else int(round(price,2)),
"currency": "USD",}}]})
if payment.create():
Settings.Session.add(OngoingTransaction(payment.id, txn.txn_id))
try:
Settings.Session.commit()
except:
Settings.Session.rollback()
for link in payment.links:
if link.method == 'REDIRECT':
redirect_url = link.href
response = HTTPFound(location=redirect_url)
response.delete_cookie('order')
return response
else:
print payment.error
Settings.Session.delete(txn)
try:
Settings.Session.commit()
except:
Settings.Session.rollback()
return {'error': True, 'community': Settings.Community}
steamapi.core.APIConnection(api_key=Settings.SteamAPI)
user = steamapi.user.SteamUser(commid)
path = [{"href": request.route_url('home'), "name": "Home", "active": False},
{"href": '{href}?sid={sid}'.format(href=request.route_url('home'), sid=server.id), "name": server.name, "active": False},
{"href": request.route_url('order', server=server.id, product=item.id), "name": item.name, "active": True}]
return {'item': item, 'server': server, 'user': user, 'email': email, 'steamid': steamid, 'promotions': promotions, 'error': False, 'path': path,
'price': round(price,2), 'community': Settings.Community}
def logout(request):
headers = forget(request)
response = HTTPFound(location=route_url('home', request),
headers=headers)
response.delete_cookie('user')
return response
def logout(request):
response = HTTPFound('/')
response.delete_cookie('user_id')
return response
def logOut(request):
redirect = HTTPFound('/')
redirect.delete_cookie('sessionData')
redirect.delete_cookie('filterList')
return redirect
def create_invoice(self):
records = self.request.params.getall('records')
if records:
fullname = self.request.params.get('customer.name','')
email = self.request.params.get('customer.email','')
address = self.request.params.get('customer.address','')
address2 = self.request.params.get('customer.address2','')
phone = self.request.params.get('customer.phone','')
agreement = Validators.bool(self.request.params.get('customer.agreement',0))
checkout = self.request.params.getall('customer.checkout')
deliver_digitally = False
deliver_physically = False
# Delivery Options
for option in checkout:
if option == 'digitally':
deliver_digitally = True
if option == 'physically':
deliver_physically = True
# Prep Orders
orders = []
total_price = 0.0
location_emails = {} # to notify any locations a request has been made
for record in records:
c = Cases.load(id=int(record))
e = Entities.load(case_id=int(record))
r = Roles.load(id=e.role)
l = Archives.load(id=c.archive)
location_emails[l.email] = l.email
total_price += float(r.price)
orders.append({'case':int(c.id), 'price' : r.price, 'location':int(l.id)})
invoice = Invoices(fullname=fullname, email=email, address=address, county_state_zip=address2, phone=phone, records=orders,
agreement_accepted=agreement, deliver_digitally=deliver_digitally, deliver_physically=deliver_physically,
total_price='${:,.2f}'.format(total_price))
invoice.insert(self.request)
invoice = Invoices.load(order='id desc')
#Email Client
starting_status = Statuses.load(order='priority asc')
Emailer.send(self.request,
[email],
starting_status.email_subject,
starting_status.email_message,
link=self.request.application_url + '/invoice/' + invoice.hash
)
#Email Archives Involved
Emailer.send(self.request,
list(location_emails),
'Order request has been placed',
'A new order request has been placed',
link=self.request.application_url + '/login?goto=' + self.request.application_url + '/manage/orders'
)
response = HTTPFound(location=route_url('invoice', self.request, hash=invoice.hash))
response.delete_cookie('basket')
return response
else:
return self.response
def log_out(request):
if "cherubplay" in request.cookies:
request.login_store.delete("session:" + request.cookies["cherubplay"])
response = HTTPFound(request.route_path("home"))
response.delete_cookie("cherubplay")
return response
def __call__(self):
""" login view callable """
# convenient method to set Cache-Control and Expires headers
self.request.response.cache_expires = 0
dbsession = DBSession()
params = self.request.params
login_url = route_url('login', self.request)
message = ''
# playerid, password from cookie
playerid = ''
password = ''
passwordFromCookie = False
lc = self.request.cookies.get('cis_login_credentials', '')
if lc:
lc = lc.split('|')
if len(lc) == 3:
passwordFromCookie = True
playerid = lc[0]
password = lc[1]
activeUser = User()
activeUser.playerid = playerid
activeUser.password = password
user = None
errors = {}
passwordOk = False
referrer = self.request.url
if referrer == login_url:
referrer = '/'
came_from = self.request.params.get('came_from', referrer)
url = came_from
logged_in = authenticated_userid(self.request)
headers = ''
initial_login = not logged_in
storeplayeridPwd = params.get('remember', '')
# if already logged in and requesting this page, redirect to forbidden
if logged_in:
message = 'You do not have the required permissions to see this page.'
return dict(
message=message,
url=url,
came_from=came_from,
password=password,
user=activeUser,
headers=headers,
errors=errors,
logged_in=logged_in,
remember=storeplayeridPwd
)
# check whether we are asked to do an autologin (from pwdreset.py)
autologin = 0 #self.request.session.pop_flash(queue='autologin')
# 'SECURITY RISK'
forcelogin = lc and self.request.params.get('forcelogin', '')
if forcelogin or autologin or 'form.submitted' in params:
if autologin:
autologin = autologin[0].split('|')
playerid = autologin[0]
password = autologin[1] #encrypted
elif forcelogin:
pass
else:
playerid = params['playerid']
# when we get a password from a cookie, we already receive it encrypted. If not, encrypt it here
password = (passwordFromCookie and password) or params['password']
if not password:
errors['password'] = "******"
else:
# if autologin, we already receive it encrypted. If not, encrypt it here
password = ((forcelogin or autologin) and password) or hashlib.md5(params['password']).hexdigest()
if not playerid:
errors['playerid'] = "Enter your player id"
if playerid and password:
user = dbsession.query(User).filter_by(playerid=playerid).first()
if user:
passwordOk = (user.password == password)
if not user:
message = 'You do not have a CIS account'
elif user.banned:
message = 'Your account has been banned.'
elif not user.activated:
message = 'Your account has not yet been activated'
elif not passwordOk:
message = 'Your account/password do not match'
else:
# READY TO LOGIN, SOME FINAL CHECKS
now = datetime.now()
headers = remember(self.request, user.playerid)
last_login = now.strftime('%Y-%m-%d %H:%M:%S')
user.last_web = last_login
response = HTTPFound()
user.last_login = last_login
response.headers = headers
response.content_type = 'text/html'
response.charset = 'UTF-8'
if storeplayeridPwd:
cookie_val = '%s|%s' % (playerid, password)
response.set_cookie('cis_login_credentials', cookie_val, max_age=timedelta(days=365), path='/')
response.location = came_from
if (not forcelogin) and (not storeplayeridPwd):
response.delete_cookie('cis_login_credentials')
response.cache_control = 'no-cache'
return response
activeUser.playerid = playerid
storeplayeridPwd = self.request.cookies.get('cis_login_credentials') and '1' or ''
return dict(
message=message,
url=url,
came_from=came_from,
password=password,
user=activeUser,
headers=headers,
errors=errors,
logged_in=logged_in,
remember=storeplayeridPwd
)
