def recover_attempt(request):
global base_title
global global_nav, user_nav
title = base_title + "Recovery"
global_navigation=global_nav()
# If user is not logged on
if request.method == 'GET' and not request.user.is_authenticated():
# Check if data could be valid through regex
key = v.clean_key(request.GET["key"])
u_name = v.clean_usernameRE(request.GET["user"])
# If valid data
if request.GET["key"] == key and u_name:
# return new password form
the_user = u_name
the_key = key
response = render_to_response(
'auth/recoveryattempt.html',
locals(),
context_instance=RequestContext(request)
)
else:
error = "User does not exist."
response = render_to_response(
'error.html',
locals()
)
# If user isn't online and is sending post data
elif request.method == 'POST' and not request.user.is_authenticated():
# Check if data could be valid through regex
key = v.clean_key(request.POST["key"])
u_name = v.clean_usernameRE(request.POST["user"])
# If key/username is validated by regex
if request.POST["key"] == key and u_name:
try:
# Check profile for key and compare.
user = User.objects.get(username=u_name)
user_profile = get_or_create_profile(user)
# Get database key and key time limit
key_db = user_profile.recovery_key
keylimit_db = user_profile.recovery_time
# Current time
time_now = now()
# If the key hasn't expired and is correct
if now() < keylimit_db and key_db == key:
password = v.clean_password(request.POST["p1"])
recover_error = ""
if not request.POST["p1"] == request.POST["p2"]:
recover_error = "Passwords don't match."
elif password == None:
recover_error = "No password entered."
elif password == -1:
recover_error = "Passwords have to be at least 5 characters."
# If there is an error
if recover_error != '':
# Set error variable for template
error = recover_error
response = render_to_response(
'error.html',
locals()
)
else:
# No errors, change password
user.set_password(password)
user.save()
# Expire recovery time.
user_profile.recovery_time = now()
user_profile.save()
response = render_to_response(
'auth/recoverysuccess.html',
locals()
)
else:
error = "Invalid key and/or username."
response = render_to_response(
'error.html',
locals()
)
except User.DoesNotExist:
error = "User doesn't exist."
response = render_to_response(
'error.html',
locals()
)
else:
error = "Invalid key and/or username."
response = render_to_response(
'error.html',
locals()
)
else:
# logged on, no recovery.
return HttpResponseRedirect('/')
return response
def recover_attempt(request):
global base_title
global global_nav, user_nav
title = base_title + "Recovery"
global_navigation = global_nav()
# If user is not logged on
if request.method == 'GET' and not request.user.is_authenticated():
# Check if data could be valid through regex
key = v.clean_key(request.GET["key"])
u_name = v.clean_usernameRE(request.GET["user"])
# If valid data
if request.GET["key"] == key and u_name:
# return new password form
the_user = u_name
the_key = key
response = render_to_response(
'auth/recoveryattempt.html',
locals(),
context_instance=RequestContext(request))
else:
error = "User does not exist."
response = render_to_response('error.html', locals())
# If user isn't online and is sending post data
elif request.method == 'POST' and not request.user.is_authenticated():
# Check if data could be valid through regex
key = v.clean_key(request.POST["key"])
u_name = v.clean_usernameRE(request.POST["user"])
# If key/username is validated by regex
if request.POST["key"] == key and u_name:
try:
# Check profile for key and compare.
user = User.objects.get(username=u_name)
user_profile = get_or_create_profile(user)
# Get database key and key time limit
key_db = user_profile.recovery_key
keylimit_db = user_profile.recovery_time
# Current time
time_now = now()
# If the key hasn't expired and is correct
if now() < keylimit_db and key_db == key:
password = v.clean_password(request.POST["p1"])
recover_error = ""
if not request.POST["p1"] == request.POST["p2"]:
recover_error = "Passwords don't match."
elif password == None:
recover_error = "No password entered."
elif password == -1:
recover_error = "Passwords have to be at least 5 characters."
# If there is an error
if recover_error != '':
# Set error variable for template
error = recover_error
response = render_to_response('error.html', locals())
else:
# No errors, change password
user.set_password(password)
user.save()
# Expire recovery time.
user_profile.recovery_time = now()
user_profile.save()
response = render_to_response(
'auth/recoverysuccess.html', locals())
else:
error = "Invalid key and/or username."
response = render_to_response('error.html', locals())
except User.DoesNotExist:
error = "User doesn't exist."
response = render_to_response('error.html', locals())
else:
error = "Invalid key and/or username."
response = render_to_response('error.html', locals())
else:
# logged on, no recovery.
return HttpResponseRedirect('/')
return response
def register_user(request):
global base_title
global global_nav, user_nav
title = base_title + "Register"
global_navigation=global_nav()
# If user is not logged on
if not request.user.is_authenticated():
# Return user navigation for an anonymous session
user_navigation = user_nav(False)
# Set up captcha html.
from settings import captcha_publickey, captcha_privatekey
captcha_test = captcha.displayhtml(captcha_publickey)
# If user has sent POST data (not logged in)
if request.method == 'POST':
registration_errors = [] # Error list
''' Check and validate data '''
# Is human?
HumanTestResult = captcha.submit(
request.POST["recaptcha_challenge_field"],
request.POST["recaptcha_response_field"],
captcha_privatekey,
get_ip(request)
)
# If not human: display errors
if HumanTestResult.is_valid:
# Matching passwords?
password = v.clean_password(request.POST["passw"])
if not request.POST["passw"] == request.POST["repassw"]:
registration_errors.append("Passwords don't match.")
if password == None:
registration_errors.append("No password entered.")
elif password == -1:
registration_errors.append("Passwords have to be at least 5 characters.")
# Username related errors
username = v.clean_username(request.POST["usern"])
if username == None:
registration_errors.append("No username entered.")
elif username == -2:
registration_errors.append("This username isn't available.")
elif username == -1:
registration_errors.append("Username's can only be 30 characters.")
elif username == False:
registration_errors.append("Username wasn't just characters numbers ")
# Email related errors
email = v.clean_email(request.POST["email"])
if email == None:
registration_errors.append("No email entered.")
elif email == -2:
registration_errors.append("This email already has an account.")
elif email == -1:
registration_errors.append("Emails can only be 245 characters.")
elif email == False:
registration_errors.append("Invalid email.")
# Invalid CAPTCHA, display only that error giving no more information to the bot
else:
registration_errors.append("Invalid human verification code.")
captcha_test = captcha.displayhtml(
captcha_publickey,
False,
HumanTestResult.error_code
)
# Connect to SMTP server
connection = mail.get_connection()
connection.open()
# If no errors: create user.
if len(registration_errors) == 0:
new_user = User.objects.create_user(
username,
email,
request.POST["repassw"]
)
new_user.is_active = True
new_user.save()
# Create activation key and user profile
activation_key = KeyGen()
# Add 2 hours so a recovery key can be made instantly after
# account creation.
thetime = new_user.date_joined + datetime.timedelta(hours=2)
profile = UserProfile(
activate_key=activation_key,
activated=False,
recovery_time=thetime,
user=new_user)
profile.save()
# User is created and saved. Send an activation link via email
# Activation link
message_activateurl = baseurl+"/activate/?key="+str(activation_key)
message_activateurl = message_activateurl+"&user="******"/deactivate/?key="+str(activation_key)
message_deactivateurl = message_deactivateurl+"&user="******"<$user>", str(new_user.username))
message = message.replace("<$activatelink>", message_activateurl)
message = message.replace("<$disablelink>", message_deactivateurl)
# Send email
email = EmailMessage(
"Account Activation",
message,
EMAIL_HOST_USER,
[new_user.email]
)
email.send()
connection.close()
# Return new account page
accountname = new_user.username
response = render_to_response(
'auth/newaccount.html',
locals(),
context_instance=RequestContext(request)
)
else:
# Return registration form with errors in registration_errors
response = render_to_response(
'auth/registration.html',
locals(),
context_instance=RequestContext(request)
)
# If user hasn't sent POST data (not logged on)
else:
response = render_to_response(
'auth/registration.html',
locals(),
context_instance=RequestContext(request)
)
# User is logged on
else:
user_navigation = user_nav(request.user.username)
error = "You cannot register while logged in."
response = render_to_response(
'error.html',
locals()
)
return response
def register_user(request):
global base_title
global global_nav, user_nav
title = base_title + "Register"
global_navigation = global_nav()
# If user is not logged on
if not request.user.is_authenticated():
# Return user navigation for an anonymous session
user_navigation = user_nav(False)
# Set up captcha html.
from settings import captcha_publickey, captcha_privatekey
captcha_test = captcha.displayhtml(captcha_publickey)
# If user has sent POST data (not logged in)
if request.method == 'POST':
registration_errors = [] # Error list
''' Check and validate data '''
# Is human?
HumanTestResult = captcha.submit(
request.POST["recaptcha_challenge_field"],
request.POST["recaptcha_response_field"], captcha_privatekey,
get_ip(request))
# If not human: display errors
if HumanTestResult.is_valid:
# Matching passwords?
password = v.clean_password(request.POST["passw"])
if not request.POST["passw"] == request.POST["repassw"]:
registration_errors.append("Passwords don't match.")
if password == None:
registration_errors.append("No password entered.")
elif password == -1:
registration_errors.append(
"Passwords have to be at least 5 characters.")
# Username related errors
username = v.clean_username(request.POST["usern"])
if username == None:
registration_errors.append("No username entered.")
elif username == -2:
registration_errors.append(
"This username isn't available.")
elif username == -1:
registration_errors.append(
"Username's can only be 30 characters.")
elif username == False:
registration_errors.append(
"Username wasn't just characters numbers ")
# Email related errors
email = v.clean_email(request.POST["email"])
if email == None:
registration_errors.append("No email entered.")
elif email == -2:
registration_errors.append(
"This email already has an account.")
elif email == -1:
registration_errors.append(
"Emails can only be 245 characters.")
elif email == False:
registration_errors.append("Invalid email.")
# Invalid CAPTCHA, display only that error giving no more information to the bot
else:
registration_errors.append("Invalid human verification code.")
captcha_test = captcha.displayhtml(captcha_publickey, False,
HumanTestResult.error_code)
# Connect to SMTP server
connection = mail.get_connection()
connection.open()
# If no errors: create user.
if len(registration_errors) == 0:
new_user = User.objects.create_user(username, email,
request.POST["repassw"])
new_user.is_active = True
new_user.save()
# Create activation key and user profile
activation_key = KeyGen()
# Add 2 hours so a recovery key can be made instantly after
# account creation.
thetime = new_user.date_joined + datetime.timedelta(hours=2)
profile = UserProfile(activate_key=activation_key,
activated=False,
recovery_time=thetime,
user=new_user)
profile.save()
# User is created and saved. Send an activation link via email
# Activation link
message_activateurl = baseurl + "/activate/?key=" + str(
activation_key)
message_activateurl = message_activateurl + "&user="******"/deactivate/?key=" + str(
activation_key)
message_deactivateurl = message_deactivateurl + "&user="******"<$user>", str(new_user.username))
message = message.replace("<$activatelink>",
message_activateurl)
message = message.replace("<$disablelink>",
message_deactivateurl)
# Send email
email = EmailMessage("Account Activation", message,
EMAIL_HOST_USER, [new_user.email])
email.send()
connection.close()
# Return new account page
accountname = new_user.username
response = render_to_response(
'auth/newaccount.html',
locals(),
context_instance=RequestContext(request))
else:
# Return registration form with errors in registration_errors
response = render_to_response(
'auth/registration.html',
locals(),
context_instance=RequestContext(request))
# If user hasn't sent POST data (not logged on)
else:
response = render_to_response(
'auth/registration.html',
locals(),
context_instance=RequestContext(request))
# User is logged on
else:
user_navigation = user_nav(request.user.username)
error = "You cannot register while logged in."
response = render_to_response('error.html', locals())
return response