def index(headers, body, data):
if headers['request-method'] == 'GET':
createTokens(dbFile)
areTokensCreated = True
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('login.html', body=body, data=data, token=t), 200, {}
else:
msg = ''
return render_template('error.html', body=body, data=data, msg=msg), 405, {}
def logout(headers, body, data):
cookie = str(headers['http-cookie']).replace('sessionid=', '')
if not cookie_check(cookie):
return render_template('html/home.html',
body=body,
data=data,
headers=headers,
message='Zostales wylogowany!'), 200, {}
disable_cookie(cookie)
return render_template('html/redirect.html',
body=body,
data=data,
headers=headers,
message='Trwa wylogowywanie...'), 200, {}
def postNote(headers, body, data):
request_method = headers['request-method']
global areTokensCreated
if areTokensCreated is False:
createTokens(dbFile)
areTokensCreated = True
global session
if ('user' in session) and (headers['remote-addr'] == session['ip']):
if request_method == 'GET':
print '\nget w notes '
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
notes = getNotesFromDatabase(dbFile)
return render_template('notes.html', body=body, data=data,
notes=notes, username=session['user'], token=t), 200, {}
elif request_method == 'POST':
if 'secretIn' in data:
print '\npost w notes ----> otrzymalem token'
print data['secretIn']
if tokenIsUsed(dbFile, data['secretIn']) is False:
msg = 'You are a hacker.'
return render_template('error.html', msg=msg), 400, {}
if len(data) == 0:
msg = 'You can\'t post an empty note.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
note = cgi.escape(str(data['noteTextarea']), quote=True)
try:
addNoteToDatabase(note, session['user'], dbFile)
except Exception, e:
print '\nthere is sth fishy going on. %s\n' % str(e)
return render_template('error.html', body=body, data=data), 500, {}
notes = getNotesFromDatabase(dbFile)
print notes
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('notes.html', body=body, data=data,
notes=notes, username=session['user'], token=t), 200, {}
def recovery(headers, body, data):
question_tuple = questions()
return render_template('recovery.html',
headers=headers,
body=body,
data=data,
questions=question_tuple), 200, {}
def signup(headers, body, data):
question_tuple = questions()
return render_template('signup.html',
headers=headers,
body=body,
data=data,
questions=question_tuple), 200, {}
def insert_new_passwd(headers, body, data):
db, cursor = pysql.database_connect()
token = str((AuthCookieFactory()).get_from_headers(headers).get_token())
if token is None:
return render_template(
'unauthorised_request.html',
body=body,
data=data,
message='Anauthorised try to change password!'), 200, {}
cursor.execute('''SELECT login FROM cookie WHERE token=%s''', token)
login = str(cursor.fetchone()[0])
passwd = str(data['pw']) if 'pw' in data else ''
passwd_r = str(data['pw-x']) if 'pw-x' in data else ''
salt = uuid.uuid4().hex
salt_bytes = salt.encode('utf-8')
if passwd == passwd_r:
strength, improvements = passwordmeter.test(passwd)
if strength < 0.3:
return render_template(
'passwordchange.html',
body=body,
data=data,
login=login,
message='Your password is too weak!'), 200, {}
for i in range(3):
pw_bytes = passwd.encode('utf-8')
passwd = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
cursor.execute(
'''UPDATE users SET password= %s, salt= %s WHERE login= %s''',
(passwd, salt, login))
db.commit()
db.close()
IP, time = pysql.print_ip(login)
return render_template(
'mainpage.html',
body=body,
data=data,
IP=IP,
time=time,
message='You successfully changed your password!'), 200, {}
else:
return render_template('passwordchange.html',
body=body,
data=data,
message='Passwords are not match!'), 200, {}
def logout(headers, body, data):
request_method = headers['request-method']
if request_method == 'GET':
global session
session = {}
t = getTokenFromDatabase(dbFile)
return render_template('login.html', body=body, data=data, token=t), 200, {}
def redirect_main(headers, body, data, login):
IP, time = pysql.print_ip(login)
return render_template('mainpage.html',
headers=headers,
body=body,
data=data,
IP=IP,
time=time), 200, {}
def redirect(headers, body, data, message='Taka strona nie istnieje!'):
cookie = str(headers['http-cookie']).replace('sessionid=', '')
return render_template('html/redirect.html',
body=body,
data=data,
headers=headers,
message=message), 200, {
'Set-Cookie': cookie
}
def addsnippet(headers, body, data):
#login = str(data['login']) if 'login' in data else ''
# password = str(data['password']) if 'password' in data else ''
cookie = str(headers['http-cookie']).replace('sessionid=', '')
if not cookie_check(cookie):
return redirect(headers=headers,
body=body,
data=data,
message="Nieautoryzowana proba dodania snippet'a!")
snippet_content = str(data['snippet']) if 'snippet' in data else ''
title = str(data['title']) if 'title' in data else ''
if (title == '' or snippet_content == ''):
return render_template('html/addsnippet.html',
body=body,
data=data,
headers=headers,
cookie=cookie), 200, {}
elif len(title) > 60:
return render_template(
'html/addsnippet.html',
body=body,
data=data,
headers=headers,
cookie=cookie,
message="Maksymalna dlugosc nazwy snippet'a to 24 znaki!"
), 200, {}
elif len(snippet_content) > 9999:
return render_template(
'html/addsnippet.html',
body=body,
data=data,
headers=headers,
cookie=cookie,
message="Dodany przez Ciebie plik jest zbyt dlugi!"), 200, {}
add_snippet(title, snippet_content, cookie)
return redirect(headers=headers,
body=body,
data=data,
message='Snippet zostal dodany!')
def put_snippet(headers, body, data):
db, cursor = pysql.database_connect()
time = pysql.datetime_mysql()
snippet = str(data['snippet']) if 'snippet' in data else ''
title = str(data['title']) if 'title' in data else ''
snippet = unidecode(snippet) # decode non-standard letters
if not check_title(title):
return render_template(
'new_snippet.html',
headers=headers,
body=body,
data=data,
message='Title can only contain letters or digits!'), 200, {}
if len(title) > 40:
return render_template('new_snippet.html',
headers=headers,
body=body,
data=data,
message='Title is too long!'), 200, {}
if len(snippet) > 1000:
return render_template('new_snippet.html',
headers=headers,
body=body,
data=data,
message='Snippet is too long!'), 200, {}
token = str((AuthCookieFactory()).get_from_headers(headers).get_token())
cursor.execute('''SELECT login FROM cookie WHERE token=%s''', token)
login = str(cursor.fetchone()[0])
cursor.execute(
'''INSERT INTO snippets(login, datetime, title, snippet) VALUES(%s, %s, %s, %s)''',
(login, time, title, snippet))
db.commit()
db.close()
IP, time = pysql.print_ip(login)
return render_template('mainpage.html',
headers=headers,
body=body,
data=data,
IP=IP,
time=time), 200, {}
def auth(headers, body, data):
login = str(data['name']) if 'name' in data else ''
passwd = str(data['pw']) if 'name' in data else ''
# ip = str(headers['http-x-forwarded-for']) if 'http-x-forwarded-for' in headers else 'PROXY'
ip = str(headers['remote-addr'])
if check_auth(login, passwd, ip):
if ban_ip(login):
IP, time = pysql.print_ip(login)
db, cursor = pysql.database_connect()
cookie = (AuthCookieFactory()).generate()
cursor.execute('INSERT INTO cookie(login, token) VALUES(%s, %s)',
(login, cookie.get_token()))
db.commit()
db.close()
return render_template('mainpage.html',
headers=headers,
body=body,
data=data,
IP=IP,
time=time), 200, {
'Set-Cookie': cookie.return_cookie()
}
else:
snippets = get_all_snipets()
return render_template(
'index.html',
body=body,
data=data,
snippets=snippets,
message='Too many wrong attemts to log in! You\'ve banned!')
else:
snippets = get_all_snipets()
return render_template(
'index.html',
headers=headers,
body=body,
data=data,
snippets=snippets,
message='Login or password is incorrect'), 200, {}
def home(headers, body, data):
login = str(data['login']) if 'login' in data else ''
password = str(data['password']) if 'password' in data else ''
cookie = str(headers['http-cookie']).replace('sessionid=', '')
# if (login == '') and (password == ''):
if cookie_check(cookie):
dbfile = '/home/wolonkia/vial/genbase.db'
conn = sqlite3.connect(dbfile)
cursor = conn.cursor()
cursor.execute('SELECT title, login, time FROM snippets ORDER BY time')
snippets_result = cursor.fetchall()
snippets_values = []
for row in snippets_result:
snippets_values.append({'title': str(row[0]), 'login': str(row[1]), 'date': str(row[2])})
cursor.execute('SELECT login FROM users WHERE cookie = ?;', (cookie,))
login = str(cursor.fetchone()[0])
print login
cursor.execute('SELECT ip FROM logs WHERE login = ? ORDER BY date_time DESC', (login,))
fetch = cursor.fetchall()
if len(fetch) >= 2:
if str(fetch[0][0]) != str(fetch[1][0]):
return render_template('html/home.html', body=body, data=data, headers=headers,
snippets_values=snippets_values,
message='Wykryto nowe polaczenie do Twojego konta z ip: ' + str(
fetch[1][0])), 200, {}
return render_template('html/home.html', body=body, data=data, headers=headers,
snippets_values=snippets_values,
message="Witaj '" + login + "'"), 200, {}
dbfile = '/home/wolonkia/vial/genbase.db'
conn = sqlite3.connect(dbfile)
cursor = conn.cursor()
cursor.execute('SELECT title, login, time FROM snippets ORDER BY time')
snippets_result = cursor.fetchall()
snippets_values = []
for row in snippets_result:
snippets_values.append({'title': str(row[0]), 'login': str(row[1]), 'date': str(row[2])})
return render_template('html/home.html', body=body, data=data, headers=headers, snippets_values=snippets_values,
message='Witaj na stronie!'), 200, {'Set-Cookie': cookie}
def insert_new_password(headers, body, data):
login = str(data['name']) if 'name' in data else ''
passwd = str(data['pw']) if 'pw' in data else ''
passwd_r = str(data['pw-x']) if 'pw-x' in data else ''
salt = uuid.uuid4().hex
salt_bytes = salt.encode('utf-8')
if passwd == passwd_r:
strength, improvements = passwordmeter.test(passwd)
if strength < 0.3:
return render_template(
'passwordchange.html',
body=body,
data=data,
login=login,
message='Your password is too weak!'), 200, {}
for i in range(3):
pw_bytes = passwd.encode('utf-8')
passwd = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
db, cursor = pysql.database_connect()
cursor.execute(
'''UPDATE users SET password= %s, salt= %s WHERE login= %s''',
(passwd, salt, login))
db.commit()
db.close()
snippets = get_all_snipets()
return render_template(
'index.html',
body=body,
data=data,
snippets=snippets,
message='You successfully changed your password!'), 200, {}
else:
return render_template('passwordchange.html',
body=body,
data=data,
login=login,
message='Passwords are not match!'), 200, {}
def forgot_password(headers, body, data):
login = str(data['name']) if 'name' in data else ''
a = str(data['answer']) if 'answer' in data else ''
db, cursor = pysql.database_connect()
cursor.execute('''SELECT * from users WHERE login = %s ''', login)
if cursor.fetchone() is not None:
cursor.execute('''SELECT answer FROM users WHERE login = %s''', login)
answerdb = str(cursor.fetchone()[0])
cursor.execute('SELECT salt FROM users WHERE login = %s', login)
salt = str(cursor.fetchone()[0])
salt_bytes = salt.encode('utf-8')
db.close()
for i in range(3):
a_bytes = a.encode('utf-8')
a = hashlib.sha512(a_bytes + salt_bytes).hexdigest()
if answerdb == a:
return render_template('passwordchange.html',
body=body,
data=data,
login=login), 200, {}
else:
questions_tuple = questions()
return render_template('recovery.html',
body=body,
data=data,
message='Wrong answer!',
questions=questions_tuple), 200, {}
else:
db.close()
questions_tuple = questions()
return render_template('recovery.html',
body=body,
data=data,
message='Wrong answer!',
questions=questions_tuple), 200, {}
def changePass(headers, body, data):
request_method = headers['request-method']
global areTokensCreated
if areTokensCreated is False:
createTokens(dbFile)
areTokensCreated = True
global session
if ('user' in session) and (headers['remote-addr'] == session['ip']):
if request_method == 'GET':
print 'get w change pass'
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('settings.html', body=body, data=data,
username=session['user'], token=t), 200, {}
elif request_method == 'POST':
if 'secretIn' in data:
print 'post w notes ----> otrzymalem token'
print data['secretIn']
if tokenIsUsed(dbFile, data['secretIn']) is False:
msg = 'You are a hacker.'
return render_template('error.html', msg=msg), 400, {}
if len(data) < 3: # <--------------------------------------------------------------------- to do ????
msg = 'All fields must be filled.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
oldpass = cgi.escape(str(data['oldPass']), quote=True)
if isPasswordCorrect(session['user'], oldpass, dbFile):
newpass = cgi.escape(str(data['newPass']), quote=True)
newpass2 = cgi.escape(str(data['newPass2']), quote=True)
changePassword(session['user'], newpass, dbFile)
session = {}
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('login.html', body=body, data=data, token=t), 200, {}
else:
msg = 'Invalid password.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
else:
session = {}
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('login.html', body=body, data=data, token=t), 200, {}
def signup(headers, body, data):
request_method = headers['request-method']
global areTokensCreated
if areTokensCreated is False:
createTokens(dbFile)
areTokensCreated = True
if request_method == 'GET':
t = getTokenFromDatabase(dbFile)
tokenIsBeingUsed(dbFile, t)
print t
print '\nget w signup'
return render_template('signup.html', body=body, data=data, token=t), 200, {}
elif request_method == 'POST':
if 'secretIn' in data:
print 'post w signup --> secret\n'
print data['secretIn']
if tokenIsUsed(dbFile, data['secretIn']) is False:
msg = 'You are a hacker.'
return render_template('error.html', msg=msg), 400, {}
if len(data) < 3:
msg = 'All fields must be filled.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
l = cgi.escape(str(data['inputLogin']), quote=True)
p = cgi.escape(str(data['inputPass']), quote=True)
p2 = cgi.escape(str(data['inputPass2']), quote=True)
login = ''.join(ch for ch in l if ch.isalnum())
password = ''.join(ch for ch in p if ch in allowedCharacters)
password2 = ''.join(ch for ch in p2 if ch in allowedCharacters)
if isUserInDatabase(login, dbFile) is True:
msg = 'Invalid login.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
if password != password2:
msg = 'Invalid password.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
else:
addToDatabase(login, password, dbFile)
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('login.html', body=body, data=data, token=t), 200, {}
def view(headers, body, data, snippet_title):
snippet_title = str(snippet_title)
dbfile = '/home/wolonkia/vial/genbase.db'
conn = sqlite3.connect(dbfile)
cursor = conn.cursor()
cursor.execute('SELECT login FROM snippets WHERE title = ?;',
(snippet_title, ))
login = cursor.fetchone()
if login is None:
return redirect(headers,
body=body,
data=data,
message='Podany plik nie istnieje!'), 200, {}
#snippet_path = 'od.iem.pw.edu.pl:2552/static/snippets/' + str(snippet_title) + '.snippet'
snippet_title = str(snippet_title) + '.snippet'
return render_template('html/view.html',
body=body,
data=data,
headers=headers,
snippet_title=snippet_title), 200, {}
def editpassword(headers, body, data):
login = str(data['login']) if 'login' in data else ''
oldpassword = str(data['oldpassword']) if 'oldpassword' in data else ''
password = str(data['password']) if 'password' in data else ''
repassword = str(data['repassword']) if 'repassword' in data else ''
if (login == '') and (password == ''):
cookie = str(headers['http-cookie']).replace('sessionid=', '')
if not cookie_check(cookie):
return render_template(
'html/signin.html',
body=body,
data=data,
headers=headers,
message='Musisz sie zalogowac aby zmienic haslo!'), 200, {}
dbfile = '/home/wolonkia/vial/genbase.db'
conn = sqlite3.connect(dbfile)
cursor = conn.cursor()
cursor.execute('SELECT login FROM users WHERE cookie = ?;', (cookie, ))
login = str(cursor.fetchone()[0])
cursor.execute('SELECT password FROM users WHERE login = ?;',
(login, ))
oldpassword = str(cursor.fetchone()[0])
if oldpassword == password:
update_password(login, password)
# expires = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
# cookie = 'sessionid=' + cookie + '; expires=' + expires # + " ; secure"
return render_template(
'html/home.html',
body=body,
data=data,
headers=headers,
message='Haslo zostalo zmienione pomyslnie!'), 200, {}
if (oldpassword == '') or (repassword == ''):
return render_template('html/editpassword.html',
body=body,
data=data,
headers=headers), 200, {}
if password_length(password):
return render_template(
'html/editpassword.html',
body=body,
data=data,
headers=headers,
message='Wymagana dlugosc hasla od 4 do 24 znakow!'), 200, {}
if not same_passwords(password, repassword):
return render_template(
'html/editpassword.html',
body=body,
data=data,
headers=headers,
message='Podane hasla nie sa identyczne!'), 200, {}
if entropy(password) < 45.0:
return render_template(
'html/editpassword.html',
body=body,
data=data,
headers=headers,
message='Haslo jest zbyt slabe, jego entropia: ' +
str(round(entropy(password), 2))), 200, {}
return render_template('html/home.html',
body=body,
data=data,
headers=headers), 200, {}
# return render_template('html/editpassword.html', body=body, data=data, headers=headers), 200, {}
return render_template('html/home.html',
body=body,
data=data,
headers=headers,
message='Witaj na stronie!'), 200, {}
def index(headers, body, data):
snippets = get_all_snipets()
return render_template('index.html',
headers=headers,
body=body,
snippets=snippets), 200, {}
def register(headers, body, data):
login = str(data['login']) if 'login' in data else ''
password = str(data['password']) if 'password' in data else ''
repassword = str(data['repassword']) if 'repassword' in data else ''
# dbfile = '/home/wolonkia/vial/genbase.db'
if (login == '') and (password == '') and (repassword == ''):
return render_template('html/register.html',
body=body,
data=data,
headers=headers), 200, {}
elif not login_length(login):
return render_template(
'html/register.html',
body=body,
data=data,
headers=headers,
message='Wymagana dlugosc loginu od 4 do 16. znakow!'), 200, {}
elif not login_chars(login):
return render_template(
'html/register.html',
body=body,
data=data,
headers=headers,
message='Login zawiera niepoprawne znaki!'), 200, {}
elif not login_exists(login):
return render_template('html/register.html',
body=body,
data=data,
headers=headers,
message='Login juz zajety!'), 200, {}
elif not password_length(password):
return render_template(
'html/register.html',
body=body,
data=data,
headers=headers,
message='Wymagana dlugosc hasla od 4 do 24 znakow!'), 200, {}
elif not same_passwords(password, repassword):
return render_template(
'html/register.html',
body=body,
data=data,
headers=headers,
message='Podane hasla nie sa identyczne!'), 200, {}
elif entropy(password) < 45.0:
return render_template(
'html/register.html',
body=body,
data=data,
headers=headers,
message='Haslo jest zbyt slabe, jego entropia: ' +
str(round(entropy(password), 2))), 200, {}
cookie = str(uuid.UUID(bytes=random_bytes(16)).hex)
expires = (dt.datetime.utcnow() + dt.timedelta(minutes=20))
add_user(login, password, cookie, expires.strftime("%Y-%m-%d %H:%M:%S"))
# expires = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
# cookie = 'sessionid=' + cookie + '; expires=' + expires # + " ; secure"
return render_template(
'html/redirect.html',
body=body,
data=data,
headers=headers,
message='Rejestracja zakonczona pomyslnie!'), 200, {}
notes = getNotesFromDatabase(dbFile)
print notes
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('notes.html', body=body, data=data,
notes=notes, username=session['user'], token=t), 200, {}
else:
session = {}
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('login.html', body=body, data=data, token=t), 200, {}
def changePass(headers, body, data):
request_method = headers['request-method']
global areTokensCreated
if areTokensCreated is False:
createTokens(dbFile)
areTokensCreated = True
global session
if ('user' in session) and (headers['remote-addr'] == session['ip']):
if request_method == 'GET':
print 'get w change pass'
t = getTokenFromDatabase(dbFile)
def login(headers, body, data):
request_method = headers['request-method']
global areTokensCreated
if areTokensCreated is False:
createTokens(dbFile)
areTokensCreated = True
if request_method == 'GET':
print '\nget w login'
t = getTokenFromDatabase(dbFile)
print t
tokenIsBeingUsed(dbFile, t)
return render_template('login.html', body=body, data=data, token=t), 200, {}
elif request_method == 'POST':
if 'secretIn' in data:
print '\npost w login ----> otrzymalem token'
print data['secretIn']
if tokenIsUsed(dbFile, data['secretIn']) is False:
msg = 'You are a hacker.'
return render_template('error.html', msg=msg), 400, {}
if len(data) < 2:
msg = 'All fields must be filled.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
l = cgi.escape(str(data['inputLogin']), quote=True)
p = cgi.escape(str(data['inputPass']), quote=True)
login = ''.join(ch for ch in l if ch.isalnum())
password = ''.join(ch for ch in p if ch in allowedCharacters)
if isUserInDatabase(login, dbFile) is False:
msg = 'Invalid login.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
if isPasswordCorrect(login, password, dbFile) is True:
global session
session['user'] = login
session['ip'] = headers['remote-addr']
fails[headers['remote-addr']] = 0
print '-----'
print session
print fails
print '-----'
notes = getNotesFromDatabase(dbFile)
t = getTokenFromDatabase(dbFile)
tokenIsBeingUsed(dbFile, t)
return render_template('notes.html', body=body, data=data, notes=notes, token=t), 200, {}
elif isPasswordCorrect(login, password, dbFile) is False:
if headers['remote-addr'] in fails:
fails[headers['remote-addr']] += 1
if fails[headers['remote-addr']] > 3:
time.sleep(2)
fails[headers['remote-addr']] = 0
return render_template('login.html', body=body, data=data, token=t), 200, {}
else:
msg = 'Invalid password.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
else:
fails[headers['remote-addr']] = 1
msg = 'Invalid password.'
return render_template('error.html', body=body, data=data, msg=msg), 400, {}
def change_password_form(headers, body, data):
return render_template('passwordchange_u.html',
headers=headers,
body=body,
data=data), 200, {}
def new_snippet(headers, body, data):
return render_template('new_snippet.html',
headers=headers,
body=body,
data=data), 200, {}
def signup_db(headers, body, data):
db, cursor = database_connect()
login = str(data['name']) if 'name' in data else ''
password = str(data['pw']) if 'pw' in data else ''
password_conf = str(data['pwconf']) if 'pwconf' in data else ''
answer = str(data['answer']) if 'answer' in data else ''
cursor.execute('SELECT * FROM users WHERE login=%s', (login))
questions_tuple = questions()
if (cursor.fetchone()) is not None:
return render_template(
'signup.html',
body=body,
data=data,
questions=questions_tuple,
message='This login is already in use, please choose another one!'
), 200, {}
if not check_login_char(login):
return render_template(
'signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Login can only contains lowarcase letters!'), 200, {}
if not check_login_length(login):
return render_template('signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Login is too long!'), 200, {}
if not (password == password_conf):
return render_template('signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Passwords are not match!'), 200, {}
strength, improvements = passwordmeter.test(password)
if strength < 0.3:
return render_template('signup.html',
body=body,
data=data,
questions=questions_tuple,
message='Your password is too weak!'), 200, {}
create_user_folder(login)
salt = uuid.uuid4().hex
salt_bytes = salt.encode('utf-8')
for i in range(3):
answer_bytes = answer.encode('utf-8')
pw_bytes = password.encode('utf-8')
password = hashlib.sha512(pw_bytes + salt_bytes).hexdigest()
answer = hashlib.sha512(answer_bytes + salt_bytes).hexdigest()
cursor.execute(
'INSERT INTO users(login, password, salt, answer) VALUES (%s, %s, %s, %s)',
(login, password, salt, answer))
db.commit()
db.close()
snippets = get_all_snipets()
return render_template(
'index.html',
body=body,
data=data,
snippets=snippets,
message='You successfully registered new user!'), 200, {}
def index(environ):
content = render_template("index.html", {})
return Response(content, Status.OK)
def hello(environ):
content = render_template("hello.html", {})
return Response(content, Status.OK)
def signin(headers, body, data):
login = str(data['login']) if 'login' in data else ''
password = str(data['password']) if 'password' in data else ''
cookie = str(headers['http-cookie']).replace('sessionid=', '')
if (login == '') and (password == ''):
if cookie_check(cookie):
return render_template('html/home.html',
body=body,
data=data,
headers=headers,
message='Jestes juz zalogowany!'), 200, {}
return render_template('html/signin.html',
body=body,
data=data,
headers=headers), 200, {}
# login = str(data['login']) if 'login' in data else ''
# password = str(data['password']) if 'password' in data else ''
# dbfile = '/home/wolonkia/vial/genbase.db'
# conn = sqlite3.connect(dbfile)
# cursor = conn.cursor()
# dbpassword = cursor.execute('SELECT password FROM users WHERE login = ?', (login,))
# passwd = ''
# for row in dbpassword:
# passwd = str(row[0])
# salt = passwd[:20]
# for i in range(3):
# password = salt.join(password)
# password = str((hashlib.sha1(password)).hexdigest())
# password = salt + password
# if (login == '') or (password == ''):
# cookie = str(headers['http-cookie']).replace('session_id=', '')
# if cookie_check(cookie):
# return redirect(headers=headers, body=body, data=data, message='Jestes juz zalogowany!')
# return render_template('html/signin.html', body=body, data=data, headers=headers), 200, {}
elif allow_signin(login, headers):
if authentication(login, password):
cookie = str(uuid.UUID(bytes=random_bytes(16)).hex)
expires = dt.datetime.now() + dt.timedelta(minutes=20)
cookie_update(cookie, expires, login)
expires = (
dt.datetime.utcnow() +
dt.timedelta(minutes=20)).strftime("%a, %d %b %Y %H:%M:%S GMT")
cookie = 'sessionid=' + cookie + '; expires=' + expires + ";" + "secure"
add_log(headers, data, True)
return render_template('html/home.html',
body=body,
data=data,
headers=headers,
message='Zostales zalogowany!'), 200, {
'Set-Cookie': cookie
}
add_log(headers, data, False)
return render_template(
'html/signin.html',
body=body,
data=data,
headers=headers,
message='Nieprawidlowe dane logowania!'), 200, {}
add_log(headers, data, False)
return render_template(
'html/signin.html',
body=body,
data=data,
headers=headers,
message='Zbyt wiele blednych prob zalogowania!'), 200, {}
def upload(headers, body, data):
return render_template('upload.html', body=body, data=data), 200, {}
def item(environ, item_id):
content = render_template("item.html", {"item_id": item_id})
return Response(content, Status.OK)
