def SetUserPassword(UserName, ExistingPassword, NewPassword, ConfirmPassword): # Is the form empty? Return no error... if not ExistingPassword and not NewPassword and not ConfirmPassword: return "" # Is the form partially filled? elif not ExistingPassword: return "Error: Missing existing password." elif not NewPassword: return "Error: Missing new password." elif not ConfirmPassword: return "Error: Missing confirmation password." # Get existing user ExistingUsers = Session.query(UsersTable).filter(UsersTable.UserName == UserName).all() if len(ExistingUsers) <= 0: return "Error: User name does not exist." ExistingUser = ExistingUsers[0] # Is the given password the active password? ExistingHash = __GeneratePasswordHash(ExistingPassword) if ExistingUser.UserPassword != ExistingHash: return "Error: Old password is not correct." # Check password lengths if len(NewPassword) <= 5: return "Error: New password is not long enough. Must be at least 6 characters long." if len(NewPassword) > 32: return "Error: New password is too long. May be at most 32 characters long." # Validate against whitelist to make sure these are valid characters if h.string_check_whitelist(NewPassword, h.string_whitelist_password) == False: return "Error: New password contains invalid characters." # Confirm the passwords are the same... if NewPassword != ConfirmPassword: return "Error: New passwords do not match." # All good to go - commit password changes ExistingUser.UserPassword = __GeneratePasswordHash(NewPassword) Session.commit() # Done! return "Success: Password has changed!"
def UserRegister(UserName, UserEMail, UserPassword, UserPasswordConfirm): # Check for cookies - are we already logged in? if session.get("UserName"): return "redirect" # Did we get the entire form correctly? if not UserName or not UserEMail or not UserPassword or not UserPasswordConfirm: return "Error: Missing fields. Please fill out all fields completely." # Check username lengths if len(UserName) <= 5: return "Error: User name is not long enough. Must be at least 6 characters long." if len(UserName) > 32: return "Error: User name is too long. May be at most 32 characters long." # Check email lengths if len(UserEMail) <= 5: return "Error: User e-mail is not long enough. Must be at least 6 characters long." if len(UserEMail) > 32: return "Error: User e-mail is too long. May be at most 32 characters long." # Check password lengths if len(UserPassword) <= 5: return "Error: User password is not long enough. Must be at least 6 characters long." if len(UserPassword) > 32: return "Error: User password is too long. May be at most 32 characters long." # Validate against whitelist to make sure these are valid characters if h.string_check_whitelist(UserName, h.string_whitelist) == False: return "Error: User name contains invalid characters." if h.string_check_whitelist(UserEMail, h.string_whitelist) == False: return "Error: User e-mail contains invalid characters." if h.string_check_whitelist(UserPassword, h.string_whitelist_password) == False: return "Error: Password contains invalid characters." # Confirm the passwords are the same... if UserPassword != UserPasswordConfirm: return "Error: Passwords do not match." # Finally, make sure no other users with the same name exist.. ExistingUsers = Session.query(UsersTable).filter(UsersTable.UserName == UserName).all() if len(ExistingUsers) > 0: return "Error: User name already exists! Please select a new user name." # Register this new user into the database NewUser = UsersTable() # Note that the user ID will auto-increment NewUser.UserName = UserName NewUser.UserEMail = UserEMail NewUser.UserPoints = 0 NewUser.UserPassword = __GeneratePasswordHash(UserPassword) NewUser.LogInCount = 0 NewUser.LastLogin = datetime.datetime.now() NewUser.IsAdmin = False NewUser.IconID = 0 # Commit to DB Session.add(NewUser) Session.commit() # Special achivement earned by people who register now - alpha testers UserAddAchievement(NewUser.UserID, 0) # All done return ""