def retrieve_user_data(self): db = DBHandler() db.connect() query = "SELECT userid, email, signup_date, permissions FROM GetPermissions" cursor = db.executeQuery(query, ()) tupls = cursor.fetchall() return tupls
def getAllPosts(self): db = DBHandler() db.connect() query = "SELECT * FROM Posts ORDER BY date DESC;" cursor = db.executeQuery(query, ()) tupls = cursor.fetchall() return tupls
def getUserPosts(self, userid): db = DBHandler() db.connect() query = "SELECT * FROM Posts WHERE userid = %s ORDER BY date DESC;" cursor = db.executeQuery(query, userid) tupls = cursor.fetchall() return tupls
def delete_user(self, userid): db = DBHandler() db.connect() query = "DELETE FROM Users WHERE userid = %s;" db.executeUpdate(query, (str(userid))) db.disconnect() if(str(userid) == str(session['userid'])): return "deleted_logout" return "deleted"
def makePost(self, request): db = DBHandler() db.connect() title = request.args.get('title', 0, type=str) text = request.args.get('text', 0, type=str) query = "INSERT INTO Posts (userid, title, text) values (%s, %s, %s);" db.executeUpdate(query, (session['userid'], title, text)) db.disconnect() return "valid_post"
def update_admin(self, userid, isadmin): db = DBHandler() db.connect() query = "" isadmin = isadmin == "admin" if (isadmin): query = "DELETE FROM Permissions WHERE userid = %s and permission = 'admin';" else: query = "INSERT INTO Permissions (userid, permission) VALUES (%s, 'admin');" db.executeUpdate(query, (str(userid))) db.disconnect() return True
def check_permissions(self, permission_reqs, userid): db = DBHandler() db.connect() query = "SELECT userid, permission FROM Permissions WHERE userid = %s;" cursor = db.executeQuery(query, (str(userid))) tupls = cursor.fetchall() match = False for (userid, permission) in tupls: if permission in permission_reqs: match = True db.disconnect() return match
def login_js(self, request): formEmail = request.args.get('returnEmail', 0, type=str) formPassword = request.args.get('returnPassword', 0, type=str) password = "" db = DBHandler() db.connect() query = ( "SELECT userid, email, password, salt, signup_date FROM Users WHERE email = %s;" ) cursor = db.executeQuery(query, (formEmail)) tupl = cursor.fetchone() db.disconnect() if not (tupl == None): userid = tupl[0] email = tupl[1] password = tupl[2] salt = tupl[3] signupdate = tupl[4] formPassword = hashlib.sha256(formPassword + salt).hexdigest() if (password == formPassword): perms = CheckPermissions() isadmin = perms.check_permissions("admin", userid) user = User() user.create_user(userid, email, isadmin, signupdate) session['userid'] = user.get_userid() session['email'] = user.get_email() session['signupdate'] = user.get_signupdate() return True else: time.sleep(0.4) return False return False
def check(self, request): db = DBHandler() db.connect() email = request.args.get('returnEmail', 0, type=str) pw1 = request.args.get('returnPassword', 0, type=str) pw2 = request.args.get('confirmPassword', 0, type=str) query = ("SELECT email, password FROM Users " + \ "WHERE email = %s;") cursor = db.executeQuery(query, (email)) tupl = cursor.fetchone() if (tupl != None) and (tupl[0] == email): db.disconnect() return "email_registered" elif not pw1 == pw2: db.disconnect() return "pw_match" else: salt = hashlib.sha256(urandom(256)).hexdigest() pw = hashlib.sha256(pw1 + salt).hexdigest() query = "INSERT INTO Users (email, password, salt) values(%s, %s, %s);" db.resetUsersIncrement() db.executeUpdate(query, (email, pw, salt)) query = "SELECT userid, email, signup_date FROM Users WHERE email = %s;" cursor = db.executeQuery(query, (email)) tupl = cursor.fetchone() userid = tupl[0] email = tupl[1] signupdate = tupl[2] perms = CheckPermissions() isadmin = perms.check_permissions("admin", userid) user = User() user.create_user(userid, email, isadmin, signupdate) session['userid'] = user.get_userid() session['email'] = user.get_email() session['signupdate'] = user.get_signupdate() return "valid_register"
def update_email(self, request): db = DBHandler() db.connect() email1 = request.args.get('returnEmail', 0, type=str) email2 = request.args.get('returnConfEmail', 0, type=str) pw = request.args.get('returnPassword', 0, type=str) query = ("SELECT password, salt FROM Users " + \ "WHERE email = %s;") cursor = db.executeQuery(query, session['email']) tupl = cursor.fetchone() pw_retr = tupl[0] salt = tupl[1] pw = hashlib.sha256(pw + salt).hexdigest() query = ("SELECT email FROM Users " + \ "WHERE email = %s;") cursor = db.executeQuery(query, email1) tupl = cursor.fetchone() if email1 != email2: db.disconnect() return "email_nomatch" elif pw != pw_retr: db.disconnect() return "password_fail" elif tupl != None: db.disconnect() return "email_used" else: query = "UPDATE Users SET email=%s WHERE email=%s;" db.executeUpdate(query, (email1, session['email'])) session['email'] = email1 db.disconnect() return "valid_update"
def update_password(self, request): db = DBHandler() db.connect() pw1 = request.args.get('pw1', 0, type=str) pw2 = request.args.get('pw2', 0, type=str) pwConf = request.args.get('returnPassword', 0, type=str) query = ("SELECT password, salt FROM Users " + \ "WHERE email = %s") cursor = db.executeQuery(query, (session['email'])) tupl = cursor.fetchone() pw_retr = tupl[0] salt = tupl[1] pwConf = hashlib.sha256(pwConf + salt).hexdigest() if pw1 != pw2: db.disconnect() return "password_nomatch" elif pwConf != pw_retr: db.disconnect() return "password_fail" else: query = "UPDATE Users SET password=%s WHERE email=%s;" db.executeUpdate(query, (hashlib.sha256(pw1 + salt).hexdigest(), session['email'])) db.disconnect() return "valid_update"