def search_id(pif):
cid = get_casting_id(pif.form.get_str('id'))
mod = pif.dbh.fetch_casting(cid)
var_id = pif.form.get_str('var')
if mod:
if var_id:
raise useful.Redirect('/cgi-bin/vars.cgi?mod=%s&var=%s' %
(mod['id'], var_id))
else:
raise useful.Redirect('/cgi-bin/single.cgi?id=%s' % mod['id'])
mod = pif.dbh.fetch_castings_by_alias(cid)
if len(mod) == 1:
mod = mod[0]
if mod.get('alias.id'):
if var_id:
raise useful.Redirect('/cgi-bin/vars.cgi?mod=%s&var=%s' %
(mod['casting.id'], var_id))
else:
raise useful.Redirect('/cgi-bin/single.cgi?id=%s' %
mod['casting.id'])
if not mod:
mod1 = pif.dbh.fetch_casting_list(where="casting.id like '%%%s%%'" %
pif.form.get_str('id'))
mod2 = pif.dbh.fetch_aliases(where="alias.id like '%%%s%%'" %
pif.form.get_str('id'))
mod = filter(
lambda x: x.get('section.page_id', 'manno') in ['manls', 'manno'],
mod1 + mod2)
return [pif.dbh.modify_man_item(x) for x in mod]
def verify(pif, name, vkey):
userrec = pif.dbh.fetch_user(vkey=vkey, name=name)
if userrec:
userrec = userrec[0]
id = userrec['user.id']
pif.dbh.update_user(id, state=1)
useful.warn(
"Your account has been verified! Now please log in.<br><hr>")
raise useful.Redirect("/cgi-bin/login.cgi")
useful.warn(
"You have not verified your account. Please contact [email protected] for help."
)
raise useful.Redirect("/")
def login_main(pif):
if pif.form.has('user_id') and pif.form.has('p'):
user = pif.dbh.fetch_user(user_id=pif.form.get_str('user_id'), passwd=pif.form.get_str('p'))
if user:
pif.dbh.update_user_last_login(user.id)
pif.create_cookie(user)
if not user.flags & config.FLAG_USER_VERIFIED:
raise useful.Redirect('/cgi-bin/validate.cgi')
raise useful.Redirect(pif.form.get_str('dest', '/index.php'))
useful.warn("Login Failed!")
pif.render.print_html()
return pif.render.format_template('login.html', dest=pif.form.get_str('dest', '/index.php'),
register='signup.cgi?dest=' + pif.form.get_str('dest', '/index.php'),
forgot='recover.cgi')
def change_password_main(pif):
if not pif.form.get_str('n'):
pif.render.print_html()
return pif.render.format_template('chpass.html',
dest=pif.form.get_str('dest'))
if not pif.form.get_str(
'p1') or pif.form.get_str('p1') != pif.form.get_str('p2'):
pif.render.print_html()
return pif.render.format_template('chpass.html',
dest=pif.form.get_str('dest'))
id, privs = pif.dbh.login(pif.form.get_str('n'), pif.form.get_str('op'))
if id and pif.form.get_str('p1') == pif.form.get_str('p2', -1):
pif.dbh.update_user(id,
email=pif.form.get_str('em'),
passwd=pif.form.get_str('p1'))
expire = (15 * 12 * 60 * 60) if ('a' in privs) else (60 * 365 * 24 *
60 * 60)
pif.render.set_cookie(
pif.render.secure.make_cookie(id, privs, expires=expire))
raise useful.Redirect(pif.form.get_str('dest', '/index.php'))
cookie = pif.render.secure.clear_cookie(['id'])
pif.render.print_html()
return pif.render.format_template('chpass.html',
dest=pif.form.get_str('dest'))
def create(pif):
os.environ['PYTHON_EGG_CACHE'] = '/var/tmp'
n = pif.form.get_str('n')
p = pif.form.get_str('p')
p2 = pif.form.get_str('p2')
e = pif.form.get_str('e')
if not n or not p or p != p2 or not e:
pif.render.print_html()
return pif.render.format_template('signup.html',
dest=pif.form.get_str('dest'))
vkey = useful.generate_token(10)
id = pif.dbh.create_user(n, p, e, vkey)
if id:
gen_email(n, e, vkey)
expire = (15 * 12 * 60 * 60) if ('a' in privs) else (60 * 365 * 24 *
60 * 60)
pif.render.set_cookie(
pif.render.secure.make_cookie(id, '', expires=expire))
useful.warn(
"Your account has been created. Please check your email for the verification."
)
raise useful.Redirect("/cgi-bin/login.cgi")
pif.render.print_html()
return pif.render.format_template('signup.html',
dest=pif.form.get_str('dest'))
def recover_main(pif):
pif.render.print_html()
hide_vkey = recovering = False
user_id = None
if pif.form.has('user_id'):
if pif.form.has('vkey'):
user = pif.dbh.fetch_user(user_id=pif.form.get_alnum('user_id'), vkey=pif.form.get_alnum('vkey'))
if user:
if pif.form.has('p1') and pif.form.get_str('p1') == pif.form.get_str('p2'):
pif.dbh.update_password(user.id, pif.form.get_str('p2'))
pif.dbh.update_user(rec_id=user.id, flags=user.flags & ~config.FLAG_USER_PASSWORD_RECOVERY)
pif.render.set_cookie(pif.render.secure.clear_cookie(['id']))
useful.warn("Your password has been changed.")
raise useful.Redirect('/cgi-bin/login.cgi', delay=5)
else:
user_id = user.user_id
recovering = hide_vkey = True
else:
user = pif.dbh.fetch_user(email=pif.form.get_str('user_id'))
if not user:
user = pif.dbh.fetch_user(user_id=pif.form.get_alnum('user_id'))
if user:
pif.dbh.update_user(rec_id=user.id, flags=user.flags | config.FLAG_USER_PASSWORD_RECOVERY)
generate_recovery_email(pif, user)
recovering = True
user_id = user.user_id
return pif.render.format_template('recover.html', recovering=recovering, user_id=user_id, show_vkey=not hide_vkey)
def validate_main(pif):
pif.render.print_html()
if not pif.user_id:
raise useful.Redirect("/cgi-bin/login.cgi")
user = pif.user
if 'vkey' in pif.form:
if user and user.vkey == pif.form.get_str('vkey'):
rec_id = user.id
pif.dbh.verify_user(rec_id)
useful.warn("Your account has been verified!")
raise useful.Redirect("/", delay=5)
else:
useful.warn("That code is not correct. Please try again.")
if 'resend' in pif.form:
generate_signup_email(pif, pif.user)
useful.warn("The code has been resent.")
return pif.render.format_template('validate.html', user_id=pif.user.user_id, dest=pif.form.get_str('dest'))
def login_main(pif):
if pif.form.has('n'):
id, privs = pif.dbh.login(pif.form.get_str('n'), pif.form.get_str('p'))
if id:
expire = (15 * 12 * 60 * 60) if ('a' in privs) else (60 * 365 *
24 * 60 * 60)
pif.render.set_cookie(
pif.render.secure.make_cookie(id, privs, expires=expire))
raise useful.Redirect(pif.form.get_str('dest', '/index.php'))
useful.warn("Login Failed!")
pif.render.print_html()
return pif.render.format_template(
'login.html',
dest=pif.form.get_str('dest', '/index.php'),
register='signup.cgi?dest=' + pif.form.get_str('dest', '/index.php'))
def create(pif):
# os.environ['PYTHON_EGG_CACHE'] = '/var/tmp'
user_id = pif.form.get_str('user_id')
p1 = pif.form.get_str('p')
p2 = pif.form.get_str('p2')
email = pif.form.get_str('email')
if not user_id or (set(user_id) - set(string.ascii_letters + string.digits + '._')):
raise useful.SimpleError('That is not a legal user ID.')
if pif.dbh.fetch_user(user_id=user_id):
raise useful.SimpleError('That ID is already in use.')
if not email:
raise useful.SimpleError('Please specify an email address.')
if not p1 or p1 != p2:
raise useful.SimpleError('Please specify the same password in both password boxes.')
vkey = useful.generate_token(10)
rec_id = pif.dbh.create_user(passwd=p1, vkey=vkey, privs='b', **pif.form.form)
if rec_id:
user = pif.dbh.fetch_user(id=rec_id)
generate_signup_email(pif, user)
useful.warn("Your account has been created. Please check your email for the verification.")
raise useful.Redirect("/cgi-bin/validate.cgi")
return pif.render.format_template('signup.html', dest=pif.form.get_str('dest'))
def call_main(page_id, form_key='', defval='', args='', dbedit=None):
#useful.write_comment('PID', os.getpid())
pif = None
try:
import pifile
if isinstance(page_id, pifile.PageInfoFile):
pif = page_id
else:
pif = get_page_info(page_id, form_key, defval, args, dbedit)
if '/etc/passwd' in os.environ.get(
'QUERY_STRING', '') or '%2fetc%2fpasswd' in os.environ.get(
'QUERY_STRING', '').lower():
raise useful.Redirect('http://www.nsa.gov/')
except SystemExit:
pass
except useful.SimpleError as e:
simple_html(status=e.status)
print useful.render_template('error.html',
error=[e.value],
page={'tail': ''})
if pif:
pif.log.debug.error('SimpleError: ' + str(e) + ' - ' +
'''%s''' %
os.environ.get('REQUEST_URI', ''))
handle_exception(pif, True, False)
return
except MySQLdb.OperationalError:
simple_html()
print 'The database is currently down, and thus, this page is unable to be shown.<p>'
str_tb = write_traceback_file(pif)
handle_exception(pif, True)
return
except useful.Redirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html',
url=e.value,
delay=e.delay)
return
except:
handle_exception(pif)
return
try:
ret = main_fn(pif)
if not useful.is_header_done():
pif.render.print_html()
useful.write_comment()
if ret and not pif.unittest:
print ret
except SystemExit:
pass
except useful.SimpleError as e:
if not useful.is_header_done():
pif.render.print_html(status=e.status)
print pif.render.format_template('error.html', error=[e.value])
except useful.Redirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html',
url=e.value,
delay=e.delay)
except useful.DelayedRedirect as e:
if not useful.is_header_done():
pif.render.print_html()
print pif.render.format_template('forward.html',
url=e.value,
delay=e.delay)
except MySQLdb.OperationalError:
if not useful.is_header_done():
pif.render.print_html()
print 'The database is currently done, and thus, this page is unable to be shown.<p>'
str_tb = write_traceback_file(pif)
except:
handle_exception(pif)
raise
useful.header_done(True)
useful.write_comment()
def call_main(page_id, form_key='', defval='', args='', dbedit=None):
# useful.write_comment('PID', os.getpid(), 'GURU', config.GURU_ID)
status_code = 'unset'
pif = None
try:
pif = (page_id if isinstance(page_id, pifile.PageInfoFile) else
get_page_info(page_id, form_key, defval, args, dbedit))
except SystemExit:
pass
except pymysql.OperationalError as e:
status_code = 'db'
simple_html()
print(
'The database is currently down, and thus, this page is unable to be shown.<p>'
)
write_traceback_file(pif, e)
handle_exception(pif, e, True, status_code=status_code)
return
except Exception as e:
status_code = 'exc'
simple_html()
handle_exception(pif, e, status_code=status_code)
return
pif.start()
try:
if ('/etc/passwd' in os.environ.get('QUERY_STRING', '')
or '%2fetc%2fpasswd' in os.environ.get('QUERY_STRING',
'').lower()):
raise useful.Redirect('https://www.nsa.gov/')
ret = main_fn(pif)
if not useful.is_header_done():
pif.render.print_html()
if pif.render.is_html:
useful.write_comment("Page:", pif.page_id, 'Time:',
time.time() - pif.start_seconds)
if ret and not pif.unittest:
print(ret)
except SystemExit:
pass # the happiest exception on earth
status_code = 'exit'
except useful.SimpleError as e:
if not useful.is_header_done():
status_code = e.status
pif.render.print_html(status=e.status)
print(pif.render.format_template('error.html', error=[e.value]))
except useful.Redirect as e:
if not useful.is_header_done():
status_code = 302
pif.render.print_html(status=302)
print(
pif.render.format_template('forward.html',
url=e.value,
delay=e.delay))
except pymysql.OperationalError as e:
if not useful.is_header_done():
status_code = 500
pif.render.print_html(status=500)
print(
'The database is currently down, and thus, this page is unable to be shown.<p>'
)
write_traceback_file(pif, e)
except Exception as e:
status_code = 'exc'
handle_exception(pif, e, status_code=status_code)
raise
useful.header_done(True)
useful.write_comment()
log_page_call(pif, status_code=status_code)
def submit_comment(pif):
if pif.method == 'GET':
raise useful.Redirect('../pages/comment.php')
pif.render.print_html()
print(pif.render.format_head())
# useful.write_message(pif.form)
ostr = "I am sending this comment for you. "
mysubject = pif.form.get_str('mysubject')
mycomment = pif.form.get_str('mycomment')
myname = pif.form.get_str('myname')
myemail = pif.form.get_str('myemail')
credit = pif.form.get_str('credit')
fname = pif.form.get_str('pic.name')
fimage = pif.form.get_str('pic')
pif.form.delete('pic')
def comment_error(msg):
return "<dl><dt>ERROR</dt><dd>%s</dd></dl>" % msg
if myemail and '@' not in myemail:
return comment_error('Badly formatted email address. Try again.')
pif.form.change_key('page', 'page_id')
fn = "../../comments/comment." + datetime.datetime.now().strftime(
'%Y%m%d.%H%M%S')
if any([
x in y for x in ('http://', 'https://')
for y in (mysubject, mycomment, myemail)
]):
return comment_error(
"Whoa there. This isn't for submitting links. Please use the SUGGEST A LINK feature from the link list."
)
ostr += "<dl><dt>My Subject</dt><dd>" + mysubject + "</dd>\n"
ostr += "<dl><dt>My Comment</dt><dd>" + mycomment + "</dd>\n"
ostr += "<dt>My Name</dt><dd>" + myname + "</dd>\n"
ostr += "<dt>My Email</dt><dd>" + myemail + "</dd></dl>\n"
if fimage:
ostr += "<dt>Relevant File</dt><dd>" + fname + "<br>\n"
direc = config.INC_DIR
descriptions_file = config.LOG_ROOT + '/descr.log'
dest_filename = images.get_next_upload_filename()
dest_filename = useful.file_save(direc, dest_filename, fimage)
images.file_log(direc + '/' + dest_filename, direc)
cred = who = comment = '-'
if mycomment:
comment = squish_re.sub(' ', mycomment)
if credit:
cred = squish_re.sub(' ', credit)
if myname:
who = squish_re.sub(' ', myname)
open(descriptions_file, 'a+').write(
'\t'.join([dest_filename, '-', '-', '-', comment, cred, who]) +
'\n')
ostr = '<div class="warning">Thank you for submitting that file.</div><br>\n'
ostr += "</dd></dl>\n"
fh = open(fn, "wt")
fh.write("_POST\n\n" + pprint.pformat(pif.form, indent=2, width=132) +
"\n\n")
fh.write("REMOTE_ADDR=" + os.getenv('REMOTE_ADDR') + "\n")
ostr += "Thanks for sending that. Now please use the BACK button on your browser to return to where you were."
return ostr
def publication_list(pif, mtype):
sec = get_section_by_model_type(pif, mtype)
if not sec:
raise useful.SimpleError("That publication type was not found.")
if sec.id == 'ads':
raise useful.Redirect('ads.cgi?title=' + pif.form.get_str('title'))
sobj = pif.form.search('title')
pif.render.pic_dir = sec.page_info.pic_dir
pubs = pif.dbh.fetch_publications(model_type=mtype)
def pub_ent(pub):
ret = pub.todict()
ret.update(ret['base_id'])
if not useful.search_match(sobj, ret['rawname']):
return None
ret['name'] = '<a href="pub.cgi?id=%s">%s</a>' % (
ret['id'], ret['rawname'].replace(';', ' '))
ret['description'] = useful.printablize(ret['description'])
if (os.path.exists(
os.path.join(pif.render.pic_dir, ret['id'].lower() + '.jpg'))
or glob.glob(
os.path.join(pif.render.pic_dir,
'?_' + ret['id'].lower() + '_*.jpg'))
or glob.glob(
os.path.join(pif.render.pic_dir,
'?_' + ret['id'].lower() + '.jpg'))):
ret['picture'] = mbdata.comment_icon['c']
return ret
if 1:
entry = [pub_ent(pub) for pub in pubs]
hdrs = {
'description': 'Description',
'first_year': 'Year',
'country': 'Country',
'flags': 'Flags',
'model_type': 'Type',
'id': 'ID',
'name': 'Name',
'picture': ''
}
cols = ['picture', 'name', 'description', 'first_year', 'country']
lrange = dict(entry=[x for x in entry if x],
styles=dict(zip(cols, cols)))
lsection = dict(columns=cols,
headers=hdrs,
range=[lrange],
note='',
name=sec.name)
llistix = dict(section=[lsection])
return pif.render.format_template('simplelistix.html', llineup=llistix)
cols = 4
def pub_text_link(pub):
pic = pif.render.fmt_img(pub['id'], prefix='s')
name = pic + '<br>' + pub['name'] if pic else pub['name']
return {
'text': pif.render.format_link("makes.cgi?make=" + pub['id'], name)
}
ents = [pub_text_link(pub_ent(x)) for x in pubs]
llineup = {
'id':
'',
'name':
'',
'columns':
cols,
'header':
'',
'footer':
'',
'section': [{
'columns': cols,
'range': [{
'entry': ents,
'id': 'makelist'
}]
}]
}
pif.render.format_matrix_for_template(llineup)
return pif.render.format_template('simplematrix.html', llineup=llineup)
def restrict(self, priv): # pragma: no cover
if not self.is_allowed(priv):
raise useful.Redirect('/')
if priv and self.user and not (self.user.flags
& config.FLAG_USER_VERIFIED):
raise useful.Redirect('/cgi-bin/validate.cgi')
def logout_main(pif):
pif.render.set_cookie(pif.render.secure.clear_cookie(['id']))
raise useful.Redirect(pif.form.get_str('dest', '/'))
def restrict(self, priv): # pragma: no cover
if not self.is_allowed(priv):
raise useful.Redirect('/')
def logout_main(pif):
pif.dbh.delete_cookie(pif.user_id, ip=pif.remote_addr)
pif.render.set_cookie(pif.render.secure.clear_cookie(['id']))
raise useful.Redirect(pif.form.get_str('dest', '/'))
