Exemple #1
0
  def post(self):

			self.session = True
			user = UserInfo()
			user.whoIs(self)

			if 'published' in self.request.arguments():
				logging.info('adding a sketch and the published field has been sent')

			preview = self.request.get('preview')
			submitted = self.request.get('submitted')
			published = ('published' in self.request.arguments())
			
			theKey = Sketch.generateKey()
			sketch = Sketch(key_name = theKey)
			sketch.sourceCode = self.request.get('text_input2').rstrip().lstrip()
			sketch.description = util.Sanitize(self.request.get('text_input'))
			
			# minimal protection against spammers, redirect to root if the program contains too many urls
			#logging.info('occurrences of http ' + str(sketch.sourceCode.count("http")))
			sketch_sourceCode_count_http = sketch.sourceCode.count("http://")
			sketch_sourceCode_count_url_http = sketch.sourceCode.count("[url=http://")
			sketch_description_count_http = sketch.description.count("http://")

			if sketch_sourceCode_count_http > 10:
				self.redirect("/")
				return
			if sketch_sourceCode_count_url_http > 0:
				self.redirect("/")
				return
			if sketch_description_count_http > 7:
				self.redirect("/")
				return
			if sketch_description_count_http + sketch_sourceCode_count_http > 12:
				self.redirect("/")
				return

			sketch_title = self.request.get('title_input')

			# now let's check in some other ways if the content is suspicious
			suspiciousContent = False
			sketch_title = self.request.get('title_input')
			sketch_tags_commas = self.request.get('tags')
			suspiciousContent = False
                        if is_suspicious(sketch_title,sketch_tags_commas):
                          suspiciousContent = True

			if any(util.doesItContainProfanity(text)\
                                for text in(sketch_title,
                                            sketch.sourceCode,
                                            sketch.description)
                               ):
				suspiciousContent = True
			
			gallerySketch = GallerySketch(key_name = theKey) # the gallery must be ordered by time, most recent first
			if user.user:
				#authorSketchesSketch = AuthorSketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey)
				#mySketchesSketch = MySketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey)
				user_id_in_fixed_digits = '-%023d' % (int(user.user_id))
				authorSketchesSketch = AuthorSketchesSketch(key_name = user_id_in_fixed_digits + theKey)
				mySketchesSketch = MySketchesSketch(key_name = user_id_in_fixed_digits + theKey)
				authorSketchesSketch.user_id_string = util.convDecToBase(string._long(user.user_id),62)
				mySketchesSketch.user_id_string = util.convDecToBase(string._long(user.user_id),62)
			else:
				authorSketchesSketch = AuthorSketchesSketch(key_name = '-%023d' % (0) + theKey)
				mySketchesSketch = MySketchesSketch(key_name = '-%023d' % (0) + theKey)
				authorSketchesSketch.user_id_string = "anonymous"
				mySketchesSketch.user_id_string = "anonymous"

			# propagate the "suspicious" flag in all the records that we are adding
			sketch.suspiciousContent = suspiciousContent
			gallerySketch.suspiciousContent = suspiciousContent
			authorSketchesSketch.suspiciousContent = suspiciousContent
			mySketchesSketch.suspiciousContent = suspiciousContent
			

			sketch.set_title(sketch_title)
			gallerySketch.title = sketch.title
			authorSketchesSketch.title = sketch.title
			mySketchesSketch.title = sketch.title
			
			if suspiciousContent == True:
				sketch.published = False
				authorSketchesSketch.published = False
				mySketchesSketch.published = False
			elif user.user:
				sketch.published = published
				authorSketchesSketch.published = published
				mySketchesSketch.published = published
			else:
				sketch.published = True
				authorSketchesSketch.published = True
				mySketchesSketch.published = True
			sketch.sourceCode = clean_sourcecode(sketch.sourceCode)
				
			#sketch.author_user = user.user
			sketch.author_email = user.email
			sketch.author_user_id = user.user_id
			if user.user:
				sketch.author_string_user_id = util.convDecToBase(string._long(user.user_id),62)
				sketch.author_nickname = user.nickname
			else:
				sketch.author_string_user_id = "anonymous"
				sketch.author_nickname = "anonymous"



			if user.user:
				gallerySketch.author_nickname = user.nickname
			else:
				gallerySketch.author_nickname = "anonymous"
			
			sketch.tags_commas = self.request.get('tags')
			gallerySketch.tags_commas = self.request.get('tags')
			authorSketchesSketch.tags_commas = self.request.get('tags')
			mySketchesSketch.tags_commas = self.request.get('tags')


			template_values = {
			  'sketch': sketch,
			  'published': sketch.published,
			  'preview': preview,
			  'submitted': submitted,
			  'action': "addBlog",
			  'tags': self.request.get('tags'),
			  }

			sketch.set_randomID()

			sketch.parentSketchRandomID = self.request.get('parentSketchRandomID')
			
			if sketch.parentSketchRandomID is None:
				sketch.parentSketchRandomID = ''
				
			if sketch.parentSketchRandomID == '':
				sketch.oldestParentSketchRandomID = sketch.randomID;
			else:
				sketch.oldestParentSketchRandomID = self.request.get('oldestParentSketchRandomID')			
			sketch.set_parents(self.request.get('parent_idList'),self.request.get('parent_nicknamesList'))


			gallerySketch.randomID = sketch.randomID
			authorSketchesSketch.randomID = sketch.randomID
			mySketchesSketch.randomID = sketch.randomID

			sketch.save()
			
			# if this is an anonymous user adding a sketch, we have forced this flag to True
			if sketch.published:
				authorSketchesSketch.save()
				gallerySketch.save()

			mySketchesSketch.save()
			
			
			
			## now, finally, this uploads the thumbnail
			thumbnailData = self.request.get('thumbnailData')
			#logging.info('add blog, thumbnail data: ' + thumbnailData)
			if thumbnailData != "":
				logging.info('add blog, thumbnail data not empty - adding/overwriting thumbnail')
				thumbnailUploaderObject = thumbnailUploaderClass()
				thumbnailUploaderObject.doTheUpload(sketch.randomID,thumbnailData)
			else:
				logging.info('add blog, no thumbnail data')



			if user.user and suspiciousContent and ('published' in self.request.arguments()):
				self.redirect("/sketchNotMadePublicNotice.html?sketchID="+sketch.randomID)
			else:
				self.redirect(sketch.full_permalink())
Exemple #2
0
    def get(self):

        if not authorized.checkIfUserIsInWhiteList():
            self.redirect(authorized.getLoginPage())

        self.session = True

        self.response.out.write(
            '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
        )
        self.response.out.write(
            '<html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml">'
        )
        self.response.out.write('<head>')
        self.response.out.write('<title>Change identity</title>')
        self.response.out.write('</head>')

        self.response.out.write('<script type="text/javascript">')
        self.response.out.write('function deleteCookie(name){')
        self.response.out.write('document.cookie = name +')
        self.response.out.write(
            '\'=; expires=Thu, 01-Jan-70 00:00:01 GMT;path=/\';')
        self.response.out.write('} ')

        self.response.out.write('function deleteClientSideUserInfoCookies(){')
        self.response.out.write('	alert(\'clearing live cookies\');')
        self.response.out.write('	deleteCookie(\'user.user_id\');')
        self.response.out.write(
            '	deleteCookie(\'user.is_current_user_admin\');')
        self.response.out.write('	deleteCookie(\'user.user\');')
        self.response.out.write('	deleteCookie(\'user.nickname\');')
        self.response.out.write('	deleteCookie(\'firstLogin\');')
        self.response.out.write('} ')

        self.response.out.write('</script>')

        self.response.out.write('<body>')
        self.response.out.write('<b>Real identity</b>')

        user = users.get_current_user()
        self.response.out.write('<br>Your real user_id: ' + user.user_id())
        self.response.out.write('<br>Your real email: ' + user.email())
        self.response.out.write('<br>Your real nickname: ' + user.nickname())
        self.response.out.write('<br>Your real is_current_user_admin: ' +
                                str(users.is_current_user_admin()))
        '''       
        self.response.out.write('<hr>')
        self.response.out.write('<b>Last user info update</b>')

        self.response.out.write('<br>You posted this user_id: ' + self.request.get('user_id'))
        self.response.out.write('<br>You posted this email: ' + self.request.get('email'))
        self.response.out.write('<br>You posted this nickname: ' + self.request.get('nickname'))
        self.response.out.write('<br>You posted this is_current_user_admin: ' + self.request.get('is_current_user_admin'))
        '''

        #self.response.out.write('<hr>')
        #self.response.out.write('<b>Info on session update</b>')
        '''
        # first, if any parameters are sent, we create the session, or we catch the previous one
        if self.request.get('is_current_user_admin') != "" or self.request.get('user_id') != "" or self.request.get('email') != "" or self.request.get('nickname') != "":
        	if sess.is_new():
                        #self.response.out.write('<br>New session - setting counter to 0.<br>')
                        sess['myCounter']=0
        	else:
                        #self.response.out.write('<br>Modifying the current session<br>')
                        sess['myCounter']+=1
                        self.response.out.write('<br>Session counter is ' + str(sess['myCounter']) + '<br>')
        '''
        # second, if anything changed, we modify the session
        if self.request.get('user') != "":
            #self.response.out.write('user not empy - setting it in session <br>')
            self.session['user'] = self.request.get('user')
        if self.request.get('user_id') != "":
            #self.response.out.write('user_id not empy - setting it in session <br>')
            self.session['user_id'] = self.request.get('user_id')

        if self.request.get('email') != "":
            #self.response.out.write('email not empy - setting it in session <br>')
            self.session['email'] = self.request.get('email')

        if self.request.get('nickname') != "":
            #self.response.out.write('nickname not empy - setting it in session <br>')
            self.session['nickname'] = self.request.get('nickname')

        if self.request.get('is_current_user_admin') != "":
            #self.response.out.write('is_current_user_admin not empy - setting it in session <br>')
            self.session['is_current_user_admin'] = self.request.get(
                'is_current_user_admin')

        if self.request.get('clear') != "":
            self.session.delete()
            self.session = None
            logging.info('invalidated the session')
        '''
        self.response.out.write('<hr>')
        self.response.out.write('<b>Session info</b>')

        if not self.session:
        	self.response.out.write('<br><br>no session')
        else:
        	try:
        		self.response.out.write('<br>user in session: ' + self.session['user'] )
        	except KeyError:
        		self.response.out.write('<br>No user in session ')
        	try:
        		self.response.out.write('<br>user_id in session: ' + self.session['user_id'] )
        	except KeyError:
        		self.response.out.write('<br>No user_id in session ')
        	try:
        		self.response.out.write('<br>email in session: ' + self.session['email'] )
        	except KeyError:
        		self.response.out.write('<br>No email in session ')
        	try:
        		self.response.out.write('<br>nickname in session: ' + self.session['nickname'] )
        	except KeyError:
        		self.response.out.write('<br>No nickname in session ')
        	try:
        		self.response.out.write('<br>is_current_user_admin in session: ' + str(self.session['is_current_user_admin'] == 'True') )
        	except KeyError:
        		self.response.out.write('<br>No is_current_user_admin in session ')

        '''

        self.response.out.write('<hr>')
        self.response.out.write('<b>Cover Identity</b>')
        user2 = UserInfo()
        user2.whoIs(self)
        self.response.out.write('<br>Your UserInfo user (as string): ' +
                                str(user2.user))
        self.response.out.write('<br>Your UserInfo user_id: ' +
                                str(user2.user_id))
        self.response.out.write('<br>Your UserInfo email: ' + str(user2.email))
        self.response.out.write('<br>Your UserInfo nickname: ' +
                                str(user2.nickname))
        self.response.out.write('<br>Your UserInfo is_current_user_admin: ' +
                                str(user2.is_current_user_admin))

        impersonatedUser = users.User(str(user2.email))
        if impersonatedUser is not None:
            key = UserTrick(user=impersonatedUser).put()
            obj = UserTrick.get(key)
            self.response.out.write('<hr>')
            self.response.out.write(
                '<b>Full identity of user with this email</b>')
            self.response.out.write('<br>Your real user_id: ' +
                                    str(obj.user.user_id()))
            self.response.out.write('<br>Your real email: ' + obj.user.email())
            self.response.out.write('<br>Your real nickname: ' +
                                    obj.user.nickname())

        self.response.out.write('<hr>')
        self.response.out.write(
            '<b>Overwrite any part of your identity (blanks will stay the same)</b>'
        )
        self.response.out.write(
            '<br><br><form name="input" action="." method="get">')
        self.response.out.write('user:<input type="user" name="user" />')
        self.response.out.write(
            'user_id:<input type="user_id" name="user_id" />')
        self.response.out.write('email:<input type="email" name="email" />')
        self.response.out.write(
            'nickname:<input type="nickname" name="nickname" />')
        self.response.out.write(
            'is_current_user_admin:<input type="is_current_user_admin" name="is_current_user_admin" />'
        )
        self.response.out.write(
            '<input type="submit" value="Submit" onClick="deleteClientSideUserInfoCookies();"/>'
        )
        self.response.out.write('</form>')

        self.response.out.write('<hr>')

        self.response.out.write(
            '<br><a href="/admin/userid/">Refresh page</a> ')
        self.response.out.write(
            '<br><a href="/admin/userid/?clear=y" onClick="deleteClientSideUserInfoCookies();">Return to original identity</a> '
        )
        self.response.out.write(
            '<br><a href="/admin/userid/?user=None&user_id=None&email=None&nickname=None&is_current_user_admin=None" onClick="deleteClientSideUserInfoCookies();">Make anonymous (all None)</a> '
        )
        self.response.out.write(
            '<br><a href="#" onClick="deleteClientSideUserInfoCookies();">clean the "live" cookies</a> (these are used in the live environment so that the client can render the effects of the permissions on its own so that we can keep one and only page in the cache, not one for each user!)'
        )
        self.response.out.write(
            '<br><br><a href="/index.html">Back to home page</a> ')

        # for formatting, see http://www.network-theory.co.uk/docs/pytut/FancierOutputFormatting.html
        # for python date and time operations see http://docs.python.org/library/datetime.html
        # for controlling keys in GAE datastore see: http://code.google.com/appengine/docs/python/datastore/keysandentitygroups.html
        self.response.out.write('<hr>')
        self.response.out.write(
            '<b>Tests with date and time objects to create the sketch key</b><br>'
        )
        d = datetime.date(2028, 7,
                          3)  # third of July 2028. I would be 50 on that day
        t = datetime.time(12, 30)
        refdate = datetime.datetime.combine(d, t)

        difference = refdate - datetime.datetime.now()

        self.response.out.write(
            '<br>difference between now and 3rd July 2028: ' + str(difference))
        self.response.out.write('<br>i.e. ' + str(difference.days) +
                                ' days and ' + str(difference.seconds) +
                                ' seconds and ' +
                                str(difference.microseconds) + ' microseconds')
        self.response.out.write(
            '<br>compactly and with a random number: %04d %05d %06d %05d' %
            (difference.days, difference.seconds, difference.microseconds,
             random.random() * 100000))
        self.response.out.write(
            '<br>key I will use: %04d%05d%06d%05d' %
            (difference.days, difference.seconds, difference.microseconds,
             random.random() * 100000))

        self.response.out.write('<hr>')
        self.response.out.write(
            '<b>Tests with stringification of userID</b><br>')
        if user2.user_id is None:
            self.response.out.write(
                '<br>your are marked to be anonymous, so this doesnt apply to you'
            )
        else:
            self.response.out.write('<br>your userid: ' + user2.user_id)
            self.response.out.write(
                '<br>converted to base 62: ' +
                util.convDecToBase(string._long(user2.user_id), 62))
            self.response.out.write('<br>back to base 10: ' + str(
                util.toBase10(
                    util.convDecToBase(string._long(user2.user_id), 62), 62)))

        self.response.out.write('</body>')
        self.response.out.write('</html>')
Exemple #3
0
    def whoIs(self, requester):

        logging.info('whois function started')
        if requester != None:
            logging.info('requester is not none')
            c = Cookie.SimpleCookie(requester.request.headers.get('Cookie'))
            logging.info('got the cookie')
            """
        			if "groupLoginCode" in c.keys():
        				logging.info('groupLoginCode is one of the cookies and it is: ' + c["groupLoginCode"].value)
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890154"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group1"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890155"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group2"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890156"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group3"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890157"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group4"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890158"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group5"
        					self.is_current_user_admin = None
        					return
        			"""

        # in this case, we give the user session plain and simple
        self.user = users.get_current_user()

        if self.user: self.user_id = self.user.user_id()
        else: self.user_id = None

        if self.user:
            self.string_user_id = str(
                util.convDecToBase(string._long(self.user_id), 62))
        else:
            self.string_user_id

        if self.user: self.email = self.user.email()
        else: self.email = None

        if self.user:
            self.nickname = (self.user.nickname().partition("@"))[0].replace(
                ".", "_")
        else:
            self.nickname = None

        if self.user:
            self.is_current_user_admin = users.is_current_user_admin()
        else:
            self.is_current_user_admin = None

        if self.user: self.user = users.get_current_user()
        else: self.user = None

        return
Exemple #4
0
    def post(self):

        self.session = True
        user = UserInfo()
        user.whoIs(self)

        if 'published' in self.request.arguments():
            logging.info(
                'adding a sketch and the published field has been sent')

        preview = self.request.get('preview')
        submitted = self.request.get('submitted')
        published = ('published' in self.request.arguments())

        theKey = Sketch.generateKey()
        sketch = Sketch(key_name=theKey)
        sketch.sourceCode = self.request.get('text_input2').rstrip().lstrip()
        sketch.description = util.Sanitize(self.request.get('text_input'))

        # minimal protection against spammers, redirect to root if the program contains too many urls
        #logging.info('occurrences of http ' + str(sketch.sourceCode.count("http")))
        sketch_sourceCode_count_http = sketch.sourceCode.count("http://")
        sketch_sourceCode_count_url_http = sketch.sourceCode.count(
            "[url=http://")
        sketch_description_count_http = sketch.description.count("http://")

        if sketch_sourceCode_count_http > 10:
            self.redirect("/")
            return
        if sketch_sourceCode_count_url_http > 0:
            self.redirect("/")
            return
        if sketch_description_count_http > 7:
            self.redirect("/")
            return
        if sketch_description_count_http + sketch_sourceCode_count_http > 12:
            self.redirect("/")
            return

        sketch_title = self.request.get('title_input')

        # now let's check in some other ways if the content is suspicious
        suspiciousContent = False
        sketch_title = self.request.get('title_input')
        sketch_tags_commas = self.request.get('tags')
        suspiciousContent = False
        if is_suspicious(sketch_title, sketch_tags_commas):
            suspiciousContent = True

        if any(util.doesItContainProfanity(text)\
                                     for text in(sketch_title,
                                                 sketch.sourceCode,
                                                 sketch.description)
                                    ):
            suspiciousContent = True

        gallerySketch = GallerySketch(
            key_name=theKey
        )  # the gallery must be ordered by time, most recent first
        if user.user:
            #authorSketchesSketch = AuthorSketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey)
            #mySketchesSketch = MySketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey)
            user_id_in_fixed_digits = '-%023d' % (int(user.user_id))
            authorSketchesSketch = AuthorSketchesSketch(
                key_name=user_id_in_fixed_digits + theKey)
            mySketchesSketch = MySketchesSketch(
                key_name=user_id_in_fixed_digits + theKey)
            authorSketchesSketch.user_id_string = util.convDecToBase(
                string._long(user.user_id), 62)
            mySketchesSketch.user_id_string = util.convDecToBase(
                string._long(user.user_id), 62)
        else:
            authorSketchesSketch = AuthorSketchesSketch(key_name='-%023d' %
                                                        (0) + theKey)
            mySketchesSketch = MySketchesSketch(key_name='-%023d' % (0) +
                                                theKey)
            authorSketchesSketch.user_id_string = "anonymous"
            mySketchesSketch.user_id_string = "anonymous"

        # propagate the "suspicious" flag in all the records that we are adding
        sketch.suspiciousContent = suspiciousContent
        gallerySketch.suspiciousContent = suspiciousContent
        authorSketchesSketch.suspiciousContent = suspiciousContent
        mySketchesSketch.suspiciousContent = suspiciousContent

        sketch.set_title(sketch_title)
        gallerySketch.title = sketch.title
        authorSketchesSketch.title = sketch.title
        mySketchesSketch.title = sketch.title

        if suspiciousContent == True:
            sketch.published = False
            authorSketchesSketch.published = False
            mySketchesSketch.published = False
        elif user.user:
            sketch.published = published
            authorSketchesSketch.published = published
            mySketchesSketch.published = published
        else:
            sketch.published = True
            authorSketchesSketch.published = True
            mySketchesSketch.published = True
        sketch.sourceCode = clean_sourcecode(sketch.sourceCode)

        #sketch.author_user = user.user
        sketch.author_email = user.email
        sketch.author_user_id = user.user_id
        if user.user:
            sketch.author_string_user_id = util.convDecToBase(
                string._long(user.user_id), 62)
            sketch.author_nickname = user.nickname
        else:
            sketch.author_string_user_id = "anonymous"
            sketch.author_nickname = "anonymous"

        if user.user:
            gallerySketch.author_nickname = user.nickname
        else:
            gallerySketch.author_nickname = "anonymous"

        sketch.tags_commas = self.request.get('tags')
        gallerySketch.tags_commas = self.request.get('tags')
        authorSketchesSketch.tags_commas = self.request.get('tags')
        mySketchesSketch.tags_commas = self.request.get('tags')

        template_values = {
            'sketch': sketch,
            'published': sketch.published,
            'preview': preview,
            'submitted': submitted,
            'action': "addBlog",
            'tags': self.request.get('tags'),
        }

        sketch.set_randomID()

        sketch.parentSketchRandomID = self.request.get('parentSketchRandomID')

        if sketch.parentSketchRandomID is None:
            sketch.parentSketchRandomID = ''

        if sketch.parentSketchRandomID == '':
            sketch.oldestParentSketchRandomID = sketch.randomID
        else:
            sketch.oldestParentSketchRandomID = self.request.get(
                'oldestParentSketchRandomID')
        sketch.set_parents(self.request.get('parent_idList'),
                           self.request.get('parent_nicknamesList'))

        gallerySketch.randomID = sketch.randomID
        authorSketchesSketch.randomID = sketch.randomID
        mySketchesSketch.randomID = sketch.randomID

        sketch.save()

        # if this is an anonymous user adding a sketch, we have forced this flag to True
        if sketch.published:
            authorSketchesSketch.save()
            gallerySketch.save()

        mySketchesSketch.save()

        ## now, finally, this uploads the thumbnail
        thumbnailData = self.request.get('thumbnailData')
        #logging.info('add blog, thumbnail data: ' + thumbnailData)
        if thumbnailData != "":
            logging.info(
                'add blog, thumbnail data not empty - adding/overwriting thumbnail'
            )
            thumbnailUploaderObject = thumbnailUploaderClass()
            thumbnailUploaderObject.doTheUpload(sketch.randomID, thumbnailData)
        else:
            logging.info('add blog, no thumbnail data')

        if user.user and suspiciousContent and ('published'
                                                in self.request.arguments()):
            self.redirect("/sketchNotMadePublicNotice.html?sketchID=" +
                          sketch.randomID)
        else:
            self.redirect(sketch.full_permalink())
Exemple #5
0
  def get(self):

        if not authorized.checkIfUserIsInWhiteList():
        	self.redirect(authorized.getLoginPage())

        self.session = True
        
        self.response.out.write('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">')
        self.response.out.write('<html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml">')
        self.response.out.write('<head>')
        self.response.out.write('<title>Change identity</title>')
        self.response.out.write('</head>')

        self.response.out.write('<script type="text/javascript">')
        self.response.out.write('function deleteCookie(name){')
        self.response.out.write('document.cookie = name +')
        self.response.out.write('\'=; expires=Thu, 01-Jan-70 00:00:01 GMT;path=/\';')
        self.response.out.write('} ')

        self.response.out.write('function deleteClientSideUserInfoCookies(){')
        self.response.out.write('	alert(\'clearing live cookies\');')
        self.response.out.write('	deleteCookie(\'user.user_id\');')
        self.response.out.write('	deleteCookie(\'user.is_current_user_admin\');')
        self.response.out.write('	deleteCookie(\'user.user\');')
        self.response.out.write('	deleteCookie(\'user.nickname\');')
        self.response.out.write('	deleteCookie(\'firstLogin\');')
        self.response.out.write('} ')

        self.response.out.write('</script>')


        self.response.out.write('<body>')
        self.response.out.write('<b>Real identity</b>')

        user = users.get_current_user()
        self.response.out.write('<br>Your real user_id: ' + user.user_id())
        self.response.out.write('<br>Your real email: ' + user.email())
        self.response.out.write('<br>Your real nickname: ' + user.nickname())
        self.response.out.write('<br>Your real is_current_user_admin: ' + str(users.is_current_user_admin()))

        '''       
        self.response.out.write('<hr>')
        self.response.out.write('<b>Last user info update</b>')

        self.response.out.write('<br>You posted this user_id: ' + self.request.get('user_id'))
        self.response.out.write('<br>You posted this email: ' + self.request.get('email'))
        self.response.out.write('<br>You posted this nickname: ' + self.request.get('nickname'))
        self.response.out.write('<br>You posted this is_current_user_admin: ' + self.request.get('is_current_user_admin'))
        '''

        #self.response.out.write('<hr>')
        #self.response.out.write('<b>Info on session update</b>')
        '''
        # first, if any parameters are sent, we create the session, or we catch the previous one
        if self.request.get('is_current_user_admin') != "" or self.request.get('user_id') != "" or self.request.get('email') != "" or self.request.get('nickname') != "":
        	if sess.is_new():
                        #self.response.out.write('<br>New session - setting counter to 0.<br>')
                        sess['myCounter']=0
        	else:
                        #self.response.out.write('<br>Modifying the current session<br>')
                        sess['myCounter']+=1
                        self.response.out.write('<br>Session counter is ' + str(sess['myCounter']) + '<br>')
        '''
        # second, if anything changed, we modify the session
        if self.request.get('user') != "":
        	#self.response.out.write('user not empy - setting it in session <br>')
        	self.session['user'] = self.request.get('user')
        if self.request.get('user_id') != "":
        	#self.response.out.write('user_id not empy - setting it in session <br>')
        	self.session['user_id'] = self.request.get('user_id')

        if self.request.get('email') != "":
        	#self.response.out.write('email not empy - setting it in session <br>')
        	self.session['email'] = self.request.get('email')

        if self.request.get('nickname') != "":
        	#self.response.out.write('nickname not empy - setting it in session <br>')
        	self.session['nickname'] = self.request.get('nickname')

        if self.request.get('is_current_user_admin') != "":
        	#self.response.out.write('is_current_user_admin not empy - setting it in session <br>')
        	self.session['is_current_user_admin'] = self.request.get('is_current_user_admin')

        if self.request.get('clear') != "" :
        	self.session.delete()
        	self.session = None
        	logging.info('invalidated the session')

        '''
        self.response.out.write('<hr>')
        self.response.out.write('<b>Session info</b>')

        if not self.session:
        	self.response.out.write('<br><br>no session')
        else:
        	try:
        		self.response.out.write('<br>user in session: ' + self.session['user'] )
        	except KeyError:
        		self.response.out.write('<br>No user in session ')
        	try:
        		self.response.out.write('<br>user_id in session: ' + self.session['user_id'] )
        	except KeyError:
        		self.response.out.write('<br>No user_id in session ')
        	try:
        		self.response.out.write('<br>email in session: ' + self.session['email'] )
        	except KeyError:
        		self.response.out.write('<br>No email in session ')
        	try:
        		self.response.out.write('<br>nickname in session: ' + self.session['nickname'] )
        	except KeyError:
        		self.response.out.write('<br>No nickname in session ')
        	try:
        		self.response.out.write('<br>is_current_user_admin in session: ' + str(self.session['is_current_user_admin'] == 'True') )
        	except KeyError:
        		self.response.out.write('<br>No is_current_user_admin in session ')

        '''
        
        self.response.out.write('<hr>')
        self.response.out.write('<b>Cover Identity</b>')
        user2 = UserInfo()
        user2.whoIs(self)
        self.response.out.write('<br>Your UserInfo user (as string): ' + str(user2.user))
        self.response.out.write('<br>Your UserInfo user_id: ' + str(user2.user_id))
        self.response.out.write('<br>Your UserInfo email: ' + str(user2.email))
        self.response.out.write('<br>Your UserInfo nickname: ' + str(user2.nickname))
        self.response.out.write('<br>Your UserInfo is_current_user_admin: ' + str(user2.is_current_user_admin))

        impersonatedUser = users.User(str(user2.email))
        if impersonatedUser is not None:
        	key = UserTrick(user=impersonatedUser).put()
        	obj = UserTrick.get(key)
        	self.response.out.write('<hr>')
        	self.response.out.write('<b>Full identity of user with this email</b>')
        	self.response.out.write('<br>Your real user_id: ' + str(obj.user.user_id()))
        	self.response.out.write('<br>Your real email: ' + obj.user.email())
        	self.response.out.write('<br>Your real nickname: ' + obj.user.nickname())
        

        self.response.out.write('<hr>')
        self.response.out.write('<b>Overwrite any part of your identity (blanks will stay the same)</b>')
        self.response.out.write('<br><br><form name="input" action="." method="get">')
        self.response.out.write('user:<input type="user" name="user" />')
        self.response.out.write('user_id:<input type="user_id" name="user_id" />')
        self.response.out.write('email:<input type="email" name="email" />')
        self.response.out.write('nickname:<input type="nickname" name="nickname" />')
        self.response.out.write('is_current_user_admin:<input type="is_current_user_admin" name="is_current_user_admin" />')
        self.response.out.write('<input type="submit" value="Submit" onClick="deleteClientSideUserInfoCookies();"/>')
        self.response.out.write('</form>')
        
        self.response.out.write('<hr>')
                
        self.response.out.write('<br><a href="/admin/userid/">Refresh page</a> ')
        self.response.out.write('<br><a href="/admin/userid/?clear=y" onClick="deleteClientSideUserInfoCookies();">Return to original identity</a> ')
        self.response.out.write('<br><a href="/admin/userid/?user=None&user_id=None&email=None&nickname=None&is_current_user_admin=None" onClick="deleteClientSideUserInfoCookies();">Make anonymous (all None)</a> ')
        self.response.out.write('<br><a href="#" onClick="deleteClientSideUserInfoCookies();">clean the "live" cookies</a> (these are used in the live environment so that the client can render the effects of the permissions on its own so that we can keep one and only page in the cache, not one for each user!)')
        self.response.out.write('<br><br><a href="/index.html">Back to home page</a> ')

        # for formatting, see http://www.network-theory.co.uk/docs/pytut/FancierOutputFormatting.html
        # for python date and time operations see http://docs.python.org/library/datetime.html
        # for controlling keys in GAE datastore see: http://code.google.com/appengine/docs/python/datastore/keysandentitygroups.html
        self.response.out.write('<hr>')
        self.response.out.write('<b>Tests with date and time objects to create the sketch key</b><br>')
        d = datetime.date(2028, 7, 3) # third of July 2028. I would be 50 on that day 
        t = datetime.time(12, 30)
        refdate = datetime.datetime.combine(d, t)


        difference =  refdate - datetime.datetime.now() 
                
        self.response.out.write('<br>difference between now and 3rd July 2028: ' + str(difference))
        self.response.out.write('<br>i.e. ' + str(difference.days) + ' days and ' + str(difference.seconds) + ' seconds and ' + str(difference.microseconds) + ' microseconds')
        self.response.out.write('<br>compactly and with a random number: %04d %05d %06d %05d' % (difference.days, difference.seconds, difference.microseconds, random.random()*100000) )
        self.response.out.write('<br>key I will use: %04d%05d%06d%05d' % (difference.days, difference.seconds, difference.microseconds, random.random()*100000) )

        self.response.out.write('<hr>')
        self.response.out.write('<b>Tests with stringification of userID</b><br>')
        if user2.user_id is None:
        	self.response.out.write('<br>your are marked to be anonymous, so this doesnt apply to you')
        else:
        	self.response.out.write('<br>your userid: ' + user2.user_id)
        	self.response.out.write('<br>converted to base 62: ' + util.convDecToBase(string._long(user2.user_id),62))
        	self.response.out.write('<br>back to base 10: ' + str(util.toBase10(util.convDecToBase(string._long(user2.user_id),62), 62)))

        self.response.out.write('</body>')
        self.response.out.write('</html>')
Exemple #6
0
  def whoIs(self,requester):
        		
        		logging.info('whois function started')
        		if requester != None:
        			logging.info('requester is not none')
        			c = Cookie.SimpleCookie(requester.request.headers.get('Cookie'))
        			logging.info('got the cookie')
        			
        			"""
        			if "groupLoginCode" in c.keys():
        				logging.info('groupLoginCode is one of the cookies and it is: ' + c["groupLoginCode"].value)
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890154"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group1"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890155"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group2"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890156"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group3"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890157"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group4"
        					self.is_current_user_admin = None
        					return
        				if c["groupLoginCode"].value == "xxxx":
        					logging.info('...and it is True')
        					self.user = users.User("*****@*****.**")
        					self.user_id = "12345678901234567890158"
        					self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        					self.email = "*****@*****.**"
        					self.nickname = "RaveJuly2011Group5"
        					self.is_current_user_admin = None
        					return
        			"""

        		
        		
        		
        		# in this case, we give the user session plain and simple
        		self.user = users.get_current_user()
        		
        		if self.user: self.user_id = self.user.user_id()
        		else: self.user_id = None
        		
        		if self.user: self.string_user_id = str(util.convDecToBase(string._long(self.user_id),62))
        		else: self.string_user_id
        		
        		if self.user: self.email = self.user.email()
        		else: self.email = None
        		
        		if self.user: self.nickname = (self.user.nickname().partition("@"))[0].replace(".","_")
        		else: self.nickname = None
        		
        		if self.user: self.is_current_user_admin = users.is_current_user_admin()
        		else: self.is_current_user_admin = None
        		
        		if self.user: self.user = users.get_current_user()
        		else: self.user = None
        		
        		return