def recover_attempt(request): global base_title global global_nav, user_nav title = base_title + "Recovery" global_navigation=global_nav() # If user is not logged on if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If valid data if request.GET["key"] == key and u_name: # return new password form the_user = u_name the_key = key response = render_to_response( 'auth/recoveryattempt.html', locals(), context_instance=RequestContext(request) ) else: error = "User does not exist." response = render_to_response( 'error.html', locals() ) # If user isn't online and is sending post data elif request.method == 'POST' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.POST["key"]) u_name = v.clean_usernameRE(request.POST["user"]) # If key/username is validated by regex if request.POST["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # Get database key and key time limit key_db = user_profile.recovery_key keylimit_db = user_profile.recovery_time # Current time time_now = now() # If the key hasn't expired and is correct if now() < keylimit_db and key_db == key: password = v.clean_password(request.POST["p1"]) recover_error = "" if not request.POST["p1"] == request.POST["p2"]: recover_error = "Passwords don't match." elif password == None: recover_error = "No password entered." elif password == -1: recover_error = "Passwords have to be at least 5 characters." # If there is an error if recover_error != '': # Set error variable for template error = recover_error response = render_to_response( 'error.html', locals() ) else: # No errors, change password user.set_password(password) user.save() # Expire recovery time. user_profile.recovery_time = now() user_profile.save() response = render_to_response( 'auth/recoverysuccess.html', locals() ) else: error = "Invalid key and/or username." response = render_to_response( 'error.html', locals() ) except User.DoesNotExist: error = "User doesn't exist." response = render_to_response( 'error.html', locals() ) else: error = "Invalid key and/or username." response = render_to_response( 'error.html', locals() ) else: # logged on, no recovery. return HttpResponseRedirect('/') return response
def recover_attempt(request): global base_title global global_nav, user_nav title = base_title + "Recovery" global_navigation = global_nav() # If user is not logged on if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If valid data if request.GET["key"] == key and u_name: # return new password form the_user = u_name the_key = key response = render_to_response( 'auth/recoveryattempt.html', locals(), context_instance=RequestContext(request)) else: error = "User does not exist." response = render_to_response('error.html', locals()) # If user isn't online and is sending post data elif request.method == 'POST' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.POST["key"]) u_name = v.clean_usernameRE(request.POST["user"]) # If key/username is validated by regex if request.POST["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # Get database key and key time limit key_db = user_profile.recovery_key keylimit_db = user_profile.recovery_time # Current time time_now = now() # If the key hasn't expired and is correct if now() < keylimit_db and key_db == key: password = v.clean_password(request.POST["p1"]) recover_error = "" if not request.POST["p1"] == request.POST["p2"]: recover_error = "Passwords don't match." elif password == None: recover_error = "No password entered." elif password == -1: recover_error = "Passwords have to be at least 5 characters." # If there is an error if recover_error != '': # Set error variable for template error = recover_error response = render_to_response('error.html', locals()) else: # No errors, change password user.set_password(password) user.save() # Expire recovery time. user_profile.recovery_time = now() user_profile.save() response = render_to_response( 'auth/recoverysuccess.html', locals()) else: error = "Invalid key and/or username." response = render_to_response('error.html', locals()) except User.DoesNotExist: error = "User doesn't exist." response = render_to_response('error.html', locals()) else: error = "Invalid key and/or username." response = render_to_response('error.html', locals()) else: # logged on, no recovery. return HttpResponseRedirect('/') return response
def register_user(request): global base_title global global_nav, user_nav title = base_title + "Register" global_navigation=global_nav() # If user is not logged on if not request.user.is_authenticated(): # Return user navigation for an anonymous session user_navigation = user_nav(False) # Set up captcha html. from settings import captcha_publickey, captcha_privatekey captcha_test = captcha.displayhtml(captcha_publickey) # If user has sent POST data (not logged in) if request.method == 'POST': registration_errors = [] # Error list ''' Check and validate data ''' # Is human? HumanTestResult = captcha.submit( request.POST["recaptcha_challenge_field"], request.POST["recaptcha_response_field"], captcha_privatekey, get_ip(request) ) # If not human: display errors if HumanTestResult.is_valid: # Matching passwords? password = v.clean_password(request.POST["passw"]) if not request.POST["passw"] == request.POST["repassw"]: registration_errors.append("Passwords don't match.") if password == None: registration_errors.append("No password entered.") elif password == -1: registration_errors.append("Passwords have to be at least 5 characters.") # Username related errors username = v.clean_username(request.POST["usern"]) if username == None: registration_errors.append("No username entered.") elif username == -2: registration_errors.append("This username isn't available.") elif username == -1: registration_errors.append("Username's can only be 30 characters.") elif username == False: registration_errors.append("Username wasn't just characters numbers ") # Email related errors email = v.clean_email(request.POST["email"]) if email == None: registration_errors.append("No email entered.") elif email == -2: registration_errors.append("This email already has an account.") elif email == -1: registration_errors.append("Emails can only be 245 characters.") elif email == False: registration_errors.append("Invalid email.") # Invalid CAPTCHA, display only that error giving no more information to the bot else: registration_errors.append("Invalid human verification code.") captcha_test = captcha.displayhtml( captcha_publickey, False, HumanTestResult.error_code ) # Connect to SMTP server connection = mail.get_connection() connection.open() # If no errors: create user. if len(registration_errors) == 0: new_user = User.objects.create_user( username, email, request.POST["repassw"] ) new_user.is_active = True new_user.save() # Create activation key and user profile activation_key = KeyGen() # Add 2 hours so a recovery key can be made instantly after # account creation. thetime = new_user.date_joined + datetime.timedelta(hours=2) profile = UserProfile( activate_key=activation_key, activated=False, recovery_time=thetime, user=new_user) profile.save() # User is created and saved. Send an activation link via email # Activation link message_activateurl = baseurl+"/activate/?key="+str(activation_key) message_activateurl = message_activateurl+"&user="******"/deactivate/?key="+str(activation_key) message_deactivateurl = message_deactivateurl+"&user="******"<$user>", str(new_user.username)) message = message.replace("<$activatelink>", message_activateurl) message = message.replace("<$disablelink>", message_deactivateurl) # Send email email = EmailMessage( "Account Activation", message, EMAIL_HOST_USER, [new_user.email] ) email.send() connection.close() # Return new account page accountname = new_user.username response = render_to_response( 'auth/newaccount.html', locals(), context_instance=RequestContext(request) ) else: # Return registration form with errors in registration_errors response = render_to_response( 'auth/registration.html', locals(), context_instance=RequestContext(request) ) # If user hasn't sent POST data (not logged on) else: response = render_to_response( 'auth/registration.html', locals(), context_instance=RequestContext(request) ) # User is logged on else: user_navigation = user_nav(request.user.username) error = "You cannot register while logged in." response = render_to_response( 'error.html', locals() ) return response
def register_user(request): global base_title global global_nav, user_nav title = base_title + "Register" global_navigation = global_nav() # If user is not logged on if not request.user.is_authenticated(): # Return user navigation for an anonymous session user_navigation = user_nav(False) # Set up captcha html. from settings import captcha_publickey, captcha_privatekey captcha_test = captcha.displayhtml(captcha_publickey) # If user has sent POST data (not logged in) if request.method == 'POST': registration_errors = [] # Error list ''' Check and validate data ''' # Is human? HumanTestResult = captcha.submit( request.POST["recaptcha_challenge_field"], request.POST["recaptcha_response_field"], captcha_privatekey, get_ip(request)) # If not human: display errors if HumanTestResult.is_valid: # Matching passwords? password = v.clean_password(request.POST["passw"]) if not request.POST["passw"] == request.POST["repassw"]: registration_errors.append("Passwords don't match.") if password == None: registration_errors.append("No password entered.") elif password == -1: registration_errors.append( "Passwords have to be at least 5 characters.") # Username related errors username = v.clean_username(request.POST["usern"]) if username == None: registration_errors.append("No username entered.") elif username == -2: registration_errors.append( "This username isn't available.") elif username == -1: registration_errors.append( "Username's can only be 30 characters.") elif username == False: registration_errors.append( "Username wasn't just characters numbers ") # Email related errors email = v.clean_email(request.POST["email"]) if email == None: registration_errors.append("No email entered.") elif email == -2: registration_errors.append( "This email already has an account.") elif email == -1: registration_errors.append( "Emails can only be 245 characters.") elif email == False: registration_errors.append("Invalid email.") # Invalid CAPTCHA, display only that error giving no more information to the bot else: registration_errors.append("Invalid human verification code.") captcha_test = captcha.displayhtml(captcha_publickey, False, HumanTestResult.error_code) # Connect to SMTP server connection = mail.get_connection() connection.open() # If no errors: create user. if len(registration_errors) == 0: new_user = User.objects.create_user(username, email, request.POST["repassw"]) new_user.is_active = True new_user.save() # Create activation key and user profile activation_key = KeyGen() # Add 2 hours so a recovery key can be made instantly after # account creation. thetime = new_user.date_joined + datetime.timedelta(hours=2) profile = UserProfile(activate_key=activation_key, activated=False, recovery_time=thetime, user=new_user) profile.save() # User is created and saved. Send an activation link via email # Activation link message_activateurl = baseurl + "/activate/?key=" + str( activation_key) message_activateurl = message_activateurl + "&user="******"/deactivate/?key=" + str( activation_key) message_deactivateurl = message_deactivateurl + "&user="******"<$user>", str(new_user.username)) message = message.replace("<$activatelink>", message_activateurl) message = message.replace("<$disablelink>", message_deactivateurl) # Send email email = EmailMessage("Account Activation", message, EMAIL_HOST_USER, [new_user.email]) email.send() connection.close() # Return new account page accountname = new_user.username response = render_to_response( 'auth/newaccount.html', locals(), context_instance=RequestContext(request)) else: # Return registration form with errors in registration_errors response = render_to_response( 'auth/registration.html', locals(), context_instance=RequestContext(request)) # If user hasn't sent POST data (not logged on) else: response = render_to_response( 'auth/registration.html', locals(), context_instance=RequestContext(request)) # User is logged on else: user_navigation = user_nav(request.user.username) error = "You cannot register while logged in." response = render_to_response('error.html', locals()) return response