def deactivate_user(request): if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If key and username are valid if request.GET["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # If you wish to have your users deactivate with the same # link sent in activation, remove this if statement if user_profile.activated: key_correct = False elif user_profile.activate_key == key: # Disable account. user_profile.activated = False user_profile.save() user.is_active = False user.save() key_correct = True else: key_correct = False except ObjectDoesNotExist: key_correct = False else: key_correct = False if key_correct: user_name = user.username response = render_to_response( 'auth/deactivated.html', locals() ) else: error = "Deactivation failed." response = render_to_response( 'error.html', locals() ) return response # Logged on or didn't give GET data. return HttpResponseRedirect('/')
def activate_user(request): if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If key and username are valid if request.GET["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # You're already activated if user_profile.activated: key_correct = False # You're disabled. elif user.is_active == False: key_correct = False elif user_profile.activate_key == key: # Activate user user_profile.activated = True user_profile.save() key_correct = True else: key_correct = False except ObjectDoesNotExist: key_correct = False else: key_correct = False user_navigation = user_nav(False) if key_correct: user_name = user.username response = render_to_response( 'auth/activated.html', locals() ) else: error = "Activation failed." response = render_to_response( 'error.html', locals() ) return response # Logged on or didn't give GET data. return HttpResponseRedirect('/')
def activate_user(request): if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If key and username are valid if request.GET["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # You're already activated if user_profile.activated: key_correct = False # You're disabled. elif user.is_active == False: key_correct = False elif user_profile.activate_key == key: # Activate user user_profile.activated = True user_profile.save() key_correct = True else: key_correct = False except ObjectDoesNotExist: key_correct = False else: key_correct = False user_navigation = user_nav(False) if key_correct: user_name = user.username response = render_to_response('auth/activated.html', locals()) else: error = "Activation failed." response = render_to_response('error.html', locals()) return response # Logged on or didn't give GET data. return HttpResponseRedirect('/')
def deactivate_user(request): if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If key and username are valid if request.GET["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # If you wish to have your users deactivate with the same # link sent in activation, remove this if statement if user_profile.activated: key_correct = False elif user_profile.activate_key == key: # Disable account. user_profile.activated = False user_profile.save() user.is_active = False user.save() key_correct = True else: key_correct = False except ObjectDoesNotExist: key_correct = False else: key_correct = False if key_correct: user_name = user.username response = render_to_response('auth/deactivated.html', locals()) else: error = "Deactivation failed." response = render_to_response('error.html', locals()) return response # Logged on or didn't give GET data. return HttpResponseRedirect('/')
def recover_attempt(request): global base_title global global_nav, user_nav title = base_title + "Recovery" global_navigation=global_nav() # If user is not logged on if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If valid data if request.GET["key"] == key and u_name: # return new password form the_user = u_name the_key = key response = render_to_response( 'auth/recoveryattempt.html', locals(), context_instance=RequestContext(request) ) else: error = "User does not exist." response = render_to_response( 'error.html', locals() ) # If user isn't online and is sending post data elif request.method == 'POST' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.POST["key"]) u_name = v.clean_usernameRE(request.POST["user"]) # If key/username is validated by regex if request.POST["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # Get database key and key time limit key_db = user_profile.recovery_key keylimit_db = user_profile.recovery_time # Current time time_now = now() # If the key hasn't expired and is correct if now() < keylimit_db and key_db == key: password = v.clean_password(request.POST["p1"]) recover_error = "" if not request.POST["p1"] == request.POST["p2"]: recover_error = "Passwords don't match." elif password == None: recover_error = "No password entered." elif password == -1: recover_error = "Passwords have to be at least 5 characters." # If there is an error if recover_error != '': # Set error variable for template error = recover_error response = render_to_response( 'error.html', locals() ) else: # No errors, change password user.set_password(password) user.save() # Expire recovery time. user_profile.recovery_time = now() user_profile.save() response = render_to_response( 'auth/recoverysuccess.html', locals() ) else: error = "Invalid key and/or username." response = render_to_response( 'error.html', locals() ) except User.DoesNotExist: error = "User doesn't exist." response = render_to_response( 'error.html', locals() ) else: error = "Invalid key and/or username." response = render_to_response( 'error.html', locals() ) else: # logged on, no recovery. return HttpResponseRedirect('/') return response
def recover_user(request): global base_title global global_nav, user_nav title = base_title + "Recovery" global_navigation=global_nav() # If user is not logged on if not request.user.is_authenticated(): # Return user navigation for an anonymous session user_navigation = user_nav(False) # Set up captcha html. captcha_test = captcha.displayhtml(captcha_publickey) # If user has sent POST data (not logged in) if request.method == 'POST': # Check info via regex u_name = v.clean_usernameRE(request.POST["usern"]) email = v.clean_emailRE(request.POST["email"]) if email == request.POST["email"] and u_name: try: user = User.objects.get(username__iexact=u_name) user_profile = get_or_create_profile(user) # Current time time_now = now() # Recovery time recovery_time = user_profile.recovery_time if time_now > recovery_time: # Key has been requested too many times in 2 hours. error = "Recovery keys can only be requested once every 2 hours." response = render_to_response( 'error.html', locals() ) else: # Connect to SMTP server connection = mail.get_connection() connection.open() # Create a recovery key user_profile.recovery_key = KeyGen() user_profile.save() # Create account recovery link message_recoveryurl = baseurl+"/recover/?key="+str(user_profile.recovery_key) message_recoveryurl = message_recoveryurl+"&user="******"<$user>", str(user.username)) message = message.replace("<$recoverylink>", message_recoveryurl) message = message.replace("<$time>", str(user_profile.recovery_time)) # Send email email = EmailMessage( "Account Recovery", message, EMAIL_HOST_USER, [user.email] ) email.send() connection.close() # Tell user to check their email. error = "Check your email for a recovery link." response = render_to_response( 'error.html', locals() ) except User.DoesNotExist: error = "No user with that email exists." response = render_to_response( 'error.html', locals() ) else: error = "No user with that email exists." response = render_to_response( 'error.html', locals() ) else: # Didn't submit, give recovery form. response = render_to_response( 'auth/recovery.html', locals(), context_instance=RequestContext(request) ) # You're signed in, no recovery for you. else: return HttpResponseRedirect('/') return response
def recover_attempt(request): global base_title global global_nav, user_nav title = base_title + "Recovery" global_navigation = global_nav() # If user is not logged on if request.method == 'GET' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.GET["key"]) u_name = v.clean_usernameRE(request.GET["user"]) # If valid data if request.GET["key"] == key and u_name: # return new password form the_user = u_name the_key = key response = render_to_response( 'auth/recoveryattempt.html', locals(), context_instance=RequestContext(request)) else: error = "User does not exist." response = render_to_response('error.html', locals()) # If user isn't online and is sending post data elif request.method == 'POST' and not request.user.is_authenticated(): # Check if data could be valid through regex key = v.clean_key(request.POST["key"]) u_name = v.clean_usernameRE(request.POST["user"]) # If key/username is validated by regex if request.POST["key"] == key and u_name: try: # Check profile for key and compare. user = User.objects.get(username=u_name) user_profile = get_or_create_profile(user) # Get database key and key time limit key_db = user_profile.recovery_key keylimit_db = user_profile.recovery_time # Current time time_now = now() # If the key hasn't expired and is correct if now() < keylimit_db and key_db == key: password = v.clean_password(request.POST["p1"]) recover_error = "" if not request.POST["p1"] == request.POST["p2"]: recover_error = "Passwords don't match." elif password == None: recover_error = "No password entered." elif password == -1: recover_error = "Passwords have to be at least 5 characters." # If there is an error if recover_error != '': # Set error variable for template error = recover_error response = render_to_response('error.html', locals()) else: # No errors, change password user.set_password(password) user.save() # Expire recovery time. user_profile.recovery_time = now() user_profile.save() response = render_to_response( 'auth/recoverysuccess.html', locals()) else: error = "Invalid key and/or username." response = render_to_response('error.html', locals()) except User.DoesNotExist: error = "User doesn't exist." response = render_to_response('error.html', locals()) else: error = "Invalid key and/or username." response = render_to_response('error.html', locals()) else: # logged on, no recovery. return HttpResponseRedirect('/') return response
def recover_user(request): global base_title global global_nav, user_nav title = base_title + "Recovery" global_navigation = global_nav() # If user is not logged on if not request.user.is_authenticated(): # Return user navigation for an anonymous session user_navigation = user_nav(False) # Set up captcha html. captcha_test = captcha.displayhtml(captcha_publickey) # If user has sent POST data (not logged in) if request.method == 'POST': # Check info via regex u_name = v.clean_usernameRE(request.POST["usern"]) email = v.clean_emailRE(request.POST["email"]) if email == request.POST["email"] and u_name: try: user = User.objects.get(username__iexact=u_name) user_profile = get_or_create_profile(user) # Current time time_now = now() # Recovery time recovery_time = user_profile.recovery_time if time_now > recovery_time: # Key has been requested too many times in 2 hours. error = "Recovery keys can only be requested once every 2 hours." response = render_to_response('error.html', locals()) else: # Connect to SMTP server connection = mail.get_connection() connection.open() # Create a recovery key user_profile.recovery_key = KeyGen() user_profile.save() # Create account recovery link message_recoveryurl = baseurl + "/recover/?key=" + str( user_profile.recovery_key) message_recoveryurl = message_recoveryurl + "&user="******"<$user>", str(user.username)) message = message.replace("<$recoverylink>", message_recoveryurl) message = message.replace( "<$time>", str(user_profile.recovery_time)) # Send email email = EmailMessage("Account Recovery", message, EMAIL_HOST_USER, [user.email]) email.send() connection.close() # Tell user to check their email. error = "Check your email for a recovery link." response = render_to_response('error.html', locals()) except User.DoesNotExist: error = "No user with that email exists." response = render_to_response('error.html', locals()) else: error = "No user with that email exists." response = render_to_response('error.html', locals()) else: # Didn't submit, give recovery form. response = render_to_response( 'auth/recovery.html', locals(), context_instance=RequestContext(request)) # You're signed in, no recovery for you. else: return HttpResponseRedirect('/') return response