Esempio n. 1
0
def does_authenticate(username, password):
    hashes = loadHashes()
    if username in GLOBAL_BAD_LOGIN:
        timenow = datetime.datetime.now()
        timestamp = GLOBAL_BAD_LOGIN[username][1]
        timedelta = timenow - timestamp
        if (timedelta >= datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)):
            # An hour has gone by, so we givem them a pass....
            GLOBAL_BAD_LOGIN.pop(username, None)

    if username in GLOBAL_BAD_LOGIN:
        count = GLOBAL_BAD_LOGIN[username][0]
        if (count >= LIMIT_NUMBER_BAD_LOGINS):
            # Probably should have a separate log message for this..
            LogActivity.logTooManyLoginAttempts(username)
            return False

    if username not in hashes:
        LogActivity.logBadCredentials(username)
        record_bad_login(username)
        return False
    if hashes[username] == hashlib.sha256(password + P3APISALT).hexdigest():
        return True
    else:
        LogActivity.logBadCredentials(username)
        record_bad_login(username)
        return False
Esempio n. 2
0
def does_authenticate(username,password):
    hashes = loadHashes()
    if username in GLOBAL_BAD_LOGIN:
        timenow = datetime.datetime.now()
        timestamp = GLOBAL_BAD_LOGIN[username][1]
        timedelta = timenow - timestamp
        if (timedelta >=  datetime.timedelta(seconds=LIMIT_TIME_TO_RETRY)):
            # An hour has gone by, so we givem them a pass....
            GLOBAL_BAD_LOGIN.pop(username, None)

    if username in GLOBAL_BAD_LOGIN:
        count = GLOBAL_BAD_LOGIN[username][0]
        if (count >= LIMIT_NUMBER_BAD_LOGINS):
            # Probably should have a separate log message for this..
            LogActivity.logTooManyLoginAttempts(username)
            return False;
            
    if username not in hashes:
        LogActivity.logBadCredentials(username)
        record_bad_login(username)
        return False;
    if hashes[username] == hashlib.sha256(password+P3APISALT).hexdigest():
        return True;
    else:
        LogActivity.logBadCredentials(username)
        record_bad_login(username)
        return False;
Esempio n. 3
0
def pptriv():
    username = request.forms.get('username')
    password = request.forms.get('password')
    # just a little throttle to slow down any denial of service attack..
    time.sleep(1.0);
    if (not auth.does_authenticate(username,password)):
        LogActivity.logBadCredentials(username)
        return template('Login',message='Improper Credentials.',goog_anal_script=GoogleAnalyticsInclusionScript)
    search_string = request.forms.get('search_string')
    search_string = search_string if search_string is not None else "Dell Latitude"
    psc_pattern = request.forms.get('psc_pattern')
    ses_id = auth.create_session_id()
    LogActivity.logSessionBegin(username,ses_id)
    LogActivity.logPageTurn(ses_id,"StartPage")
    return template('StartPage',search_string=search_string,\
                    acsrf=auth.get_acsrf(ses_id),\
                    username=username, \
                    session_id=ses_id,\
                    psc_pattern=psc_pattern,goog_anal_script=GoogleAnalyticsInclusionScript)