#############Collect field data########## form=cgi.FieldStorage() keys=form.keys() if debug: print 'Content-type: text/html\n\n' print 'Received the following:\n<br />' for i in keys: print i+'='+form[i].value+'<br />' sys.exit() try: moltext=form['moltext'].value.replace('\r','').split('\n') molfig64=form['molfig'].value.split(',')[1] except Exception: config.returnhome(64) sys.exit() if 'molnotes' in keys: molnotes=form['molnotes'].value else: molnotes=0 if 'userid' in keys: authorid=form['userid'].value else: authorid=0 if 'token' in keys: token = form['token'].value else: token = '' if 'select_targetid' in keys:
userid = 0 if 'token' in keys: token = form['token'].value else: token='' if 'inviteemail' in keys: inviteemail = form['inviteemail'].value else: inviteemail='' if 'datesent' in keys: datesent = form['datesent'].value else: datesent='' if (not userid or not token or not inviteemail or not datesent): config.returnhome(60) exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check that request is from admin user with valid token. q.execute('SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token]) r = q.fetchone() assert(r[0]==1) #Request seems valid, delete the deleteuserid q.execute('DELETE FROM invites WHERE datejoined IS NULL AND email=%s AND datesent=%s',[inviteemail,datesent]) dbconn.commit()
if 'userid' in keys: userid = int(form['userid'].value) else: userid = 0 if 'token' in keys: token = form['token'].value else: token='' if 'upgradeuserid' in keys: upgradeuserid = form['upgradeuserid'].value else: upgradeuserid='' if (not userid or not token or not upgradeuserid): config.returnhome(52) exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check that request is from admin user with valid token. q.execute('SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token]) r = q.fetchone() assert(r[0]==1) #Request seems valid, promote the upgradeuserid q.execute('UPDATE users SET isadmin=true WHERE userid=%s',[upgradeuserid]) dbconn.commit()
def __init__(self): self.datatypeid=0 self.obj=0 self.filename=0 self.notes=0 self.notesid=0 self.moldataid=0 #############Collect field data########## form=cgi.FieldStorage() keys=form.keys() try: moltext=form['moltext'].value.replace('\r','').split('\n') molfig64=form['molfig'].value.split(',')[1] except Exception: config.returnhome(63) sys.exit() if debug: print 'Content-type: text/html\n\n' print 'Received the following:\n<br />' for i in keys: print i+'='+form[i].value+'<br />' sys.exit() if 'molname' in keys: molname=form['molname'].value.strip().replace(' ','_') else: molname='' if 'iupacname' in keys: iupacname=form['iupacname'].value.strip()
targetid=0 if 'deletedocdatatype' in keys: datatype= int(form['deletedocdatatype'].value) else: datatype=0 if 'userid' in keys: userid=int(form['userid'].value) else: userid=0 if 'token' in keys: token = form['token'].value else: token='' if (not dataid or not targetid or not userid or not token): config.returnhome(32) exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() #Must have a valid token. q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) r = q.fetchone() assert(r[0]==token) #Try to delete entry from database. #If this user isn't the author or the targetid doesn't match (?) then nothing happens. #Return 1 on success. q.execute('DELETE FROM targetdata WHERE targetdataid=%s and authorid=%s and targetid=%s returning 1',[dataid,userid,targetid]) success=len(q.fetchone())
if 'userid' in keys: userid = int(form['userid'].value) else: userid = 0 if 'token' in keys: token = form['token'].value else: token='' if 'email_addresses' in keys: email_addresses = form['email_addresses'].value else: email_addresses='' if(not email_addresses or not userid or not token): config.returnhome(50) exit() list_of_addresses = config.find_email_addresses(email_addresses).split(',') list_of_keys = [] try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check that request is from valid admin user. q.execute('SELECT u.username FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token]) assert(q.rowcount==1) r = q.fetchone() inviter = r[0] #Check that the email isn't already registered.
if 'molfig' in keys: molfig64 = form['molfig'].value.split(',')[1] else: molfig64=0 if 'molid' in keys: molid = int(form['molid'].value) else: molid=0 if 'dest' in keys: dest = form['dest'].value else: dest=0 if (not molfig64 or not molid): config.returnhome(20) sys.exit() try: with open('../public/uploads/sketches/{}.png'.format(molid),'w') as img: img.write(decodestring(molfig64)) subprocess.Popen([os.path.join(config.convertdir,'convert'), '../public/uploads/sketches/{}.png'.format(molid), '-trim', '../public/uploads/sketches/{}.jpg'.format(molid)], stdout=open(os.devnull,'w'),stderr=open(os.devnull,'w')) if dest=='am': print 'Location: ../addmolecule.php \n\n' elif dest=='vm': print 'Location: ../viewmolecule.php?molid={} \n\n'.format(molid)
userid=0 if 'token' in keys: token=form['token'].value else: token=0 if 'textarea_addmolcomment' in keys: comment=form['textarea_addmolcomment'].value else: comment=0 if 'molid' in keys: molid=int(form['molid'].value) else: molid=0 if(not molid or not userid or not token): config.returnhome(16) exit() if(not comment): print 'Location: ../viewmolecule.php?molid='+str(molid)+' \n\n' exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check for token q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) dbtoken = q.fetchone()[0] assert(dbtoken==token) q.execute("INSERT INTO molcomments (molid,molcomment,dateadded,authorid) VALUES(%s,%s,localtimestamp,%s)",[molid,comment,userid]) dbconn.commit() q.close()
if "molid" in keys: molid = int(form["molid"].value) else: molid = 0 if "userid" in keys: userid = int(form["userid"].value) else: userid = 0 if "token" in keys: token = form["token"].value else: token = 0 if not userid or not molid or not token: config.returnhome(28) exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() # Must be author to delete this molecule q.execute("SELECT authorid FROM molecules WHERE molid=%s", [molid]) authorid = q.fetchone()[0] assert userid == authorid # Must have valid token. q.execute("SELECT token FROM tokens WHERE userid=%s", [userid]) dbtoken = q.fetchone()[0] assert token == dbtoken q.execute("DELETE FROM molecules WHERE molid=%s", [molid])
if "bid" in keys: bid = int(form["bid"].value) else: bid = 0 if "userid" in keys: userid = int(form["userid"].value) else: userid = 0 if "token" in keys: token = form["token"].value else: token = "" if not userid or not bid or not token: config.returnhome(24) exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() # Only the person who placed the bounty can delete it. q.execute("SELECT placed_by_id FROM bounties WHERE bountyid=%s", [bid]) authorid = q.fetchone()[0] assert userid == authorid # Must have valid token. q.execute("SELECT token FROM tokens WHERE userid=%s", [userid]) dbtoken = q.fetchone()[0] assert token == dbtoken q.execute("DELETE FROM bounties WHERE bountyid=%s ", [bid]) q.execute("DELETE FROM bountycomments WHERE bountyid=%s", [bid])
molcommentid=0 if 'molid' in keys: molid=int(form['molid'].value) else: molid=0 if 'userid' in keys: userid=int(form['userid'].value) else: userid=0 if 'token' in keys: token=form['token'].value else: token=0 if (not token or not userid or not molcommentid or not molid): config.returnhome(44) exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check for token. q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) dbtoken = q.fetchone()[0] assert(dbtoken==token) #Delete comment. If this fails, nothing happens, and the user is sent back to viewmolecule. q.execute('DELETE FROM molcomments WHERE molcommentid=%s and molid=%s and authorid=%s',[molcommentid,molid,userid]) dbconn.commit() q.close() dbconn.close() except Exception:
molid=0 if 'deletedocdatatype' in keys: datatype= int(form['deletedocdatatype'].value) else: datatype=0 if 'userid' in keys: userid=int(form['userid'].value) else: userid=0 if 'token' in keys: token = form['token'].value else: token='' if (not dataid or not molid or not userid or not token): config.returnhome(26) exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() #Only authors of data can delete data entries. q.execute('SELECT authorid FROM moldata WHERE moldataid=%s',[dataid]) r = q.fetchone() assert(r[0]==userid) #Must have a valid token. q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) r = q.fetchone() assert(r[0]==token)
series = "" if "userid" in keys: authorid = int(form["userid"].value) else: authorid = 0 if "token" in keys: token = form["token"].value else: token = 0 if not nickname: print "Location: ../addtarget.php?status=nonickname\n\n" sys.exit() if not authorid or not token: config.returnhome(18) sys.exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() # Check for token. q.execute("SELECT token FROM tokens WHERE userid=%s", [authorid]) dbtoken = q.fetchone()[0] assert dbtoken == token # Add target to database. query = "INSERT INTO targets (nickname,fullname,targetclass,series,authorid,dateadded) VALUES(%s,%s,%s,%s,%s,localtimestamp)" options = [nickname, fullname, class_, series, authorid] q.execute(query, options) dbconn.commit()
targetdatas.append(docdata()) targetdatas[-1].datatype=form['docdata_datatypeid_new_'+str(i)].value targetdatas[-1].obj=form['docdata_value_new_'+str(i)] targetdatas[-1].filename=form['docdata_value_new_'+str(i)].filename if 'textarea_docdata_notes_new_'+str(i) in keys and form['textarea_docdata_notes_new_'+str(i)].value!='': targetdatas[-1].notes=form['textarea_docdata_notes_new_'+str(i)].value ################## ##DEBUG if debug: print 'Content-type: text/html\n\n' print form sys.exit() ################## if (not targetid or not userid or not token): config.returnhome(31) sys.exit() if (not nickname.strip()): print 'Location: ../edittarget.php?targetid='+str(targetid)+'&status=nonickname\n\n' sys.exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() except Exception: config.returnhome(66) sys.exit() #Check for valid token. q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) dbtoken = q.fetchone()[0]
userid=0 if 'token' in keys: token = form['token'].value else: token='' if 'textarea_addbountycomment' in keys: comment=form['textarea_addbountycomment'].value else: comment='' if 'bid' in keys: bid=int(form['bid'].value) else: bid='' if(not bid or not userid or not token): config.returnhome(14) exit() if(not comment): print 'Location: ../bountypage.php?bid='+str(bid)+' \n\n' exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check token q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) dbtoken = q.fetchone()[0] assert(dbtoken==token) q.execute("INSERT INTO bountycomments (bountyid,bountycomment,dateadded,authorid) VALUES(%s,%s,localtimestamp,%s)",[bid,comment,userid])
import config form = cgi.FieldStorage() keys = form.keys() if "userid" in keys: userid = int(form["userid"].value) else: userid = 0 if "token" in keys: token = form["token"].value else: token = "" if not userid or not token: config.returnhome(54) exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() # Check that request is from admin user with valid token. q.execute( "SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s", [userid, token], ) r = q.fetchone() assert r[0] == 1 # Request seems valid, revoke admin status
if 'userid' in keys: userid = int(form['userid'].value) else: userid = 0 if 'token' in keys: token = form['token'].value else: token='' if 'deleteuserid' in keys: deleteuserid = form['deleteuserid'].value else: deleteuserid='' if (not userid or not token or not deleteuserid): config.returnhome(56) exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check that request is from admin user with valid token. q.execute('SELECT count(*) FROM tokens t LEFT JOIN users u ON t.userid=u.userid WHERE u.userid=%s AND u.isadmin=true AND t.token=%s',[userid,token]) r = q.fetchone() assert(r[0]==1) #Request seems valid, delete the deleteuserid q.execute('DELETE FROM users WHERE userid=%s',[deleteuserid]) dbconn.commit()
export='' if 'molids' in keys: molids=form['molids'].value.split(',') else: molids='' if 'userid' in keys: userid=str(int(form['userid'].value)) else: userid=0 if 'token' in keys: token = form['token'].value else: token = '' if (not userid or not token or not export or not molids): config.returnhome(58) if export == 'structures': #Create zip file with 2d and 3d structures and an sdf file. temp_path='/tmp/structures-{}'.format(userid) if(os.path.isdir(temp_path)): shutil.rmtree(temp_path) os.mkdir(temp_path) os.mkdir(os.path.join(temp_path,'3d')) os.mkdir(os.path.join(temp_path,'2d')) with open(os.path.join(temp_path,'notebook.sdf'),'w') as sdf: for imol in molids: molfile3d=os.path.join(uploaddir,'structures','{}-3d.mol'.format(imol)) molfile2d=os.path.join(uploaddir,'structures','{}.mol'.format(imol)) if(os.path.isfile(molfile3d)): shutil.copyfile(molfile3d,os.path.join(temp_path,'3d','{}-3d.mol'.format(imol)))
import string import random import psycopg2 import config cgitb.enable(display=0,logdir="../log/",format="text") form=cgi.FieldStorage() keys=form.keys() if 'email' in keys: email = form['email'].value else: email=0 if not email: config.returnhome(33) sys.exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Get userid matching this email address q.execute('SELECT userid FROM users WHERE email=%s',[email]) if(q.rowcount==0): print 'Location: ../changepasswordrequestpage.php?status=bademail \n\n' sys.exit() r = q.fetchone() userid = str(r[0]) #Check for open requests from this user in the last 24 hours. q.execute("""SELECT daterequested
bid = 0 if "bountycommentid" in keys: cid = int(form["bountycommentid"].value) else: cid = 0 if "userid" in keys: userid = int(form["userid"].value) else: userid = 0 if "token" in keys: token = form["token"].value else: token = "" if not userid or not bid or not cid or not token: config.returnhome(37) exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() # Check token. q.execute("SELECT token FROM tokens WHERE userid=%s", [userid]) dbtoken = q.fetchone()[0] assert dbtoken == token # Check author. q.execute("SELECT authorid FROM bountycomments WHERE bountycommentid=%s", [cid]) aid = q.fetchone()[0] assert aid == userid q.execute("DELETE FROM bountycomments WHERE bountycommentid=%s ", [cid]) dbconn.commit()
if 'userid' in keys: userid=int(form['userid'].value) else: userid=0 if 'bid' in keys: bid=int(form['bid'].value) else: bid=0 if 'token' in keys: token = form['token'].value else: token='' if(not bid or not userid or not token): config.returnhome(35) exit() try: dbconn=psycopg2.connect(config.dsn) q=dbconn.cursor() #Check token q.execute('SELECT token FROM tokens WHERE userid=%s',[userid]) dbtoken = q.fetchone()[0] assert(dbtoken==token) q.execute("UPDATE bounties SET pursued_by_id=%s, date_pursued=localtimestamp WHERE bountyid=%s",[userid,bid]) dbconn.commit() q.close() dbconn.close() print 'Location: ../bountypage.php?bid='+str(bid)+' \n\n' except Exception:
#############Collect field data########## form=cgi.FieldStorage() keys=form.keys() if debug: #print received variables print 'Content-type: text/html\n\n' print 'Received the following:\n<br />' for i in keys: print i+'='+form[i].value+'<br />' sys.exit() try: moltext=form['moltext'].value.replace('\r','').split('\n') molfig64=form['molfig'].value.split(',')[1] except Exception: config.returnhome(62) sys.exit() if 'molname' in keys: molname=form['molname'].value.strip().replace(' ','_') else: molname=0 if 'iupacname' in keys: iupacname=form['iupacname'].value.strip() else: iupacname=0 if 'cas' in keys: cas=form['cas'].value.strip() else: cas=0 if 'molnotes' in keys:
if "userid" in keys: userid = int(form["userid"].value) else: userid = 0 if "token" in keys: token = form["token"].value else: token = "" if "bid" in keys: bid = int(form["bid"].value) else: bid = "" if not bid or not userid or not token: config.returnhome(22) sys.exit() try: dbconn = psycopg2.connect(config.dsn) q = dbconn.cursor() # Check token q.execute("SELECT token FROM tokens WHERE userid=%s", [userid]) dbtoken = q.fetchone()[0] assert dbtoken == token # Check pursued by. Only pursuer can claim. q.execute("SELECT pursued_by_id from bounties where bountyid=%s", [bid]) pid = q.fetchone()[0] assert int(pid) == userid # Bounty now becomes molecule. Default molname is "Bounty-$bid" molname = "Bounty-{}".format(bid)