def do_user_tags(name): user = Account.get_user(name) if not user: error(code=404) if 'username' not in request.params: seterr('/station', 'noplayer') redirect('/'.join(['/tag', name, request.params['username']]), 303)
def do_user_edit(name): if not request.admin and request.user.username != name: error(code=401) p = request.params user = Account.get_user(name) # whitelist the params a player may pass in perm_user = [ 'verify_password', 'password', 'confirm_password', 'language', 'cell', 'twitter', 'email' ] if request.player: # filter the params down to the permitted ones p = dict([(x, p[x]) for x in perm_user if x in p]) if 'password' in p and p['password'] and not request.admin: if p['password'] != p['confirm_password']: seterr('/user/%s/edit' % name, 'vp') if not user.verify_pass(p['verify_password']): seterr('/user/%s/edit' % name, 'bp') for prop in [ 'language', 'cell', 'twitter', 'name', 'username', 'state', 'signedin', 'student_num', 'email' ]: if prop in p: if p[prop]: try: i = int(p[prop]) setattr(user, prop, int(p[prop])) except: setattr(user, prop, p[prop]) else: setattr(user, prop, None) if p['password']: user.hashed_pass = p['password'] redirect('/user/' + name, 303)
def do_user_tags(name): user = Account.get_user(name) if not user: error(code=404) if 'username' not in request.params: seterr('/station', 'noplayer') redirect('/'.join(['/tag',name,request.params['username']]), 303)
def do_user_edit(name): if not request.admin and request.user.username != name: error(code=401) p = request.params user = Account.get_user(name) # whitelist the params a player may pass in perm_user = ['verify_password','password','confirm_password','language','cell','twitter','email'] if request.player: # filter the params down to the permitted ones p = dict([(x,p[x]) for x in perm_user if x in p]) if 'password' in p and p['password'] and not request.admin: if p['password'] != p['confirm_password']: seterr('/user/%s/edit' % name, 'vp') if not user.verify_pass(p['verify_password']): seterr('/user/%s/edit' % name, 'bp') for prop in ['language','cell','twitter','name','username','state','signedin','student_num','email']: if prop in p: if p[prop]: try: i = int(p[prop]) setattr(user,prop,int(p[prop])) except: setattr(user,prop,p[prop]) else: setattr(user,prop,None) if p['password']: user.hashed_pass = p['password'] redirect('/user/' + name, 303)
def do_startend(): s_t = bottle.request.params.get('start_time', None) e_t = bottle.request.params.get('end_time', None) if not s_t or not e_t: seterr('/game', 'notime') Game.game_start = datetime.datetime.strptime(s_t,'%Y-%m-%d %H:%M:%S') Game.game_end = datetime.datetime.strptime(e_t,'%Y-%m-%d %H:%M:%S') redirect('/game', 303)
def do_eula(): for i in ('liability','safety'): # if i+'_read' not in request.COOKIES or request.COOKIES[i+'_read'] != 'true': # redirect('/eula?error='+i+'_read', 303) if i not in request.params: seterr('/eula', i) setattr(request.user, i, True) redirect('/', 303)
def do_comment(pid): p = request.params try: po = Post.from_pid(pid) except: error(code=404) if not p["comment"]: seterr("/post/view/%s" % str(pid), "nocontent") if Comment.select(Comment.q.user == request.user and Comment.q.content == p["comment"]).count() > 0: seterr("/post/view/%s" % str(pid), "exists") c = Comment(user=request.user, content=p["comment"], post=po) redirect("/post/view/" + str(pid) + "#comment-" + str(c.id), 303)
def do_comment(pid): p = request.params try: po = Post.from_pid(pid) except: error(code=404) if not p['comment']: seterr('/post/view/%s' % str(pid), 'nocontent') if Comment.select(Comment.q.user == request.user and Comment.q.content == p['comment']).count() > 0: seterr('/post/view/%s' % str(pid), 'exists') c = Comment(user=request.user, content=p['comment'], post=po) redirect('/post/view/' + str(pid) + '#comment-' + str(c.id), 303)
def do_webcheckin(): p = request.params if 'confirm' not in p: redirect('/webcheckin?error=notconfirmed', 303) if request.user.did_webcheckin: redirect('/webcheckin?error=alreadyused', 303) station = Account.get_user('zombie_internet') if not station: redirect('/webcheckin?error=code499', 303) try: do_checkin(request.user, station) except CheckInException, e: err = e.message[::-1] err = err[:err.find(' ')][::-1] seterr('/webcheckin', err)
def do_create_post(): p = request.params # content_e, content_f, title_e, title_f if not p['content_e'] or not p['content_f'] or not p['title_e'] or not p['title_f']: bottle.request.session.data = simplejson.dumps(p) seterr('/post/create','missinginfo') if 'allow_comments' in p: p['allow_comments'] = True else: p['allow_comments'] = False p = dict([(x,p[x]) for x in ['content_e','content_f','title_e','title_f','allow_comments']]) post = Post(allow_comments=p['allow_comments']) for k in p: setattr(post, k, p[k]) redirect('/post/view/' + str(post.id),303)
def do_create_post(): p = request.params # content_e, content_f, title_e, title_f if not p["content_e"] or not p["content_f"] or not p["title_e"] or not p["title_f"]: bottle.request.session.data = simplejson.dumps(p) seterr("/post/create", "missinginfo") if "allow_comments" in p: p["allow_comments"] = True else: p["allow_comments"] = False p = dict([(x, p[x]) for x in ["content_e", "content_f", "title_e", "title_f", "allow_comments"]]) post = Post(allow_comments=p["allow_comments"]) for k in p: setattr(post, k, p[k]) redirect("/post/view/" + str(post.id), 303)
def do_forgot_password(): email = request.params.get('email',None) if not email: seterr('/forgot_password', 'noemail') u = Account.from_email(email) if not u: seterr('/forgot_password', 'nouser') p = PasswordReset() p.ttl = 24*60*60 # 24 hours p.update_expires() p.user = u msg = MIMEText(i18n.i18n[get_session().language]['passemail']['body'] % p.skey) msg['Subject'] = i18n.i18n[get_session().language]['passemail']['subject'] msg['From'] = '*****@*****.**' s = smtplib.SMTP_SSL(Game.email_host, 465) s.login(Game.email_user,Game.email_pass) s.sendmail(msg['From'], [u.email], msg.as_string()) redirect('/forgot_password?result=success')
def do_find_user(): value = request.params['value'] cat = request.params['cat'] try: p = None if cat == 'email': p = Player.from_email(value) elif cat == 'twitter': p = Player.from_twitter(value) elif cat == 'cell': p = Player.from_cell(value) elif cat == 'student': p = Player.from_student_num(int(value)) elif cat == 'game_id': p = Player.from_game_id(value.upper()) except: seterr('/users?cat=%s' % cat, 'nouser') redirect('/user/%s' % p.username, 303)
def do_login(): usern = request.params['username'] passw = request.params['password'] user = Account.from_username(usern) if not user: seterr('/login','nouser') if not user.verify_pass(passw): seterr('/login','nouser') sess = get_session() # protect against session fixation sess.destroySelf() sess = get_session() sess.user = user if isinstance(user, Station): sess.ttl = +(5*24*60*60) sess.update_expires() set_cookie(sess) loc = request.environ.get('HTTP_REFERER', '/index') if loc == '/': loc = '/index' response.set_header('Location', loc) response.status = 303 return None
def do_add_user_checkin(name): user = Account.get_user(name) if not user: error(code=404) # no location or time if not 'location' in request.params: seterr('/user/%s/checkins' % user.username, 'noloc') if not 'time' in request.params: seterr('/user/%s/checkins' % user.username, 'notime') # bad location if not request.params['location'] in database.locations: seterr('/user/%s/checkins' % user.username, 'badloc') # bad time time = None try: time = datetime.datetime.strptime(request.params['time'],'%Y-%m-%d %H:%M:%S') except: seterr('/user/%s/checkins' % user.username, 'badtime') location = request.params['location'] Checkin(time=time,location=location,player=user) redirect('/user/%s/checkins' % name, 303)
def do_add_user_checkin(name): user = Account.get_user(name) if not user: error(code=404) # no location or time if not 'location' in request.params: seterr('/user/%s/checkins' % user.username, 'noloc') if not 'time' in request.params: seterr('/user/%s/checkins' % user.username, 'notime') # bad location if not request.params['location'] in database.locations: seterr('/user/%s/checkins' % user.username, 'badloc') # bad time time = None try: time = datetime.datetime.strptime(request.params['time'], '%Y-%m-%d %H:%M:%S') except: seterr('/user/%s/checkins' % user.username, 'badtime') location = request.params['location'] Checkin(time=time, location=location, player=user) redirect('/user/%s/checkins' % name, 303)
def do_tag(): if 'taggee' not in request.params: seterr('/tag','badinput') if 'uid' not in request.params: seterr('/tag','badinput') if not Game.is_started: seterr('/tag','game') error = None try: kill = add_kill(request.user, request.params['taggee'], request.params['uid']) except TagException, e: if e.message == ops.EXC_NOTHUMAN: error = 'nothuman' elif e.message == ops.EXC_NOTZOMBIE: error = 'notzombie' elif e.message == ops.EXC_KITHUMAN: error = 'kithuman' elif e.message == ops.EXC_KITZOMBIE: error = 'kitzombie' elif e.message == ops.EXC_CHEATER: error = 'duplicate' else: error = 'unknown'
except: request.session.error = 'unknown' return dict(error='unknown',mode='edit') @route('/post/edit/:pid',method='POST') @allow_auth @lang @require_auth @require_role(Admin) def do_edit_post(pid): p = request.params try: post=Post.from_pid(pid) except IndexError, e: error(code=404) except: seterr(request.path, 'unknown') if 'allow_comments' in p: p['allow_comments'] = True else: p['allow_comments'] = False p = dict([(x,p[x]) for x in ['content_e','content_f','title_e','title_f','allow_comments']]) p['time'] = datetime.datetime.now() for i in p: setattr(post, i, p[i]) redirect('/post/view/' + str(pid), 303) @route('/post/delete/:pid') @allow_auth @require_auth @require_role(Admin) def do_delete_post(pid): try:
def do_registration(): p = request.params data = dict([(x, request.params[x]) for x in request.params.keys()]) del data['password_confirm'] # must rescue the question before it becomes obliterated by field-saving code question = SkillTestingQuestion(request.session['question']) request.session.data = simplejson.dumps(data) for i in ['username', 'name', 'password', 'password_confirm', 'language', 'student_num', 'email', 'answer']: if not p[i]: seterr('/register','missinginfo') if '/' in p['username']: seterr('/register','noslash') for i in ('liability', 'safety'): # if i+'_read' not in request.COOKIES or request.COOKIES[i+'_read'] != 'true': # redirect('/register?error='+i+'_read', 303) if i not in request.params: seterr('/register',i+'_err') name = p['name'] username = p['username'] password = p['password'] language = p['language'] studentn = int(p['student_num']) email = p['email'] twitter = None if not p['twitter'] else p['twitter'].replace('@','') cell = p.get('cell', None) answer = p['answer'] if not question.check(answer): seterr('/register','badanswer') user = (Account.from_username(username) or Player.from_student_num(studentn) or Account.from_email(email) or Player.from_twitter(twitter) or Player.from_cell(cell)) if user: seterr('/register','userexists') u = None try: u = Player(name=name,username=username,hashed_pass=password,language=language,student_num=studentn, email=email,twitter=twitter,cell=cell,liability=True,safety=True) except dberrors.DuplicateEntryError, e: seterr('/register', 'userexists')
kill = add_kill(request.user, request.params['taggee'], request.params['uid']) except TagException, e: if e.message == ops.EXC_NOTHUMAN: error = 'nothuman' elif e.message == ops.EXC_NOTZOMBIE: error = 'notzombie' elif e.message == ops.EXC_KITHUMAN: error = 'kithuman' elif e.message == ops.EXC_KITZOMBIE: error = 'kitzombie' elif e.message == ops.EXC_CHEATER: error = 'duplicate' else: error = 'unknown' if error: seterr('/tag', error) else: redirect(request.environ.get('HTTP_REFERER','/'), 303) @route('/webcheckin') @mview('webcheckin') @allow_auth @lang @require_auth @require_role(Player) def view_webcheckin(): return dict() @route('/webcheckin',method='POST') @allow_auth @require_auth @require_role(Player)
def do_itemail(): email = bottle.request.params.get('itemail', None) if not email: seterr('/game', 'noemail') Game.it_email = email redirect('/game', 303)
def do_hrsbc(): hours = bottle.request.params.get('hrsbc', None) if not hours: seterr('/game', 'notime') Game.hours_between_checkins = int(hours) redirect('/game', 303)
def do_rego(): r_t = bottle.request.params.get('rego', None) if not r_t: seterr('/game', 'notime') Game.game_rego = datetime.datetime.strptime(r_t,'%Y-%m-%d %H:%M:%S') redirect('/game', 303)
def do_countdown(): c_t = bottle.request.params.get('count_time', None) if not c_t: seterr('/game', 'notime') Game.countdown_time = datetime.datetime.strptime(c_t,'%Y-%m-%d %H:%M:%S') redirect('/game', 303)
def do_shotgun_email(): request.session.data = simplejson.dumps(dict([(x, request.params[x]) for x in request.params.keys()])) msg = request.params.get('msg', None) subject = request.params.get('subject', None) from_ = request.params.get('from', None) if msg == '' or msg is None: seterr('/email', 'nomsg') msg = MIMEText(msg) if subject == '' or subject is None: seterr('/email', 'nosubj') msg['Subject'] = subject if from_ == '' or from_ is None: seterr('/email', 'nofrom') msg['From'] = from_ if request.params['target'] == 'humans': to = [x.email for x in Player.humans] elif request.params['target'] == 'zombies': to = [x.email for x in Player.zombies] elif request.params['target'] == 'active': to = [x.email for x in Player.users] elif request.params['target'] == 'inactive': to = [x.email for x in Player.select(Player.q.signedin == False).filter(Player.q.username != 'military.militaire')] elif request.params['target'] == 'all': to = [x.email for x in Player.select(Player.q.username != 'military.militaire')] s = None try: s = smtplib.SMTP_SSL(Game.email_host,465) except: seterr('/email', 'nocon') try: s.login(Game.email_user,Game.email_pass) except: seterr('/email', 'badlogin') try: s.sendmail(msg['From'], ['*****@*****.**'] + to, msg.as_string()) except: seterr('/email', 'nosend') redirect('/', 303)
return dict(error="unknown", mode="edit") @route("/post/edit/:pid", method="POST") @allow_auth @lang @require_auth @require_role(Admin) def do_edit_post(pid): p = request.params try: post = Post.from_pid(pid) except IndexError, e: error(code=404) except: seterr(request.path, "unknown") if "allow_comments" in p: p["allow_comments"] = True else: p["allow_comments"] = False p = dict([(x, p[x]) for x in ["content_e", "content_f", "title_e", "title_f", "allow_comments"]]) p["time"] = datetime.datetime.now() for i in p: setattr(post, i, p[i]) redirect("/post/view/" + str(pid), 303) @route("/post/delete/:pid") @allow_auth @require_auth @require_role(Admin)